PageRenderTime 25ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/phpseclib/Crypt/TripleDES.php

https://github.com/kea/phpseclib
PHP | 1054 lines | 626 code | 78 blank | 350 comment | 125 complexity | 8f2c70ab159afc88d848e88f4a648d6e MD5 | raw file
  1. <?php
  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
  3. /**
  4. * Pure-PHP implementation of Triple DES.
  5. *
  6. * Uses mcrypt, if available, and an internal implementation, otherwise. Operates in the EDE3 mode (encrypt-decrypt-encrypt).
  7. *
  8. * PHP versions 4 and 5
  9. *
  10. * Here's a short example of how to use this library:
  11. * <code>
  12. * <?php
  13. * include('Crypt/TripleDES.php');
  14. *
  15. * $des = new Crypt_TripleDES();
  16. *
  17. * $des->setKey('abcdefghijklmnopqrstuvwx');
  18. *
  19. * $size = 10 * 1024;
  20. * $plaintext = '';
  21. * for ($i = 0; $i < $size; $i++) {
  22. * $plaintext.= 'a';
  23. * }
  24. *
  25. * echo $des->decrypt($des->encrypt($plaintext));
  26. * ?>
  27. * </code>
  28. *
  29. * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
  30. * of this software and associated documentation files (the "Software"), to deal
  31. * in the Software without restriction, including without limitation the rights
  32. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  33. * copies of the Software, and to permit persons to whom the Software is
  34. * furnished to do so, subject to the following conditions:
  35. *
  36. * The above copyright notice and this permission notice shall be included in
  37. * all copies or substantial portions of the Software.
  38. *
  39. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  40. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  41. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  42. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  43. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  44. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  45. * THE SOFTWARE.
  46. *
  47. * @category Crypt
  48. * @package Crypt_TripleDES
  49. * @author Jim Wigginton <terrafrost@php.net>
  50. * @copyright MMVII Jim Wigginton
  51. * @license http://www.opensource.org/licenses/mit-license.html MIT License
  52. * @version $Id: TripleDES.php,v 1.13 2010/02/26 03:40:25 terrafrost Exp $
  53. * @link http://phpseclib.sourceforge.net
  54. */
  55. namespace phpseclib;
  56. /**
  57. * Pure-PHP implementation of Triple DES.
  58. *
  59. * @author Jim Wigginton <terrafrost@php.net>
  60. * @version 0.1.0
  61. * @access public
  62. * @package Crypt_TerraDES
  63. */
  64. class Crypt_TripleDES {
  65. /**
  66. * Encrypt / decrypt using inner chaining
  67. *
  68. * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (Crypt_DES::MODE_CBC3).
  69. */
  70. const MODE_3CBC = -2;
  71. /**
  72. * Encrypt / decrypt using outer chaining
  73. *
  74. * Outer chaining is used by SSH-2 and when the mode is set to Crypt_DES::MODE_CBC.
  75. */
  76. const MODE_CBC3 = Crypt_DES::MODE_CBC;
  77. /**
  78. * The Three Keys
  79. *
  80. * @see Crypt_TripleDES::setKey()
  81. * @var String
  82. * @access private
  83. */
  84. var $key = "\0\0\0\0\0\0\0\0";
  85. /**
  86. * The Encryption Mode
  87. *
  88. * @see Crypt_TripleDES::Crypt_TripleDES()
  89. * @var Integer
  90. * @access private
  91. */
  92. var $mode = Crypt_DES::MODE_CBC;
  93. /**
  94. * Continuous Buffer status
  95. *
  96. * @see Crypt_TripleDES::enableContinuousBuffer()
  97. * @var Boolean
  98. * @access private
  99. */
  100. var $continuousBuffer = false;
  101. /**
  102. * Padding status
  103. *
  104. * @see Crypt_TripleDES::enablePadding()
  105. * @var Boolean
  106. * @access private
  107. */
  108. var $padding = true;
  109. /**
  110. * The Initialization Vector
  111. *
  112. * @see Crypt_TripleDES::setIV()
  113. * @var String
  114. * @access private
  115. */
  116. var $iv = "\0\0\0\0\0\0\0\0";
  117. /**
  118. * A "sliding" Initialization Vector
  119. *
  120. * @see Crypt_TripleDES::enableContinuousBuffer()
  121. * @var String
  122. * @access private
  123. */
  124. var $encryptIV = "\0\0\0\0\0\0\0\0";
  125. /**
  126. * A "sliding" Initialization Vector
  127. *
  128. * @see Crypt_TripleDES::enableContinuousBuffer()
  129. * @var String
  130. * @access private
  131. */
  132. var $decryptIV = "\0\0\0\0\0\0\0\0";
  133. /**
  134. * The Crypt_DES objects
  135. *
  136. * @var Array
  137. * @access private
  138. */
  139. var $des;
  140. /**
  141. * mcrypt resource for encryption
  142. *
  143. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  144. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  145. *
  146. * @see Crypt_TripleDES::encrypt()
  147. * @var String
  148. * @access private
  149. */
  150. var $enmcrypt;
  151. /**
  152. * mcrypt resource for decryption
  153. *
  154. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  155. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  156. *
  157. * @see Crypt_TripleDES::decrypt()
  158. * @var String
  159. * @access private
  160. */
  161. var $demcrypt;
  162. /**
  163. * Does the enmcrypt resource need to be (re)initialized?
