Rijndael

Default Constructor.

Sets the initialization vector.

setIV() is not required when ecb or gcm modes are being used.

{@internal Can be overwritten by a sub class, but does not have to be}

Enables Poly1305 mode.

Once enabled Poly1305 cannot be disabled.

Enables Poly1305 mode.

Once enabled Poly1305 cannot be disabled. If $key is not passed then an attempt to call createPoly1305Key will be made.

Sets the nonce.

setNonce() is only required when gcm is used

Sets additional authenticated data

setAAD() is only used by gcm or in poly1305 mode

Returns whether or not the algorithm uses an IV

Returns whether or not the algorithm uses a nonce

Returns the current key length in bits

Returns the current block length in bits

Returns the current block length in bytes

Sets the key length.

Valid key lengths are 128, 160, 192, 224, and 256.

Note: phpseclib extends Rijndael (and AES) for using 160- and 224-bit keys but they are officially not defined and the most (if not all) implementations are not able using 160/224-bit keys but round/pad them up to 192/256 bits as, for example, mcrypt will do.

  That said, if you want be compatible with other Rijndael and AES implementations,
  you should not setKeyLength(160) or setKeyLength(224).

Additional: In case of 160- and 224-bit keys, phpseclib will/can, for that reason, not use the mcrypt php extension, even if available. This results then in slower encryption.

Sets the key.

Rijndael supports five different key lengths

Sets the password.

Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: $hash, $salt, $count, $dkLen

    Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php

{@internal Could, but not must, extend by the child Crypt_* class}

Encrypts a message.

Decrypts a message.

Get the authentication tag

Only used in GCM or Poly1305 mode

Sets the authentication tag

Only used in GCM mode

Get the IV

mcrypt requires an IV even if ECB is used

phpseclib <-> OpenSSL Mode Mapper

May need to be overwritten by classes extending this one in some cases

Pad "packets".

Block ciphers working by encrypting between their specified [$this->]block_size at a time If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to pad the input so that it is of the proper length.

Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)

Do not pad packets.

Treat consecutive "packets" as if they are a continuous buffer.

Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets will yield different outputs:

echo $rijndael->encrypt(substr($plaintext, 0, 16)); echo $rijndael->encrypt(substr($plaintext, 16, 16)); echo $rijndael->encrypt($plaintext);

The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates another, as demonstrated with the following:

$rijndael->encrypt(substr($plaintext, 0, 16)); echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16)));

With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different outputs. The reason is due to the fact that the initialization vector's change after every encryption / decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.

Put another way, when the continuous buffer is enabled, the state of the \phpseclib3\Crypt*() object changes after each encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), however, they are also less intuitive and more likely to cause you problems.

{@internal Could, but not must, extend by the child Crypt_* class}

Treat consecutive packets as if they are a discontinuous buffer.

The default behavior.

{@internal Could, but not must, extend by the child Crypt_* class}

Test for engine validity

This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()

Test for engine validity

Sets the preferred crypt engine

Currently, $engine could be:

• libsodium[very fast]

• OpenSSL [very fast]

• mcrypt [fast]

• Eval [slow]

• PHP [slowest]

If the preferred crypt engine is not available the fastest available one will be used

Returns the engine currently being utilized

Sets the engine as appropriate

Encrypts a block

Decrypts a block

Setup the key (expansion)

Setup the self::ENGINE_INTERNAL $engine

(re)init, if necessary, the internal cipher $engine and flush all $buffers Used (only) if $engine == self::ENGINE_INTERNAL

_setup() will be called each time if $changed === true typically this happens when using one or more of following public methods:

• setKey()

• setIV()

• disableContinuousBuffer()

• First run of encrypt() / decrypt() with no init-settings

{@internal setup() is always called before en/decryption.}

{@internal Could, but not must, extend by the child Crypt_* class}

Pads a string

Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to chr($this->block_size - (strlen($text) % $this->block_size)

If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.

Unpads a string.

If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.

Creates the performance-optimized function for en/decrypt()

Internally for phpseclib developers:

_createInlineCryptFunction():

• merge the $cipher_code [setup'ed by _setupInlineCrypt()] with the current [$this->]mode of operation code

• create the $inline function, which called by encrypt() / decrypt() as its replacement to speed up the en/decryption operations.

• return the name of the created $inline callback function

• used to speed up en/decryption

The main reason why can speed up things [up to 50%] this way are:

• using variables more effective then regular. (ie no use of expensive arrays but integers $k_0, $k_1 ... or even, for example, the pure $key[] values hardcoded)

• avoiding 1000's of function calls of ie _encryptBlock() but inlining the crypt operations. in the mode of operation for() loop.

• full loop unroll the (sometimes key-dependent) rounds avoiding this way ++$i counters and runtime-if's etc...

The basic code architectur of the generated $inline en/decrypt() lambda function, in pseudo php, is:

+----------------------------------------------------------------------------------------------+ | callback $inline = create_function: | | lambda_function_0001_crypt_ECB($action, $text) | | { | | INSERT PHP CODE OF: | | $cipher_code['init_crypt']; // general init code. | | // ie: $sbox'es declarations used for | | // encrypt and decrypt'ing. | | | | switch ($action) { | | case 'encrypt': | | INSERT PHP CODE OF: | | $cipher_code['init_encrypt']; // encrypt sepcific init code. | | ie: specified $key or $box | | declarations for encrypt'ing. | | | | foreach ($ciphertext) { | | $in = $block_size of $ciphertext; | | | | INSERT PHP CODE OF: | | $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: | | // strlen($in) == $this->block_size | | // here comes the cipher algorithm in action | | // for encryption. | | // $cipher_code['encrypt_block'] has to | | // encrypt the content of the $in variable | | | | $plaintext .= $in; | | } | | return $plaintext; | | | | case 'decrypt': | | INSERT PHP CODE OF: | | $cipher_code['init_decrypt']; // decrypt sepcific init code | | ie: specified $key or $box | | declarations for decrypt'ing. | | foreach ($plaintext) { | | $in = $block_size of $plaintext; | | | | INSERT PHP CODE OF: | | $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always | | // strlen($in) == $this->block_size | | // here comes the cipher algorithm in action | | // for decryption. | | // $cipher_code['decrypt_block'] has to | | // decrypt the content of the $in variable | | $ciphertext .= $in; | | } | | return $ciphertext; | | } | | } | +----------------------------------------------------------------------------------------------+

See also the \phpseclib3\Crypt*::_setupInlineCrypt()'s for productive inline $cipher_code's how they works.

Structure of: $cipher_code = [ 'init_crypt' => (string) '', // optional 'init_encrypt' => (string) '', // optional 'init_decrypt' => (string) '', // optional 'encrypt_block' => (string) '', // required 'decrypt_block' => (string) '' // required ];

Convert float to int

On ARM CPUs converting floats to ints doesn't always work

eval()'able string for in-line float to int

NULL pads a string to be a multiple of 128

Calculates Poly1305 MAC

On my system ChaCha20, with libsodium, takes 0.5s. With this custom Poly1305 implementation it takes 1.2s.

Sets the block length

Valid block lengths are 128, 160, 192, 224, and 256.

Provides the mixColumns and sboxes tables

Provides the inverse mixColumns and inverse sboxes tables

Setup the performance-optimized function for de/encrypt()