Home » Php » mcrypt warning but still decrypts data

mcrypt warning but still decrypts data

Posted by: admin February 12, 2018 Leave a comment

Questions:

I have a bit of a weird one in this class:

<?php
namespace lib;

/**
 * Short description of Crypt
 *
 * @author xxxx
 * @package
 */
class Encryption
{
    /**
     * Short description of _ch
     * handle to the mcrypt resource
     *
     * @access private
     * @var $_ch
     */
    private $_ch;

    /**
     * Short description of __construct
     *
     * @access public
     * @author xxxx
     * @param
     * @return void
     */
    public function __construct( $keyData = NULL, $algorithm = \MCRYPT_RIJNDAEL_256, $mode = MCRYPT_MODE_ECB, $encLibPath = '', $modeDir = '' )
    {
        $this->_ch = mcrypt_module_open( $algorithm, $encLibPath, $mode, $modeDir );

        $vector  = mcrypt_create_iv ( mcrypt_enc_get_iv_size( $this->_ch ), \MCRYPT_DEV_URANDOM );
        $keySize = mcrypt_enc_get_key_size( $this->_ch );

        $key = substr( hash( 'SHA512', $keyData . $keySize ), 0, $keySize );

        $x = mcrypt_generic_init( $this->_ch, $key, $vector );
    }

    /**
     * Short description of encrypt
     *
     * @access public
     * @author xxxx
     * @param String $str
     * @return String $res
     */
    public function encrypt( $str )
    {
        if( !is_string( $str ) )
        {
            throw new \InvalidArgumentException( 'Attemptig to encrypt data that is not a string' );
            return false;
        }
        $res = mcrypt_generic( $this->_ch, $str );

        mcrypt_generic_deinit( $this->_ch );
        mcrypt_module_close( $this->_ch );

        #var_dump($str,$res);
        return $res;
    }

    /**
     * Short description of decrypt
     *
     * @access public
     * @author xxxx
     * @param String $str
     * @return String $res
     */
    public function decrypt( $str )
    {
        if( !is_string( $str ) )
        {
            throw new \InvalidArgumentException( 'Attemptig to decrypt data that is not a string' );
            return false;
        }

82      $res = mdecrypt_generic( $this->_ch, $str );

84      mcrypt_generic_deinit( $this->_ch );
85      mcrypt_module_close( $this->_ch );

        #var_dump($str,$res);
        return trim( $res);
    }
}

when calling this like so:

<?php
$encryption    = new \lib\Encryption( 'somekey' );

echo $encryption->decrypt( $safeInfo );

strangle yields:

Warning: mdecrypt_generic(): 90 is not a valid MCrypt resource in E:\htdocs\site\application\lib\encryption.cls.php on line 82

Warning: mcrypt_generic_deinit(): 90 is not a valid MCrypt resource in E:\htdocs\site\application\lib\encryption.cls.php on line 84

Warning: mcrypt_module_close(): 90 is not a valid MCrypt resource in E:\htdocs\site\application\lib\encryption.cls.php on line 85

(these lines are shown in the encryption class.)

AND

the expected decrypted string (as in successfully decrypted).

I would be grateful to anyone who might point out why the warnings are raised and why it doesn’t seem to affect the outcome.

PS any comments on the effectiveness of the encryption class most welcome.

Answers:

it looks well

<?php
$encryption = new \lib\Encryption( 'somekey' );
echo $encryption->decrypt(pack("H*", "4a4a564f26618d47536ff35b8a0af3212814a5f0ba635d2cf6f8cd31589042e2"));

_ch lost beacuse mcrypt_module_close( $this->_ch ); in method encrypt()

Maybe you can change __construct and save args only, just create handle ( like _ch ) when you encrypt or decrypt every time.

I’m not good at Mcrypt, so maybe some batter way than mine, but the reason of “valid MCrypt resource” problem is truly mcrypt_module_close

Questions:
Answers:

Looks like a namespace issue since you didn’t prefix MCRYPT_MODE_ECB in __construct().

Questions:
Answers:

This is something to check, but as I can’t reproduce, not sure if it’s the answer.

You have SHA512 (creating a 512 length key) but the algorythm is expecting a 256 length key. Does it make any difference if you use SHA256? Normally a mismatch in keys should produce garbage, but in this case it may still be working “with side effects”.