  164. *
  165. * @see Crypt_TripleDES::setKey()
  166. * @see Crypt_TripleDES::setIV()
  167. * @var Boolean
  168. * @access private
  169. */
  170. var $enchanged = true;
  171. /**
  172. * Does the demcrypt resource need to be (re)initialized?
  173. *
  174. * @see Crypt_TripleDES::setKey()
  175. * @see Crypt_TripleDES::setIV()
  176. * @var Boolean
  177. * @access private
  178. */
  179. var $dechanged = true;
  180. /**
  181. * Is the mode one that is paddable?
  182. *
  183. * @see Crypt_TripleDES::Crypt_TripleDES()
  184. * @var Boolean
  185. * @access private
  186. */
  187. var $paddable = false;
  188. /**
  189. * Encryption buffer for CTR, OFB and CFB modes
  190. *
  191. * @see Crypt_TripleDES::encrypt()
  192. * @var String
  193. * @access private
  194. */
  195. var $enbuffer = '';
  196. /**
  197. * Decryption buffer for CTR, OFB and CFB modes
  198. *
  199. * @see Crypt_TripleDES::decrypt()
  200. * @var String
  201. * @access private
  202. */
  203. var $debuffer = '';
  204. /**
  205. * mcrypt resource for CFB mode
  206. *
  207. * @see Crypt_TripleDES::encrypt()
  208. * @see Crypt_TripleDES::decrypt()
  209. * @var String
  210. * @access private
  211. */
  212. var $ecb;
  213. /**
  214. * Default Constructor.
  215. *
  216. * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be
  217. * Crypt_DES::MODE_ECB or Crypt_DES::MODE_CBC. If not explictly set, Crypt_DES::MODE_CBC will be used.
  218. *
  219. * @param optional Integer $mode
  220. * @return Crypt_TripleDES
  221. * @access public
  222. */
  223. function __construct($mode = Crypt_DES::MODE_CBC)
  224. {
  225. if ( !defined('CRYPT_DES_MODE') ) {
  226. switch (true) {
  227. case extension_loaded('mcrypt') && in_array('tripledes', mcrypt_list_algorithms()):
  228. define('CRYPT_DES_MODE', Crypt_DES::MODE_MCRYPT);
  229. break;
  230. default:
  231. define('CRYPT_DES_MODE', Crypt_DES::MODE_INTERNAL);
  232. }
  233. }
  234. if ( $mode == self::MODE_3CBC ) {
  235. $this->mode = self::MODE_3CBC;
  236. $this->des = array(
  237. new Crypt_DES(Crypt_DES::MODE_CBC),
  238. new Crypt_DES(Crypt_DES::MODE_CBC),
  239. new Crypt_DES(Crypt_DES::MODE_CBC)
  240. );
  241. // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects
  242. $this->des[0]->disablePadding();
  243. $this->des[1]->disablePadding();
  244. $this->des[2]->disablePadding();
  245. return;
  246. }
  247. switch ( CRYPT_DES_MODE ) {
  248. case Crypt_DES::MODE_MCRYPT:
  249. switch ($mode) {
  250. case Crypt_DES::MODE_ECB:
  251. $this->paddable = true;
  252. $this->mode = MCRYPT_MODE_ECB;
  253. break;
  254. case Crypt_DES::MODE_CTR:
  255. $this->mode = 'ctr';
  256. break;
  257. case Crypt_DES::MODE_CFB:
  258. $this->mode = 'ncfb';
  259. break;
  260. case Crypt_DES::MODE_OFB:
  261. $this->mode = MCRYPT_MODE_NOFB;
  262. break;
  263. case Crypt_DES::MODE_CBC:
  264. default:
  265. $this->paddable = true;
  266. $this->mode = MCRYPT_MODE_CBC;
  267. }
  268. break;
  269. default:
  270. $this->des = array(
  271. new Crypt_DES(Crypt_DES::MODE_ECB),
  272. new Crypt_DES(Crypt_DES::MODE_ECB),
  273. new Crypt_DES(Crypt_DES::MODE_ECB)
  274. );
  275. // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects
  276. $this->des[0]->disablePadding();
  277. $this->des[1]->disablePadding();
  278. $this->des[2]->disablePadding();
  279. switch ($mode) {
  280. case Crypt_DES::MODE_ECB:
  281. case Crypt_DES::MODE_CBC:
  282. $this->paddable = true;
  283. $this->mode = $mode;
  284. break;
  285. case Crypt_DES::MODE_CTR:
  286. case Crypt_DES::MODE_CFB:
  287. case Crypt_DES::MODE_OFB:
  288. $this->mode = $mode;
  289. break;
  290. default:
  291. $this->paddable = true;
  292. $this->mode = Crypt_DES::MODE_CBC;
  293. }
  294. }
  295. }
  296. /**
  297. * Sets the key.
