2 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
\r
5 * Pure-PHP implementation of Rijndael.
\r
7 * Does not use mcrypt, even when available, for reasons that are explained below.
\r
9 * PHP versions 4 and 5
\r
11 * If {@link Crypt_Rijndael::setBlockLength() setBlockLength()} isn't called, it'll be assumed to be 128 bits. If
\r
12 * {@link Crypt_Rijndael::setKeyLength() setKeyLength()} isn't called, it'll be calculated from
\r
13 * {@link Crypt_Rijndael::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's
\r
14 * 136-bits it'll be null-padded to 160-bits and 160 bits will be the key length until
\r
15 * {@link Crypt_Rijndael::setKey() setKey()} is called, again, at which point, it'll be recalculated.
\r
17 * Not all Rijndael implementations may support 160-bits or 224-bits as the block length / key length. mcrypt, for example,
\r
18 * does not. AES, itself, only supports block lengths of 128 and key lengths of 128, 192, and 256.
\r
19 * {@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=10 Rijndael-ammended.pdf#page=10} defines the
\r
20 * algorithm for block lengths of 192 and 256 but not for block lengths / key lengths of 160 and 224. Indeed, 160 and 224
\r
21 * are first defined as valid key / block lengths in
\r
22 * {@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=44 Rijndael-ammended.pdf#page=44}:
\r
23 * Extensions: Other block and Cipher Key lengths.
\r
25 * {@internal The variable names are the same as those in
\r
26 * {@link http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf#page=10 fips-197.pdf#page=10}.}}
\r
28 * Here's a short example of how to use this library:
\r
31 * include('Crypt/Rijndael.php');
\r
33 * $rijndael = new Crypt_Rijndael();
\r
35 * $rijndael->setKey('abcdefghijklmnop');
\r
37 * $size = 10 * 1024;
\r
39 * for ($i = 0; $i < $size; $i++) {
\r
43 * echo $rijndael->decrypt($rijndael->encrypt($plaintext));
\r
47 * LICENSE: This library is free software; you can redistribute it and/or
\r
48 * modify it under the terms of the GNU Lesser General Public
\r
49 * License as published by the Free Software Foundation; either
\r
50 * version 2.1 of the License, or (at your option) any later version.
\r
52 * This library is distributed in the hope that it will be useful,
\r
53 * but WITHOUT ANY WARRANTY; without even the implied warranty of
\r
54 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
\r
55 * Lesser General Public License for more details.
\r
57 * You should have received a copy of the GNU Lesser General Public
\r
58 * License along with this library; if not, write to the Free Software
\r
59 * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
\r
63 * @package Crypt_Rijndael
\r
64 * @author Jim Wigginton <terrafrost@php.net>
\r
65 * @copyright MMVIII Jim Wigginton
\r
66 * @license http://www.gnu.org/licenses/lgpl.txt
\r
67 * @version $Id: Rijndael.php,v 1.12 2010/02/09 06:10:26 terrafrost Exp $
\r
68 * @link http://phpseclib.sourceforge.net
\r
73 * @see Crypt_Rijndael::encrypt()
\r
74 * @see Crypt_Rijndael::decrypt()
\r
77 * Encrypt / decrypt using the Counter mode.
\r
79 * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.
\r
81 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29
\r
83 define('CRYPT_RIJNDAEL_MODE_CTR', -1);
\r
85 * Encrypt / decrypt using the Electronic Code Book mode.
\r
87 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
\r
89 define('CRYPT_RIJNDAEL_MODE_ECB', 1);
\r
91 * Encrypt / decrypt using the Code Book Chaining mode.
\r
93 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29
\r
95 define('CRYPT_RIJNDAEL_MODE_CBC', 2);
\r
100 * @see Crypt_Rijndael::Crypt_Rijndael()
\r
103 * Toggles the internal implementation
\r
105 define('CRYPT_RIJNDAEL_MODE_INTERNAL', 1);
\r
107 * Toggles the mcrypt implementation
\r
109 define('CRYPT_RIJNDAEL_MODE_MCRYPT', 2);
\r
113 * Pure-PHP implementation of Rijndael.
