Crypto++ to PHP mcrypt not working

Question

I have a C++ application that's using Crypto++ to send encrypted data to a PHP site. However, when the data's getting to the PHP side, it's not decrypting the data properly.

The C++ / Crypto++ code:

char stupidKey[AES::MAX_KEYLENGTH] = "thisisastupidkeythisisastupidke";

ECB_Mode<AES>::Encryption aes((byte *)stupidKey, AES::MAX_KEYLENGTH);

std::string cypher;
StringSource(aData, true, new StreamTransformationFilter(aes, new StringSink( cypher ))); 
StringSource(cypher, true, new Base64Encoder( new StringSink(aOutput) ));

The PHP Code:

define('CRYPT_SECRET', 'thisisastupidkeythisisastupidke');

$postData = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 
                CRYPT_SECRET, base64_decode($_POST['request']), 
                MCRYPT_MODE_ECB);

Note: I know ECB is a bad choice of encryption mode, but I'd like to get this working without the added oddities of the IV first, then complicate matters.

Answer 1

I didn't have luck with mcrypt, but openssl seem to work with Crypto++ better.

Here is the Crypto++ code:

#include <iostream>
#include <cryptopp/aes.h>
#include <cryptopp/modes.h>
#include <cryptopp/base64.h>

std::string encrypt(const std::string& str_in, const std::string& key, const std::string& iv)
{
    std::string str_out;
    CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption encryption((byte*)key.c_str(), key.length(), (byte*)iv.c_str());

    CryptoPP::StringSource encryptor(str_in, true, 
        new CryptoPP::StreamTransformationFilter(encryption, 
            new CryptoPP::Base64Encoder(
                new CryptoPP::StringSink(str_out),
                false // do not append a newline
            )
        )
    );
    return str_out;
}

std::string decrypt(const std::string& str_in, const std::string& key, const std::string& iv)
{
    std::string str_out;

    CryptoPP::CFB_Mode<CryptoPP::AES>::Decryption decryption((byte*)key.c_str(), key.length(), (byte*)iv.c_str());

    CryptoPP::StringSource decryptor(str_in, true, 
        new CryptoPP::Base64Decoder(
            new CryptoPP::StreamTransformationFilter(decryption, 
                new CryptoPP::StringSink(str_out)
            )
        )
    );
    return str_out;
}

int main(int argc, char *argv[])
{
    std::string str = "Hello, world!";
    std::string key = "01234567891234560123456789123456"; // 32 bytes
    std::string iv  = "0123456789123456"; // 16 bytes
    std::string str_encrypted = encrypt(str, key, iv);
    std::string str_decrypted = decrypt(str_encrypted, key, iv);
    std::cout << "str_encrypted: " << str_encrypted << std::endl;
    std::cout << "str_decrypted: " << str_decrypted << std::endl;
}

And here is the PHP code:

<?php
    $string = 'Hello, world!';
    $key = '01234567891234560123456789123456'; // 32 bytes
    $iv  = '0123456789123456'; // 16 bytes
    $method = 'aes-256-cfb';
    $encrypted = base64_encode( openssl_encrypt ($string, $method, $key, true, $iv));
    $decrypted = openssl_decrypt( base64_decode($encrypted), $method, $key, true, $iv);
    echo "encrypted: $encrypted<br/>";
    echo "decrypted: $decrypted<br/>";
?>

And here is the Crypto++ output:

str_encrypted: pF1gsk+GolfeTSYnEQ==
str_decrypted: Hello, world!

...and PHP output:

encrypted: pF1gsk+GolfeTSYnEQ==
decrypted: Hello, world!

Don't forget to change the key and iv to some smarter values :o)

Answer 2

Client Side using ECB - DES_EDE3
==================================

#include "cryptlib.h"
#include "modes.h"
#include "des.h"
#include "base64.h" <-- any base64 encoder/decoder i found the usage of crypto++ base64 class a bit hard to use since you have to know how many byte are taken to encode a byte in base 64...
#include "hex.h"

// Encode the data using the handy Crypto++ base64 encoder. Base64 uses
// 3 characters to store 2 characters.
const int BUFFER_LENGTH = 255;
byte plaintext[BUFFER_LENGTH];
byte ciphertext[BUFFER_LENGTH];
byte newciphertext[BUFFER_LENGTH];
byte decrypted[BUFFER_LENGTH];

CryptoPP::Base64Encoder base64Encoder;
CBase64Coding base64Coder;
CString MySensitiveDataUncrypted;
CString MySensitiveData;