  298. *
  299. * Keys can be of any length. Triple DES, itself, can use 128-bit (eg. strlen($key) == 16) or
  300. * 192-bit (eg. strlen($key) == 24) keys. This function pads and truncates $key as appropriate.
  301. *
  302. * DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
  303. *
  304. * If the key is not explicitly set, it'll be assumed to be all zero's.
  305. *
  306. * @access public
  307. * @param String $key
  308. */
  309. function setKey($key)
  310. {
  311. $length = strlen($key);
  312. if ($length > 8) {
  313. $key = str_pad(substr($key, 0, 24), 24, chr(0));
  314. // if $key is between 64 and 128-bits, use the first 64-bits as the last, per this:
  315. // http://php.net/function.mcrypt-encrypt#47973
  316. //$key = $length <= 16 ? substr_replace($key, substr($key, 0, 8), 16) : substr($key, 0, 24);
  317. } else {
  318. $key = str_pad($key, 8, chr(0));
  319. }
  320. $this->key = $key;
  321. switch (true) {
  322. case CRYPT_DES_MODE == Crypt_DES::MODE_INTERNAL:
  323. case $this->mode == self::MODE_3CBC:
  324. $this->des[0]->setKey(substr($key, 0, 8));
  325. $this->des[1]->setKey(substr($key, 8, 8));
  326. $this->des[2]->setKey(substr($key, 16, 8));
  327. }
  328. $this->enchanged = $this->dechanged = true;
  329. }
  330. /**
  331. * Sets the password.
  332. *
  333. * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows:
  334. * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2}:
  335. * $hash, $salt, $method
  336. *
  337. * @param String $password
  338. * @param optional String $method
  339. * @access public
  340. */
  341. function setPassword($password, $method = 'pbkdf2')
  342. {
  343. $key = '';
  344. switch ($method) {
  345. default: // 'pbkdf2'
  346. //not the prettiest thing ever, but solves the undefined index issue with list()
  347. $args = func_get_args();
  348. $hash = 'sha1';
  349. $salt = 'phpseclib/salt';
  350. $count = 1000;
  351. switch(count($args)){
  352. case 6:
  353. case 5:
  354. $count = $args[4];
  355. case 4:
  356. $salt = $args[3];
  357. case 3:
  358. $hash = $args[2];
  359. }
  360. $i = 1;
  361. while (strlen($key) < 24) { // $dkLen == 24
  362. $hmac = new Crypt_Hash();
  363. $hmac->setHash($hash);
  364. $hmac->setKey($password);
  365. $f = $u = $hmac->hash($salt . pack('N', $i++));
  366. for ($j = 2; $j <= $count; $j++) {
  367. $u = $hmac->hash($u);
  368. $f^= $u;
  369. }
  370. $key.= $f;
  371. }
  372. }
  373. $this->setKey($key);
  374. }
  375. /**
  376. * Sets the initialization vector. (optional)
  377. *
  378. * SetIV is not required when Crypt_DES::MODE_ECB is being used. If not explictly set, it'll be assumed
  379. * to be all zero's.
