Crypt_TripleDES
class Crypt_TripleDES extends Crypt_DES (View source)
Pure-PHP implementation of Triple DES.
Properties
int | $mode | The Encryption Mode | from Crypt_Base |
int | $block_size | Block Length of the cipher | from Crypt_DES |
string | $key | The Key | from Crypt_Base |
string | $iv | The Initialization Vector | from Crypt_Base |
string | $encryptIV | A "sliding" Initialization Vector | from Crypt_Base |
string | $decryptIV | A "sliding" Initialization Vector | from Crypt_Base |
bool | $continuousBuffer | Continuous Buffer status | from Crypt_Base |
array | $enbuffer | Encryption buffer for CTR, OFB and CFB modes | from Crypt_Base |
array | $debuffer | Decryption buffer for CTR, OFB and CFB modes | from Crypt_Base |
resource | $enmcrypt | mcrypt resource for encryption | from Crypt_Base |
resource | $demcrypt | mcrypt resource for decryption | from Crypt_Base |
bool | $enchanged | Does the enmcrypt resource need to be (re)initialized? | from Crypt_Base |
bool | $dechanged | Does the demcrypt resource need to be (re)initialized? | from Crypt_Base |
resource | $ecb | mcrypt resource for CFB mode | from Crypt_Base |
int | $cfb_init_len | Optimizing value while CFB-encrypting | |
bool | $changed | Does internal cipher state need to be (re)initialized? | from Crypt_Base |
bool | $padding | Padding status | from Crypt_Base |
bool | $paddable | Is the mode one that is paddable? | from Crypt_Base |
int | $engine | Holds which crypt engine internaly should be use, which will be determined automatically on __construct() | from Crypt_Base |
int | $preferredEngine | Holds the preferred crypt engine | from Crypt_Base |
string | $cipher_name_mcrypt | The mcrypt specific name of the cipher | |
string | $cipher_name_openssl | The openssl specific name of the cipher | from Crypt_Base |
string | $cipher_name_openssl_ecb | The openssl specific name of the cipher in ECB mode | from Crypt_Base |
string | $password_default_salt | The default salt used by setPassword() | |
string | $const_namespace | The namespace used by the cipher for its constants. | |
callable | $inline_crypt | The name of the performance-optimized callback function | from Crypt_Base |
mixed | $use_inline_crypt | Holds whether performance-optimized $inline_crypt() can/should be used. | from Crypt_Base |
bool | $openssl_emulate_ctr | If OpenSSL can be used in ECB but not in CTR we can emulate CTR | from Crypt_Base |
mixed | $openssl_options | Determines what options are passed to openssl_encrypt/decrypt | from Crypt_Base |
bool | $explicit_key_length | Has the key length explicitly been set or should it be derived from the key, itself? | from Crypt_Base |
bool | $skip_key_adjustment | Don't truncate / null pad key | from Crypt_Base |
int | $key_length | Key Length (in bytes) | |
array | $openssl_mode_names | The OpenSSL names of the cipher / modes | from Crypt_DES |
int | $des_rounds | Switch for DES/3DES encryption | from Crypt_DES |
string | $key_length_max | max possible size of $key | |
array | $keys | The Key Schedule | from Crypt_DES |
array | $shuffle | Shuffle table. | from Crypt_DES |
array | $ipmap | IP mapping helper table. | from Crypt_DES |
array | $invipmap | Inverse IP mapping helper table. | from Crypt_DES |
array | $sbox1 | Pre-permuted S-box1 | from Crypt_DES |
array | $sbox2 | Pre-permuted S-box2 | from Crypt_DES |
array | $sbox3 | Pre-permuted S-box3 | from Crypt_DES |
array | $sbox4 | Pre-permuted S-box4 | from Crypt_DES |
array | $sbox5 | Pre-permuted S-box5 | from Crypt_DES |
array | $sbox6 | Pre-permuted S-box6 | from Crypt_DES |
array | $sbox7 | Pre-permuted S-box7 | from Crypt_DES |
array | $sbox8 | Pre-permuted S-box8 | from Crypt_DES |
bool | $mode_3cbc | Internal flag whether using CRYPT_DES_MODE_3CBC or not | |
array | $des | The Crypt_DES objects |
Methods
Default Constructor.
Sets the initialization vector. (optional)
Sets the key length.
Sets the key.
Encrypts a message.
Decrypts a message.
OpenSSL CTR Processor
OpenSSL OFB Processor
Treat consecutive "packets" as if they are a continuous buffer.
Treat consecutive packets as if they are a discontinuous buffer.