// Set up the same key and IV
const int KEY_LENGTH = 24;
const int BLOCK_SIZE = CryptoPP::DES::BLOCKSIZE;
byte key[KEY_LENGTH], iv[CryptoPP::DES::BLOCKSIZE];
memset( key, 0, KEY_LENGTH);
memcpy( key, "012345678901234567890123", KEY_LENGTH );
memset( iv, 0, CryptoPP::DES::BLOCKSIZE);
memcpy( iv, "01234567", CryptoPP::DES::BLOCKSIZE );
memset( plaintext, 0, BUFFER_LENGTH);
memset( ciphertext, 0, BUFFER_LENGTH);
memset( newciphertext, 0, BUFFER_LENGTH);
strcpy((char*)plaintext,MySensitiveDataUncrypted.GetBuffer(0));
// now encrypt
CryptoPP::ECB_Mode::Encryption ecbEncryption(key, sizeof(key));
ecbEncryption.ProcessString(newciphertext, plaintext, BUFFER_LENGTH);
// your own base64 encoder/decoder
base64Coder.Encode((char *)newciphertext,BUFFER_LENGTH,(char *)ciphertext);
MySensitiveData.Format(_T("%s"),ciphertext);

// MySensitiveData can now be send over http


Server Side in PHP using ECB - DES_EDE3
=========================================

// $MyBase64EncodedSecretString will receive/store the encrypted string which will also be base64Encoded for HTTP protocol convenience

$key = "012345678901234567890123";
$iv = "01234567";

// Set up an "encryption" descriptor. This is basically just an object that
// encapsulates the encryption algorithm. 'tripledes' is the name of the
// algorithm, which is simply the DES algorithm done three times back to
// back. 'ecb' describes how to encrypt different blocks. See, DES
// actually only encrypts 8-byte blocks at a time. To encrypt more than 8
// bytes of data, you break the data up into 8-byte chunks (padding the
// last chunk with NULL, if need be), and then encrypt each block
// individually. Now, ECB (which stands for "Electronic Code Book", for
// whatever that's worth) means that each 8-byte block is encrypted
// independently. This has pros and cons that I don't care to discuss.
// The other option is CBC ("Cipher Block Chaining") which links the blocks,
// such as by XORing each block with the encrypted result of the previous
// block. Security geeks probably really get excited about this, but for my
// needs, I don't really care.
$td = mcrypt_module_open( 'tripledes', '', 'ecb', '' );
mcrypt_generic_init( $td, $key, $iv );

// Grab some interesting data from the descriptor.
// $maxKeySize = 24, meaning 24 bytes
// $maxIVSize = 8, meaning 8 bytes
$maxKeySize = mcrypt_enc_get_key_size( $td );
$maxIVSize = mcrypt_enc_get_iv_size( $td );
//echo "maxKeySize=$maxKeySize, maxIVSize=$maxIVSize\n";

// let's decrypt it and verify the result. Because DES pads
// the end of the original block with NULL bytes, let's trim those off to
// create the final result.
$MyEncodedSecretString = base64_decode( $MyBase64EncodedSecretString );
$MyDecodedString = rtrim( mdecrypt_generic( $td, $MyEncodedSecretString ), "\0" );

// And finally, clean up the encryption object
mcrypt_generic_deinit($td);
mcrypt_module_close($td);


Client Side Stronger Encryption using RSA
=========================================

First you will need to generate a public/private key pair using crypto++ keygen console application then your client code should be something like

// Client Side Using RSA
#include "cryptlib.h"
#include "rsa.h"
#include "hex.h"
#include "randpool.h"
#include "filesource.h"

CString MyNotverySecretStringInMemory;
CString MySensitiveData;
char pubFilename[128];
char seed[1024], message[1024];

// MAX = 19999991
strcpy(seed,"12345");

CString tmpPath;
TCHAR appPath[MAX_PATH];
::GetModuleFileName(NULL,appPath,MAX_PATH);

tmpPath = appPath;
tmpPath = tmpPath.Left(tmpPath.ReverseFind('\\')+1);
tmpPath += "public.key"; // 1024 key length for higher security.

strcpy(pubFilename,tmpPath.GetBuffer(0));
strcpy(message,MyNotverySecretStringInMemory.GetBuffer(0));
CryptoPP::FileSource pubFile(pubFilename, true, new CryptoPP::HexDecoder);
CryptoPP::RSAES_OAEP_SHA_Encryptor pub(pubFile);
CryptoPP::RandomPool randPool;
randPool.IncorporateEntropy((byte *)seed, strlen(seed));
std::string result;
CryptoPP::StringSource(message, true, new CryptoPP::PK_EncryptorFilter(randPool, pub, new CryptoPP::HexEncoder(new CryptoPP::StringSink(result))));
MySensitiveData.Format(_T("%s"),result.c_str());

Answer 3

Looking at the PHP manual (http://php.net/manual/en/function.mcrypt-decrypt.php), MCRYPT_RIJNDAEL_256 is different to AES_256. The first comment offers some help: http://www.php.net/manual/en/function.mcrypt-decrypt.php#105985

Caution, MCRYPT_RIJNDAEL_256 is not equivalent to AES_256.

The way to make RIJNDAEL be decrypted from AES with openssl is to use MCRYPT_RIJNDAEL_128 and padd the string to encrypt before encrypting with the follwing function:

<?php 
function pkcs5_pad ($text, $blocksize) { 
    $pad = $blocksize - (strlen($text) % $blocksize); 
    return $text . str_repeat(chr($pad), $pad); 
} 
?> 

On the decryption, the choosing of AES_256 or AES_128, etc. is based on the keysize used in the crypting. In my case it was a 128bit key so I used AES_128.