diff options
author | Andrey Andreev <narf@devilix.net> | 2014-03-04 21:21:35 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-03-04 21:21:35 +0100 |
commit | 18767e31711656e9e2648fbe051b74ebbefd3f2e (patch) | |
tree | 1846500b2eb00410f89bc41f509002c8234eaaf2 /system/libraries | |
parent | 93b4e788796d6da181512702d6431ffd7e199bee (diff) |
CI_Encryption: Remove MCrypt 'work-arounds' for CAST-128 compatibility
Turns out it's OpenSSL's fault for performing 16 rounds instead of 12 for key sizes of 5-11 bytes.
Reference: http://tools.ietf.org/rfc/rfc2144.txt
Diffstat (limited to 'system/libraries')
-rw-r--r-- | system/libraries/Encryption.php | 25 |
1 files changed, 4 insertions, 21 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index bfc1e892a..810b7bf4a 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -365,15 +365,6 @@ class CI_Encryption { : NULL; } - // CAST-128 compatibility (http://tools.ietf.org/rfc/rfc2144.txt) - // - // RFC2144 says that keys shorter than 16 bytes are to be padded with - // zero bytes to 16 bytes, but (surprise) MCrypt doesn't do that. - if ($params['cipher'] === 'cast-128' && ($kl = strlen($params['key'])) < 16) - { - $params['key'] .= str_repeat("\x0", 16 - $kl); - } - if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0) { if ($params['handle'] !== $this->_handle) @@ -556,15 +547,6 @@ class CI_Encryption { } } - // CAST-128 compatibility (http://tools.ietf.org/rfc/rfc2144.txt) - // - // RFC2144 says that keys shorter than 16 bytes are to be padded with - // zero bytes to 16 bytes, but (surprise) MCrypt doesn't do that. - if ($params['cipher'] === 'cast-128' && ($kl = strlen($params['key'])) < 16) - { - $params['key'] .= str_repeat("\x0", 16 - $kl); - } - if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0) { if ($params['handle'] !== $this->_handle) @@ -794,9 +776,10 @@ class CI_Encryption { // - CAST-128/CAST5 produces a longer cipher when encrypted via // OpenSSL, but (strangely enough) can be decrypted by either // extension anyway. - // Also, RFC2144 says that the cipher supports key sizes - // between 5 and 16 bytes by the implementation actually - // zero-padding them to 16 bytes, but MCrypt doesn't do that. + // Also, it appears that OpenSSL uses 16 rounds regardless of + // the key size, while RFC2144 says that for key sizes lower + // than 11 bytes, only 12 rounds should be used. This makes + // it portable only with keys of between 11 and 16 bytes. // // - RC4 (ARCFour) has a strange implementation under OpenSSL. // Its 'rc4-40' cipher method seems to work flawlessly, yet |