Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 18767e31711656e9e2648fbe051b74ebbefd3f2e^! / . / system / libraries / Encryption.php
commit18767e31711656e9e2648fbe051b74ebbefd3f2e[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Tue Mar 04 22:21:35 2014 +0200
committerAndrey Andreev <narf@devilix.net>Tue Mar 04 22:21:35 2014 +0200
tree1846500b2eb00410f89bc41f509002c8234eaaf2
parent93b4e788796d6da181512702d6431ffd7e199bee [diff] [blame]
CI_Encryption: Remove MCrypt 'work-arounds' for CAST-128 compatibility

Turns out it's OpenSSL's fault for performing 16 rounds instead of 12 for key sizes of 5-11 bytes.
Reference: http://tools.ietf.org/rfc/rfc2144.txt

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index bfc1e89..810b7bf 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php

@@ -365,15 +365,6 @@
 				: NULL;
 		}
 
-		// CAST-128 compatibility (http://tools.ietf.org/rfc/rfc2144.txt)
-		//
-		// RFC2144 says that keys shorter than 16 bytes are to be padded with
-		// zero bytes to 16 bytes, but (surprise) MCrypt doesn't do that.
-		if ($params['cipher'] === 'cast-128' && ($kl = strlen($params['key'])) < 16)
-		{
-			$params['key'] .= str_repeat("\x0", 16 - $kl);
-		}
-
 		if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0)
 		{
 			if ($params['handle'] !== $this->_handle)
@@ -556,15 +547,6 @@
 			}
 		}
 
-		// CAST-128 compatibility (http://tools.ietf.org/rfc/rfc2144.txt)
-		//
-		// RFC2144 says that keys shorter than 16 bytes are to be padded with
-		// zero bytes to 16 bytes, but (surprise) MCrypt doesn't do that.
-		if ($params['cipher'] === 'cast-128' && ($kl = strlen($params['key'])) < 16)
-		{
-			$params['key'] .= str_repeat("\x0", 16 - $kl);
-		}
-
 		if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0)
 		{
 			if ($params['handle'] !== $this->_handle)
@@ -794,9 +776,10 @@
 			// - CAST-128/CAST5 produces a longer cipher when encrypted via
 			//   OpenSSL, but (strangely enough) can be decrypted by either
 			//   extension anyway.
-			//   Also, RFC2144 says that the cipher supports key sizes
-			//   between 5 and 16 bytes by the implementation actually
-			//   zero-padding them to 16 bytes, but MCrypt doesn't do that.
+			//   Also, it appears that OpenSSL uses 16 rounds regardless of
+			//   the key size, while RFC2144 says that for key sizes lower
+			//   than 11 bytes, only 12 rounds should be used. This makes
+			//   it portable only with keys of between 11 and 16 bytes.
 			//
 			// - RC4 (ARCFour) has a strange implementation under OpenSSL.
 			//   Its 'rc4-40' cipher method seems to work flawlessly, yet