PageRenderTime 54ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/trustly/phpseclib/Crypt/TripleDES.php

https://github.com/DaveBenNoah/PrestaShop-modules
PHP | 1061 lines | 627 code | 79 blank | 355 comment | 129 complexity | 4b5b35fcb33333fe88bb3bd3c60b84cf MD5 | raw file
Possible License(s): Apache-2.0, CC-BY-SA-3.0
  1. <?php
  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
  3. /**
  4. * Pure-PHP implementation of Triple DES.
  5. *
  6. * Uses mcrypt, if available, and an internal implementation, otherwise. Operates in the EDE3 mode (encrypt-decrypt-encrypt).
  7. *
  8. * PHP versions 4 and 5
  9. *
  10. * Here's a short example of how to use this library:
  11. * <code>
  12. * <?php
  13. * include('Crypt/TripleDES.php');
  14. *
  15. * $des = new Crypt_TripleDES();
  16. *
  17. * $des->setKey('abcdefghijklmnopqrstuvwx');
  18. *
  19. * $size = 10 * 1024;
  20. * $plaintext = '';
  21. * for ($i = 0; $i < $size; $i++) {
  22. * $plaintext.= 'a';
  23. * }
  24. *
  25. * echo $des->decrypt($des->encrypt($plaintext));
  26. * ?>
  27. * </code>
  28. *
  29. * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
  30. * of this software and associated documentation files (the "Software"), to deal
  31. * in the Software without restriction, including without limitation the rights
  32. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  33. * copies of the Software, and to permit persons to whom the Software is
  34. * furnished to do so, subject to the following conditions:
  35. *
  36. * The above copyright notice and this permission notice shall be included in
  37. * all copies or substantial portions of the Software.
  38. *
  39. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  40. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  41. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  42. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  43. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  44. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  45. * THE SOFTWARE.
  46. *
  47. * @category Crypt
  48. * @package Crypt_TripleDES
  49. * @author Jim Wigginton <terrafrost@php.net>
  50. * @copyright MMVII Jim Wigginton
  51. * @license http://www.opensource.org/licenses/mit-license.html MIT License
  52. * @version $Id: TripleDES.php,v 1.13 2010/02/26 03:40:25 terrafrost Exp $
  53. * @link http://phpseclib.sourceforge.net
  54. */
  55. /**
  56. * Include Crypt_DES
  57. */
  58. if (!class_exists('Crypt_DES')) {
  59. require_once(dirname(__FILE__).'/../DES.php');
  60. }
  61. /**
  62. * Encrypt / decrypt using inner chaining
  63. *
  64. * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (CRYPT_DES_MODE_CBC3).
  65. */
  66. define('CRYPT_DES_MODE_3CBC', -2);
  67. /**
  68. * Encrypt / decrypt using outer chaining
  69. *
  70. * Outer chaining is used by SSH-2 and when the mode is set to CRYPT_DES_MODE_CBC.
  71. */
  72. define('CRYPT_DES_MODE_CBC3', CRYPT_DES_MODE_CBC);
  73. /**
  74. * Pure-PHP implementation of Triple DES.