  380. *
  381. * @access public
  382. * @param String $iv
  383. */
  384. function setIV($iv)
  385. {
  386. $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, 8), 8, chr(0));
  387. if ($this->mode == self::MODE_3CBC) {
  388. $this->des[0]->setIV($iv);
  389. $this->des[1]->setIV($iv);
  390. $this->des[2]->setIV($iv);
  391. }
  392. $this->enchanged = $this->dechanged = true;
  393. }
  394. /**
  395. * Generate CTR XOR encryption key
  396. *
  397. * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the
  398. * plaintext / ciphertext in CTR mode.
  399. *
  400. * @see Crypt_TripleDES::decrypt()
  401. * @see Crypt_TripleDES::encrypt()
  402. * @access private
  403. * @param Integer $length
  404. * @param String $iv
  405. */
  406. function _generate_xor($length, &$iv)
  407. {
  408. $xor = '';
  409. $num_blocks = ($length + 7) >> 3;
  410. for ($i = 0; $i < $num_blocks; $i++) {
  411. $xor.= $iv;
  412. for ($j = 4; $j <= 8; $j+=4) {
  413. $temp = substr($iv, -$j, 4);
  414. switch ($temp) {
  415. case "\xFF\xFF\xFF\xFF":
  416. $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4);
  417. break;
  418. case "\x7F\xFF\xFF\xFF":
  419. $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4);
  420. break 2;
  421. default:
  422. extract(unpack('Ncount', $temp));
  423. $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4);
  424. break 2;
  425. }
  426. }
  427. }
  428. return $xor;
  429. }
  430. /**
  431. * Encrypts a message.
  432. *
  433. * @access public
  434. * @param String $plaintext
  435. */
  436. function encrypt($plaintext)
  437. {
  438. if ($this->paddable) {
  439. $plaintext = $this->_pad($plaintext);
  440. }
  441. // if the key is smaller then 8, do what we'd normally do
  442. if ($this->mode == self::MODE_3CBC && strlen($this->key) > 8) {
  443. $ciphertext = $this->des[2]->encrypt($this->des[1]->decrypt($this->des[0]->encrypt($plaintext)));
  444. return $ciphertext;
  445. }
  446. if ( CRYPT_DES_MODE == Crypt_DES::MODE_MCRYPT ) {
  447. if ($this->enchanged) {
  448. if (!isset($this->enmcrypt)) {
  449. $this->enmcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, '');
  450. }
  451. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  452. if ($this->mode != 'ncfb') {
  453. $this->enchanged = false;
  454. }
  455. }
  456. if ($this->mode != 'ncfb') {
  457. $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
  458. } else {
  459. if ($this->enchanged) {
  460. $this->ecb = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
  461. mcrypt_generic_init($this->ecb, $this->key, "\0\0\0\0\0\0\0\0");
  462. $this->enchanged = false;
  463. }
  464. if (strlen($this->enbuffer)) {
  465. $ciphertext = $plaintext ^ substr($this->encryptIV, strlen($this->enbuffer));
  466. $this->enbuffer.= $ciphertext;
  467. if (strlen($this->enbuffer) == 8) {
  468. $this->encryptIV = $this->enbuffer;
  469. $this->enbuffer = '';
  470. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  471. }
  472. $plaintext = substr($plaintext, strlen($ciphertext));
  473. } else {
  474. $ciphertext = '';
  475. }
  476. $last_pos = strlen($plaintext) & 0xFFFFFFF8;
  477. $ciphertext.= $last_pos ? mcrypt_generic($this->enmcrypt, substr($plaintext, 0, $last_pos)) : '';
  478. if (strlen($plaintext) & 0x7) {
  479. if (strlen($ciphertext)) {
  480. $this->encryptIV = substr($ciphertext, -8);
  481. }
  482. $this->encryptIV = mcrypt_generic($this->ecb, $this->encryptIV);
  483. $this->enbuffer = substr($plaintext, $last_pos) ^ $this->encryptIV;
  484. $ciphertext.= $this->enbuffer;
  485. }
  486. }
  487. if (!$this->continuousBuffer) {
  488. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  489. }
  490. return $ciphertext;
  491. }
  492. if (strlen($this->key) <= 8) {
  493. $this->des[0]->mode = $this->mode;
  494. return $this->des[0]->encrypt($plaintext);
  495. }
  496. $des = $this->des;
  497. $buffer = &$this->enbuffer;
  498. $continuousBuffer = $this->continuousBuffer;
  499. $ciphertext = '';
  500. switch ($this->mode) {
  501. case Crypt_DES::MODE_ECB:
  502. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  503. $block = substr($plaintext, $i, 8);
  504. // all of these _processBlock calls could, in theory, be put in a function - say Crypt_TripleDES::_ede_encrypt() or something.
