While finishing the CAST-128 cipher for phpCrypt, I think I discovered a bug in mcrypt’s CAST-128 implementation. When testing mCrypt CAST-128 implementation against the CAST-128 test vectors at http://tools.ietf.org/html/rfc2144, I noticed that when using 40 and 80 bit keys, the cipher text does not match the test vectors. 128 bit keys seem to work fine, unless the key is null padded to 128 bits, in which case it isn’t working. I took a little look into the mCrypt CAST-128 source, and I think it may be coming from _mcrypt_set_key() in cast-128.c. In any case I’m too busy to really track it down. I thought I’d just post that as maybe someone else will read this and take the time to look into it.
Now the good news! Because phpCrypt does not rely on mCrypt or any other PHP extensions, this is not an issue with phpCrypt. I finished CAST-128 for phpCrypt and pushed the latest changes to the phpCrypt GitHub repository. The CAST-128 implementation in phpCrypt returns the proper cipher text for all the test vectors and will be included in the next version 0.5.