Rijndael key padding does not match PHP's key padding

The Rijndael key padding used in mcrypt.js always pads the encryption key with 
0's (null) up to 32 bytes, but PHP's mcrypt functions pad the key up to the 
nearest valid key length (16, 24, or 32 bytes).

PHP exmaple:

<?php
//15 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("387498719817984798740000000000"), "test string to encrypt", 
MCRYPT_MODE_ECB))."\n";
//16 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("38749871981798479874000000000000"), "test string to encrypt", 
MCRYPT_MODE_ECB))."\n";
//17 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("3874987198179847987400000000000000"), "test string to encrypt", 
MCRYPT_MODE_ECB))."\n";
//23 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("3874987198179847987400000000000000000000000000"), "test string to 
encrypt", MCRYPT_MODE_ECB))."\n";
//24 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("387498719817984798740000000000000000000000000000"), "test string to 
encrypt", MCRYPT_MODE_ECB))."\n";
//25 byte key
echo bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
hex2bin("38749871981798479874000000000000000000000000000000"), "test string to 
encrypt", MCRYPT_MODE_ECB))."\n";
?>

Output:

e544da48ce56ace9b74e7267cecc867bf87b275202419a5ab4ce2a59ab63c75c
e544da48ce56ace9b74e7267cecc867bf87b275202419a5ab4ce2a59ab63c75c
ef4c7f8811e758b6c9b0955e91163d8850e0259979571ef0f1b3a5417b448699
ef4c7f8811e758b6c9b0955e91163d8850e0259979571ef0f1b3a5417b448699
ef4c7f8811e758b6c9b0955e91163d8850e0259979571ef0f1b3a5417b448699
d49d2edc6937eb50765a508d2d4b6b74d4fc2851f41c81e733a7fe5fc0ed550f

This padding behavior occurs regardless of the rijndael algorithm (128 vs 192 
vs 256) and ragardless of the block cipher mode (ECB vs CBC).

Tested on PHP 5.0.4 through 5.5.0.

Original issue reported on code.google.com by bratton....@gmail.com on 17 Sep 2013 at 1:57

thomaroger / js-mcrypt

Rijndael key padding does not match PHP's key padding #3