  505. // only problem with that: it would slow encryption and decryption down. $this->des would have to be called every time that
  506. // function is called, instead of once for the whole string of text that's being encrypted, which would, in turn, make
  507. // encryption and decryption take more time, per this:
  508. //
  509. // http://blog.libssh2.org/index.php?/archives/21-Compiled-Variables.html
  510. $block = $des[0]->_processBlock($block, Crypt_DES::ENCRYPT);
  511. $block = $des[1]->_processBlock($block, Crypt_DES::DECRYPT);
  512. $block = $des[2]->_processBlock($block, Crypt_DES::ENCRYPT);
  513. $ciphertext.= $block;
  514. }
  515. break;
  516. case Crypt_DES::MODE_CBC:
  517. $xor = $this->encryptIV;
  518. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  519. $block = substr($plaintext, $i, 8) ^ $xor;
  520. $block = $des[0]->_processBlock($block, Crypt_DES::ENCRYPT);
  521. $block = $des[1]->_processBlock($block, Crypt_DES::DECRYPT);
  522. $block = $des[2]->_processBlock($block, Crypt_DES::ENCRYPT);
  523. $xor = $block;
  524. $ciphertext.= $block;
  525. }
  526. if ($this->continuousBuffer) {
  527. $this->encryptIV = $xor;
  528. }
  529. break;
  530. case Crypt_DES::MODE_CTR:
  531. $xor = $this->encryptIV;
  532. if (strlen($buffer['encrypted'])) {
  533. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  534. $block = substr($plaintext, $i, 8);
  535. $key = $this->_generate_xor(8, $xor);
  536. $key = $des[0]->_processBlock($key, Crypt_DES::ENCRYPT);
  537. $key = $des[1]->_processBlock($key, Crypt_DES::DECRYPT);
  538. $key = $des[2]->_processBlock($key, Crypt_DES::ENCRYPT);
  539. $buffer['encrypted'].= $key;
  540. $key = $this->_string_shift($buffer['encrypted'], 8);
  541. $ciphertext.= $block ^ $key;
  542. }
  543. } else {
  544. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  545. $block = substr($plaintext, $i, 8);
  546. $key = $this->_generate_xor(8, $xor);
  547. $key = $des[0]->_processBlock($key, Crypt_DES::ENCRYPT);
  548. $key = $des[1]->_processBlock($key, Crypt_DES::DECRYPT);
  549. $key = $des[2]->_processBlock($key, Crypt_DES::ENCRYPT);
  550. $ciphertext.= $block ^ $key;
  551. }
  552. }
  553. if ($this->continuousBuffer) {
  554. $this->encryptIV = $xor;
  555. if ($start = strlen($plaintext) & 7) {
  556. $buffer['encrypted'] = substr($key, $start) . $buffer;
  557. }
  558. }
  559. break;
  560. case Crypt_DES::MODE_CFB:
  561. if (!empty($buffer['xor'])) {
  562. $ciphertext = $plaintext ^ $buffer['xor'];
  563. $iv = $buffer['encrypted'] . $ciphertext;
  564. $start = strlen($ciphertext);
  565. $buffer['encrypted'].= $ciphertext;
  566. $buffer['xor'] = substr($buffer['xor'], strlen($ciphertext));
  567. } else {
  568. $ciphertext = '';
  569. $iv = $this->encryptIV;
  570. $start = 0;
  571. }
  572. for ($i = $start; $i < strlen($plaintext); $i+=8) {
  573. $block = substr($plaintext, $i, 8);
  574. $iv = $des[0]->_processBlock($iv, Crypt_DES::ENCRYPT);
  575. $iv = $des[1]->_processBlock($iv, Crypt_DES::DECRYPT);
  576. $xor= $des[2]->_processBlock($iv, Crypt_DES::ENCRYPT);
  577. $iv = $block ^ $xor;
  578. if ($continuousBuffer && strlen($iv) != 8) {
  579. $buffer = array(
  580. 'encrypted' => $iv,
  581. 'xor' => substr($xor, strlen($iv))
  582. );
  583. }
  584. $ciphertext.= $iv;
  585. }
  586. if ($this->continuousBuffer) {
  587. $this->encryptIV = $iv;
  588. }
  589. break;
  590. case Crypt_DES::MODE_OFB:
  591. $xor = $this->encryptIV;
  592. if (strlen($buffer)) {
  593. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  594. $xor = $des[0]->_processBlock($xor, Crypt_DES::ENCRYPT);
  595. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  596. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  597. $buffer.= $xor;
  598. $key = $this->_string_shift($buffer, 8);
  599. $ciphertext.= substr($plaintext, $i, 8) ^ $key;
  600. }
  601. } else {
  602. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  603. $xor = $des[0]->_processBlock($xor, Crypt_DES::ENCRYPT);
  604. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  605. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  606. $ciphertext.= substr($plaintext, $i, 8) ^ $xor;
  607. }
  608. $key = $xor;
  609. }
  610. if ($this->continuousBuffer) {
  611. $this->encryptIV = $xor;
  612. if ($start = strlen($plaintext) & 7) {
  613. $buffer = substr($key, $start) . $buffer;
  614. }
  615. }
  616. }
  617. return $ciphertext;
  618. }
  619. /**
  620. * Decrypts a message.
