Understanding PHP AES Encryption

This PHP code snippet provides a basic understanding of PHP's AES encryption. AES Encryption PHP Code Snippet.

<?php
	
	// This PHP code snippet provides a basic understanding of 
	// PHP's AES encryption.

	// The first thing to understand is the meaning of these constants:
	// MCRYPT_RIJNDAEL_128
	// MCRYPT_RIJNDAEL_192
	// MCRYPT_RIJNDAEL_256
	// You would think that MCRYPT_RIJNDAEL_256 specifies 256-bit encryption,
	// but that is wrong.  The three choices specify the block-size to be used
	// with Rijndael encryption.  They say nothing about the key size (i.e. strength)
	// of the encryption.  (Read further to understand how the strength of the
	// AES encryption is set.)
	//
	// The Rijndael encyrption algorithm is a block cipher.  It operates on discrete 
	// blocks of data.  Padding MUST be added such that
    // the data to be encrypted has a length that is a multiple of the block size.
	// (PHP pads with NULL bytes)
	// Thus, if you specify MCRYPT_RIJNDAEL_256, your encrypted output will always
	// be a multiple of 32 bytes (i.e. 256 bits).  If you specify MCRYPT_RIJNDAEL_128,
	// your encrypted output will always be a multiple of 16 bytes.
	//
	// Note: Strictly speaking, AES is not precisely Rijndael (although in practice 
	// they are used interchangeably) as Rijndael supports a larger range of block 
	// and key sizes; AES has a fixed block size of 128 bits and a key size of 
	// 128, 192, or 256 bits, whereas Rijndael can be specified with key and block 
	// sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 
	// 256 bits.
	// In summary: If you want to be AES compliant, always choose MCRYPT_RIJNDAEL_128.
	//
	// So the first step is to create the cipher object:
	$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
	
	// We're using CBC mode (cipher-block chaining).  Block cipher modes are detailed
	// here: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
		
	// CBC mode requires an initialization vector.  The size of the IV (initialization
	// vector) is always equal to the block-size.  (It is NOT equal to the key size.)
	// Given that our block size is 128-bits, the IV is also 128-bits (i.e. 16 bytes).
	// Thus, for AES encryption, the IV is always 16 bytes regardless of the 
	// strength of encryption.
	// 
	// Here's some PHP code to verify our IV size:
	$iv_size = mcrypt_enc_get_iv_size($cipher);
	printf("iv_size = %d\n",$iv_size);
	
	// How do you do 256-bit AES encryption in PHP vs. 128-bit AES encryption???
	// The answer is:  Give it a key that's 32 bytes long as opposed to 16 bytes long.
	// For example:
	$key256 = '12345678901234561234567890123456';
	$key128 = '1234567890123456';
	
	// Here's our 128-bit IV which is used for both 256-bit and 128-bit keys.
	$iv =  '1234567890123456';
	
	printf("iv: %s\n",bin2hex($iv));
	printf("key256: %s\n",bin2hex($key256));
	printf("key128: %s\n",bin2hex($key128));
	
	// This is the plain-text to be encrypted:
	$cleartext = 'The quick brown fox jumped over the lazy dog';
	printf("plainText: %s\n\n",$cleartext);
		
	// The mcrypt_generic_init function initializes the cipher by specifying both
	// the key and the IV.  The length of the key determines whether we're doing
	// 128-bit, 192-bit, or 256-bit encryption.  
	// Let's do 256-bit encryption here:
	if (mcrypt_generic_init($cipher, $key256, $iv) != -1)
	{
		// PHP pads with NULL bytes if $cleartext is not a multiple of the block size..
		$cipherText = mcrypt_generic($cipher,$cleartext );
		mcrypt_generic_deinit($cipher);
		
		// Display the result in hex.
		printf("256-bit encrypted result:\n%s\n\n",bin2hex($cipherText));
	}
	
	// Now let's do 128-bit encryption:
	if (mcrypt_generic_init($cipher, $key128, $iv) != -1)
	{
		// PHP pads with NULL bytes if $cleartext is not a multiple of the block size..
		$cipherText = mcrypt_generic($cipher,$cleartext );
		mcrypt_generic_deinit($cipher);
		
		// Display the result in hex.
		printf("128-bit encrypted result:\n%s\n\n",bin2hex($cipherText));
	}
	
	// -------
	// Results
	// -------
	// You may use these as test vectors for testing your AES implementations...
	// 
	// ------------------------
	// 256-bit key, CBC mode
	// ------------------------
	// IV = '1234567890123456'  
	//  (hex: 31323334353637383930313233343536)
	// Key = '12345678901234561234567890123456'  
	//  (hex: 3132333435363738393031323334353631323334353637383930313233343536)
	// PlainText:
	//  'The quick brown fox jumped over the lazy dog'
	// CipherText(hex):
	//  2fddc3abec692e1572d9b7d629172a05caf230bc7c8fd2d26ccfd65f9c54526984f7cb1c4326ef058cd7bee3967299e3

	// 
	// ------------------------
	// 128-bit key, CBC mode
	// ------------------------
	// IV = '1234567890123456'  
	//  (hex: 31323334353637383930313233343536)
	// Key = '1234567890123456'  
	//  (hex: 31323334353637383930313233343536)
	// PlainText:
	//  'The quick brown fox jumped over the lazy dog'
	// CipherText(hex):
	//  f78176ae8dfe84578529208d30f446bbb29a64dc388b5c0b63140a4f316b3f341fe7d3b1a3cc5113c81ef8dd714a1c99
	
?>
	

ASP: AES Encryption to Match PHP's Mcrypt Extension
SQL Server: AES Encryption to Match PHP's Mcrypt Extension
C#: AES Encryption to Match PHP's Mcrypt Extension
C++: AES Encryption to Match PHP's Mcrypt Extension
MFC: AES Encryption to Match PHP's Mcrypt Extension
C: AES Encryption to Match PHP's Mcrypt Extension
Delphi: AES Encryption to Match PHP's Mcrypt Extension
Visual FoxPro: AES Encryption to Match PHP's Mcrypt Extension
Java: AES Encryption to Match PHP's Mcrypt Extension
Perl: AES Encryption to Match PHP's Mcrypt Extension
Python: AES Encryption to Match PHP's Mcrypt Extension
Ruby: AES Encryption to Match PHP's Mcrypt Extension
VB.NET: AES Encryption to Match PHP's Mcrypt Extension
Visual Basic: AES Encryption to Match PHP's Mcrypt Extension
VBScript: AES Encryption to Match PHP's Mcrypt Extension