  75. *
  76. * @author Jim Wigginton <terrafrost@php.net>
  77. * @version 0.1.0
  78. * @access public
  79. * @package Crypt_TerraDES
  80. */
  81. class Crypt_TripleDES {
  82. /**
  83. * The Three Keys
  84. *
  85. * @see Crypt_TripleDES::setKey()
  86. * @var String
  87. * @access private
  88. */
  89. var $key = "\0\0\0\0\0\0\0\0";
  90. /**
  91. * The Encryption Mode
  92. *
  93. * @see Crypt_TripleDES::Crypt_TripleDES()
  94. * @var Integer
  95. * @access private
  96. */
  97. var $mode = CRYPT_DES_MODE_CBC;
  98. /**
  99. * Continuous Buffer status
  100. *
  101. * @see Crypt_TripleDES::enableContinuousBuffer()
  102. * @var Boolean
  103. * @access private
  104. */
  105. var $continuousBuffer = false;
  106. /**
  107. * Padding status
  108. *
  109. * @see Crypt_TripleDES::enablePadding()
  110. * @var Boolean
  111. * @access private
  112. */
  113. var $padding = true;
  114. /**
  115. * The Initialization Vector
  116. *
  117. * @see Crypt_TripleDES::setIV()
  118. * @var String
  119. * @access private
  120. */
  121. var $iv = "\0\0\0\0\0\0\0\0";
  122. /**
  123. * A "sliding" Initialization Vector
  124. *
  125. * @see Crypt_TripleDES::enableContinuousBuffer()
  126. * @var String
  127. * @access private
  128. */
  129. var $encryptIV = "\0\0\0\0\0\0\0\0";
  130. /**
  131. * A "sliding" Initialization Vector
  132. *
  133. * @see Crypt_TripleDES::enableContinuousBuffer()
  134. * @var String
  135. * @access private
  136. */
  137. var $decryptIV = "\0\0\0\0\0\0\0\0";
  138. /**
  139. * The Crypt_DES objects
  140. *
  141. * @var Array
  142. * @access private
  143. */
  144. var $des;
  145. /**
  146. * mcrypt resource for encryption
  147. *
  148. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  149. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  150. *
  151. * @see Crypt_TripleDES::encrypt()
  152. * @var String
  153. * @access private
  154. */
  155. var $enmcrypt;
  156. /**
  157. * mcrypt resource for decryption
  158. *
  159. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  160. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  161. *
  162. * @see Crypt_TripleDES::decrypt()
  163. * @var String
  164. * @access private
  165. */
  166. var $demcrypt;
  167. /**
  168. * Does the enmcrypt resource need to be (re)initialized?
  169. *
  170. * @see Crypt_TripleDES::setKey()
  171. * @see Crypt_TripleDES::setIV()
  172. * @var Boolean
  173. * @access private
  174. */
  175. var $enchanged = true;
  176. /**
  177. * Does the demcrypt resource need to be (re)initialized?
  178. *
  179. * @see Crypt_TripleDES::setKey()
  180. * @see Crypt_TripleDES::setIV()
  181. * @var Boolean
  182. * @access private
  183. */
  184. var $dechanged = true;
  185. /**
  186. * Is the mode one that is paddable?
  187. *
  188. * @see Crypt_TripleDES::Crypt_TripleDES()
  189. * @var Boolean
  190. * @access private
  191. */
  192. var $paddable = false;
  193. /**
  194. * Encryption buffer for CTR, OFB and CFB modes
  195. *
  196. * @see Crypt_TripleDES::encrypt()
  197. * @var String
  198. * @access private
  199. */
  200. var $enbuffer = '';
  201. /**
  202. * Decryption buffer for CTR, OFB and CFB modes
  203. *
  204. * @see Crypt_TripleDES::decrypt()
  205. * @var String
  206. * @access private
  207. */
  208. var $debuffer = '';
  209. /**
  210. * mcrypt resource for CFB mode
  211. *
  212. * @see Crypt_TripleDES::encrypt()
  213. * @see Crypt_TripleDES::decrypt()
  214. * @var String
  215. * @access private
  216. */
  217. var $ecb;
  218. /**
  219. * Default Constructor.
  220. *
  221. * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be
  222. * CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly set, CRYPT_DES_MODE_CBC will be used.
  223. *
  224. * @param optional Integer $mode
  225. * @return Crypt_TripleDES
  226. * @access public
  227. */
  228. function Crypt_TripleDES($mode = CRYPT_DES_MODE_CBC)
  229. {
  230. if ( !defined('CRYPT_DES_MODE') ) {
  231. switch (true) {
  232. case extension_loaded('mcrypt') && in_array('tripledes', mcrypt_list_algorithms()):