  621. *
  622. * @access public
  623. * @param String $ciphertext
  624. */
  625. function decrypt($ciphertext)
  626. {
  627. if ($this->mode == self::MODE_3CBC && strlen($this->key) > 8) {
  628. $plaintext = $this->des[0]->decrypt($this->des[1]->encrypt($this->des[2]->decrypt($ciphertext)));
  629. return $this->_unpad($plaintext);
  630. }
  631. if ($this->paddable) {
  632. // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic :
  633. // "The data is padded with "\0" to make sure the length of the data is n * blocksize."
  634. $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, chr(0));
  635. }
  636. if ( CRYPT_DES_MODE == Crypt_DES::MODE_MCRYPT ) {
  637. if ($this->dechanged) {
  638. if (!isset($this->demcrypt)) {
  639. $this->demcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, '');
  640. }
  641. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  642. if ($this->mode != 'ncfb') {
  643. $this->dechanged = false;
  644. }
  645. }
  646. if ($this->mode != 'ncfb') {
  647. $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext);
  648. } else {
  649. if ($this->dechanged) {
  650. $this->ecb = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
  651. mcrypt_generic_init($this->ecb, $this->key, "\0\0\0\0\0\0\0\0");
  652. $this->dechanged = false;
  653. }
  654. if (strlen($this->debuffer)) {
  655. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($this->debuffer));
  656. $this->debuffer.= substr($ciphertext, 0, strlen($plaintext));
  657. if (strlen($this->debuffer) == 8) {
  658. $this->decryptIV = $this->debuffer;
  659. $this->debuffer = '';
  660. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  661. }
  662. $ciphertext = substr($ciphertext, strlen($plaintext));
  663. } else {
  664. $plaintext = '';
  665. }
  666. $last_pos = strlen($ciphertext) & 0xFFFFFFF8;
  667. $plaintext.= $last_pos ? mdecrypt_generic($this->demcrypt, substr($ciphertext, 0, $last_pos)) : '';
  668. if (strlen($ciphertext) & 0x7) {
  669. if (strlen($plaintext)) {
  670. $this->decryptIV = substr($ciphertext, $last_pos - 8, 8);
  671. }
  672. $this->decryptIV = mcrypt_generic($this->ecb, $this->decryptIV);
  673. $this->debuffer = substr($ciphertext, $last_pos);
  674. $plaintext.= $this->debuffer ^ $this->decryptIV;
  675. }
  676. return $plaintext;
  677. }
  678. if (!$this->continuousBuffer) {
  679. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  680. }
  681. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  682. }
  683. if (strlen($this->key) <= 8) {
  684. $this->des[0]->mode = $this->mode;
  685. $plaintext = $this->des[0]->decrypt($ciphertext);
  686. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  687. }
  688. $des = $this->des;
  689. $buffer = &$this->enbuffer;
  690. $continuousBuffer = $this->continuousBuffer;
  691. $plaintext = '';
  692. switch ($this->mode) {
  693. case Crypt_DES::MODE_ECB:
  694. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  695. $block = substr($ciphertext, $i, 8);
  696. $block = $des[2]->_processBlock($block, Crypt_DES::DECRYPT);
  697. $block = $des[1]->_processBlock($block, Crypt_DES::ENCRYPT);
  698. $block = $des[0]->_processBlock($block, Crypt_DES::DECRYPT);
  699. $plaintext.= $block;
  700. }
  701. break;
  702. case Crypt_DES::MODE_CBC:
  703. $xor = $this->decryptIV;
  704. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  705. $orig = $block = substr($ciphertext, $i, 8);
  706. $block = $des[2]->_processBlock($block, Crypt_DES::DECRYPT);
  707. $block = $des[1]->_processBlock($block, Crypt_DES::ENCRYPT);
  708. $block = $des[0]->_processBlock($block, Crypt_DES::DECRYPT);
  709. $plaintext.= $block ^ $xor;
  710. $xor = $orig;
  711. }
  712. if ($this->continuousBuffer) {
  713. $this->decryptIV = $xor;
  714. }
  715. break;
  716. case Crypt_DES::MODE_CTR:
