PHP to Delphi and back Encryption-Decryption using Rijndael

Question

I have problems with decrypting strings sent from PHP to Delphi using the rijndael cipher. I'm using mcrypt on the PHP side and DCP_rijndael on the Delphi side.

At the moment I have the below code.

PHP:

function encRJ($key, $iv, $data)
{
    $r = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv);
    $r = base64_encode($r);
    return $r;
}

And in Delphi:

function decRJ(Data: string; Key: string; IV: string): string;
var ciph: TDCP_rijndael;
begin
  Data := Base64DecodeStr(Data);

  ciph:= TDCP_rijndael.Create(Self);
  ciph.Init(Key[1], 256, @IV[1]);
  ciph.DecryptCBC(Data[1], Data[1], Length(Data));
  ciph.Free;

  Result := Data;
end;

I have tried using several Units on the Internet implementing the cipher, and found out most people are saying about the DCP components. Even so, I haven't managed to make it correctly decrypt. I've tried using Byte arrays for the parameters, AnsiStrings, WideStrings, etc, but unfortunately no luck.

Excuse me if I'm missing something really obvious here, as my mind isn't in good shape atm, after hours of searching for the matter.

I would suggest implementing both the encrypt and decrypt functions in both PHP and Delphi. Then you can check that they both generate the same intermediate values, and that they can decrypt each other's intermediate values. That ought to narrow down whether there is a systematic issue, or if there's an error in a particular function. — Gus, Aug 13 '11 at 18:25
The nist.gov website and many other places will have numerous test vectors that you can use to see how these implementations work. You Delphi function's treatment of `Data` looks wrong to me. The result of base64 decoding should be arbitrary bytes, not a UTF8 encoded string. — President James K. Polk, Aug 13 '11 at 19:42
@GregS, I've tried base64 decoding normal, non encrypted text, and it does just fine. I don't think that the problem resides there. Even if it does, I've tried 2 other Base64 implementations, that yielded the same end result. — Josh, Aug 13 '11 at 20:01
I think it is not the Base64 decode that troubles @Greg, but the UTF8ToUnicodeString call. That treats the Base64 decode result as a UTG8 string and tries to convert it to UTF16-LE. If there are any bytes in the decoded Base64 that would be treated as multi-byte characters in UTF-8, you'd be changing the length (turning 1+ bytes into a single character) and thereby changing the data that you feed to Rijndael. — Marjan Venema, Aug 14 '11 at 07:57
I just changed it to normal Base64Decode. Still though, no luck. My current guess is that it's a padding problem, like @rossum said below. — Josh, Aug 14 '11 at 19:23

shunty · Answer 1 · 2018-04-30T07:42:52.813

I seem to have spent too long on this but...

Your problem is the block size. TDCP_rijndael is equivalent to MCRYPT_RIJNDAEL_128 (not _256). The '256' value in ciph.Init(...) call is still correct though. Other than that it looks pretty much ok. That is, assuming you're using ansistrings for key/iv or you're using non-unicode Delphi.
For unicode Delphi versions I'd be inclined to use TBytes and key[0] / iv[0].

Padding may still be an issue. If so, then here's what I've mangled up based on the PHP manual pages and some trial and error.

PHP:

function Encrypt($src, $key, $iv)
{
  $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
  //echo "Block size: " . $block . "\r\n";
  $pad = $block - (strlen($src) % $block);
  $src .= str_repeat(chr($pad), $pad);  

  $enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $src, MCRYPT_MODE_CBC, $iv);
  $r = base64_encode($enc);
  return $r;
}

function Decrypt($src, $key, $iv)
{
  $enc = base64_decode($src);
  $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $enc, MCRYPT_MODE_CBC, $iv);

  $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
  $pad = ord($dec[($len = strlen($dec)) - 1]);
  return substr($dec, 0, strlen($dec) - $pad);
}

Delphi:

function DecryptData(Data: string; AKey: AnsiString; AIv: AnsiString): string;
var
  key, iv, src, dest: TBytes;
  cipher: TDCP_rijndael;
  slen, pad: integer;
begin
  //key := Base64DecodeBytes(TEncoding.UTF8.GetBytes(AKey));
  //iv := Base64DecodeBytes(TEncoding.UTF8.GetBytes(AIv));
  key := TEncoding.ASCII.GetBytes(AKey);
  iv := TEncoding.ASCII.GetBytes(AIv);

  src := Base64DecodeBytes(TEncoding.UTF8.GetBytes(Data));

  cipher := TDCP_rijndael.Create(nil);
  try
    cipher.CipherMode := cmCBC;
    slen := Length(src);
    SetLength(dest, slen);
    cipher.Init(key[0], 256, @iv[0]); // DCP uses key size in BITS not BYTES
    cipher.Decrypt(src[0], dest[0], slen);
    // Remove the padding. Get the numerical value of the last byte and remove
    // that number of bytes
    pad := dest[slen - 1];
    SetLength(dest, slen - pad);