  233. define('CRYPT_DES_MODE', CRYPT_DES_MODE_MCRYPT);
  234. break;
  235. default:
  236. define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL);
  237. }
  238. }
  239. if ( $mode == CRYPT_DES_MODE_3CBC ) {
  240. $this->mode = CRYPT_DES_MODE_3CBC;
  241. $this->des = array(
  242. new Crypt_DES(CRYPT_DES_MODE_CBC),
  243. new Crypt_DES(CRYPT_DES_MODE_CBC),
  244. new Crypt_DES(CRYPT_DES_MODE_CBC)
  245. );
  246. $this->paddable = true;
  247. // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects
  248. $this->des[0]->disablePadding();
  249. $this->des[1]->disablePadding();
  250. $this->des[2]->disablePadding();
  251. return;
  252. }
  253. switch ( CRYPT_DES_MODE ) {
  254. case CRYPT_DES_MODE_MCRYPT:
  255. switch ($mode) {
  256. case CRYPT_DES_MODE_ECB:
  257. $this->paddable = true;
  258. $this->mode = MCRYPT_MODE_ECB;
  259. break;
  260. case CRYPT_DES_MODE_CTR:
  261. $this->mode = 'ctr';
  262. break;
  263. case CRYPT_DES_MODE_CFB:
  264. $this->mode = 'ncfb';
  265. break;
  266. case CRYPT_DES_MODE_OFB:
  267. $this->mode = MCRYPT_MODE_NOFB;
  268. break;
  269. case CRYPT_DES_MODE_CBC:
  270. default:
  271. $this->paddable = true;
  272. $this->mode = MCRYPT_MODE_CBC;
  273. }
  274. break;
  275. default:
  276. $this->des = array(
  277. new Crypt_DES(CRYPT_DES_MODE_ECB),
  278. new Crypt_DES(CRYPT_DES_MODE_ECB),
  279. new Crypt_DES(CRYPT_DES_MODE_ECB)
  280. );
  281. // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects
  282. $this->des[0]->disablePadding();
  283. $this->des[1]->disablePadding();
  284. $this->des[2]->disablePadding();
  285. switch ($mode) {
  286. case CRYPT_DES_MODE_ECB:
  287. case CRYPT_DES_MODE_CBC:
  288. $this->paddable = true;
  289. $this->mode = $mode;
  290. break;
  291. case CRYPT_DES_MODE_CTR:
  292. case CRYPT_DES_MODE_CFB:
  293. case CRYPT_DES_MODE_OFB:
  294. $this->mode = $mode;
  295. break;
  296. default:
  297. $this->paddable = true;
  298. $this->mode = CRYPT_DES_MODE_CBC;
  299. }
  300. }
  301. }
  302. /**
  303. * Sets the key.
  304. *
  305. * Keys can be of any length. Triple DES, itself, can use 128-bit (eg. strlen($key) == 16) or
  306. * 192-bit (eg. strlen($key) == 24) keys. This function pads and truncates $key as appropriate.
  307. *
  308. * DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
  309. *
  310. * If the key is not explicitly set, it'll be assumed to be all zero's.
  311. *
  312. * @access public
  313. * @param String $key
  314. */
  315. function setKey($key)
  316. {
  317. $length = strlen($key);
  318. if ($length > 8) {
  319. $key = str_pad($key, 24, chr(0));
  320. // if $key is between 64 and 128-bits, use the first 64-bits as the last, per this:
  321. // http://php.net/function.mcrypt-encrypt#47973
  322. //$key = $length <= 16 ? substr_replace($key, substr($key, 0, 8), 16) : substr($key, 0, 24);
  323. } else {
  324. $key = str_pad($key, 8, chr(0));
  325. }
  326. $this->key = $key;
  327. switch (true) {
  328. case CRYPT_DES_MODE == CRYPT_DES_MODE_INTERNAL:
  329. case $this->mode == CRYPT_DES_MODE_3CBC:
  330. $this->des[0]->setKey(substr($key, 0, 8));
  331. $this->des[1]->setKey(substr($key, 8, 8));
  332. $this->des[2]->setKey(substr($key, 16, 8));
  333. }
  334. $this->enchanged = $this->dechanged = true;
  335. }
  336. /**
  337. * Sets the password.
  338. *
  339. * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows:
  340. * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2}:
  341. * $hash, $salt, $method
  342. *
  343. * @param String $password
  344. * @param optional String $method
  345. * @access public
  346. */
  347. function setPassword($password, $method = 'pbkdf2')
  348. {
  349. $key = '';
  350. switch ($method) {
  351. default: // 'pbkdf2'
  352. list(, , $hash, $salt, $count) = func_get_args();
  353. if (!isset($hash)) {
  354. $hash = 'sha1';
  355. }
  356. // WPA and WPA use the SSID as the salt
  357. if (!isset($salt)) {
  358. $salt = 'phpseclib';
  359. }
  360. // RFC2898#section-4.2 uses 1,000 iterations by default
  361. // WPA and WPA2 use 4,096.