\r
115 * @author Jim Wigginton <terrafrost@php.net>
\r
118 * @package Crypt_Rijndael
\r
120 class Crypt_Rijndael {
\r
122 * The Encryption Mode
\r
124 * @see Crypt_Rijndael::Crypt_Rijndael()
\r
133 * @see Crypt_Rijndael::setKey()
\r
137 var $key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
\r
140 * The Initialization Vector
\r
142 * @see Crypt_Rijndael::setIV()
\r
149 * A "sliding" Initialization Vector
\r
151 * @see Crypt_Rijndael::enableContinuousBuffer()
\r
155 var $encryptIV = '';
\r
158 * A "sliding" Initialization Vector
\r
160 * @see Crypt_Rijndael::enableContinuousBuffer()
\r
164 var $decryptIV = '';
\r
167 * Continuous Buffer status
\r
169 * @see Crypt_Rijndael::enableContinuousBuffer()
\r
173 var $continuousBuffer = false;
\r
178 * @see Crypt_Rijndael::enablePadding()
\r
182 var $padding = true;
\r
185 * Does the key schedule need to be (re)calculated?
\r
188 * @see setBlockLength()
\r
189 * @see setKeyLength()
\r
193 var $changed = true;
\r
196 * Has the key length explicitly been set or should it be derived from the key, itself?
\r
198 * @see setKeyLength()
\r
202 var $explicit_key_length = false;
\r
214 * The Inverse Key Schedule
\r
225 * @see setBlockLength()
\r
228 * @internal The max value is 32, the min value is 16. All valid values are multiples of 4. Exists in conjunction with
\r
229 * $Nb because we need this value and not $Nb to pad strings appropriately.
\r
231 var $block_size = 16;
\r
234 * The Block Length divided by 32
\r
236 * @see setBlockLength()
\r
239 * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4. Exists in conjunction with $block_size
\r
240 * because the encryption / decryption / key schedule creation requires this number and not $block_size. We could
\r
241 * derive this from $block_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu
\r
242 * of that, we'll just precompute it once.
\r
250 * @see setKeyLength()
\r
253 * @internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $key_size
\r
254 * because the encryption / decryption / key schedule creation requires this number and not $key_size. We could
\r
255 * derive this from $key_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu
\r
256 * of that, we'll just precompute it once.
\r
258 var $key_size = 16;
\r
261 * The Key Length divided by 32
\r
263 * @see setKeyLength()
\r
266 * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4
\r
271 * The Number of Rounds
\r
275 * @internal The max value is 14, the min value is 10.
\r
288 * Precomputed mixColumns table
\r
290 * @see Crypt_Rijndael()
\r
297 * Precomputed mixColumns table
\r
299 * @see Crypt_Rijndael()
\r
306 * Precomputed mixColumns table
\r
308 * @see Crypt_Rijndael()
\r
315 * Precomputed mixColumns table
\r
317 * @see Crypt_Rijndael()
\r
324 * Precomputed invMixColumns table
\r
326 * @see Crypt_Rijndael()
\r
333 * Precomputed invMixColumns table
\r
335 * @see Crypt_Rijndael()
\r
342 * Precomputed invMixColumns table
\r
344 * @see Crypt_Rijndael()
\r
351 * Precomputed invMixColumns table
\r
353 * @see Crypt_Rijndael()
\r
360 * Default Constructor.
\r
362 * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be
\r
363 * CRYPT_RIJNDAEL_MODE_ECB or CRYPT_RIJNDAEL_MODE_CBC. If not explictly set, CRYPT_RIJNDAEL_MODE_CBC will be used.
\r
365 * @param optional Integer $mode
\r
366 * @return Crypt_Rijndael
\r
369 function Crypt_Rijndael($mode = CRYPT_RIJNDAEL_MODE_CBC)
\r
372 case CRYPT_RIJNDAEL_MODE_ECB:
\r
373 case CRYPT_RIJNDAEL_MODE_CBC:
\r
374 case CRYPT_RIJNDAEL_MODE_CTR:
\r
375 $this->mode = $mode;
\r
378 $this->mode = CRYPT_RIJNDAEL_MODE_CBC;
\r
386 $dt3 = &$this->dt3;
\r
387 $dt2 = &$this->dt2;
\r
388 $dt1 = &$this->dt1;
\r
389 $dt0 = &$this->dt0;
\r
391 // according to <http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=19> (section 5.2.1),
\r
392 // precomputed tables can be used in the mixColumns phase. in that example, they're assigned t0...t3, so
\r
393 // those are the names we'll use.
