mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems

后端 未结 2 941
一向
一向 2020-11-27 07:39

I have this mcrypt_encrypt call, for a given $key, $message and $iv:

$string = mcrypt_encrypt(MCRYPT_3DES         


        
相关标签:
2条回答
  • 2020-11-27 08:12

    mcrypt_encrypt uses zeroes to pad message to the block size. So you can add zeroes to the tail of your raw data, and then encrypt the block.

    Using OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING should work. If it doesn't, then you can remove padding from the decrypted data by yourself.

    0 讨论(0)
  • 2020-11-27 08:17

    mcrypt_encrypt zero-pads input data if it's not a multiple of the blocksize. This leads to ambiguous results if the data itself has trailing zeroes. Apparently OpenSSL doesn't allow you to use zero padding in this case, which explains the false return value.

    You can circumvent this by adding the padding manually.

    $message = "Lorem ipsum";
    $key = "123456789012345678901234";
    $iv = "12345678";
    
    $message_padded = $message;
    if (strlen($message_padded) % 8) {
        $message_padded = str_pad($message_padded,
            strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
    }
    $encrypted_mcrypt = mcrypt_encrypt(MCRYPT_3DES, $key,
        $message, MCRYPT_MODE_CBC, $iv);
    $encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", 
        $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
    
    printf("%s => %s\n", bin2hex($message), bin2hex($encrypted_mcrypt));
    printf("%s => %s\n", bin2hex($message_padded), bin2hex($encrypted_openssl));
    

    This prints both as equal.

    4c6f72656d20697073756d => c6fed0af15d494e485af3597ad628cec
    4c6f72656d20697073756d0000000000 => c6fed0af15d494e485af3597ad628cec
    
    0 讨论(0)
提交回复
热议问题