  362. if (!isset($count)) {
  363. $count = 1000;
  364. }
  365. if (!class_exists('Crypt_Hash')) {
  366. require_once(dirname(__FILE__).'/../Crypt/Hash.php');
  367. }
  368. $i = 1;
  369. while (strlen($key) < 24) { // $dkLen == 24
  370. $hmac = new Crypt_Hash();
  371. $hmac->setHash($hash);
  372. $hmac->setKey($password);
  373. $f = $u = $hmac->hash($salt . pack('N', $i++));
  374. for ($j = 2; $j <= $count; $j++) {
  375. $u = $hmac->hash($u);
  376. $f^= $u;
  377. }
  378. $key.= $f;
  379. }
  380. }
  381. $this->setKey($key);
  382. }
  383. /**
  384. * Sets the initialization vector. (optional)
  385. *
  386. * SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly set, it'll be assumed
  387. * to be all zero's.
  388. *
  389. * @access public
  390. * @param String $iv
  391. */
  392. function setIV($iv)
  393. {
  394. $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, 8), 8, chr(0));
  395. if ($this->mode == CRYPT_DES_MODE_3CBC) {
  396. $this->des[0]->setIV($iv);
  397. $this->des[1]->setIV($iv);
  398. $this->des[2]->setIV($iv);
  399. }
  400. $this->enchanged = $this->dechanged = true;
  401. }
  402. /**
  403. * Generate CTR XOR encryption key
  404. *
  405. * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the
  406. * plaintext / ciphertext in CTR mode.
  407. *
  408. * @see Crypt_TripleDES::decrypt()
  409. * @see Crypt_TripleDES::encrypt()
  410. * @access private
  411. * @param Integer $length
  412. * @param String $iv
  413. */
  414. function _generate_xor($length, &$iv)
  415. {
  416. $xor = '';
  417. $num_blocks = ($length + 7) >> 3;
  418. for ($i = 0; $i < $num_blocks; $i++) {
  419. $xor.= $iv;
  420. for ($j = 4; $j <= 8; $j+=4) {
  421. $temp = substr($iv, -$j, 4);
  422. switch ($temp) {
  423. case "\xFF\xFF\xFF\xFF":
  424. $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4);
  425. break;
  426. case "\x7F\xFF\xFF\xFF":
  427. $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4);
  428. break 2;
  429. default:
  430. extract(unpack('Ncount', $temp));
  431. $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4);
  432. break 2;
  433. }
  434. }
  435. }
  436. return $xor;
  437. }
  438. /**
  439. * Encrypts a message.
  440. *
  441. * @access public
  442. * @param String $plaintext
  443. */
  444. function encrypt($plaintext)
  445. {
  446. if ($this->paddable) {
  447. $plaintext = $this->_pad($plaintext);
  448. }
  449. // if the key is smaller then 8, do what we'd normally do
  450. if ($this->mode == CRYPT_DES_MODE_3CBC && strlen($this->key) > 8) {
  451. $ciphertext = $this->des[2]->encrypt($this->des[1]->decrypt($this->des[0]->encrypt($plaintext)));
  452. return $ciphertext;
  453. }
  454. if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) {
  455. if ($this->enchanged) {
  456. if (!isset($this->enmcrypt)) {
  457. $this->enmcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, '');
  458. }
  459. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  460. if ($this->mode != 'ncfb') {
  461. $this->enchanged = false;
  462. }
  463. }
  464. if ($this->mode != 'ncfb') {
  465. $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
  466. } else {
  467. if ($this->enchanged) {
  468. $this->ecb = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
  469. mcrypt_generic_init($this->ecb, $this->key, "\0\0\0\0\0\0\0\0");
  470. $this->enchanged = false;
  471. }
  472. if (strlen($this->enbuffer)) {
  473. $ciphertext = $plaintext ^ substr($this->encryptIV, strlen($this->enbuffer));
  474. $this->enbuffer.= $ciphertext;
  475. if (strlen($this->enbuffer) == 8) {
  476. $this->encryptIV = $this->enbuffer;
  477. $this->enbuffer = '';
  478. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  479. }
  480. $plaintext = substr($plaintext, strlen($ciphertext));
  481. } else {
  482. $ciphertext = '';
  483. }
  484. $last_pos = strlen($plaintext) & 0xFFFFFFF8;
  485. $ciphertext.= $last_pos ? mcrypt_generic($this->enmcrypt, substr($plaintext, 0, $last_pos)) : '';
  486. if (strlen($plaintext) & 0x7) {
  487. if (strlen($ciphertext)) {
  488. $this->encryptIV = substr($ciphertext, -8);
  489. }
  490. $this->encryptIV = mcrypt_generic($this->ecb, $this->encryptIV);
  491. $this->enbuffer = substr($plaintext, $last_pos) ^ $this->encryptIV;
  492. $ciphertext.= $this->enbuffer;
  493. }
  494. }
  495. if (!$this->continuousBuffer) {
  496. mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
  497. }
  498. return $ciphertext;
  499. }
  500. if (strlen($this->key) <= 8) {
  501. $this->des[0]->mode = $this->mode;
  502. return $this->des[0]->encrypt($plaintext);
  503. }
  504. $des = $this->des;
  505. $buffer = &$this->enbuffer;
  506. $continuousBuffer = $this->continuousBuffer;
  507. $ciphertext = '';
  508. switch ($this->mode) {
  509. case CRYPT_DES_MODE_ECB:
  510. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  511. $block = substr($plaintext, $i, 8);
  512. // all of these _processBlock calls could, in theory, be put in a function - say Crypt_TripleDES::_ede_encrypt() or something.