\r
395 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6, 0x6F6FB1DE, 0xC5C55491,
\r
396 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56, 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC,
\r
397 0xCACA458F, 0x82829D1F, 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB,
\r
398 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753, 0x727296E4, 0xC0C05B9B,
\r
399 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C, 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83,
\r
400 0x34345C68, 0xA5A5F451, 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A,
\r
401 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137, 0x05050F0A, 0x9A9AB52F,
\r
402 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF, 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA,
\r
403 0x09091B12, 0x83839E1D, 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B,
\r
404 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD, 0x2F2F715E, 0x84849713,
\r
405 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1, 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6,
\r
406 0x6A6ABED4, 0xCBCB468D, 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85,
\r
407 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A, 0x33335566, 0x85859411,
\r
408 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE, 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B,
\r
409 0x5151F3A2, 0xA3A3FE5D, 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1,
\r
410 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5, 0xF3F30EFD, 0xD2D26DBF,
\r
411 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3, 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E,
\r
412 0xC4C45793, 0xA7A7F255, 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6,
\r
413 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54, 0x9090AB3B, 0x8888830B,
\r
414 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28, 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD,
\r
415 0xE0E03BDB, 0x32325664, 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8,
\r
416 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431, 0xE4E437D3, 0x79798BF2,
\r
417 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA, 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049,
\r
418 0x6C6CB4D8, 0x5656FAAC, 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810,
\r
419 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157, 0xB4B4C773, 0xC6C65197,
\r
420 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E, 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F,
\r
421 0x707090E0, 0x3E3E427C, 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C,
\r
422 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899, 0x1D1D273A, 0x9E9EB927,
\r
423 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322, 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733,
\r
424 0x9B9BB62D, 0x1E1E223C, 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5,
\r
425 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7, 0x4242C684, 0x6868B8D0,
\r
426 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E, 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C
\r
430 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F, 0xFA58ABAC, 0xE303934B,
\r
431 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5, 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5,
\r
432 0xB15A49DE, 0xBA1B6725, 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B,
\r
433 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358, 0xE0692949, 0xC9C8448E,
\r
434 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27, 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D,
\r
435 0xDF4A1863, 0x1A3182E5, 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9,
\r
436 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272, 0x1F8F57E3, 0x55AB2A66,
\r
437 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3, 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED,
\r
438 0xCF1C2B8A, 0x79B492A7, 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4,
\r
439 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40, 0x719F065E, 0x6E1051BD,
\r
440 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D, 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60,
\r
441 0x98FB2419, 0xBDE997D6, 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79,
\r
442 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832, 0x1170AC1E, 0x5A724E6C,
\r
443 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736, 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24,
\r
444 0x0A67B10C, 0x57E70F93, 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C,
\r
445 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2, 0xB6A8B92D, 0x1EA9C814,
\r
446 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3, 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B,
\r
447 0x4329768B, 0x23C6DCCB, 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084,
\r
448 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC, 0x8652EC0D, 0xC1E3D077,
\r
449 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247, 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22,
\r
450 0x494EC787, 0x38D1C1D9, 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F,
\r
451 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890, 0x39F75E2E, 0xC3AFF582,
\r
452 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF, 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB,
\r
453 0x267809CD, 0x5918F46E, 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF,
\r
454 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A, 0xA59430C6, 0xA266C035,
\r
455 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533, 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17,
\r
456 0x4DD68D76, 0xEFB04D43, 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46,
\r
457 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292, 0x105633E9, 0xD647136D,
\r
458 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB, 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A,
\r
459 0xD2DF599C, 0xF2733F55, 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678,
\r
460 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC, 0x3C498B28, 0x0D9541FF,
\r
461 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0
\r
464 for ($i = 0; $i < 256; $i++) {
\r
465 $t2[$i << 8] = (($t3[$i] << 8) & 0xFFFFFF00) | (($t3[$i] >> 24) & 0x000000FF);
\r
466 $t1[$i << 16] = (($t3[$i] << 16) & 0xFFFF0000) | (($t3[$i] >> 16) & 0x0000FFFF);
\r
467 $t0[$i << 24] = (($t3[$i] << 24) & 0xFF000000) | (($t3[$i] >> 8) & 0x00FFFFFF);
\r
469 $dt2[$i << 8] = (($this->dt3[$i] << 8) & 0xFFFFFF00) | (($dt3[$i] >> 24) & 0x000000FF);
\r
470 $dt1[$i << 16] = (($this->dt3[$i] << 16) & 0xFFFF0000) | (($dt3[$i] >> 16) & 0x0000FFFF);
\r
471 $dt0[$i << 24] = (($this->dt3[$i] << 24) & 0xFF000000) | (($dt3[$i] >> 8) & 0x00FFFFFF);
\r
478 * Keys can be of any length. Rijndael, itself, requires the use of a key that's between 128-bits and 256-bits long and
\r
479 * whose length is a multiple of 32. If the key is less than 256-bits and the key length isn't set, we round the length
\r
480 * up to the closest valid key length, padding $key with null bytes. If the key is more than 256-bits, we trim the
\r
483 * If the key is not explicitly set, it'll be assumed to be all null bytes.
