Decrypt C# RIJNDAEL encoded text in PHP

Question

I need to decrypt a string as part of an authorization process.

The documentation specifies that the authorization string was encrypted with the following settings:

• Padding of input data: PKCS*7
• Password byte array is 32 bytes long. Password string is converted to UTF-16 encoded byte array and byte array is then padded with zeroes up to length of 32 bytes. Longer passwords are truncated.

The C# example:

    /// <summary>
    /// Decrypts a string.
    /// </summary>
    /// <param name="content">The string to decrypt.</param>
    /// <param name="password">The password to use.</param>
    /// <returns>The decrypted string.</returns>
    private static string DecryptString(string content, string password)
    {
        Rijndael aes;
        byte[] retVal = null;
        byte[] contentBytes;
        byte[] passwordBytes;
        byte[] ivBytes;

        try
        {
            contentBytes = Convert.FromBase64String(content);

            //Create the password and initial vector bytes
            passwordBytes = new byte[32];
            ivBytes = new byte[16];
            Array.Copy(Encoding.Unicode.GetBytes(password), passwordBytes, Encoding.Unicode.GetBytes(password).Length);
            Array.Copy(passwordBytes, ivBytes, 16);

            //Create the cryptograpy object
            using (aes = Rijndael.Create())
            {
                aes.Key = passwordBytes;
                aes.IV = ivBytes;
                aes.Padding = PaddingMode.PKCS7;

                //Decrypt
                retVal = aes.CreateDecryptor().TransformFinalBlock(contentBytes, 0, contentBytes.Length);
            }
        }
        catch
        {
        }

        return Encoding.Unicode.GetString(retVal);
    }

The same function was discussed here, but for JAVA: Decrypt C# RIJNDAEL encoded text

I tried to decrypt it with the following function but the result is different than expected:

function decrypt($string, $pass){
    $iv = substr($pass, 0, 16);
    $data =  mcrypt_decrypt(MCRYPT_RIJNDAEL_256,
                        $pass,
                        base64_decode($string),
                        MCRYPT_MODE_CBC,
                        $iv);
    $pad = ord($data[strlen($data) - 1]);
    return substr($data, 0, -$pad);
}

The ecrypted string "7iTdZnp0DtGnIfwwqY4W/glbLLVZ0+asVLAuz13PzrW0wM6HC7rNuQvcG8JDSehyYeBJARdXHgLo9hRL9sBz3fN5LJ8cro3o0kFnAao2YRU="

should decrypt to

"ldYWMFlSbcki6LMl3rkNfGavnt8VqmZd" 

using the password "GAT"

I think it has something to do with the password / iv / encoding

Answer 1

function decrypt($string, $pass)
{
    $encodedPass = mb_convert_encoding($pass, 'utf-16le');
    $encodedPass = substr($encodedPass, 0, 32);
    $encodedPass = str_pad($encodedPass, 32, "\0", STR_PAD_RIGHT);
    $iv = substr($encodedPass, 0, 16);

    $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,
                        $encodedPass,
                        base64_decode($string),
                        MCRYPT_MODE_CBC,
                        $iv);
    $pad = ord($data[strlen($data) - 1]);
    return substr($data, 0, -$pad);
}

In PHP, the MCRYPT_RIJNDAEL_128 / MCRYPT_RIJNDAEL_256 isn't the size of the key, but the size of the block (see https://www.chilkatsoft.com/p/php_aes.asp ). C# normally uses 16 bytes blocks, so MCRYPT_RIJNDAEL_128 . The size of the key is auto-detected. Note that I've moved the encoding/resizing of the password inside the method.