AES-256 using PHP-mcrypt

July 22, 2008 By in FOSS, Hacks, Mozilla, PHP, Programming 6 Comments

PHP is sometimes really dumb.

While working on a library for Weave’s OAuth implementation (so 3rd party developers don’t have to understand the nitty-gritty of OAuth and can instead use a simple library in their favorite programming language), I ran across the need to do AES-256 decryption in PHP.

The best (and fastest) method would be to use PHP’s mcrypt extension, but mcrypt lists support for ‘Rijndael’ and not ‘AES’. They’re both practically the same, except for the very small difference of the IV (initialization vector) being different sizes. In Rijndael, the IV is always the same size as that of the key, but in AES, the IV is always 16 bytes.

Weave uses AES-256, which means we have a 32 byte key, and a 16 byte IV. mcrypt implements Rijndael, so my first try:

// $key is 32 bytes long
$iv = 'sixteenbyteslong';
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, $key, $iv);

failed with:

Warning: mcrypt_generic_init(): Iv size incorrect; supplied length: 16, needed: 32 in aes.php on line 26

Here’s the workaround:

$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, $key, $iv);

That’s right – you call mcrypt_module_open with Rijndael-128 instead of 256, but still pass a 32 byte key to mcrypt_generic_init and be on your merry way.

WTF, but I’m happy that it atleast works.

About these ads

6 Responses

  1. Pingback: Hostizzle: Free OpenVPN–for real! » An Overview on How to Encrypt Data

  2. PHP’s mcrypt should have a “AES-128″ “AES-192″ and “AES-256″ but it doesn’t.

    Rijndael-192 and Rijndael-256 are not identical to AES-192 and AES-256 (block sizes and number of rounds differ).

    AES/Rijndael 128bit are identical however.

    Only a crypto geek would know this and make sense of why mcrypt did it they way the did.

    They should just add AES-* to the ciphers and make everyone’s lives easier.

    Reply

  3. Pingback: Bad Data error at CryptDecrypt when using AES 256 (MS CryptoAPI) | SeekPHP.com

  4. Just to correct the previous comment: Rijndael-128 is identical with AES-256, strange as this may sound.

    Reply

  5. No, sorry it isn’t.

    AES-128 has BlockSize=128bit and KeySize=128bit
    AES-192 has BlockSize=128bit and KeySize=192bit
    AES-256 has BlockSize=128bit and KeySize=256bit

    Rijndael-128 has BlockSize=128bit and KeySize=128bit
    Rijndael-192 has BlockSize=192bit and KeySize=192bit
    Rijndael-256 has BlockSize=256bit and KeySize=256bit

    So, data encrypted by AES-192 cannot be decrypted by Rijndael-192 and the same goes for AES-256 and Rijndael-256.

    Reply

  6. Pingback: An Overview on How to Encrypt Data | SecurityProNews

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.