\r
486 * @param String $key
\r
488 function setKey($key)
\r
491 $this->changed = true;
\r
495 * Sets the initialization vector. (optional)
\r
497 * SetIV is not required when CRYPT_RIJNDAEL_MODE_ECB is being used. If not explictly set, it'll be assumed
\r
498 * to be all zero's.
\r
501 * @param String $iv
\r
503 function setIV($iv)
\r
505 $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, $this->block_size), $this->block_size, chr(0));;
\r
509 * Sets the key length
\r
511 * Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
\r
512 * 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount.
\r
515 * @param Integer $length
\r
517 function setKeyLength($length)
\r
522 } else if ($length < 4) {
\r
525 $this->Nk = $length;
\r
526 $this->key_size = $length << 2;
\r
528 $this->explicit_key_length = true;
\r
529 $this->changed = true;
\r
533 * Sets the block length
\r
535 * Valid block lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
\r
536 * 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount.
\r
539 * @param Integer $length
\r
541 function setBlockLength($length)
\r
546 } else if ($length < 4) {
\r
549 $this->Nb = $length;
\r
550 $this->block_size = $length << 2;
\r
551 $this->changed = true;
\r
555 * Generate CTR XOR encryption key
\r
557 * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the
\r
558 * plaintext / ciphertext in CTR mode.
\r
560 * @see Crypt_Rijndael::decrypt()
\r
561 * @see Crypt_Rijndael::encrypt()
\r
563 * @param Integer $length
\r
564 * @param String $iv
\r
566 function _generate_xor($length, &$iv)
\r
569 $block_size = $this->block_size;
\r
570 $num_blocks = floor(($length + ($block_size - 1)) / $block_size);
\r
571 for ($i = 0; $i < $num_blocks; $i++) {
\r
573 for ($j = 4; $j <= $block_size; $j+=4) {
\r
574 $temp = substr($iv, -$j, 4);
\r
576 case "\xFF\xFF\xFF\xFF":
\r
577 $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4);
\r
579 case "\x7F\xFF\xFF\xFF":
\r
580 $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4);
\r
583 extract(unpack('Ncount', $temp));
\r
584 $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4);
\r
594 * Encrypts a message.
\r
596 * $plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other Rjindael
\r
597 * implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's
\r
598 * necessary are discussed in the following
\r
601 * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
\r
603 * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
\r
604 * strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that
\r
607 * @see Crypt_Rijndael::decrypt()
\r
609 * @param String $plaintext
\r
611 function encrypt($plaintext)
\r
614 if ($this->mode != CRYPT_RIJNDAEL_MODE_CTR) {
\r
615 $plaintext = $this->_pad($plaintext);
\r
618 $block_size = $this->block_size;
\r
620 switch ($this->mode) {
\r
621 case CRYPT_RIJNDAEL_MODE_ECB:
\r
622 for ($i = 0; $i < strlen($plaintext); $i+=$block_size) {
\r
623 $ciphertext.= $this->_encryptBlock(substr($plaintext, $i, $block_size));
\r
626 case CRYPT_RIJNDAEL_MODE_CBC:
\r
627 $xor = $this->encryptIV;
\r
628 for ($i = 0; $i < strlen($plaintext); $i+=$block_size) {
\r
629 $block = substr($plaintext, $i, $block_size);
\r
630 $block = $this->_encryptBlock($block ^ $xor);
\r
632 $ciphertext.= $block;
\r
634 if ($this->continuousBuffer) {
\r
635 $this->encryptIV = $xor;
\r
638 case CRYPT_RIJNDAEL_MODE_CTR:
\r
639 $xor = $this->encryptIV;
\r
640 for ($i = 0; $i < strlen($plaintext); $i+=$block_size) {
\r
641 $block = substr($plaintext, $i, $block_size);
\r
642 $key = $this->_encryptBlock($this->_generate_xor($block_size, $xor));
\r
643 $ciphertext.= $block ^ $key;
\r
645 if ($this->continuousBuffer) {
\r
646 $this->encryptIV = $xor;
\r
650 return $ciphertext;
\r
654 * Decrypts a message.
