PHP IF not working after Encrypt and Decrypt a String

Question

I want to encypt all my session php data and when I want to use these information , decrypt them for this I am using these functions :

define("ENCRYPTION_KEY", "!@#$%^Soheil&*");

/**
 * Returns an encrypted & utf8-encoded
 */
function encrypt($pure_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

/**
 * Returns decrypted original string
 */
function decrypt($encrypted_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

and when I want to set my data I use this code:

$_SESSION["admin_username"] = encrypt($username, ENCRYPTION_KEY);
$_SESSION["seller_id"] = encrypt($user_array['id'], ENCRYPTION_KEY);
$_SESSION['seller_name'] = $user_array['name'];
$_SESSION['login_ok'] = encrypt('ok', ENCRYPTION_KEY);

now when i want to show Decrypted date it works good , but when I want to use it in an IF statement it does not work :

$seller_user_id =  decrypt( $_SESSION["seller_id"] , ENCRYPTION_KEY); 
$seller_user_name =  $_SESSION["seller_name"] ;  
$login_ok = decrypt( $_SESSION["login_ok"] , ENCRYPTION_KEY); 

echo "login_ok is : " .$login_ok  ;

if ( $login_ok  == 'ok'  )
{

}
else
{
    echo "Login Fail";
    echo "<br> " .$login_ok ;

}

and this out put is :

login_ok is : ok Login Fail ok

as you see $login_ok == 'ok' is true but the code says it is fals ! I dont Know whats the problem ! It is simple but ...

Answer 1

A block cipher (such as Blowfish) with a block mode (such as ECB) works only on plaintext that is a multiple of the block size. The block size for Blowfish is 64 bit, but the string "ok" is smaller than the block size, so mcrypt automatically pads the plaintext with 0x00 bytes to the next multiple of the block size.

You need to remove that padding after decryption:

$decrypted_string = rtrim(mcrypt_decrypt(...), "\0");

Note that this will also remove 0x00 bytes from the legitimate plaintext if it happens to end on 0x00 bytes. If you want to prevent that, you need to use proper padding for encryption and decryption such as PKCS#7 padding.

Answer 2

Trim the decrypted data for white spaces. Use trim() function before using in if condition.

$login_ok = trim(decrypted data);

If( $login_ok ) 

{ 

your function 

}

Answer 3

On http://php.net/manual/en/function.mcrypt-decrypt.php you can read:

The data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'.

So before compare the returned data with other strings you have to trim it, as you can see in the example below:

$seller_user_id =  decrypt( $_SESSION["seller_id"] , ENCRYPTION_KEY); 
$seller_user_name =  $_SESSION["seller_name"] ;  
$login_ok = rtrim(decrypt( $_SESSION["login_ok"] , ENCRYPTION_KEY), "\0\4"); 

echo "login_ok is : " . $login_ok . "<br>";

if ($login_ok  == 'ok') {
    echo "Logged in succesfully!!"; 
} else {
    echo "Login Fail - " .$login_ok ;
}

This example trim the NULL (\0) and the EOTs (\4) at the end of the string with rtrim( ... , "\0\4");