Test for engine validity
Sets the internal crypt engine
Creates the key schedule
Creates the performance-optimized function for en/decrypt()
PHP4 compatible Default Constructor.
Details
__construct(int $mode = CRYPT_MODE_CBC)
Default Constructor.
Determines whether or not the mcrypt extension should be used.
$mode could be:
CRYPT_DES_MODE_ECB
CRYPT_DES_MODE_CBC
CRYPT_DES_MODE_CTR
CRYPT_DES_MODE_CFB
CRYPT_DES_MODE_OFB
CRYPT_DES_MODE_3CBC
If not explicitly set, CRYPT_DES_MODE_CBC will be used.
Crypt_Base(int $mode = CRYPT_MODE_CBC)
PHP4 compatible Default Constructor.
setIV(string $iv)
Sets the initialization vector. (optional)
SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explicitly set, it'll be assumed to be all zero's.
setKeyLength(int $length)
Sets the key length.
Valid key lengths are 64, 128 and 192
int
getKeyLength()
Returns the current key length in bits
int
getBlockLength()
Returns the current block length in bits
setKey(string $key)
Sets the key.
Keys can be of any length. Triple DES, itself, can use 128-bit (eg. strlen($key) == 16) or 192-bit (eg. strlen($key) == 24) keys. This function pads and truncates $key as appropriate.
DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
If the key is not explicitly set, it'll be assumed to be all null bytes.
bool
setPassword(string $password, string $method = 'pbkdf2')
Sets the password.
Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: $hash, $salt, $count, $dkLen
Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php
string
encrypt(string $plaintext)
Encrypts a message.
string
decrypt(string $ciphertext)
Decrypts a message.
string
_openssl_ctr_process(string $plaintext, string $encryptIV, array $buffer)
OpenSSL CTR Processor
PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for CTR is the same for both encrypting and decrypting this function is re-used by both Crypt_Base::encrypt() and Crypt_Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this function will emulate CTR with ECB when necessary.
string
_openssl_ofb_process(string $plaintext, string $encryptIV, array $buffer)
OpenSSL OFB Processor
PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for OFB is the same for both encrypting and decrypting this function is re-used by both Crypt_Base::encrypt() and Crypt_Base::decrypt().
int
_openssl_translate_mode()
phpseclib <-> OpenSSL Mode Mapper
May need to be overwritten by classes extending this one in some cases
enablePadding()
Pad "packets".
Block ciphers working by encrypting between their specified [$this->]block_size at a time If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to pad the input so that it is of the proper length.
Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)
disablePadding()
Do not pad packets.
enableContinuousBuffer()
Treat consecutive "packets" as if they are a continuous buffer.
Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets will yield different outputs:
echo $des->encrypt(substr($plaintext, 0, 8));
echo $des->encrypt(substr($plaintext, 8, 8));
echo $des->encrypt($plaintext);
The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates another, as demonstrated with the following:
$des->encrypt(substr($plaintext, 0, 8));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different outputs. The reason is due to the fact that the initialization vector's change after every encryption / decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), however, they are also less intuitive and more likely to cause you problems.
disableContinuousBuffer()
Treat consecutive packets as if they are a discontinuous buffer.
The default behavior.
bool
isValidEngine(int $engine)
Test for engine validity
This is mainly just a wrapper to set things up for Crypt_Base::isValidEngine()
setPreferredEngine(int $engine)
Sets the internal crypt engine
getEngine()
Returns the engine currently being utilized
_setEngine()
Sets the engine as appropriate
string
_encryptBlock(string $in)
Encrypts a block
string
_decryptBlock(string $in)
Decrypts a block
_setupKey()
Creates the key schedule
_setup()
Setup the CRYPT_ENGINE_INTERNAL $engine
(re)init, if necessary, the internal cipher $engine and flush all $buffers Used (only) if $engine == CRYPT_ENGINE_INTERNAL
_setup() will be called each time if $changed === true typically this happens when using one or more of following public methods:
setKey()
setIV()
disableContinuousBuffer()
First run of encrypt() / decrypt() with no init-settings
_setupMcrypt()
Setup the CRYPT_ENGINE_MCRYPT $engine
(re)init, if necessary, the (ext)mcrypt resources and flush all $buffers Used (only) if $engine = CRYPT_ENGINE_MCRYPT
_setupMcrypt() will be called each time if $changed === true typically this happens when using one or more of following public methods:
setKey()
setIV()
disableContinuousBuffer()
First run of encrypt() / decrypt()
string
_pad(string $text)
Pads a string
Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to chr($this->block_size - (strlen($text) % $this->block_size)
If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.
string
_unpad(string $text)
Unpads a string.
