+++ /dev/null
-<?php\r
-/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */\r
-\r
-/**\r
- * Pure-PHP implementation of RC4.\r
- *\r
- * Uses mcrypt, if available, and an internal implementation, otherwise.\r
- *\r
- * PHP versions 4 and 5\r
- *\r
- * Useful resources are as follows:\r
- *\r
- * - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm}\r
- * - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4}\r
- *\r
- * RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not\r
- * ARCFOUR or ARC4 because RC4 is how it is refered to in the SSH1 specification.\r
- *\r
- * Here's a short example of how to use this library:\r
- * <code>\r
- * <?php\r
- * include('Crypt/RC4.php');\r
- *\r
- * $rc4 = new Crypt_RC4();\r
- *\r
- * $rc4->setKey('abcdefgh');\r
- *\r
- * $size = 10 * 1024;\r
- * $plaintext = '';\r
- * for ($i = 0; $i < $size; $i++) {\r
- * $plaintext.= 'a';\r
- * }\r
- *\r
- * echo $rc4->decrypt($rc4->encrypt($plaintext));\r
- * ?>\r
- * </code>\r
- *\r
- * LICENSE: This library is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU Lesser General Public\r
- * License as published by the Free Software Foundation; either\r
- * version 2.1 of the License, or (at your option) any later version.\r
- *\r
- * This library is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\r
- * Lesser General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU Lesser General Public\r
- * License along with this library; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,\r
- * MA 02111-1307 USA\r
- *\r
- * @category Crypt\r
- * @package Crypt_RC4\r
- * @author Jim Wigginton <terrafrost@php.net>\r
- * @copyright MMVII Jim Wigginton\r
- * @license http://www.gnu.org/licenses/lgpl.txt\r
- * @version $Id: RC4.php,v 1.8 2009/06/09 04:00:38 terrafrost Exp $\r
- * @link http://phpseclib.sourceforge.net\r
- */\r
-\r
-/**#@+\r
- * @access private\r
- * @see Crypt_RC4::Crypt_RC4()\r
- */\r
-/**\r
- * Toggles the internal implementation\r
- */\r
-define('CRYPT_RC4_MODE_INTERNAL', 1);\r
-/**\r
- * Toggles the mcrypt implementation\r
- */\r
-define('CRYPT_RC4_MODE_MCRYPT', 2);\r
-/**#@-*/\r
-\r
-/**#@+\r
- * @access private\r
- * @see Crypt_RC4::_crypt()\r
- */\r
-define('CRYPT_RC4_ENCRYPT', 0);\r
-define('CRYPT_RC4_DECRYPT', 1);\r
-/**#@-*/\r
-\r
-/**\r
- * Pure-PHP implementation of RC4.\r
- *\r
- * @author Jim Wigginton <terrafrost@php.net>\r
- * @version 0.1.0\r
- * @access public\r
- * @package Crypt_RC4\r
- */\r
-class Crypt_RC4 {\r
- /**\r
- * The Key\r
- *\r
- * @see Crypt_RC4::setKey()\r
- * @var String\r
- * @access private\r
- */\r
- var $key = "\0";\r
-\r
- /**\r
- * The Key Stream for encryption\r
- *\r
- * If CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT, this will be equal to the mcrypt object\r
- *\r
- * @see Crypt_RC4::setKey()\r
- * @var Array\r
- * @access private\r
- */\r
- var $encryptStream = false;\r
-\r
- /**\r
- * The Key Stream for decryption\r
- *\r
- * If CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT, this will be equal to the mcrypt object\r
- *\r
- * @see Crypt_RC4::setKey()\r
- * @var Array\r
- * @access private\r
- */\r
- var $decryptStream = false;\r
-\r
- /**\r
- * The $i and $j indexes for encryption\r
- *\r
- * @see Crypt_RC4::_crypt()\r
- * @var Integer\r
- * @access private\r
- */\r
- var $encryptIndex = 0;\r
-\r
- /**\r
- * The $i and $j indexes for decryption\r
- *\r
- * @see Crypt_RC4::_crypt()\r
- * @var Integer\r
- * @access private\r
- */\r
- var $decryptIndex = 0;\r
-\r
- /**\r
- * MCrypt parameters\r
- *\r
- * @see Crypt_RC4::setMCrypt()\r
- * @var Array\r
- * @access private\r
- */\r
- var $mcrypt = array('', '');\r
-\r
- /**\r
- * The Encryption Algorithm\r
- *\r
- * Only used if CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT. Only possible values are MCRYPT_RC4 or MCRYPT_ARCFOUR.\r
- *\r
- * @see Crypt_RC4::Crypt_RC4()\r
- * @var Integer\r
- * @access private\r
- */\r
- var $mode;\r
-\r
- /**\r
- * Default Constructor.\r
- *\r
- * Determines whether or not the mcrypt extension should be used.\r
- *\r
- * @param optional Integer $mode\r
- * @return Crypt_RC4\r
- * @access public\r
- */\r
- function Crypt_RC4()\r
- {\r
- if ( !defined('CRYPT_RC4_MODE') ) {\r
- switch (true) {\r
- case extension_loaded('mcrypt') && (defined('MCRYPT_ARCFOUR') || defined('MCRYPT_RC4')):\r
- // i'd check to see if rc4 was supported, by doing in_array('arcfour', mcrypt_list_algorithms('')),\r
- // but since that can be changed after the object has been created, there doesn't seem to be\r
- // a lot of point...\r
- define('CRYPT_RC4_MODE', CRYPT_RC4_MODE_MCRYPT);\r
- break;\r
- default:\r
- define('CRYPT_RC4_MODE', CRYPT_RC4_MODE_INTERNAL);\r
- }\r
- }\r
-\r
- switch ( CRYPT_RC4_MODE ) {\r
- case CRYPT_RC4_MODE_MCRYPT:\r
- switch (true) {\r
- case defined('MCRYPT_ARCFOUR'):\r
- $this->mode = MCRYPT_ARCFOUR;\r
- break;\r
- case defined('MCRYPT_RC4');\r
- $this->mode = MCRYPT_RC4;\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * Sets the key.\r
- *\r
- * Keys can be between 1 and 256 bytes long. If they are longer then 256 bytes, the first 256 bytes will\r
- * be used. If no key is explicitly set, it'll be assumed to be a single null byte.\r
- *\r
- * @access public\r
- * @param String $key\r
- */\r
- function setKey($key)\r
- {\r
- $this->key = $key;\r
-\r
- if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) {\r
- return;\r
- }\r
-\r
- $keyLength = strlen($key);\r
- $keyStream = array();\r
- for ($i = 0; $i < 256; $i++) {\r
- $keyStream[$i] = $i;\r
- }\r
- $j = 0;\r
- for ($i = 0; $i < 256; $i++) {\r
- $j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255;\r
- $temp = $keyStream[$i];\r
- $keyStream[$i] = $keyStream[$j];\r
- $keyStream[$j] = $temp;\r
- }\r
-\r
- $this->encryptIndex = $this->decryptIndex = array(0, 0);\r
- $this->encryptStream = $this->decryptStream = $keyStream;\r
- }\r
-\r
- /**\r
- * Dummy function.\r
- *\r
- * Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1].\r
- * If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before\r
- * calling setKey().\r
- *\r
- * [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol,\r
- * the IV's are relatively easy to predict, an attack described by\r
- * {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir}\r
- * can be used to quickly guess at the rest of the key. The following links elaborate:\r
- *\r
- * {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009}\r
- * {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack}\r
- *\r
- * @param String $iv\r
- * @see Crypt_RC4::setKey()\r
- * @access public\r
- */\r
- function setIV($iv)\r
- {\r
- }\r
-\r
- /**\r
- * Sets MCrypt parameters. (optional)\r
- *\r
- * If MCrypt is being used, empty strings will be used, unless otherwise specified.\r
- *\r
- * @link http://php.net/function.mcrypt-module-open#function.mcrypt-module-open\r
- * @access public\r
- * @param optional Integer $algorithm_directory\r
- * @param optional Integer $mode_directory\r
- */\r
- function setMCrypt($algorithm_directory = '', $mode_directory = '')\r
- {\r
- if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) {\r
- $this->mcrypt = array($algorithm_directory, $mode_directory);\r
- $this->_closeMCrypt();\r
- }\r
- }\r
-\r
- /**\r
- * Encrypts a message.\r
- *\r
- * @see Crypt_RC4::_crypt()\r
- * @access public\r
- * @param String $plaintext\r
- */\r
- function encrypt($plaintext)\r
- {\r
- return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT);\r
- }\r
-\r
- /**\r
- * Decrypts a message.\r
- *\r
- * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)).\r
- * Atleast if the continuous buffer is disabled.\r
- *\r
- * @see Crypt_RC4::_crypt()\r
- * @access public\r
- * @param String $ciphertext\r
- */\r
- function decrypt($ciphertext)\r
- {\r
- return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT);\r
- }\r
-\r
- /**\r
- * Encrypts or decrypts a message.\r
- *\r
- * @see Crypt_RC4::encrypt()\r
- * @see Crypt_RC4::decrypt()\r
- * @access private\r
- * @param String $text\r
- * @param Integer $mode\r
- */\r
- function _crypt($text, $mode)\r
- {\r
- if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) {\r
- $keyStream = $mode == CRYPT_RC4_ENCRYPT ? 'encryptStream' : 'decryptStream';\r
-\r
- if ($this->$keyStream === false) {\r
- $this->$keyStream = mcrypt_module_open($this->mode, $this->mcrypt[0], MCRYPT_MODE_STREAM, $this->mcrypt[1]);\r
- mcrypt_generic_init($this->$keyStream, $this->key, '');\r
- } else if (!$this->continuousBuffer) {\r
- mcrypt_generic_init($this->$keyStream, $this->key, '');\r
- }\r
- $newText = mcrypt_generic($this->$keyStream, $text);\r
- if (!$this->continuousBuffer) {\r
- mcrypt_generic_deinit($this->$keyStream);\r
- }\r
-\r
- return $newText;\r
- }\r
-\r
- if ($this->encryptStream === false) {\r
- $this->setKey($this->key);\r
- }\r
-\r
- switch ($mode) {\r
- case CRYPT_RC4_ENCRYPT:\r
- $keyStream = $this->encryptStream;\r
- list($i, $j) = $this->encryptIndex;\r
- break;\r
- case CRYPT_RC4_DECRYPT:\r
- $keyStream = $this->decryptStream;\r
- list($i, $j) = $this->decryptIndex;\r
- }\r
-\r
- $newText = '';\r
- for ($k = 0; $k < strlen($text); $k++) {\r
- $i = ($i + 1) & 255;\r
- $j = ($j + $keyStream[$i]) & 255;\r
- $temp = $keyStream[$i];\r
- $keyStream[$i] = $keyStream[$j];\r
- $keyStream[$j] = $temp;\r
- $temp = $keyStream[($keyStream[$i] + $keyStream[$j]) & 255];\r
- $newText.= chr(ord($text[$k]) ^ $temp);\r
- }\r
-\r
- if ($this->continuousBuffer) {\r
- switch ($mode) {\r
- case CRYPT_RC4_ENCRYPT:\r
- $this->encryptStream = $keyStream;\r
- $this->encryptIndex = array($i, $j);\r
- break;\r
- case CRYPT_RC4_DECRYPT:\r
- $this->decryptStream = $keyStream;\r
- $this->decryptIndex = array($i, $j);\r
- }\r
- }\r
-\r
- return $newText;\r
- }\r
-\r
- /**\r
- * Treat consecutive "packets" as if they are a continuous buffer.\r
- *\r
- * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets\r
- * will yield different outputs:\r
- *\r
- * <code>\r
- * echo $rc4->encrypt(substr($plaintext, 0, 8));\r
- * echo $rc4->encrypt(substr($plaintext, 8, 8));\r
- * </code>\r
- * <code>\r
- * echo $rc4->encrypt($plaintext);\r
- * </code>\r
- *\r
- * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates\r
- * another, as demonstrated with the following:\r
- *\r
- * <code>\r
- * $rc4->encrypt(substr($plaintext, 0, 8));\r
- * echo $rc4->decrypt($des->encrypt(substr($plaintext, 8, 8)));\r
- * </code>\r
- * <code>\r
- * echo $rc4->decrypt($des->encrypt(substr($plaintext, 8, 8)));\r
- * </code>\r
- *\r
- * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different\r
- * outputs. The reason is due to the fact that the initialization vector's change after every encryption /\r
- * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.\r
- *\r
- * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each\r
- * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that\r
- * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),\r
- * however, they are also less intuitive and more likely to cause you problems.\r
- *\r
- * @see Crypt_RC4::disableContinuousBuffer()\r
- * @access public\r
- */\r
- function enableContinuousBuffer()\r
- {\r
- $this->continuousBuffer = true;\r
- }\r
-\r
- /**\r
- * Treat consecutive packets as if they are a discontinuous buffer.\r
- *\r
- * The default behavior.\r
- *\r
- * @see Crypt_RC4::enableContinuousBuffer()\r
- * @access public\r
- */\r
- function disableContinuousBuffer()\r
- {\r
- if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_INTERNAL ) {\r
- $this->encryptIndex = $this->decryptIndex = array(0, 0);\r
- $this->setKey($this->key);\r
- }\r
-\r
- $this->continuousBuffer = false;\r
- }\r
-\r
- /**\r
- * Dummy function.\r
- *\r
- * Since RC4 is a stream cipher and not a block cipher, no padding is necessary. The only reason this function is\r
- * included is so that you can switch between a block cipher and a stream cipher transparently.\r
- *\r
- * @see Crypt_RC4::disablePadding()\r
- * @access public\r
- */\r
- function enablePadding()\r
- {\r
- }\r
-\r
- /**\r
- * Dummy function.\r
- *\r
- * @see Crypt_RC4::enablePadding()\r
- * @access public\r
- */\r
- function disablePadding()\r
- {\r
- }\r
-\r
- /**\r
- * Class destructor.\r
- *\r
- * Will be called, automatically, if you're using PHP5. If you're using PHP4, call it yourself. Only really\r
- * needs to be called if mcrypt is being used.\r
- *\r
- * @access public\r
- */\r
- function __destruct()\r
- {\r
- if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) {\r
- $this->_closeMCrypt();\r
- }\r
- }\r
-\r
- /**\r
- * Properly close the MCrypt objects.\r
- *\r
- * @access prviate\r
- */\r
- function _closeMCrypt()\r
- {\r
- if ( $this->encryptStream !== false ) {\r
- if ( $this->continuousBuffer ) {\r
- mcrypt_generic_deinit($this->encryptStream);\r
- }\r
-\r
- mcrypt_module_close($this->encryptStream);\r
-\r
- $this->encryptStream = false;\r
- }\r
-\r
- if ( $this->decryptStream !== false ) {\r
- if ( $this->continuousBuffer ) {\r
- mcrypt_generic_deinit($this->decryptStream);\r
- }\r
-\r
- mcrypt_module_close($this->decryptStream);\r
-\r
- $this->decryptStream = false;\r
- }\r
- }\r
-}
\ No newline at end of file