  513. // only problem with that: it would slow encryption and decryption down. $this->des would have to be called every time that
  514. // function is called, instead of once for the whole string of text that's being encrypted, which would, in turn, make
  515. // encryption and decryption take more time, per this:
  516. //
  517. // http://blog.libssh2.org/index.php?/archives/21-Compiled-Variables.html
  518. $block = $des[0]->_processBlock($block, CRYPT_DES_ENCRYPT);
  519. $block = $des[1]->_processBlock($block, CRYPT_DES_DECRYPT);
  520. $block = $des[2]->_processBlock($block, CRYPT_DES_ENCRYPT);
  521. $ciphertext.= $block;
  522. }
  523. break;
  524. case CRYPT_DES_MODE_CBC:
  525. $xor = $this->encryptIV;
  526. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  527. $block = substr($plaintext, $i, 8) ^ $xor;
  528. $block = $des[0]->_processBlock($block, CRYPT_DES_ENCRYPT);
  529. $block = $des[1]->_processBlock($block, CRYPT_DES_DECRYPT);
  530. $block = $des[2]->_processBlock($block, CRYPT_DES_ENCRYPT);
  531. $xor = $block;
  532. $ciphertext.= $block;
  533. }
  534. if ($this->continuousBuffer) {
  535. $this->encryptIV = $xor;
  536. }
  537. break;
  538. case CRYPT_DES_MODE_CTR:
  539. $xor = $this->encryptIV;
  540. if (strlen($buffer['encrypted'])) {
  541. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  542. $block = substr($plaintext, $i, 8);
  543. $key = $this->_generate_xor(8, $xor);
  544. $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT);
  545. $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT);
  546. $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT);
  547. $buffer['encrypted'].= $key;
  548. $key = $this->_string_shift($buffer['encrypted'], 8);
  549. $ciphertext.= $block ^ $key;
  550. }
  551. } else {
  552. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  553. $block = substr($plaintext, $i, 8);
  554. $key = $this->_generate_xor(8, $xor);
  555. $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT);
  556. $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT);
  557. $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT);
  558. $ciphertext.= $block ^ $key;
  559. }
  560. }
  561. if ($this->continuousBuffer) {
  562. $this->encryptIV = $xor;
  563. if ($start = strlen($plaintext) & 7) {
  564. $buffer['encrypted'] = substr($key, $start) . $buffer;
  565. }
  566. }
  567. break;
  568. case CRYPT_DES_MODE_CFB:
  569. if (!empty($buffer['xor'])) {
  570. $ciphertext = $plaintext ^ $buffer['xor'];
  571. $iv = $buffer['encrypted'] . $ciphertext;
  572. $start = strlen($ciphertext);
  573. $buffer['encrypted'].= $ciphertext;
  574. $buffer['xor'] = substr($buffer['xor'], strlen($ciphertext));
  575. } else {
  576. $ciphertext = '';
  577. $iv = $this->encryptIV;
  578. $start = 0;
  579. }
  580. for ($i = $start; $i < strlen($plaintext); $i+=8) {
  581. $block = substr($plaintext, $i, 8);
  582. $iv = $des[0]->_processBlock($iv, CRYPT_DES_ENCRYPT);
  583. $iv = $des[1]->_processBlock($iv, CRYPT_DES_DECRYPT);
  584. $xor= $des[2]->_processBlock($iv, CRYPT_DES_ENCRYPT);
  585. $iv = $block ^ $xor;
  586. if ($continuousBuffer && strlen($iv) != 8) {
  587. $buffer = array(
  588. 'encrypted' => $iv,
  589. 'xor' => substr($xor, strlen($iv))
  590. );
  591. }
  592. $ciphertext.= $iv;
  593. }
  594. if ($this->continuousBuffer) {
  595. $this->encryptIV = $iv;
  596. }
  597. break;
  598. case CRYPT_DES_MODE_OFB:
  599. $xor = $this->encryptIV;
  600. if (strlen($buffer)) {
  601. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  602. $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  603. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  604. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  605. $buffer.= $xor;
  606. $key = $this->_string_shift($buffer, 8);
  607. $ciphertext.= substr($plaintext, $i, 8) ^ $key;
  608. }
  609. } else {
  610. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  611. $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  612. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  613. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  614. $ciphertext.= substr($plaintext, $i, 8) ^ $xor;
  615. }
  616. $key = $xor;
  617. }
  618. if ($this->continuousBuffer) {
  619. $this->encryptIV = $xor;
  620. if ($start = strlen($plaintext) & 7) {
  621. $buffer = substr($key, $start) . $buffer;
  622. }
  623. }
  624. }
  625. return $ciphertext;
  626. }
  627. /**
  628. * Decrypts a message.