  717. $xor = $this->decryptIV;
  718. if (strlen($buffer['ciphertext'])) {
  719. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  720. $block = substr($ciphertext, $i, 8);
  721. $key = $this->_generate_xor(8, $xor);
  722. $key = $des[0]->_processBlock($key, Crypt_DES::ENCRYPT);
  723. $key = $des[1]->_processBlock($key, Crypt_DES::DECRYPT);
  724. $key = $des[2]->_processBlock($key, Crypt_DES::ENCRYPT);
  725. $buffer['ciphertext'].= $key;
  726. $key = $this->_string_shift($buffer['ciphertext'], 8);
  727. $plaintext.= $block ^ $key;
  728. }
  729. } else {
  730. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  731. $block = substr($ciphertext, $i, 8);
  732. $key = $this->_generate_xor(8, $xor);
  733. $key = $des[0]->_processBlock($key, Crypt_DES::ENCRYPT);
  734. $key = $des[1]->_processBlock($key, Crypt_DES::DECRYPT);
  735. $key = $des[2]->_processBlock($key, Crypt_DES::ENCRYPT);
  736. $plaintext.= $block ^ $key;
  737. }
  738. }
  739. if ($this->continuousBuffer) {
  740. $this->decryptIV = $xor;
  741. if ($start = strlen($plaintext) & 7) {
  742. $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext'];
  743. }
  744. }
  745. break;
  746. case Crypt_DES::MODE_CFB:
  747. if (!empty($buffer['ciphertext'])) {
  748. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($buffer['ciphertext']));
  749. $buffer['ciphertext'].= substr($ciphertext, 0, strlen($plaintext));
  750. if (strlen($buffer['ciphertext']) == 8) {
  751. $xor = $des[0]->_processBlock($buffer['ciphertext'], Crypt_DES::ENCRYPT);
  752. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  753. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  754. $buffer['ciphertext'] = '';
  755. }
  756. $start = strlen($plaintext);
  757. $block = $this->decryptIV;
  758. } else {
  759. $plaintext = '';
  760. $xor = $des[0]->_processBlock($this->decryptIV, Crypt_DES::ENCRYPT);
  761. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  762. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  763. $start = 0;
  764. }
  765. for ($i = $start; $i < strlen($ciphertext); $i+=8) {
  766. $block = substr($ciphertext, $i, 8);
  767. $plaintext.= $block ^ $xor;
  768. if ($continuousBuffer && strlen($block) != 8) {
  769. $buffer['ciphertext'].= $block;
  770. $block = $xor;
  771. } else if (strlen($block) == 8) {
  772. $xor = $des[0]->_processBlock($block, Crypt_DES::ENCRYPT);
  773. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  774. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  775. }
  776. }
  777. if ($this->continuousBuffer) {
  778. $this->decryptIV = $block;
  779. }
  780. break;
  781. case Crypt_DES::MODE_OFB:
  782. $xor = $this->decryptIV;
  783. if (strlen($buffer)) {
  784. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  785. $xor = $des[0]->_processBlock($xor, Crypt_DES::ENCRYPT);
  786. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  787. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  788. $buffer.= $xor;
  789. $key = $this->_string_shift($buffer, 8);
  790. $plaintext.= substr($ciphertext, $i, 8) ^ $key;
  791. }
  792. } else {
  793. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  794. $xor = $des[0]->_processBlock($xor, Crypt_DES::ENCRYPT);
  795. $xor = $des[1]->_processBlock($xor, Crypt_DES::DECRYPT);
  796. $xor = $des[2]->_processBlock($xor, Crypt_DES::ENCRYPT);
  797. $plaintext.= substr($ciphertext, $i, 8) ^ $xor;
  798. }
  799. $key = $xor;
  800. }
  801. if ($this->continuousBuffer) {
  802. $this->decryptIV = $xor;
  803. if ($start = strlen($ciphertext) & 7) {
  804. $buffer = substr($key, $start) . $buffer;
  805. }
  806. }
  807. }
  808. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  809. }
  810. /**
  811. * Treat consecutive "packets" as if they are a continuous buffer.
  812. *
  813. * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets
  814. * will yield different outputs:
  815. *
  816. * <code>
  817. * echo $des->encrypt(substr($plaintext, 0, 8));
  818. * echo $des->encrypt(substr($plaintext, 8, 8));
  819. * </code>
  820. * <code>
  821. * echo $des->encrypt($plaintext);
  822. * </code>
  823. *
  824. * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates
  825. * another, as demonstrated with the following:
  826. *
  827. * <code>
  828. * $des->encrypt(substr($plaintext, 0, 8));
  829. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  830. * </code>
  831. * <code>
  832. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  833. * </code>
  834. *
  835. * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different
  836. * outputs. The reason is due to the fact that the initialization vector's change after every encryption /
  837. * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
  838. *
  839. * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each
  840. * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that
  841. * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),
  842. * however, they are also less intuitive and more likely to cause you problems.
  843. *
  844. * @see Crypt_TripleDES::disableContinuousBuffer()
  845. * @access public
  846. */
  847. function enableContinuousBuffer()
  848. {
  849. $this->continuousBuffer = true;
  850. if ($this->mode == self::MODE_3CBC) {
  851. $this->des[0]->enableContinuousBuffer();
  852. $this->des[1]->enableContinuousBuffer();
  853. $this->des[2]->enableContinuousBuffer();
  854. }
  855. }
  856. /**
  857. * Treat consecutive packets as if they are a discontinuous buffer.
  858. *
  859. * The default behavior.
  860. *
  861. * @see Crypt_TripleDES::enableContinuousBuffer()
  862. * @access public
  863. */
  864. function disableContinuousBuffer()
  865. {
  866. $this->continuousBuffer = false;
  867. $this->encryptIV = $this->iv;
  868. $this->decryptIV = $this->iv;
  869. if ($this->mode == self::MODE_3CBC) {
  870. $this->des[0]->disableContinuousBuffer();
  871. $this->des[1]->disableContinuousBuffer();
  872. $this->des[2]->disableContinuousBuffer();
  873. }
  874. }
  875. /**
  876. * Pad "packets".
  877. *
  878. * DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not
  879. * a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight.
  880. *
  881. * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1,
  882. * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping
  883. * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is
  884. * transmitted separately)
  885. *
  886. * @see Crypt_TripleDES::disablePadding()
  887. * @access public
  888. */
  889. function enablePadding()
  890. {
  891. $this->padding = true;
  892. }
  893. /**
  894. * Do not pad packets.
  895. *
  896. * @see Crypt_TripleDES::enablePadding()
  897. * @access public
  898. */
  899. function disablePadding()
  900. {
  901. $this->padding = false;
  902. }
  903. /**
  904. * Pads a string
  905. *
  906. * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8).
  907. * 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7)
  908. *
  909. * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
  910. * and padding will, hence forth, be enabled.
  911. *
  912. * @see Crypt_TripleDES::_unpad()
  913. * @access private
  914. */
  915. function _pad($text)
  916. {
  917. if(!$this->paddable)
  918. return $text;
  919. $length = strlen($text);
  920. if (!$this->padding) {
  921. if (($length & 7) == 0) {
  922. return $text;
  923. } else {
  924. user_error("The plaintext's length ($length) is not a multiple of the block size (8)", E_USER_WARNING);
  925. $this->padding = true;
  926. }
  927. }
  928. $pad = 8 - ($length & 7);
  929. return str_pad($text, $length + $pad, chr($pad));
  930. }
  931. /**
  932. * Unpads a string
  933. *
  934. * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
  935. * and false will be returned.
  936. *
  937. * @see Crypt_TripleDES::_pad()
  938. * @access private
  939. */
  940. function _unpad($text)
  941. {
  942. if (!$this->padding || !$this->paddable) {
  943. return $text;
  944. }
  945. $length = ord($text[strlen($text) - 1]);
  946. if (!$length || $length > 8) {
  947. return false;
  948. }
  949. return substr($text, 0, -$length);
  950. }
  951. /**
  952. * String Shift
  953. *
  954. * Inspired by array_shift
  955. *
  956. * @param String $string
  957. * @param optional Integer $index
  958. * @return String
  959. * @access private
  960. */
  961. function _string_shift(&$string, $index = 1)
  962. {
  963. $substr = substr($string, 0, $index);
  964. $string = substr($string, $index);
  965. return $substr;
  966. }
  967. }
  968. // vim: ts=4:sw=4:et:
  969. // vim6: fdl=1: