Archived Forum Post

Index of archived forum posts


Twofish encryption result differs from mcrypt

Jul 20 '16 at 16:37

I'm making a call to a server with data encrypted with twofish using CBC mode. The server passes me back an error. Curious about this I wrote code in php and compared the hex values and to my surprise they were different. PHP code

$key = hex2bin("aa2db6350065070865ada5f1ac701c77");

$iv = hex2bin("cdb09c337e0a229405b20587da0ce2c8");

$input = "";

$iv = hex2bin("cdb09c337e0a229405b20587da0ce2c8");

$ciphertext = mcrypt_encrypt(MCRYPT_TWOFISH, $key, $input, MCRYPT_MODE_CBC, $iv);

The result for this is: cf1337be982eaac26bcc9fcb912c68638bb1e51883996c652cb4b6a66eb44498

Same settings (256 key length) with the library gives: CF1337BE982EAAC26BCC9FCB912C6863E96FFCBC1985951DF1F16F98D7AF875F


This is a padding scheme mismatch problem. Block encryption algorithms such as aes, twofish, etc. output multiples of the algorithm's block size. Twofish has a 16-byte block size. The last encrypted output block needs to be padded. The Chilkat.Crypt2 class has a PaddingScheme property, which may be set to one of the following values:

0 = RFC 1423 padding scheme: Each padding byte is set to the number of padding bytes. If the data is already a multiple of algorithm's block size bytes, an extra block is appended each having a value equal to the block size. (for example, if the algorithm's block size is 16, then 16 bytes having the value 0x10 are added.). (This is also known as PKCS5 padding: PKCS #5 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added. )

1 = FIPS81 (Federal Information Processing Standards 81) where the last byte contains the number of padding bytes, including itself, and the other padding bytes are set to random values.

2 = Each padding byte is set to a random value. The decryptor must know how many bytes are in the original unencrypted data.

3 = Pad with NULLs. (If already a multiple of the algorithm's block size, no padding is added).

4 = Pad with SPACE chars(0x20). (If already a multiple of algorithm's block size, no padding is added).

The default is 0, which is apparently not what mcrypt is using. Try padding schemes 1, 3, or 4. (I suspect the correct answer will be PaddingScheme=3.)