CODEWITHSUNDEEP
phpactionscript-3aes
pmrn
pmrn

Reputation: 11

Php equivalent of as3crypto aes256-cbc

does anybody know what is the php equivalent of aes256-cbc cipher from as3crypto lib? I need to get the same result in as3 and php because my app requires as3 <-> php data exchange.

Here is my as3 class: 

    import flash.display.Sprite;
    import flash.utils.ByteArray;
    import com.hurlant.crypto.symmetric.ICipher;

    import com.hurlant.crypto.symmetric.IVMode;
    import com.hurlant.crypto.symmetric.IMode;
    import com.hurlant.crypto.symmetric.NullPad;
    import com.hurlant.crypto.symmetric.PKCS5;
    import com.hurlant.crypto.symmetric.IPad;
    import com.hurlant.util.Base64;
    import com.hurlant.util.Hex;
    import com.hurlant.crypto.Crypto;

    public class CryptoCode extends Sprite
    {
            private var type:String='aes256-cbc';
            private var key:ByteArray;

            public function CryptoCode()
            {
                init();
            }

            private function init():void
            {
                    key = Hex.toArray(Hex.fromString('secret'));// can only be 8 characters long

                    //trace(encrypt('rower'));
                    //trace(decrypt(encrypt('TEST TEST'));
            }

            public function encrypt(txt:String = ''):String
            {
                    var data:ByteArray = Hex.toArray(Hex.fromString(txt));

                    var pad:IPad = new PKCS5;
                    var mode:ICipher = Crypto.getCipher(type, key, pad);
                    pad.setBlockSize(mode.getBlockSize());
                    mode.encrypt(data);
                    return Base64.encodeByteArray(data);
            }

            public function decrypt(txt:String = ''):String
            {
                    var data:ByteArray = Base64.decodeToByteArray(txt);
                    var pad:IPad = new PKCS5;
                    var mode:ICipher = Crypto.getCipher(type, key, pad);
                    pad.setBlockSize(mode.getBlockSize());
                    mode.decrypt(data);
                    return Hex.toString(Hex.fromArray(data));
            }
    }

And php class

class Crypt {
    var $key = NULL;
    var $iv = NULL;
    var $iv_size = NULL;

    function Crypt()
    {
            $this->init();
    }

    function init($key = "")
    {
            $this->key = ($key != "") ? $key : "";

            $this->algorithm = MCRYPT_DES;
            $this->mode = MCRYPT_MODE_ECB;

            $this->iv_size = mcrypt_get_iv_size($this->algorithm, $this->mode);
            $this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND);
    }

    function encrypt($data)
    {
            $size = mcrypt_get_block_size($this->algorithm, $this->mode);
            $data = $this->pkcs5_pad($data, $size);
            return base64_encode(mcrypt_encrypt($this->algorithm, $this->key, $data, $this->mode, $this->iv));
    }

    function decrypt($data)
    {
            return $this->pkcs5_unpad(rtrim(mcrypt_decrypt($this->algorithm, $this->key, base64_decode($data), $this->mode, $this->iv)));
    }

    function pkcs5_pad($text, $blocksize)
    {
            $pad = $blocksize - (strlen($text) % $blocksize);
            return $text . str_repeat(chr($pad), $pad);
    }

    function pkcs5_unpad($text)
    {
            $pad = ord($text{strlen($text)-1});
            if ($pad > strlen($text)) return false;
            if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
            return substr($text, 0, -1 * $pad);
    }

}

It works properly with simple-des-ecb - Php and Flash outputs the same string but aes256-cbc gives different strings.

I followed this example Flash Encryption PHP Decryption but I need aes265-cbc instead of simple-des-ecb.

Can anyone help me?

Upvotes: 1

Views: 1433

Answers (2)

lucbonnin
lucbonnin

Reputation: 235

If you want a good php version of using AES-256 with CBC + hashMac (mash-based message authentification code, feel free to check my little code snipset (implemented as a yiiframework plugin but simply look at aes256.php class for info).

It will let you encrypt/decrypt strings using AES-256 with a private key avoiding some attack https://github.com/lucbonnin/aes256_yii_extension

Upvotes: 2

Maarten Bodewes
Maarten Bodewes

Reputation: 94018

A quick internet search supplied this nugget:

$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,
                             $plaintext, MCRYPT_MODE_CBC, $iv);

This is straight from the mcrypt_encrypt code sample, which I rewrote some time ago.

Note that MCRYPT_RIJNDAEL_128 is identical to AES. You need to supply a key of 256 bits (32 bytes) to use it as AES-256. The 128 in MCRYPT_RIJNDAEL_128 is the block size, the 256 in AES-256 is the key size.

Note that the PHP version of the - by now 6 years unmaintained - mcrypt library does not provide PKCS#7 padding out of the box. So check the following stackoverflow nugget:

How to add/remove PKCS7 padding from an AES encrypted string?

Upvotes: 2

Related Questions