The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TEA Encryption Not Working

Discussion in 'General Discussion' started by Mute, Jul 4, 2006.

  1. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    OK, another new problem with our server migration. Our TEA encryption does work anymore....

    Works fine on my local computer with PHP 4.3.10 but not on the server with 4.4.2....

    Any ideas on this one? Code is below.

    Code:
    <?php
    //---------------------------------------------------------
    // TEA Encryption Functions
    // Encryption and decryption of text
    // Using the Tiny Encryption Algorithm
    	
    function DecToHex( $x )
    {
    	$r = dechex( $x );
    	while( strlen( $r ) < 8 )
    		$r = '0'.$r;
    	return $r;
    }
    
    function shiftRightOne( $n )
    {
    	$s = $n & 0x80000000;
    	$n &= 0x7fffffff;
    	$n >>= 1;
    	if( $s ) $n |= 0x40000000;
    	return $n;
    }
    
    function shiftRight( $n, $t )
    {
    	for( $i = 0; $i < $t; ++$i )
    	{
    		$n = shiftRightOne( $n );
    	}
    	return $n;
    }
    
    function tea_encipher($p1, $p2, $k)
    {
    	$temp = array( $p1, $p2 );
    	$n = 32;
    	$sum = 0;
    	while ($n-- > 0)
    	{
    		$temp[0] += (($temp[1] << 4 ^ shiftRight( $temp[1], 5 )) + $temp[1] ^ $sum + $k[($sum & 3)]);
    		$sum = $sum + 0x9E3779B9;
    		$temp[1] += (($temp[0] << 4 ^ shiftRight( $temp[0], 5 )) + $temp[0] ^ $sum + $k[( shiftRight( $sum, 11 ) & 3)]);
    	}
    	return $temp;
    }
    
    function tea_decipher($p1, $p2, $k)
    {
    	$temp = array( $p1, $p2 );
    	$n = 32;
    	$sum = 0x9E3779B9 * $n;
    	while ($n-- > 0)
    	{
    		$temp[1] -= (($temp[0] << 4 ^ shiftRight( $temp[0], 5 )) + $temp[0] ^ $sum + $k[(shiftRight( $sum, 11 ) & 3)]);
    		$sum = $sum - 0x9E3779B9;
    		$temp[0] -= (($temp[1] << 4 ^ shiftRight( $temp[1], 5 )) + $temp[1] ^ $sum + $k[($sum & 3)]);
    	}
    	return $temp;
    }
    
    function tea_encrypt($inString, $key)
    {
    	$outString = "";
    	
    	// pad the input so that it's a multiple of 8
    	while ( strlen($inString) & 7 )
    	{
    		$inString .= ' ';
    	}
    	
    	$i = 0;
    	while($i < strlen($inString) )
    	{
    		// slam 4 bytes into a dword 
    		$p1 = ord( substr( $inString, $i++, 1 ) );
    		$p1 |= ord( substr( $inString, $i++, 1 ) ) << 8;
    		$p1 |= ord( substr( $inString, $i++, 1 ) ) << 16;
    		$p1 |= ord( substr( $inString, $i++, 1 ) ) << 24;
    		// mask off 32 bits to be safe
    		$p1 = $p1 & 0xFFFFFFFF;
    		
    		// slam 4 bytes into a dword
    		$p2 = ord( substr( $inString, $i++, 1 ) );
    		$p2 |= ord( substr( $inString, $i++, 1 ) ) << 8;
    		$p2 |= ord( substr( $inString, $i++, 1 ) ) << 16;
    		$p2 |= ord( substr( $inString, $i++, 1 ) ) << 24;
    		// mask off 32 bits to be safe
    		$p2 = $p2 & 0xFFFFFFFF;
    		
    		// send dwords to be enciphered
    		$res = tea_encipher($p1, $p2, $key);
    		$outString .= DecToHex($res[0]).DecToHex($res[1]);
    	}
    	// return encrypted string
    	return $outString;
    }
    
    function tea_decrypt( $inString, $key)
    {
    	$outString = '';
    	// loop through input string
    	$i = 0;
    	while ( $i < strlen($inString) )
    	{
    		// 8 hex chars make a dword 
    		$p3 = intval( substr( $inString, $i, 4 ), 16 ); // read high 16 bit word
    		$p3 <<= 16; // shift hi word correct position
    		$i += 4;
    		$p3 |= intval(substr( $inString, $i, 4 ), 16 ); // read low 16 bit word 
    		$i += 4;
    		
    		$p4 = intval( substr( $inString, $i, 4 ), 16 ); // read high 16 bit word
    		$p4 <<= 16; // shift hi word correct position
    		$i += 4;
    		$p4 |= intval(substr( $inString, $i, 4 ), 16 ); // read low 16 bit word 
    		$i += 4;
    
    		// pass dwords to decipher routine
    		$res = tea_decipher($p3, $p4, $key);
    		
    		// transform results back into alphanumic characters
    		// unpack first dword
    		$outString .= chr( ( $res[0] & 0x000000FF ) );
    		$outString .= chr( ( $res[0] & 0x0000FF00 ) >> 8 );
    		$outString .= chr( ( $res[0] & 0x00FF0000 ) >> 16 );
    		$outString .= chr( shiftRight( ( $res[0] & 0xFF000000 ), 24 ) );
    		// unpack second dword
    		$outString .= chr( ( $res[1] & 0x000000FF ) );
    		$outString .= chr( ( $res[1] & 0x0000FF00 ) >> 8 );
    		$outString .= chr( ( $res[1] & 0x00FF0000 ) >> 16 );
    		$outString .= chr( shiftRight( ( $res[1] & 0xFF000000 ), 24 ) );
    	}
    	return trim($outString);
    }
    
    function tea_isValid( $plain, $crypt, $keys )
    {
    	return ( tea_encrypt( $plain, $keys ) == $crypt );
    }
    
    ?>
     
  2. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Dang, I was hoping someone could help me out with this.

