Crypt CBC using IDEA - output differs btwn systems

ewitch has asked for the wisdom of the Perl Monks concerning the following question:

I need to move a little encryption program from one server (Perl 5.005) to another (Perl 5.80)... using Crypt::CBC module w/IDEA algorithm set up like this:

$cipher = new Crypt::CBC('$key','IDEA');
[download]

The program sends data to and from a database. Encrypting and decrypting new data works fine, but the decryption does not appear to be backwards compatible. Here is the main encryption/decryption "action":

 $returnText = $cipher->decrypt_hex($reqText); # decrypt
 $returnText = $cipher->encrypt_hex($reqText); # encrypt
[download]

Where $returnText is output, $reqText is input... After googling and looking around here, I think it is a padding/blocksize issue... the string "300" sent to be encrypted produced 16-character output on the old server, BUT the same 3-character $reqText produces 50-character encrypted output on the new server. So when I feed 16-character encrypted data to be decrypted on the new system, I get nothing returned. I am using the same keys and key length (10 characters). The versions of the CBC and IDEA modules vary on each server but only very slightly. I didn't see anything in the documentation that would cause this problem. I did see something about creating custom padding but did not understand it completely. (And Perl is upgraded as I mentioned above) Thanks for any help - I can provide more code or clarify if needed.

Comment on Crypt CBC using IDEA - output differs btwn systems Select or Download Code

Replies are listed 'Best First'.
Re: Crypt CBC using IDEA - output differs btwn systems by no_slogan (Deacon) on May 13, 2003 at 01:38 UTC
the same 3-character $reqText produces 50-character encrypted output on the new server. Are you sure it's not 48 characters? Newer versions of Crypt::CBC transmit the string "RandomIV" followed by eight random characters, then the first eight-character encrypted block. That comes out to 48 hex digits. Older versions use an IV precomputed from the key, and start transmitting ciphertext immediately. The versions of the CBC and IDEA modules vary on each server but only very slightly. Specifically what version of Crypt::CBC do you have? The RandomIV thing was added in 1.21. Unfortunately, I don't see any way to get old versions of Crypt::CBC to play nice with new versions without a lot of pain and agony. Is it workable for you to upgrade Crypt::CBC on one or both machines? `$cipher = new Crypt::CBC('$key','IDEA');` [download] I'm going to assume your actual code doesn't have $key in single quotes... right? I hope?	[reply] [d/l]
Re: Crypt CBC using IDEA - output differs btwn systems by tedrek (Pilgrim) on May 13, 2003 at 01:55 UTC
Took a quick look using the latest Crypt::CBC and Crypt::IDEA off CPAN. they return a 48 hex char string for encrypting '300'. which is the string 'RandomIV<8byteIV><8byteCipherText>' At a guess you upgraded Crypt::CBC from something pre 1.22 to something greater than 1.22 which is when the readme says they added random IV's. And so it's probably the IV that's changing the length. According to the docs it should still work however I took a quick gander at the source and it appears to use a random IV unless one is specified in the encrypted string. If this is in fact the problem you are having you'll have to figure out what IV you were using before and use that specifically. Tedrek	[reply]
Re: Re: Crypt CBC using IDEA - output differs btwn systems by ewitch (Initiate) on May 13, 2003 at 11:01 UTC
Thanks for your replies. The Crypt::CBC on the old server was 2.02, with Crypt::IDEA 1.01. On the new server I have Crypt::CBC 2.08 installed and Crypt::IDEA 1.02. I did try to "downgrade" both modules on the new server, and the CBC compiled OK but i get errors with the older IDEA: [root@ Crypt-IDEA-1.01]# perl Makefile.PL Checking if your kit is complete... Looks good Writing Makefile for Crypt::IDEA [root@ Crypt-IDEA-1.01]# make cp IDEA.pod blib/lib/Crypt/IDEA.pod cp IDEA.pm blib/lib/Crypt/IDEA.pm /usr/local/bin/perl /usr/local/lib/perl5/5.8.0/ExtUtils/xsubpp -typem +ap /usr/local/lib/perl5/5.8.0/ExtUtils/typemap -typemap typemap IDEA +.xs > IDEA.xsc && mv IDEA.xsc IDEA.c Please specify prototyping behavior for IDEA.xs (see perlxs manual) cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE +-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.01\" - +DXS_VERSION=\"1.01\" -fpic "-I/usr/local/lib/perl5/5.8.0/i686-linux/C +ORE" IDEA.c IDEA.xs: In function `XS_Crypt__IDEA_crypt': IDEA.xs:66: `sv_undef' undeclared (first use in this function) IDEA.xs:66: (Each undeclared identifier is reported only once IDEA.xs:66: for each function it appears in.) make: *** [IDEA.o] Error 1 [download] I agree it would be ideal to have the newer modules running on both servers -- I am just not sure the best way to ensure backward compatibility with data that is stored encrypted via the "old method". I guess I could create a copy of the table in question with unencrypted data, and then re-encrypt with the new method. Any other suggestions?	[reply] [d/l]
Re: Re: Re: Crypt CBC using IDEA - output differs btwn systems by no_slogan (Deacon) on May 13, 2003 at 15:23 UTC
The Crypt::CBC on the old server was 2.02... On the new server I have Crypt::CBC 2.08 Are you absolutely sure that 2.02 is really the version that's being used on the old server? Maybe there's an older version installed somewhere that's getting loaded instead. Because the default behavior of 2.02 is to prepend the IV and produce a 48-digit output for a one-block input. Or maybe someone upgraded Crypt::CBC on the old server a long time ago, and your old data has been broken for a while without being noticed. IDEA.xs: In function `XS_Crypt__IDEA_crypt': IDEA.xs:66: `sv_undef' undeclared (first use in this function) [download] I don't know if this is the best solution, but you can get Crypt::IDEA 1.01 to compile by adding this to the .xs file: `#define sv_undef PL_sv_undef` [download]	[reply] [d/l] [select]
Re: Re: Re: Crypt CBC using IDEA - output differs btwn systems by ewitch (Initiate) on May 13, 2003 at 16:33 UTC
Re: Crypt CBC using IDEA - output differs btwn systems by cees (Curate) on May 13, 2003 at 01:34 UTC
I had the same issue about a year ago with the IDEA module. The solution was to use the exact same verion on both servers. If I remember correctly the versions I was using were only off by .01 or .02 minor revisions. So either downgrade or upgrade your versions so that they match and your problem will most likely go away... - Cees	[reply]