  629. *
  630. * @access public
  631. * @param String $ciphertext
  632. */
  633. function decrypt($ciphertext)
  634. {
  635. if ($this->mode == CRYPT_DES_MODE_3CBC && strlen($this->key) > 8) {
  636. $plaintext = $this->des[0]->decrypt($this->des[1]->encrypt($this->des[2]->decrypt($ciphertext)));
  637. return $this->_unpad($plaintext);
  638. }
  639. if ($this->paddable) {
  640. // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic :
  641. // "The data is padded with "\0" to make sure the length of the data is n * blocksize."
  642. $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, chr(0));
  643. }
  644. if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) {
  645. if ($this->dechanged) {
  646. if (!isset($this->demcrypt)) {
  647. $this->demcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, '');
  648. }
  649. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  650. if ($this->mode != 'ncfb') {
  651. $this->dechanged = false;
  652. }
  653. }
  654. if ($this->mode != 'ncfb') {
  655. $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext);
  656. } else {
  657. if ($this->dechanged) {
  658. $this->ecb = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
  659. mcrypt_generic_init($this->ecb, $this->key, "\0\0\0\0\0\0\0\0");
  660. $this->dechanged = false;
  661. }
  662. if (strlen($this->debuffer)) {
  663. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($this->debuffer));
  664. $this->debuffer.= substr($ciphertext, 0, strlen($plaintext));
  665. if (strlen($this->debuffer) == 8) {
  666. $this->decryptIV = $this->debuffer;
  667. $this->debuffer = '';
  668. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  669. }
  670. $ciphertext = substr($ciphertext, strlen($plaintext));
  671. } else {
  672. $plaintext = '';
  673. }
  674. $last_pos = strlen($ciphertext) & 0xFFFFFFF8;
  675. $plaintext.= $last_pos ? mdecrypt_generic($this->demcrypt, substr($ciphertext, 0, $last_pos)) : '';
  676. if (strlen($ciphertext) & 0x7) {
  677. if (strlen($plaintext)) {
  678. $this->decryptIV = substr($ciphertext, $last_pos - 8, 8);
  679. }
  680. $this->decryptIV = mcrypt_generic($this->ecb, $this->decryptIV);
  681. $this->debuffer = substr($ciphertext, $last_pos);
  682. $plaintext.= $this->debuffer ^ $this->decryptIV;
  683. }
  684. return $plaintext;
  685. }
  686. if (!$this->continuousBuffer) {
  687. mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
  688. }
  689. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  690. }
  691. if (strlen($this->key) <= 8) {
  692. $this->des[0]->mode = $this->mode;
  693. $plaintext = $this->des[0]->decrypt($ciphertext);
  694. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  695. }
  696. $des = $this->des;
  697. $buffer = &$this->enbuffer;
  698. $continuousBuffer = $this->continuousBuffer;
  699. $plaintext = '';
  700. switch ($this->mode) {
  701. case CRYPT_DES_MODE_ECB:
  702. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  703. $block = substr($ciphertext, $i, 8);
  704. $block = $des[2]->_processBlock($block, CRYPT_DES_DECRYPT);
  705. $block = $des[1]->_processBlock($block, CRYPT_DES_ENCRYPT);
  706. $block = $des[0]->_processBlock($block, CRYPT_DES_DECRYPT);
  707. $plaintext.= $block;
  708. }
  709. break;
  710. case CRYPT_DES_MODE_CBC:
  711. $xor = $this->decryptIV;
  712. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  713. $orig = $block = substr($ciphertext, $i, 8);
  714. $block = $des[2]->_processBlock($block, CRYPT_DES_DECRYPT);
  715. $block = $des[1]->_processBlock($block, CRYPT_DES_ENCRYPT);
  716. $block = $des[0]->_processBlock($block, CRYPT_DES_DECRYPT);
  717. $plaintext.= $block ^ $xor;
  718. $xor = $orig;
  719. }
  720. if ($this->continuousBuffer) {
  721. $this->decryptIV = $xor;
  722. }
  723. break;