    No one got any ideas?
     
  3. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Hi,

    Do you see any errors at all? Bear in mind your PHP might be configured to write errors to a log file rather than to the browser.

    Try adding this to the top of your script (underneath the opening <?php tag):

    error_reporting(E_ALL);

    Regards,
    Nick.
     
  4. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Absolutely no errors.

    That's what is really bugging me. It just doesn't encrypt or decrypt properly anymore. Works fine on the old server and my local machine. Driving me insane!
     
  5. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Strange...

    The only things I can think of would be to compare your php.ini files on both machines, and to check the PHP manual to see if any parameters have changed for any built-in functions between the two versions.

    I admit the second one is rather unlikely, but it might be worth a shot.

    Good luck, and don't give up :)
     
  6. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Yup, I just went through the whole php.ini and still can't find any differences. Driving me insane.

    And the worst thing is, I can't even give up if I wanted!
     
  7. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Have you tried testing each function to see where it's failing?

    Just something like

    echo 'OK';

    in places should be fine.

    Regards,
    Nick.
     
  8. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Well, it's not that it's actually failing, it processes the whole script, but the encrypted string you get back is wrong. And if you try and decrypt that string, it doesn't work. Also, if you try and decrypt a valid string, it doesn't work.

    But as I said before, this same piece of code works fine locally and on the old server.
     
  9. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Hi,

    What about returning bits of the output as it is encoded? You might be able to localise the issue then.
     
  10. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Hmmm, might try that tomorrow. It's done my head in for today.
     
  11. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    What does the '|=' operator do? I've never seen that before, and thought maybe you'd meant to use '!='.

    Likewise with '>>=' ?
     
  12. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    OK, seems this is the culprit (or at least one of the culprits). When printing out the variable $n (about 100 or so), some are the same but there are many that differ between my local machine (where the script works) and the new server (where the script doesn't work).

    Any thoughts on why this bit of code wouldn't be working?

    Code:
    function shiftRightOne( $n )
    {
    	$s = $n & 0x80000000;
    	$n &= 0x7fffffff;
    	$n >>= 1;
    	if( $s ) $n |= 0x40000000;
    	echo "<p>N: ".$n;
    	return $n;
    }
     
  13. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    http://uk.php.net/operators

    Table 15.1 shows what they all do.
     
  14. tolra

    tolra Active Member

    Joined:
    Mar 4, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Mute can you supply a couple of numbers for $n (the ones you are passing in to shiftRightOne) which give the wrong result and also a couple that give the right result. With all please supply what the output should be.

    I've run a few random numbers and 4.3.11 is matching 4.4.1, 4.4.2 and 5.1.4 for me and they look right.
     
  15. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    OK. I'm using the following to give these results....

    tea_encrypt('hello', array(1234567890,1234567890,1234567890,1234567890));

    Not all $n values are different, in fact, quite a lot are similar but here a few that differ.

    Correct:
    986821850
    493410925
    246705462
    123352731
    6835594855

    Which gives me a final encrypted value of:
    dec0932bb6205b7d

    Incorrect:
    1073741824
    536870912
    268435456
    134217728
    5708037397

    Which gives me a final encrypted value of:
    db0d782480000000

    The above value cannot be decrypted then.
     
    #15 Mute, Jul 7, 2006
    Last edited: Jul 7, 2006
  16. tolra

    tolra Active Member

    Joined:
    Mar 4, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    The problem is the conversion from negative floats to integers which is caused by the bit operations in shiftRightOne, e.g. -2321323595 gets converted to:

    PHP 4.3: 0x75a369b5
    PHP 4.4: 0x80000000

    Rather than reinventing the shift function have a look at the urshift function in the implementation at http://www.meychi.com/archive/000029.php it seems to work.
     
  17. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    I tried the TEA script found at that URL you listed and it was the same problems as the script I'm using. Works fine locally but is all screwed up when put on the server.
     
  18. tolra

    tolra Active Member

    Joined:
    Mar 4, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Hmm, must be another place where the problem is because their right shift works for me.

    I only got as far as playing with the right shift function not the whole process.
     
  19. Mute

    Mute Active Member

    Joined:
    Feb 27, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your help anyway mate.

    Goddamn this is driving me insane!
     
  20. tolra

    tolra Active Member

    Joined:
    Mar 4, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I'm just having another look it's got to be in another place where you are converting from a float to an integer.

    I've just tried that one I pointed you to and it doesn't work, although their right shift function seems to.

    I don't suppose you've got the option of using mcrypt library.
     
Loading...

Share This Page