\r
656 * If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until
\r
659 * @see Crypt_Rijndael::encrypt()
\r
661 * @param String $ciphertext
\r
663 function decrypt($ciphertext)
\r
667 if ($this->mode != CRYPT_RIJNDAEL_MODE_CTR) {
\r
668 // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic :
\r
669 // "The data is padded with "\0" to make sure the length of the data is n * blocksize."
\r
670 $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + $this->block_size - 1) % $this->block_size, chr(0));
\r
673 $block_size = $this->block_size;
\r
675 switch ($this->mode) {
\r
676 case CRYPT_RIJNDAEL_MODE_ECB:
\r
677 for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) {
\r
678 $plaintext.= $this->_decryptBlock(substr($ciphertext, $i, $block_size));
\r
681 case CRYPT_RIJNDAEL_MODE_CBC:
\r
682 $xor = $this->decryptIV;
\r
683 for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) {
\r
684 $block = substr($ciphertext, $i, $block_size);
\r
685 $plaintext.= $this->_decryptBlock($block) ^ $xor;
\r
688 if ($this->continuousBuffer) {
\r
689 $this->decryptIV = $xor;
\r
692 case CRYPT_RIJNDAEL_MODE_CTR:
\r
693 $xor = $this->decryptIV;
\r
694 for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) {
\r
695 $block = substr($ciphertext, $i, $block_size);
\r
696 $key = $this->_encryptBlock($this->_generate_xor($block_size, $xor));
\r
697 $plaintext.= $block ^ $key;
\r
699 if ($this->continuousBuffer) {
\r
700 $this->decryptIV = $xor;
\r
704 return $this->mode != CRYPT_RIJNDAEL_MODE_CTR ? $this->_unpad($plaintext) : $plaintext;
\r
711 * @param String $in
\r
714 function _encryptBlock($in)
\r
717 $words = unpack('N*word', $in);
\r
730 foreach ($words as $word) {
\r
731 $state[] = $word ^ $w[0][$i++];
\r
734 // fips-197.pdf#page=19, "Figure 5. Pseudo Code for the Cipher", states that this loop has four components -
\r
735 // subBytes, shiftRows, mixColumns, and addRoundKey. fips-197.pdf#page=30, "Implementation Suggestions Regarding
\r
736 // Various Platforms" suggests that performs enhanced implementations are described in Rijndael-ammended.pdf.
\r
737 // Rijndael-ammended.pdf#page=20, "Implementation aspects / 32-bit processor", discusses such an optimization.
\r
738 // Unfortunately, the description given there is not quite correct. Per aes.spec.v316.pdf#page=19 [1],
\r
739 // equation (7.4.7) is supposed to use addition instead of subtraction, so we'll do that here, as well.