    // Base64 encode it
    result := TEncoding.Default.GetString(dest);
  finally
    cipher.Free;
  end;
end;

function EncryptData(Data: string; AKey: AnsiString; AIv: AnsiString): string;
var
  cipher: TDCP_rijndael;
  key, iv, src, dest, b64: TBytes;
  index, slen, bsize, pad: integer;
begin
  //key := Base64DecodeBytes(TEncoding.UTF8.GetBytes(AKey));
  //iv := Base64DecodeBytes(TEncoding.UTF8.GetBytes(AIv));
  key := TEncoding.ASCII.GetBytes(AKey);
  iv := TEncoding.ASCII.GetBytes(AIv);

  src := TEncoding.UTF8.GetBytes(Data);

  cipher := TDCP_rijndael.Create(nil);
  try
    cipher.CipherMode := cmCBC;
    // Add padding.
    // Resize the Value array to make it a multiple of the block length.
    // If it's already an exact multiple then add a full block of padding.
    slen := Length(src);
    bsize := (cipher.BlockSize div 8);
    pad := bsize - (slen mod bsize);
    Inc(slen, pad);
    SetLength(src, slen);
    for index := pad downto 1 do
    begin
      src[slen - index] := pad;
    end;

    SetLength(dest, slen);
    cipher.Init(key[0], 256, @iv[0]); // DCP uses key size in BITS not BYTES
    cipher.Encrypt(src[0], dest[0], slen);

    b64 := Base64EncodeBytes(dest);
    result := TEncoding.Default.GetString(b64);
  finally
    cipher.Free;
  end;
end;

The PHP and Delphi functions now give me the same answer.

EDIT

Base64DecodeBytes was a bit of code I added to the DCP Base64 unit:

function Base64DecodeBytes(Input: TBytes): TBytes;
var
  ilen, rlen: integer;
begin
  ilen := Length(Input);
  SetLength(result, (ilen div 4) * 3);
  rlen := Base64Decode(@Input[0], @result[0], ilen);
  // Adjust the length of the output buffer according to the number of valid
  // b64 characters
  SetLength(result, rlen);
end;

EDIT 2018 (Raising the dead...):

As requested, here is the encoding method, unchecked and pulled straight from an old source file I found.

DISCLAIMER: It is many years old and untested in recent memory and not used since Delphi 2010. There are probably many better alternatives now. Use at your own risk.

function Base64EncodeBytes(Input: TBytes): TBytes;
var
  ilen: integer;
begin
  ilen := Length(Input);
  SetLength(result, ((ilen + 2) div 3) * 4);
  Base64Encode(@Input[0], @result[0], ilen);
end;

I can't seem to find a reference for your Base64DecodeBytes function in Delphi. Is it declared in one of Delphi's default units or is it a function you wrote yourself? — Josh, Aug 17 '11 at 20:37
Whoops. I did my own modifications to the DCP stuff ages ago to make it unicode aware and added the Base64XXXBytes stuff too. Edited the answer to add the (unchecked) function. — shunty, Aug 18 '11 at 10:42
Base64DecodeBytes(Input: TBytes): TBytes; is buggy!!! it works only with short text to encrypt (sometimes returns range check error crypt or error in the decoding) please use Soap.EncdDecd functions that are okay. — Evilripper, Apr 29 '16 at 10:07
@Evilripper: Noted. And I'll take your word for it. But, to be honest, the post is 5 years old and I've put through quite a lot of MB without problem so I'll stick with it for now. It works in our situation so I'm not going to mess with it. I'm not using Delphi at the moment but I'll bear your recommendation in mind if I ever come back to it. Actually - I think in a subsequent answer on SO I did use EncdDecd instead :-) — shunty, Apr 29 '16 at 15:32
Is it possible for you to post your implementation of `Base64EncodeBytes`. That is missing — RaelB, Apr 29 '18 at 17:53
@raelb Encoding function added. But please take note of the disclaimer (and the previous comments from EvilRipper)! — shunty, Apr 30 '18 at 07:45

score 0 · Answer 2 · answered Aug 13 '11 at 23:22

0

Neither your PHP nor your Delphi methods appear to specify any padding. If the default paddings are different then you will get problems. Explicitly specify PKCS7 (or PKCS5) for both.

GregS' comment about the result of decoding Base64 is correct. You are supplying encrypted cyphertext to your decRJ() method. That will be random appearing bytes. Attempting to convert it to UTF-8 will mangle it enough that it cannot be decrypted. The incoming cyphertext must be converted from Base64 direct to a byte array. Cyphertext is not a character string, which is why it needs to be converted to Base64 to be transmitted as text. It will only be text again after it has been decrypted back to plaintext.

answered Aug 13 '11 at 23:22

rossum

15,344
1
24
38

I have tried several ways of converting the Base64 str to various datatypes, along with byte array, but still no luck. Now I checked the PHP demo [here](http://www.cityinthesky.co.uk/opensource/DCPcrypt) I just discovered that not even his way works. Weird. I don't know what to do atm. – Josh Aug 14 '11 at 00:28
1

Write an `encrypt()` method in Delphi and get it working with your Delphi `decRJ()` method. – rossum Aug 14 '11 at 09:44

PHP to Delphi and back Encryption-Decryption using Rijndael

2 Answers2

Linked