  724. case CRYPT_DES_MODE_CTR:
  725. $xor = $this->decryptIV;
  726. if (strlen($buffer['ciphertext'])) {
  727. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  728. $block = substr($ciphertext, $i, 8);
  729. $key = $this->_generate_xor(8, $xor);
  730. $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT);
  731. $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT);
  732. $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT);
  733. $buffer['ciphertext'].= $key;
  734. $key = $this->_string_shift($buffer['ciphertext'], 8);
  735. $plaintext.= $block ^ $key;
  736. }
  737. } else {
  738. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  739. $block = substr($ciphertext, $i, 8);
  740. $key = $this->_generate_xor(8, $xor);
  741. $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT);
  742. $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT);
  743. $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT);
  744. $plaintext.= $block ^ $key;
  745. }
  746. }
  747. if ($this->continuousBuffer) {
  748. $this->decryptIV = $xor;
  749. if ($start = strlen($plaintext) & 7) {
  750. $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext'];
  751. }
  752. }
  753. break;
  754. case CRYPT_DES_MODE_CFB:
  755. if (!empty($buffer['ciphertext'])) {
  756. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($buffer['ciphertext']));
  757. $buffer['ciphertext'].= substr($ciphertext, 0, strlen($plaintext));
  758. if (strlen($buffer['ciphertext']) == 8) {
  759. $xor = $des[0]->_processBlock($buffer['ciphertext'], CRYPT_DES_ENCRYPT);
  760. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  761. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  762. $buffer['ciphertext'] = '';
  763. }
  764. $start = strlen($plaintext);
  765. $block = $this->decryptIV;
  766. } else {
  767. $plaintext = '';
  768. $xor = $des[0]->_processBlock($this->decryptIV, CRYPT_DES_ENCRYPT);
  769. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  770. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  771. $start = 0;
  772. }
  773. for ($i = $start; $i < strlen($ciphertext); $i+=8) {
  774. $block = substr($ciphertext, $i, 8);
  775. $plaintext.= $block ^ $xor;
  776. if ($continuousBuffer && strlen($block) != 8) {
  777. $buffer['ciphertext'].= $block;
  778. $block = $xor;
  779. } else if (strlen($block) == 8) {
  780. $xor = $des[0]->_processBlock($block, CRYPT_DES_ENCRYPT);
  781. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  782. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  783. }
  784. }
  785. if ($this->continuousBuffer) {
  786. $this->decryptIV = $block;
  787. }
  788. break;
  789. case CRYPT_DES_MODE_OFB:
  790. $xor = $this->decryptIV;
  791. if (strlen($buffer)) {
  792. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  793. $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  794. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  795. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  796. $buffer.= $xor;
  797. $key = $this->_string_shift($buffer, 8);
  798. $plaintext.= substr($ciphertext, $i, 8) ^ $key;
  799. }
  800. } else {
  801. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  802. $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  803. $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
  804. $xor = $des[2]->_processBlock($xor, CRYPT_DES_ENCRYPT);
  805. $plaintext.= substr($ciphertext, $i, 8) ^ $xor;
  806. }
  807. $key = $xor;
  808. }
  809. if ($this->continuousBuffer) {
  810. $this->decryptIV = $xor;
  811. if ($start = strlen($ciphertext) & 7) {
  812. $buffer = substr($key, $start) . $buffer;
  813. }
  814. }
  815. }
  816. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  817. }
  818. /**
  819. * Treat consecutive "packets" as if they are a continuous buffer.