\r
741 // [1] http://fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.v316.pdf
\r
743 for ($round = 1; $round < $Nr; $round++) {
\r
744 $i = 0; // $c[0] == 0
\r
749 while ($i < $this->Nb) {
\r
750 $temp[$i] = $t0[$state[$i] & 0xFF000000] ^
\r
751 $t1[$state[$j] & 0x00FF0000] ^
\r
752 $t2[$state[$k] & 0x0000FF00] ^
\r
753 $t3[$state[$l] & 0x000000FF] ^
\r
756 $j = ($j + 1) % $Nb;
\r
757 $k = ($k + 1) % $Nb;
\r
758 $l = ($l + 1) % $Nb;
\r
761 for ($i = 0; $i < $Nb; $i++) {
\r
762 $state[$i] = $temp[$i];
\r
767 for ($i = 0; $i < $Nb; $i++) {
\r
768 $state[$i] = $this->_subWord($state[$i]);
\r
771 // shiftRows + addRoundKey
\r
772 $i = 0; // $c[0] == 0
\r
776 while ($i < $this->Nb) {
\r
777 $temp[$i] = ($state[$i] & 0xFF000000) ^
\r
778 ($state[$j] & 0x00FF0000) ^
\r
779 ($state[$k] & 0x0000FF00) ^
\r
780 ($state[$l] & 0x000000FF) ^
\r
783 $j = ($j + 1) % $Nb;
\r
784 $k = ($k + 1) % $Nb;
\r
785 $l = ($l + 1) % $Nb;
\r
789 array_unshift($state, 'N*');
\r
791 return call_user_func_array('pack', $state);
\r
798 * @param String $in
\r
801 function _decryptBlock($in)
\r
804 $words = unpack('N*word', $in);
\r
806 $num_states = count($state);
\r
818 foreach ($words as $word) {
\r
819 $state[] = $word ^ $dw[$Nr][$i++];
\r
823 for ($round = $Nr - 1; $round > 0; $round--) {
\r
824 $i = 0; // $c[0] == 0
\r
830 $temp[$i] = $dt0[$state[$i] & 0xFF000000] ^
\r
831 $dt1[$state[$j] & 0x00FF0000] ^
\r
832 $dt2[$state[$k] & 0x0000FF00] ^
\r
833 $dt3[$state[$l] & 0x000000FF] ^
\r
836 $j = ($j + 1) % $Nb;
\r
837 $k = ($k + 1) % $Nb;
\r
838 $l = ($l + 1) % $Nb;
\r
841 for ($i = 0; $i < $Nb; $i++) {
\r
842 $state[$i] = $temp[$i];
\r
846 // invShiftRows + invSubWord + addRoundKey
\r
847 $i = 0; // $c[0] == 0
\r
853 $temp[$i] = $dw[0][$i] ^
\r
854 $this->_invSubWord(($state[$i] & 0xFF000000) |
\r
855 ($state[$j] & 0x00FF0000) |
\r
856 ($state[$k] & 0x0000FF00) |
\r
857 ($state[$l] & 0x000000FF));
\r
859 $j = ($j + 1) % $Nb;
\r
860 $k = ($k + 1) % $Nb;
\r
861 $l = ($l + 1) % $Nb;
\r
866 array_unshift($state, 'N*');
\r
868 return call_user_func_array('pack', $state);
\r
874 * Validates all the variables and calculates $Nr - the number of rounds that need to be performed - and $w - the key
\r
881 // Each number in $rcon is equal to the previous number multiplied by two in Rijndael's finite field.
\r
882 // See http://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplicative_inverse
\r
883 static $rcon = array(0,
\r
884 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
\r
885 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000,
\r
886 0x6C000000, 0xD8000000, 0xAB000000, 0x4D000000, 0x9A000000,
\r
887 0x2F000000, 0x5E000000, 0xBC000000, 0x63000000, 0xC6000000,
\r
888 0x97000000, 0x35000000, 0x6A000000, 0xD4000000, 0xB3000000,
\r
889 0x7D000000, 0xFA000000, 0xEF000000, 0xC5000000, 0x91000000
\r
892 if (!$this->changed) {
\r
896 if (!$this->explicit_key_length) {
\r
897 // we do >> 2, here, and not >> 5, as we do above, since strlen($this->key) tells us the number of bytes - not bits
\r
898 $length = strlen($this->key) >> 2;
\r
901 } else if ($length < 4) {
\r
904 $this->Nk = $length;
\r
905 $this->key_size = $length << 2;
\r
908 $this->key = str_pad(substr($this->key, 0, $this->key_size), $this->key_size, chr(0));
\r
909 $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($this->iv, 0, $this->block_size), $this->block_size, chr(0));
\r
911 // see Rijndael-ammended.pdf#page=44
\r
912 $this->Nr = max($this->Nk, $this->Nb) + 6;
\r
914 // shift offsets for Nb = 5, 7 are defined in Rijndael-ammended.pdf#page=44,
\r
915 // "Table 8: Shift offsets in Shiftrow for the alternative block lengths"
\r
916 // shift offsets for Nb = 4, 6, 8 are defined in Rijndael-ammended.pdf#page=14,
\r
917 // "Table 2: Shift offsets for different block lengths"
\r
918 switch ($this->Nb) {
\r
922 $this->c = array(0, 1, 2, 3);
\r
925 $this->c = array(0, 1, 2, 4);
\r
928 $this->c = array(0, 1, 3, 4);
\r
933 $w = array_values(unpack('N*words', $key));
\r
935 $length = $this->Nb * ($this->Nr + 1);
\r
936 for ($i = $this->Nk; $i < $length; $i++) {
\r
937 $temp = $w[$i - 1];
\r
938 if ($i % $this->Nk == 0) {
\r
939 // according to <http://php.net/language.types.integer>, "the size of an integer is platform-dependent".
\r
940 // on a 32-bit machine, it's 32-bits, and on a 64-bit machine, it's 64-bits. on a 32-bit machine,
\r
941 // 0xFFFFFFFF << 8 == 0xFFFFFF00, but on a 64-bit machine, it equals 0xFFFFFFFF00. as such, doing 'and'
\r
942 // with 0xFFFFFFFF (or 0xFFFFFF00) on a 32-bit machine is unnecessary, but on a 64-bit machine, it is.
\r
943 $temp = (($temp << 8) & 0xFFFFFF00) | (($temp >> 24) & 0x000000FF); // rotWord
\r
944 $temp = $this->_subWord($temp) ^ $rcon[$i / $this->Nk];
\r
945 } else if ($this->Nk > 6 && $i % $this->Nk == 4) {
\r
946 $temp = $this->_subWord($temp);
\r
948 $w[$i] = $w[$i - $this->Nk] ^ $temp;
\r
951 // convert the key schedule from a vector of $Nb * ($Nr + 1) length to a matrix with $Nr + 1 rows and $Nb columns
\r
952 // and generate the inverse key schedule. more specifically,
\r
953 // according to <http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=23> (section 5.3.3),
\r
954 // "The key expansion for the Inverse Cipher is defined as follows:
\r
955 // 1. Apply the Key Expansion.
\r
956 // 2. Apply InvMixColumn to all Round Keys except the first and the last one."
\r
957 // also, see fips-197.pdf#page=27, "5.3.5 Equivalent Inverse Cipher"
\r
959 for ($i = $row = $col = 0; $i < $length; $i++, $col++) {
\r
960 if ($col == $this->Nb) {
\r
962 $this->dw[0] = $this->w[0];
\r
964 // subWord + invMixColumn + invSubWord = invMixColumn
\r
966 while ($j < $this->Nb) {
\r
967 $dw = $this->_subWord($this->w[$row][$j]);
\r
968 $temp[$j] = $this->dt0[$dw & 0xFF000000] ^
\r
969 $this->dt1[$dw & 0x00FF0000] ^
\r
970 $this->dt2[$dw & 0x0000FF00] ^
\r
971 $this->dt3[$dw & 0x000000FF];
\r
974 $this->dw[$row] = $temp;
\r
980 $this->w[$row][$col] = $w[$i];
\r
983 $this->dw[$row] = $this->w[$row];
\r
985 $this->changed = false;
\r
989 * Performs S-Box substitutions
\r
993 function _subWord($word)
\r
995 static $sbox0, $sbox1, $sbox2, $sbox3;
\r
997 if (empty($sbox0)) {
\r
999 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
\r
1000 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
\r
1001 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
\r
1002 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
\r
1003 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
\r
1004 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
\r
1005 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
\r
1006 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
\r
1007 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
\r
1008 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
\r
1009 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
\r
1010 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
\r
1011 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
\r
1012 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
\r
1013 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
\r
1014 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
\r
1021 for ($i = 0; $i < 256; $i++) {
\r
1022 $sbox1[$i << 8] = $sbox0[$i] << 8;
\r
1023 $sbox2[$i << 16] = $sbox0[$i] << 16;
\r
1024 $sbox3[$i << 24] = $sbox0[$i] << 24;
\r
1028 return $sbox0[$word & 0x000000FF] |
\r
1029 $sbox1[$word & 0x0000FF00] |
\r
1030 $sbox2[$word & 0x00FF0000] |
\r
1031 $sbox3[$word & 0xFF000000];
\r
1035 * Performs inverse S-Box substitutions
\r
1039 function _invSubWord($word)
\r
1041 static $sbox0, $sbox1, $sbox2, $sbox3;
\r
1043 if (empty($sbox0)) {
\r
1045 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
\r
1046 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
\r
1047 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
\r
1048 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
\r
1049 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
\r
1050 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
\r
1051 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
\r
1052 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
\r
1053 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
\r
1054 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
\r
1055 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
\r
1056 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
\r
1057 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
\r
1058 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
\r
1059 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
\r
1060 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
\r
1067 for ($i = 0; $i < 256; $i++) {
\r
1068 $sbox1[$i << 8] = $sbox0[$i] << 8;
\r
1069 $sbox2[$i << 16] = $sbox0[$i] << 16;
\r
1070 $sbox3[$i << 24] = $sbox0[$i] << 24;
\r
1074 return $sbox0[$word & 0x000000FF] |
\r
1075 $sbox1[$word & 0x0000FF00] |
\r
1076 $sbox2[$word & 0x00FF0000] |
\r
1077 $sbox3[$word & 0xFF000000];
\r
1083 * Rijndael works by encrypting between sixteen and thirty-two bytes at a time, provided that number is also a multiple
\r
1084 * of four. If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to
\r
1085 * pad the input so that it is of the proper length.
\r
1087 * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH,
\r
1088 * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping
\r
1089 * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is
\r
1090 * transmitted separately)
\r
1092 * @see Crypt_Rijndael::disablePadding()
\r
1095 function enablePadding()
\r
1097 $this->padding = true;
\r
1101 * Do not pad packets.
\r
1103 * @see Crypt_Rijndael::enablePadding()
\r
1106 function disablePadding()
\r
1108 $this->padding = false;
\r
1114 * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize.
\r
1115 * $block_size - (strlen($text) % $block_size) bytes are added, each of which is equal to
\r
1116 * chr($block_size - (strlen($text) % $block_size)
\r
1118 * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
\r
1119 * and padding will, hence forth, be enabled.
\r
1121 * @see Crypt_Rijndael::_unpad()
\r
1124 function _pad($text)
\r
1126 $length = strlen($text);
\r
1128 if (!$this->padding) {
\r
1129 if ($length % $this->block_size == 0) {
\r
1132 user_error("The plaintext's length ($length) is not a multiple of the block size ({$this->block_size})", E_USER_NOTICE);
\r
1133 $this->padding = true;
\r
1137 $pad = $this->block_size - ($length % $this->block_size);
\r
1139 return str_pad($text, $length + $pad, chr($pad));
\r
1143 * Unpads a string.
\r
1145 * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
\r
1146 * and false will be returned.
\r
1148 * @see Crypt_Rijndael::_pad()
\r
1151 function _unpad($text)
\r
1153 if (!$this->padding) {
\r
1157 $length = ord($text[strlen($text) - 1]);
\r
1159 if (!$length || $length > $this->block_size) {
\r
1163 return substr($text, 0, -$length);
\r
1167 * Treat consecutive "packets" as if they are a continuous buffer.
\r
1169 * Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets
\r
1170 * will yield different outputs:
\r
1173 * echo $rijndael->encrypt(substr($plaintext, 0, 16));
\r
1174 * echo $rijndael->encrypt(substr($plaintext, 16, 16));
\r
1177 * echo $rijndael->encrypt($plaintext);
\r
1180 * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates
\r
1181 * another, as demonstrated with the following:
\r
1184 * $rijndael->encrypt(substr($plaintext, 0, 16));
\r
1185 * echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16)));
\r
1188 * echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16)));
\r
1191 * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different
\r
1192 * outputs. The reason is due to the fact that the initialization vector's change after every encryption /
\r
1193 * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
\r
1195 * Put another way, when the continuous buffer is enabled, the state of the Crypt_Rijndael() object changes after each
\r
1196 * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that
\r
1197 * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),
\r
1198 * however, they are also less intuitive and more likely to cause you problems.
\r
1200 * @see Crypt_Rijndael::disableContinuousBuffer()
\r
1203 function enableContinuousBuffer()
\r
1205 $this->continuousBuffer = true;
\r
1209 * Treat consecutive packets as if they are a discontinuous buffer.
\r
1211 * The default behavior.
\r
1213 * @see Crypt_Rijndael::enableContinuousBuffer()
\r
1216 function disableContinuousBuffer()
\r
1218 $this->continuousBuffer = false;
\r
1219 $this->encryptIV = $this->iv;
\r
1220 $this->decryptIV = $this->iv;
\r
1226 * Inspired by array_shift
\r
1228 * @param String $string
\r
1229 * @param optional Integer $index
\r
1233 function _string_shift(&$string, $index = 1)
\r
1235 $substr = substr($string, 0, $index);
\r
1236 $string = substr($string, $index);
\r
1241 // vim: ts=4:sw=4:et:
\r