If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.
_clearBuffers()
Clears internal buffers
Clearing/resetting the internal buffers is done everytime after disableContinuousBuffer() or on cipher $engine (re)init ie after setKey() or setIV()
string
_string_shift(string $string, int $index = 1)
String Shift
Inspired by array_shift
string
_string_pop(string $string, int $index = 1)
String Pop
Inspired by array_pop
_increment_str(string $var)
Increment the current string
_setupInlineCrypt()
Setup the performance-optimized function for de/encrypt()
string
_createInlineCryptFunction(array $cipher_code)
Creates the performance-optimized function for en/decrypt()
Internally for phpseclib developers:
_createInlineCryptFunction():
merge the $cipher_code [setup'ed by _setupInlineCrypt()] with the current [$this->]mode of operation code
create the $inline function, which called by encrypt() / decrypt() as its replacement to speed up the en/decryption operations.
return the name of the created $inline callback function
used to speed up en/decryption
The main reason why can speed up things [up to 50%] this way are:
using variables more effective then regular. (ie no use of expensive arrays but integers $k_0, $k_1 ... or even, for example, the pure $key[] values hardcoded)
avoiding 1000's of function calls of ie _encryptBlock() but inlining the crypt operations. in the mode of operation for() loop.
full loop unroll the (sometimes key-dependent) rounds avoiding this way ++$i counters and runtime-if's etc...
The basic code architectur of the generated $inline en/decrypt() lambda function, in pseudo php, is:
+----------------------------------------------------------------------------------------------+
| callback $inline = create_function: |
| lambda_function_0001_crypt_ECB($action, $text) |
| { |
| INSERT PHP CODE OF: |
| $cipher_code['init_crypt']; // general init code. |
| // ie: $sbox'es declarations used for |
| // encrypt and decrypt'ing. |
| |
| switch ($action) { |
| case 'encrypt': |
| INSERT PHP CODE OF: |
| $cipher_code['init_encrypt']; // encrypt sepcific init code. |
| ie: specified $key or $box |
| declarations for encrypt'ing. |
| |
| foreach ($ciphertext) { |
| $in = $block_size of $ciphertext; |
| |
| INSERT PHP CODE OF: |
| $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: |
| // strlen($in) == $this->block_size |
| // here comes the cipher algorithm in action |
| // for encryption. |
| // $cipher_code['encrypt_block'] has to |
| // encrypt the content of the $in variable |
| |
| $plaintext .= $in; |
| } |
| return $plaintext; |
| |
| case 'decrypt': |
| INSERT PHP CODE OF: |
| $cipher_code['init_decrypt']; // decrypt sepcific init code |
| ie: specified $key or $box |
| declarations for decrypt'ing. |
| foreach ($plaintext) { |
| $in = $block_size of $plaintext; |
| |
| INSERT PHP CODE OF: |
| $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always |
| // strlen($in) == $this->block_size |
| // here comes the cipher algorithm in action |
| // for decryption. |
| // $cipher_code['decrypt_block'] has to |
| // decrypt the content of the $in variable |
| $ciphertext .= $in; |
| } |
| return $ciphertext; |
| } |
| } |
+----------------------------------------------------------------------------------------------+
See also the Crypt_*::_setupInlineCrypt()'s for productive inline $cipher_code's how they works.
Structure of:
$cipher_code = array(
'init_crypt' => (string) '', // optional
'init_encrypt' => (string) '', // optional
'init_decrypt' => (string) '', // optional
'encrypt_block' => (string) '', // required
'decrypt_block' => (string) '' // required
);
array
_getLambdaFunctions()
Holds the lambda_functions table (classwide)
Each name of the lambda function, created from _setupInlineCrypt() && _createInlineCryptFunction() is stored, classwide (!), here for reusing.
The string-based index of $function is a classwide unique value representing, at least, the $mode of operation (or more... depends of the optimizing level) for which $mode the lambda function was created.
string
_hashInlineCryptFunction(string $bytes)
Generates a digest from $bytes
int
safe_intval(string $x)
Convert float to int
On 32-bit Linux installs running PHP < 5.3 converting floats to ints doesn't always work
string
safe_intval_inline()
eval()'able string for in-line float to int
do_nothing()
Dummy error handler to suppress mcrypt errors
string
_processBlock(string $block, int $mode)
Encrypts or decrypts a 64-bit block
$mode should be either CRYPT_DES_ENCRYPT or CRYPT_DES_DECRYPT. See {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general idea of what this function does.
Crypt_TripleDES(int $mode = CRYPT_MODE_CBC)
PHP4 compatible Default Constructor.