  820. *
  821. * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets
  822. * will yield different outputs:
  823. *
  824. * <code>
  825. * echo $des->encrypt(substr($plaintext, 0, 8));
  826. * echo $des->encrypt(substr($plaintext, 8, 8));
  827. * </code>
  828. * <code>
  829. * echo $des->encrypt($plaintext);
  830. * </code>
  831. *
  832. * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates
  833. * another, as demonstrated with the following:
  834. *
  835. * <code>
  836. * $des->encrypt(substr($plaintext, 0, 8));
  837. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  838. * </code>
  839. * <code>
  840. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  841. * </code>
  842. *
  843. * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different
  844. * outputs. The reason is due to the fact that the initialization vector's change after every encryption /
  845. * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
  846. *
  847. * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each
  848. * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that
  849. * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),
  850. * however, they are also less intuitive and more likely to cause you problems.
  851. *
  852. * @see Crypt_TripleDES::disableContinuousBuffer()
  853. * @access public
  854. */
  855. function enableContinuousBuffer()
  856. {
  857. $this->continuousBuffer = true;
  858. if ($this->mode == CRYPT_DES_MODE_3CBC) {
  859. $this->des[0]->enableContinuousBuffer();
  860. $this->des[1]->enableContinuousBuffer();
  861. $this->des[2]->enableContinuousBuffer();
  862. }
  863. }
  864. /**
  865. * Treat consecutive packets as if they are a discontinuous buffer.
  866. *
  867. * The default behavior.
  868. *
  869. * @see Crypt_TripleDES::enableContinuousBuffer()
  870. * @access public
  871. */
  872. function disableContinuousBuffer()
  873. {
  874. $this->continuousBuffer = false;
  875. $this->encryptIV = $this->iv;
  876. $this->decryptIV = $this->iv;
  877. if ($this->mode == CRYPT_DES_MODE_3CBC) {
  878. $this->des[0]->disableContinuousBuffer();
  879. $this->des[1]->disableContinuousBuffer();
  880. $this->des[2]->disableContinuousBuffer();
  881. }
  882. }
  883. /**
  884. * Pad "packets".
  885. *
  886. * DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not
  887. * a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight.
  888. *
  889. * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1,
  890. * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping
  891. * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is
  892. * transmitted separately)
  893. *
  894. * @see Crypt_TripleDES::disablePadding()
  895. * @access public
  896. */
  897. function enablePadding()
  898. {
  899. $this->padding = true;
  900. }
  901. /**
  902. * Do not pad packets.
  903. *
  904. * @see Crypt_TripleDES::enablePadding()
  905. * @access public
  906. */
  907. function disablePadding()
  908. {
  909. $this->padding = false;
  910. }
  911. /**
  912. * Pads a string
  913. *
  914. * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8).
  915. * 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7)
  916. *
  917. * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
  918. * and padding will, hence forth, be enabled.
  919. *
  920. * @see Crypt_TripleDES::_unpad()
  921. * @access private
  922. */
  923. function _pad($text)
  924. {
  925. $length = strlen($text);
  926. if (!$this->padding) {
  927. if (($length & 7) == 0) {
  928. return $text;
  929. } else {
  930. user_error("The plaintext's length ($length) is not a multiple of the block size (8)", E_USER_NOTICE);
  931. $this->padding = true;
  932. }
  933. }
  934. $pad = 8 - ($length & 7);
  935. return str_pad($text, $length + $pad, chr($pad));
  936. }
  937. /**
  938. * Unpads a string
  939. *
  940. * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
  941. * and false will be returned.
  942. *
  943. * @see Crypt_TripleDES::_pad()
  944. * @access private
  945. */
  946. function _unpad($text)
  947. {
  948. if (!$this->padding) {
  949. return $text;
  950. }
  951. $length = ord($text[strlen($text) - 1]);
  952. if (!$length || $length > 8) {
  953. return false;
  954. }
  955. return substr($text, 0, -$length);
  956. }
  957. /**
  958. * String Shift
  959. *
  960. * Inspired by array_shift
  961. *
  962. * @param String $string
  963. * @param optional Integer $index
  964. * @return String
  965. * @access private
  966. */
  967. function _string_shift(&$string, $index = 1)
  968. {
  969. $substr = substr($string, 0, $index);
  970. $string = substr($string, $index);
  971. return $substr;
  972. }
  973. }
  974. // vim: ts=4:sw=4:et:
  975. // vim6: fdl=1: