PageRenderTime 51ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/phpseclib/Crypt/DES.php

https://github.com/kea/phpseclib
PHP | 1297 lines | 776 code | 86 blank | 435 comment | 110 complexity | 482c165c22be1c3034bdfed521306a63 MD5 | raw file
  1. <?php
  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
  3. /**
  4. * Pure-PHP implementation of DES.
  5. *
  6. * Uses mcrypt, if available, and an internal implementation, otherwise.
  7. *
  8. * PHP versions 4 and 5
  9. *
  10. * Useful resources are as follows:
  11. *
  12. * - {@link http://en.wikipedia.org/wiki/DES_supplementary_material Wikipedia: DES supplementary material}
  13. * - {@link http://www.itl.nist.gov/fipspubs/fip46-2.htm FIPS 46-2 - (DES), Data Encryption Standard}
  14. * - {@link http://www.cs.eku.edu/faculty/styer/460/Encrypt/JS-DES.html JavaScript DES Example}
  15. *
  16. * Here's a short example of how to use this library:
  17. * <code>
  18. * <?php
  19. * include('Crypt/DES.php');
  20. *
  21. * $des = new Crypt_DES();
  22. *
  23. * $des->setKey('abcdefgh');
  24. *
  25. * $size = 10 * 1024;
  26. * $plaintext = '';
  27. * for ($i = 0; $i < $size; $i++) {
  28. * $plaintext.= 'a';
  29. * }
  30. *
  31. * echo $des->decrypt($des->encrypt($plaintext));
  32. * ?>
  33. * </code>
  34. *
  35. * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
  36. * of this software and associated documentation files (the "Software"), to deal
  37. * in the Software without restriction, including without limitation the rights
  38. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  39. * copies of the Software, and to permit persons to whom the Software is
  40. * furnished to do so, subject to the following conditions:
  41. *
  42. * The above copyright notice and this permission notice shall be included in
  43. * all copies or substantial portions of the Software.
  44. *
  45. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  46. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  47. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  48. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  49. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  50. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  51. * THE SOFTWARE.
  52. *
  53. * @category Crypt
  54. * @package Crypt_DES
  55. * @author Jim Wigginton <terrafrost@php.net>
  56. * @copyright MMVII Jim Wigginton
  57. * @license http://www.opensource.org/licenses/mit-license.html MIT License
  58. * @version $Id: DES.php,v 1.12 2010/02/09 06:10:26 terrafrost Exp $
  59. * @link http://phpseclib.sourceforge.net
  60. */
  61. namespace phpseclib;
  62. /**
  63. * Pure-PHP implementation of DES.
  64. *
  65. * @author Jim Wigginton <terrafrost@php.net>
  66. * @version 0.1.0
  67. * @access public
  68. * @package Crypt_DES
  69. */
  70. class Crypt_DES {
  71. /**#@+
  72. * @access private
  73. * @see Crypt_DES::_prepareKey()
  74. * @see Crypt_DES::_processBlock()
  75. */
  76. /**
  77. * Contains array_reverse($keys[self::DECRYPT])
  78. */
  79. const ENCRYPT = 0;
  80. /**
  81. * Contains array_reverse($keys[self::ENCRYPT])
  82. */
  83. const DECRYPT = 1;
  84. /**#@-*/
  85. /**#@+
  86. * @access public
  87. * @see Crypt_DES::encrypt()
  88. * @see Crypt_DES::decrypt()
  89. */
  90. /**
  91. * Encrypt / decrypt using the Counter mode.
  92. *
  93. * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.
  94. *
  95. * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29
  96. */
  97. const MODE_CTR = -1;
  98. /**
  99. * Encrypt / decrypt using the Electronic Code Book mode.
  100. *
  101. * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
  102. */
  103. const MODE_ECB = 1;
  104. /**
  105. * Encrypt / decrypt using the Code Book Chaining mode.
  106. *
  107. * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29
  108. */
  109. const MODE_CBC = 2;
  110. /**
  111. * Encrypt / decrypt using the Cipher Feedback mode.
  112. *
  113. * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29
  114. */
  115. const MODE_CFB = 3;
  116. /**
  117. * Encrypt / decrypt using the Cipher Feedback mode.
  118. *
  119. * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29
  120. */
  121. const MODE_OFB = 4;
  122. /**#@-*/
  123. /**#@+
  124. * @access private
  125. * @see Crypt_DES::Crypt_DES()
  126. */
  127. /**
  128. * Toggles the internal implementation
  129. */
  130. const MODE_INTERNAL = 1;
  131. /**
  132. * Toggles the mcrypt implementation
  133. */
  134. const MODE_MCRYPT = 2;
  135. /**#@-*/
  136. /**
  137. * The Key Schedule
  138. *
  139. * @see Crypt_DES::setKey()
  140. * @var Array
  141. * @access private
  142. */
  143. var $keys = "\0\0\0\0\0\0\0\0";
  144. /**
  145. * The Encryption Mode
  146. *
  147. * @see Crypt_DES::Crypt_DES()
  148. * @var Integer
  149. * @access private
  150. */
  151. var $mode;
  152. /**
  153. * Continuous Buffer status
  154. *
  155. * @see Crypt_DES::enableContinuousBuffer()
  156. * @var Boolean
  157. * @access private
  158. */
  159. var $continuousBuffer = false;
  160. /**
  161. * Padding status
  162. *
  163. * @see Crypt_DES::enablePadding()
  164. * @var Boolean
  165. * @access private
  166. */
  167. var $padding = true;
  168. /**
  169. * The Initialization Vector
  170. *
  171. * @see Crypt_DES::setIV()
  172. * @var String
  173. * @access private
  174. */
  175. var $iv = "\0\0\0\0\0\0\0\0";
  176. /**
  177. * A "sliding" Initialization Vector
  178. *
  179. * @see Crypt_DES::enableContinuousBuffer()
  180. * @var String
  181. * @access private
  182. */
  183. var $encryptIV = "\0\0\0\0\0\0\0\0";
  184. /**
  185. * A "sliding" Initialization Vector
  186. *
  187. * @see Crypt_DES::enableContinuousBuffer()
  188. * @var String
  189. * @access private
  190. */
  191. var $decryptIV = "\0\0\0\0\0\0\0\0";
  192. /**
  193. * mcrypt resource for encryption
  194. *
  195. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  196. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  197. *
  198. * @see Crypt_DES::encrypt()
  199. * @var String
  200. * @access private
  201. */
  202. var $enmcrypt;
  203. /**
  204. * mcrypt resource for decryption
  205. *
  206. * The mcrypt resource can be recreated every time something needs to be created or it can be created just once.
  207. * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
  208. *
  209. * @see Crypt_DES::decrypt()
  210. * @var String
  211. * @access private
  212. */
  213. var $demcrypt;
  214. /**
  215. * Does the enmcrypt resource need to be (re)initialized?
  216. *
  217. * @see Crypt_DES::setKey()
  218. * @see Crypt_DES::setIV()
  219. * @var Boolean
  220. * @access private
  221. */
  222. var $enchanged = true;
  223. /**
  224. * Does the demcrypt resource need to be (re)initialized?
  225. *
  226. * @see Crypt_DES::setKey()
  227. * @see Crypt_DES::setIV()
  228. * @var Boolean
  229. * @access private
  230. */
  231. var $dechanged = true;
  232. /**
  233. * Is the mode one that is paddable?
  234. *
  235. * @see Crypt_DES::Crypt_DES()
  236. * @var Boolean
  237. * @access private
  238. */
  239. var $paddable = false;
  240. /**
  241. * Encryption buffer for CTR, OFB and CFB modes
  242. *
  243. * @see Crypt_DES::encrypt()
  244. * @var String
  245. * @access private
  246. */
  247. var $enbuffer = '';
  248. /**
  249. * Decryption buffer for CTR, OFB and CFB modes
  250. *
  251. * @see Crypt_DES::decrypt()
  252. * @var String
  253. * @access private
  254. */
  255. var $debuffer = '';
  256. /**
  257. * mcrypt resource for CFB mode
  258. *
  259. * @see Crypt_DES::encrypt()
  260. * @see Crypt_DES::decrypt()
  261. * @var String
  262. * @access private
  263. */
  264. var $ecb;
  265. /**
  266. * Default Constructor.
  267. *
  268. * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be
  269. * self::MODE_ECB or self::MODE_CBC. If not explictly set, self::MODE_CBC will be used.
  270. *
  271. * @param optional Integer $mode
  272. * @return Crypt_DES
  273. * @access public
  274. */
  275. function __construct($mode = self::MODE_CBC)
  276. {
  277. if ( !defined('CRYPT_DES_MODE') ) {
  278. switch (true) {
  279. case extension_loaded('mcrypt') && in_array('des', mcrypt_list_algorithms()):
  280. define('CRYPT_DES_MODE', self::MODE_MCRYPT);
  281. break;
  282. default:
  283. define('CRYPT_DES_MODE', self::MODE_INTERNAL);
  284. }
  285. }
  286. switch ( CRYPT_DES_MODE ) {
  287. case self::MODE_MCRYPT:
  288. switch ($mode) {
  289. case self::MODE_ECB:
  290. $this->paddable = true;
  291. $this->mode = MCRYPT_MODE_ECB;
  292. break;
  293. case self::MODE_CTR:
  294. $this->mode = 'ctr';
  295. //$this->mode = in_array('ctr', mcrypt_list_modes()) ? 'ctr' : self::MODE_CTR;
  296. break;
  297. case self::MODE_CFB:
  298. $this->mode = 'ncfb';
  299. break;
  300. case self::MODE_OFB:
  301. $this->mode = MCRYPT_MODE_NOFB;
  302. break;
  303. case self::MODE_CBC:
  304. default:
  305. $this->paddable = true;
  306. $this->mode = MCRYPT_MODE_CBC;
  307. }
  308. break;
  309. default:
  310. switch ($mode) {
  311. case self::MODE_ECB:
  312. case self::MODE_CBC:
  313. $this->paddable = true;
  314. $this->mode = $mode;
  315. break;
  316. case self::MODE_CTR:
  317. case self::MODE_CFB:
  318. case self::MODE_OFB:
  319. $this->mode = $mode;
  320. break;
  321. default:
  322. $this->paddable = true;
  323. $this->mode = self::MODE_CBC;
  324. }
  325. }
  326. }
  327. /**
  328. * Sets the key.
  329. *
  330. * Keys can be of any length. DES, itself, uses 64-bit keys (eg. strlen($key) == 8), however, we
  331. * only use the first eight, if $key has more then eight characters in it, and pad $key with the
  332. * null byte if it is less then eight characters long.
  333. *
  334. * DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
  335. *
  336. * If the key is not explicitly set, it'll be assumed to be all zero's.
  337. *
  338. * @access public
  339. * @param String $key
  340. */
  341. function setKey($key)
  342. {
  343. $this->keys = ( CRYPT_DES_MODE == self::MODE_MCRYPT ) ? str_pad(substr($key, 0, 8), 8, chr(0)) : $this->_prepareKey($key);
  344. $this->changed = true;
  345. }
  346. /**
  347. * Sets the password.
  348. *
  349. * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows:
  350. * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2}:
  351. * $hash, $salt, $count
  352. *
  353. * @param String $password
  354. * @param optional String $method
  355. * @access public
  356. */
  357. function setPassword($password, $method = 'pbkdf2')
  358. {
  359. $key = '';
  360. switch ($method) {
  361. default: // 'pbkdf2'
  362. //not the prettiest thing ever, but solves the undefined index issue with list()
  363. $args = func_get_args();
  364. $hash = 'sha1';
  365. $salt = 'phpseclib/salt';
  366. $count = 1000;
  367. switch(count($args)){
  368. case 6:
  369. case 5:
  370. $count = $args[4];
  371. case 4:
  372. $salt = $args[3];
  373. case 3:
  374. $hash = $args[2];
  375. }
  376. $i = 1;
  377. while (strlen($key) < 8) { // $dkLen == 8
  378. //$dk.= $this->_pbkdf($password, $salt, $count, $i++);
  379. $hmac = new Crypt_Hash();
  380. $hmac->setHash($hash);
  381. $hmac->setKey($password);
  382. $f = $u = $hmac->hash($salt . pack('N', $i++));
  383. for ($j = 2; $j <= $count; $j++) {
  384. $u = $hmac->hash($u);
  385. $f^= $u;
  386. }
  387. $key.= $f;
  388. }
  389. }
  390. $this->setKey($key);
  391. }
  392. /**
  393. * Sets the initialization vector. (optional)
  394. *
  395. * SetIV is not required when self::MODE_ECB is being used. If not explictly set, it'll be assumed
  396. * to be all zero's.
  397. *
  398. * @access public
  399. * @param String $iv
  400. */
  401. function setIV($iv)
  402. {
  403. $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, 8), 8, chr(0));
  404. $this->changed = true;
  405. }
  406. /**
  407. * Generate CTR XOR encryption key
  408. *
  409. * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the
  410. * plaintext / ciphertext in CTR mode.
  411. *
  412. * @see Crypt_DES::decrypt()
  413. * @see Crypt_DES::encrypt()
  414. * @access public
  415. * @param Integer $length
  416. * @param String $iv
  417. */
  418. function _generate_xor($length, &$iv)
  419. {
  420. $xor = '';
  421. $num_blocks = ($length + 7) >> 3;
  422. for ($i = 0; $i < $num_blocks; $i++) {
  423. $xor.= $iv;
  424. for ($j = 4; $j <= 8; $j+=4) {
  425. $temp = substr($iv, -$j, 4);
  426. switch ($temp) {
  427. case "\xFF\xFF\xFF\xFF":
  428. $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4);
  429. break;
  430. case "\x7F\xFF\xFF\xFF":
  431. $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4);
  432. break 2;
  433. default:
  434. extract(unpack('Ncount', $temp));
  435. $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4);
  436. break 2;
  437. }
  438. }
  439. }
  440. return $xor;
  441. }
  442. /**
  443. * Encrypts a message.
  444. *
  445. * $plaintext will be padded with up to 8 additional bytes. Other DES implementations may or may not pad in the
  446. * same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
  447. * URL:
  448. *
  449. * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
  450. *
  451. * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
  452. * strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that
  453. * length.
  454. *
  455. * @see Crypt_DES::decrypt()
  456. * @access public
  457. * @param String $plaintext
  458. */
  459. function encrypt($plaintext)
  460. {
  461. if ($this->paddable) {
  462. $plaintext = $this->_pad($plaintext);
  463. }
  464. if ( CRYPT_DES_MODE == self::MODE_MCRYPT ) {
  465. if ($this->enchanged) {
  466. if (!isset($this->enmcrypt)) {
  467. $this->enmcrypt = mcrypt_module_open(MCRYPT_DES, '', $this->mode, '');
  468. }
  469. mcrypt_generic_init($this->enmcrypt, $this->keys, $this->encryptIV);
  470. if ($this->mode != 'ncfb') {
  471. $this->enchanged = false;
  472. }
  473. }
  474. if ($this->mode != 'ncfb') {
  475. $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
  476. } else {
  477. if ($this->enchanged) {
  478. $this->ecb = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
  479. mcrypt_generic_init($this->ecb, $this->keys, "\0\0\0\0\0\0\0\0");
  480. $this->enchanged = false;
  481. }
  482. if (strlen($this->enbuffer)) {
  483. $ciphertext = $plaintext ^ substr($this->encryptIV, strlen($this->enbuffer));
  484. $this->enbuffer.= $ciphertext;
  485. if (strlen($this->enbuffer) == 8) {
  486. $this->encryptIV = $this->enbuffer;
  487. $this->enbuffer = '';
  488. mcrypt_generic_init($this->enmcrypt, $this->keys, $this->encryptIV);
  489. }
  490. $plaintext = substr($plaintext, strlen($ciphertext));
  491. } else {
  492. $ciphertext = '';
  493. }
  494. $last_pos = strlen($plaintext) & 0xFFFFFFF8;
  495. $ciphertext.= $last_pos ? mcrypt_generic($this->enmcrypt, substr($plaintext, 0, $last_pos)) : '';
  496. if (strlen($plaintext) & 0x7) {
  497. if (strlen($ciphertext)) {
  498. $this->encryptIV = substr($ciphertext, -8);
  499. }
  500. $this->encryptIV = mcrypt_generic($this->ecb, $this->encryptIV);
  501. $this->enbuffer = substr($plaintext, $last_pos) ^ $this->encryptIV;
  502. $ciphertext.= $this->enbuffer;
  503. }
  504. }
  505. if (!$this->continuousBuffer) {
  506. mcrypt_generic_init($this->enmcrypt, $this->keys, $this->encryptIV);
  507. }
  508. return $ciphertext;
  509. }
  510. if (!is_array($this->keys)) {
  511. $this->keys = $this->_prepareKey("\0\0\0\0\0\0\0\0");
  512. }
  513. $buffer = &$this->enbuffer;
  514. $continuousBuffer = $this->continuousBuffer;
  515. $ciphertext = '';
  516. switch ($this->mode) {
  517. case self::MODE_ECB:
  518. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  519. $ciphertext.= $this->_processBlock(substr($plaintext, $i, 8), self::ENCRYPT);
  520. }
  521. break;
  522. case self::MODE_CBC:
  523. $xor = $this->encryptIV;
  524. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  525. $block = substr($plaintext, $i, 8);
  526. $block = $this->_processBlock($block ^ $xor, self::ENCRYPT);
  527. $xor = $block;
  528. $ciphertext.= $block;
  529. }
  530. if ($this->continuousBuffer) {
  531. $this->encryptIV = $xor;
  532. }
  533. break;
  534. case self::MODE_CTR:
  535. $xor = $this->encryptIV;
  536. if (strlen($buffer['encrypted'])) {
  537. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  538. $block = substr($plaintext, $i, 8);
  539. $buffer['encrypted'].= $this->_processBlock($this->_generate_xor(8, $xor), self::ENCRYPT);
  540. $key = $this->_string_shift($buffer['encrypted'], 8);
  541. $ciphertext.= $block ^ $key;
  542. }
  543. } else {
  544. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  545. $block = substr($plaintext, $i, 8);
  546. $key = $this->_processBlock($this->_generate_xor(8, $xor), self::ENCRYPT);
  547. $ciphertext.= $block ^ $key;
  548. }
  549. }
  550. if ($this->continuousBuffer) {
  551. $this->encryptIV = $xor;
  552. if ($start = strlen($plaintext) & 7) {
  553. $buffer['encrypted'] = substr($key, $start) . $buffer['encrypted'];
  554. }
  555. }
  556. break;
  557. case self::MODE_CFB:
  558. if (!empty($buffer['xor'])) {
  559. $ciphertext = $plaintext ^ $buffer['xor'];
  560. $iv = $buffer['encrypted'] . $ciphertext;
  561. $start = strlen($ciphertext);
  562. $buffer['encrypted'].= $ciphertext;
  563. $buffer['xor'] = substr($buffer['xor'], strlen($ciphertext));
  564. } else {
  565. $ciphertext = '';
  566. $iv = $this->encryptIV;
  567. $start = 0;
  568. }
  569. for ($i = $start; $i < strlen($plaintext); $i+=8) {
  570. $block = substr($plaintext, $i, 8);
  571. $xor = $this->_processBlock($iv, self::ENCRYPT);
  572. $iv = $block ^ $xor;
  573. if ($continuousBuffer && strlen($iv) != 8) {
  574. $buffer = array(
  575. 'encrypted' => $iv,
  576. 'xor' => substr($xor, strlen($iv))
  577. );
  578. }
  579. $ciphertext.= $iv;
  580. }
  581. if ($this->continuousBuffer) {
  582. $this->encryptIV = $iv;
  583. }
  584. break;
  585. case self::MODE_OFB:
  586. $xor = $this->encryptIV;
  587. if (strlen($buffer)) {
  588. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  589. $xor = $this->_processBlock($xor, self::ENCRYPT);
  590. $buffer.= $xor;
  591. $key = $this->_string_shift($buffer, 8);
  592. $ciphertext.= substr($plaintext, $i, 8) ^ $key;
  593. }
  594. } else {
  595. for ($i = 0; $i < strlen($plaintext); $i+=8) {
  596. $xor = $this->_processBlock($xor, self::ENCRYPT);
  597. $ciphertext.= substr($plaintext, $i, 8) ^ $xor;
  598. }
  599. $key = $xor;
  600. }
  601. if ($this->continuousBuffer) {
  602. $this->encryptIV = $xor;
  603. if ($start = strlen($plaintext) & 7) {
  604. $buffer = substr($key, $start) . $buffer;
  605. }
  606. }
  607. }
  608. return $ciphertext;
  609. }
  610. /**
  611. * Decrypts a message.
  612. *
  613. * If strlen($ciphertext) is not a multiple of 8, null bytes will be added to the end of the string until it is.
  614. *
  615. * @see Crypt_DES::encrypt()
  616. * @access public
  617. * @param String $ciphertext
  618. */
  619. function decrypt($ciphertext)
  620. {
  621. if ($this->paddable) {
  622. // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic :
  623. // "The data is padded with "\0" to make sure the length of the data is n * blocksize."
  624. $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, chr(0));
  625. }
  626. if ( CRYPT_DES_MODE == self::MODE_MCRYPT ) {
  627. if ($this->dechanged) {
  628. if (!isset($this->demcrypt)) {
  629. $this->demcrypt = mcrypt_module_open(MCRYPT_DES, '', $this->mode, '');
  630. }
  631. mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV);
  632. if ($this->mode != 'ncfb') {
  633. $this->dechanged = false;
  634. }
  635. }
  636. if ($this->mode != 'ncfb') {
  637. $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext);
  638. } else {
  639. if ($this->dechanged) {
  640. $this->ecb = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
  641. mcrypt_generic_init($this->ecb, $this->keys, "\0\0\0\0\0\0\0\0");
  642. $this->dechanged = false;
  643. }
  644. if (strlen($this->debuffer)) {
  645. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($this->debuffer));
  646. $this->debuffer.= substr($ciphertext, 0, strlen($plaintext));
  647. if (strlen($this->debuffer) == 8) {
  648. $this->decryptIV = $this->debuffer;
  649. $this->debuffer = '';
  650. mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV);
  651. }
  652. $ciphertext = substr($ciphertext, strlen($plaintext));
  653. } else {
  654. $plaintext = '';
  655. }
  656. $last_pos = strlen($ciphertext) & 0xFFFFFFF8;
  657. $plaintext.= $last_pos ? mdecrypt_generic($this->demcrypt, substr($ciphertext, 0, $last_pos)) : '';
  658. if (strlen($ciphertext) & 0x7) {
  659. if (strlen($plaintext)) {
  660. $this->decryptIV = substr($ciphertext, $last_pos - 8, 8);
  661. }
  662. $this->decryptIV = mcrypt_generic($this->ecb, $this->decryptIV);
  663. $this->debuffer = substr($ciphertext, $last_pos);
  664. $plaintext.= $this->debuffer ^ $this->decryptIV;
  665. }
  666. return $plaintext;
  667. }
  668. if (!$this->continuousBuffer) {
  669. mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV);
  670. }
  671. $ret = $this->mode != 'ctr' ? $this->_unpad($plaintext) : $plaintext;
  672. return $ret;
  673. }
  674. if (!is_array($this->keys)) {
  675. $this->keys = $this->_prepareKey("\0\0\0\0\0\0\0\0");
  676. }
  677. $buffer = &$this->debuffer;
  678. $continuousBuffer = $this->continuousBuffer;
  679. $plaintext = '';
  680. switch ($this->mode) {
  681. case self::MODE_ECB:
  682. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  683. $plaintext.= $this->_processBlock(substr($ciphertext, $i, 8), self::DECRYPT);
  684. }
  685. break;
  686. case self::MODE_CBC:
  687. $xor = $this->decryptIV;
  688. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  689. $block = substr($ciphertext, $i, 8);
  690. $plaintext.= $this->_processBlock($block, self::DECRYPT) ^ $xor;
  691. $xor = $block;
  692. }
  693. if ($this->continuousBuffer) {
  694. $this->decryptIV = $xor;
  695. }
  696. break;
  697. case self::MODE_CTR:
  698. $xor = $this->decryptIV;
  699. if (strlen($buffer['ciphertext'])) {
  700. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  701. $block = substr($ciphertext, $i, 8);
  702. $buffer['ciphertext'].= $this->_processBlock($this->_generate_xor(8, $xor), self::ENCRYPT);
  703. $key = $this->_string_shift($buffer['ciphertext'], 8);
  704. $plaintext.= $block ^ $key;
  705. }
  706. } else {
  707. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  708. $block = substr($ciphertext, $i, 8);
  709. $key = $this->_processBlock($this->_generate_xor(8, $xor), self::ENCRYPT);
  710. $plaintext.= $block ^ $key;
  711. }
  712. }
  713. if ($this->continuousBuffer) {
  714. $this->decryptIV = $xor;
  715. if ($start = strlen($ciphertext) % 8) {
  716. $buffer['ciphertext'] = substr($key, $start) . $buffer['ciphertext'];
  717. }
  718. }
  719. break;
  720. case self::MODE_CFB:
  721. if (!empty($buffer['ciphertext'])) {
  722. $plaintext = $ciphertext ^ substr($this->decryptIV, strlen($buffer['ciphertext']));
  723. $buffer['ciphertext'].= substr($ciphertext, 0, strlen($plaintext));
  724. if (strlen($buffer['ciphertext']) == 8) {
  725. $xor = $this->_processBlock($buffer['ciphertext'], self::ENCRYPT);
  726. $buffer['ciphertext'] = '';
  727. }
  728. $start = strlen($plaintext);
  729. $block = $this->decryptIV;
  730. } else {
  731. $plaintext = '';
  732. $xor = $this->_processBlock($this->decryptIV, self::ENCRYPT);
  733. $start = 0;
  734. }
  735. for ($i = $start; $i < strlen($ciphertext); $i+=8) {
  736. $block = substr($ciphertext, $i, 8);
  737. $plaintext.= $block ^ $xor;
  738. if ($continuousBuffer && strlen($block) != 8) {
  739. $buffer['ciphertext'].= $block;
  740. $block = $xor;
  741. } else if (strlen($block) == 8) {
  742. $xor = $this->_processBlock($block, self::ENCRYPT);
  743. }
  744. }
  745. if ($this->continuousBuffer) {
  746. $this->decryptIV = $block;
  747. }
  748. break;
  749. case self::MODE_OFB:
  750. $xor = $this->decryptIV;
  751. if (strlen($buffer)) {
  752. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  753. $xor = $this->_processBlock($xor, self::ENCRYPT);
  754. $buffer.= $xor;
  755. $key = $this->_string_shift($buffer, 8);
  756. $plaintext.= substr($ciphertext, $i, 8) ^ $key;
  757. }
  758. } else {
  759. for ($i = 0; $i < strlen($ciphertext); $i+=8) {
  760. $xor = $this->_processBlock($xor, self::ENCRYPT);
  761. $plaintext.= substr($ciphertext, $i, 8) ^ $xor;
  762. }
  763. $key = $xor;
  764. }
  765. if ($this->continuousBuffer) {
  766. $this->decryptIV = $xor;
  767. if ($start = strlen($ciphertext) % 8) {
  768. $buffer = substr($key, $start) . $buffer;
  769. }
  770. }
  771. }
  772. return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
  773. }
  774. /**
  775. * Treat consecutive "packets" as if they are a continuous buffer.
  776. *
  777. * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets
  778. * will yield different outputs:
  779. *
  780. * <code>
  781. * echo $des->encrypt(substr($plaintext, 0, 8));
  782. * echo $des->encrypt(substr($plaintext, 8, 8));
  783. * </code>
  784. * <code>
  785. * echo $des->encrypt($plaintext);
  786. * </code>
  787. *
  788. * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates
  789. * another, as demonstrated with the following:
  790. *
  791. * <code>
  792. * $des->encrypt(substr($plaintext, 0, 8));
  793. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  794. * </code>
  795. * <code>
  796. * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
  797. * </code>
  798. *
  799. * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different
  800. * outputs. The reason is due to the fact that the initialization vector's change after every encryption /
  801. * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
  802. *
  803. * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each
  804. * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that
  805. * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),
  806. * however, they are also less intuitive and more likely to cause you problems.
  807. *
  808. * @see Crypt_DES::disableContinuousBuffer()
  809. * @access public
  810. */
  811. function enableContinuousBuffer()
  812. {
  813. $this->continuousBuffer = true;
  814. }
  815. /**
  816. * Treat consecutive packets as if they are a discontinuous buffer.
  817. *
  818. * The default behavior.
  819. *
  820. * @see Crypt_DES::enableContinuousBuffer()
  821. * @access public
  822. */
  823. function disableContinuousBuffer()
  824. {
  825. $this->continuousBuffer = false;
  826. $this->encryptIV = $this->iv;
  827. $this->decryptIV = $this->iv;
  828. }
  829. /**
  830. * Pad "packets".
  831. *
  832. * DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not
  833. * a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight.
  834. *
  835. * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1,
  836. * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping
  837. * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is
  838. * transmitted separately)
  839. *
  840. * @see Crypt_DES::disablePadding()
  841. * @access public
  842. */
  843. function enablePadding()
  844. {
  845. $this->padding = true;
  846. }
  847. /**
  848. * Do not pad packets.
  849. *
  850. * @see Crypt_DES::enablePadding()
  851. * @access public
  852. */
  853. function disablePadding()
  854. {
  855. $this->padding = false;
  856. }
  857. /**
  858. * Pads a string
  859. *
  860. * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8).
  861. * 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7)
  862. *
  863. * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
  864. * and padding will, hence forth, be enabled.
  865. *
  866. * @see Crypt_DES::_unpad()
  867. * @access private
  868. */
  869. function _pad($text)
  870. {
  871. if(!$this->paddable)
  872. return $text;
  873. $length = strlen($text);
  874. if (!$this->padding) {
  875. if (($length & 7) == 0) {
  876. return $text;
  877. } else {
  878. user_error("The plaintext's length ($length) is not a multiple of the block size (8)", E_USER_WARNING);
  879. $this->padding = true;
  880. }
  881. }
  882. $pad = 8 - ($length & 7);
  883. return str_pad($text, $length + $pad, chr($pad));
  884. }
  885. /**
  886. * Unpads a string
  887. *
  888. * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
  889. * and false will be returned.
  890. *
  891. * @see Crypt_DES::_pad()
  892. * @access private
  893. */
  894. function _unpad($text)
  895. {
  896. if (!$this->padding || !$this->paddable) {
  897. return $text;
  898. }
  899. $length = ord($text[strlen($text) - 1]);
  900. if (!$length || $length > 8) {
  901. return false;
  902. }
  903. return substr($text, 0, -$length);
  904. }
  905. /**
  906. * Encrypts or decrypts a 64-bit block
  907. *
  908. * $mode should be either self::ENCRYPT or self::DECRYPT. See
  909. * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general
  910. * idea of what this function does.
  911. *
  912. * @access private
  913. * @param String $block
  914. * @param Integer $mode
  915. * @return String
  916. */
  917. function _processBlock($block, $mode)
  918. {
  919. // s-boxes. in the official DES docs, they're described as being matrices that
  920. // one accesses by using the first and last bits to determine the row and the
  921. // middle four bits to determine the column. in this implementation, they've
  922. // been converted to vectors
  923. static $sbox = array(
  924. array(
  925. 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
  926. 3, 10 ,10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
  927. 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
  928. 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13
  929. ),
  930. array(
  931. 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
  932. 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
  933. 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
  934. 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9
  935. ),
  936. array(
  937. 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
  938. 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
  939. 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
  940. 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12
  941. ),
  942. array(
  943. 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
  944. 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
  945. 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
  946. 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14
  947. ),
  948. array(
  949. 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
  950. 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
  951. 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
  952. 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3
  953. ),
  954. array(
  955. 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
  956. 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
  957. 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
  958. 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13
  959. ),
  960. array(
  961. 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
  962. 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
  963. 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
  964. 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12
  965. ),
  966. array(
  967. 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
  968. 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
  969. 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
  970. 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11
  971. )
  972. );
  973. $keys = $this->keys;
  974. $temp = unpack('Na/Nb', $block);
  975. $block = array($temp['a'], $temp['b']);
  976. // because php does arithmetic right shifts, if the most significant bits are set, right
  977. // shifting those into the correct position will add 1's - not 0's. this will intefere
  978. // with the | operation unless a second & is done. so we isolate these bits and left shift
  979. // them into place. we then & each block with 0x7FFFFFFF to prevennt 1's from being added
  980. // for any other shifts.
  981. $msb = array(
  982. ($block[0] >> 31) & 1,
  983. ($block[1] >> 31) & 1
  984. );
  985. $block[0] &= 0x7FFFFFFF;
  986. $block[1] &= 0x7FFFFFFF;
  987. // we isolate the appropriate bit in the appropriate integer and shift as appropriate. in
  988. // some cases, there are going to be multiple bits in the same integer that need to be shifted
  989. // in the same way. we combine those into one shift operation.
  990. $block = array(
  991. (($block[1] & 0x00000040) << 25) | (($block[1] & 0x00004000) << 16) |
  992. (($block[1] & 0x00400001) << 7) | (($block[1] & 0x40000100) >> 2) |
  993. (($block[0] & 0x00000040) << 21) | (($block[0] & 0x00004000) << 12) |
  994. (($block[0] & 0x00400001) << 3) | (($block[0] & 0x40000100) >> 6) |
  995. (($block[1] & 0x00000010) << 19) | (($block[1] & 0x00001000) << 10) |
  996. (($block[1] & 0x00100000) << 1) | (($block[1] & 0x10000000) >> 8) |
  997. (($block[0] & 0x00000010) << 15) | (($block[0] & 0x00001000) << 6) |
  998. (($block[0] & 0x00100000) >> 3) | (($block[0] & 0x10000000) >> 12) |
  999. (($block[1] & 0x00000004) << 13) | (($block[1] & 0x00000400) << 4) |
  1000. (($block[1] & 0x00040000) >> 5) | (($block[1] & 0x04000000) >> 14) |
  1001. (($block[0] & 0x00000004) << 9) | ( $block[0] & 0x00000400 ) |
  1002. (($block[0] & 0x00040000) >> 9) | (($block[0] & 0x04000000) >> 18) |
  1003. (($block[1] & 0x00010000) >> 11) | (($block[1] & 0x01000000) >> 20) |
  1004. (($block[0] & 0x00010000) >> 15) | (($block[0] & 0x01000000) >> 24)
  1005. ,
  1006. (($block[1] & 0x00000080) << 24) | (($block[1] & 0x00008000) << 15) |
  1007. (($block[1] & 0x00800002) << 6) | (($block[0] & 0x00000080) << 20) |
  1008. (($block[0] & 0x00008000) << 11) | (($block[0] & 0x00800002) << 2) |
  1009. (($block[1] & 0x00000020) << 18) | (($block[1] & 0x00002000) << 9) |
  1010. ( $block[1] & 0x00200000 ) | (($block[1] & 0x20000000) >> 9) |
  1011. (($block[0] & 0x00000020) << 14) | (($block[0] & 0x00002000) << 5) |
  1012. (($block[0] & 0x00200000) >> 4) | (($block[0] & 0x20000000) >> 13) |
  1013. (($block[1] & 0x00000008) << 12) | (($block[1] & 0x00000800) << 3) |
  1014. (($block[1] & 0x00080000) >> 6) | (($block[1] & 0x08000000) >> 15) |
  1015. (($block[0] & 0x00000008) << 8) | (($block[0] & 0x00000800) >> 1) |
  1016. (($block[0] & 0x00080000) >> 10) | (($block[0] & 0x08000000) >> 19) |
  1017. (($block[1] & 0x00000200) >> 3) | (($block[0] & 0x00000200) >> 7) |
  1018. (($block[1] & 0x00020000) >> 12) | (($block[1] & 0x02000000) >> 21) |
  1019. (($block[0] & 0x00020000) >> 16) | (($block[0] & 0x02000000) >> 25) |
  1020. ($msb[1] << 28) | ($msb[0] << 24)
  1021. );
  1022. for ($i = 0; $i < 16; $i++) {
  1023. // start of "the Feistel (F) function" - see the following URL:
  1024. // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png
  1025. $temp = (($sbox[0][((($block[1] >> 27) & 0x1F) | (($block[1] & 1) << 5)) ^ $keys[$mode][$i][0]]) << 28)
  1026. | (($sbox[1][(($block[1] & 0x1F800000) >> 23) ^ $keys[$mode][$i][1]]) << 24)
  1027. | (($sbox[2][(($block[1] & 0x01F80000) >> 19) ^ $keys[$mode][$i][2]]) << 20)
  1028. | (($sbox[3][(($block[1] & 0x001F8000) >> 15) ^ $keys[$mode][$i][3]]) << 16)
  1029. | (($sbox[4][(($block[1] & 0x0001F800) >> 11) ^ $keys[$mode][$i][4]]) << 12)
  1030. | (($sbox[5][(($block[1] & 0x00001F80) >> 7) ^ $keys[$mode][$i][5]]) << 8)
  1031. | (($sbox[6][(($block[1] & 0x000001F8) >> 3) ^ $keys[$mode][$i][6]]) << 4)
  1032. | ( $sbox[7][((($block[1] & 0x1F) << 1) | (($block[1] >> 31) & 1)) ^ $keys[$mode][$i][7]]);
  1033. $msb = ($temp >> 31) & 1;
  1034. $temp &= 0x7FFFFFFF;
  1035. $newBlock = (($temp & 0x00010000) << 15) | (($temp & 0x02020120) << 5)
  1036. | (($temp & 0x00001800) << 17) | (($temp & 0x01000000) >> 10)
  1037. | (($temp & 0x00000008) << 24) | (($temp & 0x00100000) << 6)
  1038. | (($temp & 0x00000010) << 21) | (($temp & 0x00008000) << 9)
  1039. | (($temp & 0x00000200) << 12) | (($temp & 0x10000000) >> 27)
  1040. | (($temp & 0x00000040) << 14) | (($temp & 0x08000000) >> 8)
  1041. | (($temp & 0x00004000) << 4) | (($temp & 0x00000002) << 16)
  1042. | (($temp & 0x00442000) >> 6) | (($temp & 0x40800000) >> 15)
  1043. | (($temp & 0x00000001) << 11) | (($temp & 0x20000000) >> 20)
  1044. | (($temp & 0x00080000) >> 13) | (($temp & 0x00000004) << 3)
  1045. | (($temp & 0x04000000) >> 22) | (($temp & 0x00000480) >> 7)
  1046. | (($temp & 0x00200000) >> 19) | ($msb << 23);
  1047. // end of "the Feistel (F) function" - $newBlock is F's output
  1048. $temp = $block[1];
  1049. $block[1] = $block[0] ^ $newBlock;
  1050. $block[0] = $temp;
  1051. }
  1052. $msb = array(
  1053. ($block[0] >> 31) & 1,
  1054. ($block[1] >> 31) & 1
  1055. );
  1056. $block[0] &= 0x7FFFFFFF;
  1057. $block[1] &= 0x7FFFFFFF;
  1058. $block = array(
  1059. (($block[0] & 0x01000004) << 7) | (($block[1] & 0x01000004) << 6) |
  1060. (($block[0] & 0x00010000) << 13) | (($block[1] & 0x00010000) << 12) |
  1061. (($block[0] & 0x00000100) << 19) | (($block[1] & 0x00000100) << 18) |
  1062. (($block[0] & 0x00000001) << 25) | (($block[1] & 0x00000001) << 24) |
  1063. (($block[0] & 0x02000008) >> 2) | (($block[1] & 0x02000008) >> 3) |
  1064. (($block[0] & 0x00020000) << 4) | (($block[1] & 0x00020000) << 3) |
  1065. (($block[0] & 0x00000200) << 10) | (($block[1] & 0x00000200) << 9) |
  1066. (($block[0] & 0x00000002) << 16) | (($block[1] & 0x00000002) << 15) |
  1067. (($block[0] & 0x04000000) >> 11) | (($block[1] & 0x04000000) >> 12) |
  1068. (($block[0] & 0x00040000) >> 5) | (($block[1] & 0x00040000) >> 6) |
  1069. (($block[0] & 0x00000400) << 1) | ( $block[1] & 0x00000400 ) |
  1070. (($block[0] & 0x08000000) >> 20) | (($block[1] & 0x08000000) >> 21) |
  1071. (($block[0] & 0x00080000) >> 14) | (($block[1] & 0x00080000) >> 15) |
  1072. (($block[0] & 0x00000800) >> 8) | (($block[1] & 0x00000800) >> 9)
  1073. ,
  1074. (($block[0] & 0x10000040) << 3) | (($block[1] & 0x10000040) << 2) |
  1075. (($block[0] & 0x00100000) << 9) | (($block[1] & 0x00100000) << 8) |
  1076. (($block[0] & 0x00001000) << 15) | (($block[1] & 0x00001000) << 14) |
  1077. (($block[0] & 0x00000010) << 21) | (($block[1] & 0x00000010) << 20) |
  1078. (($block[0] & 0x20000080) >> 6) | (($block[1] & 0x20000080) >> 7) |
  1079. ( $block[0] & 0x00200000 ) | (($block[1] & 0x00200000) >> 1) |
  1080. (($block[0] & 0x00002000) << 6) | (($block[1] & 0x00002000) << 5) |
  1081. (($block[0] & 0x00000020) << 12) | (($block[1] & 0x00000020) << 11) |
  1082. (($block[0] & 0x40000000) >> 15) | (($block[1] & 0x40000000) >> 16) |
  1083. (($block[0] & 0x00400000) >> 9) | (($block[1] & 0x00400000) >> 10) |
  1084. (($block[0] & 0x00004000) >> 3) | (($block[1] & 0x00004000) >> 4) |
  1085. (($block[0] & 0x00800000) >> 18) | (($block[1] & 0x00800000) >> 19) |
  1086. (($block[0] & 0x00008000) >> 12) | (($block[1] & 0x00008000) >> 13) |
  1087. ($msb[0] << 7) | ($msb[1] << 6)
  1088. );
  1089. return pack('NN', $block[0], $block[1]);
  1090. }
  1091. /**
  1092. * Creates the key schedule.
  1093. *
  1094. * @access private
  1095. * @param String $key
  1096. * @return Array
  1097. */
  1098. function _prepareKey($key)
  1099. {
  1100. static $shifts = array( // number of key bits shifted per round
  1101. 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
  1102. );
  1103. // pad the key and remove extra characters as appropriate.
  1104. $key = str_pad(substr($key, 0, 8), 8, chr(0));
  1105. $temp = unpack('Na/Nb', $key);
  1106. $key = array($temp['a'], $temp['b']);
  1107. $msb = array(
  1108. ($key[0] >> 31) & 1,
  1109. ($key[1] >> 31) & 1
  1110. );
  1111. $key[0] &= 0x7FFFFFFF;
  1112. $key[1] &= 0x7FFFFFFF;
  1113. $key = array(
  1114. (($key[1] & 0x00000002) << 26) | (($key[1] & 0x00000204) << 17) |
  1115. (($key[1] & 0x00020408) << 8) | (($key[1] & 0x02040800) >> 1) |
  1116. (($key[0] & 0x00000002) << 22) | (($key[0] & 0x00000204) << 13) |
  1117. (($key[0] & 0x00020408) << 4) | (($key[0] & 0x02040800) >> 5) |
  1118. (($key[1] & 0x04080000) >> 10) | (($key[0] & 0x04080000) >> 14) |
  1119. (($key[1] & 0x08000000) >> 19) | (($key[0] & 0x08000000) >> 23) |
  1120. (($key[0] & 0x00000010) >> 1) | (($key[0] & 0x00001000) >> 10) |
  1121. (($key[0] & 0x00100000) >> 19) | (($key[0] & 0x10000000) >> 28)
  1122. ,
  1123. (($key[1] & 0x00000080) << 20) | (($key[1] & 0x00008000) << 11) |
  1124. (($key[1] & 0x00800000) << 2) | (($key[0] & 0x00000080) << 16) |
  1125. (($key[0] & 0x00008000) << 7) | (($key[0] & 0x00800000) >> 2) |
  1126. (($key[1] & 0x00000040) << 13) | (($key[1] & 0x00004000) << 4) |
  1127. (($key[1] & 0x00400000) >> 5) | (($key[1] & 0x40000000) >> 14) |
  1128. (($key[0] & 0x00000040) << 9) | ( $key[0] & 0x00004000 ) |
  1129. (($key[0] & 0x00400000) >> 9) | (($key[0] & 0x40000000) >> 18) |
  1130. (($key[1] & 0x00000020) << 6) | (($key[1] & 0x00002000) >> 3) |
  1131. (($key[1] & 0x00200000) >> 12) | (($key[1] & 0x20000000) >> 21) |
  1132. (($key[0] & 0x00000020) << 2) | (($key[0] & 0x00002000) >> 7) |
  1133. (($key[0] & 0x00200000) >> 16) | (($key[0] & 0x20000000) >> 25) |
  1134. (($key[1] & 0x00000010) >> 1) | (($key[1] & 0x00001000) >> 10) |
  1135. (($key[1] & 0x00100000) >> 19) | (($key[1] & 0x10000000) >> 28) |
  1136. ($msb[1] << 24) | ($msb[0] << 20)
  1137. );
  1138. $keys = array();
  1139. for ($i = 0; $i < 16; $i++) {
  1140. $key[0] <<= $shifts[$i];
  1141. $temp = ($key[0] & 0xF0000000) >> 28;
  1142. $key[0] = ($key[0] | $temp) & 0x0FFFFFFF;
  1143. $key[1] <<= $shifts[$i];
  1144. $temp = ($key[1] & 0xF0000000) >> 28;
  1145. $key[1] = ($key[1] | $temp) & 0x0FFFFFFF;
  1146. $temp = array(
  1147. (($key[1] & 0x00004000) >> 9) | (($key[1] & 0x00000800) >> 7) |
  1148. (($key[1] & 0x00020000) >> 14) | (($key[1] & 0x00000010) >> 2) |
  1149. (($key[1] & 0x08000000) >> 26) | (($key[1] & 0x00800000) >> 23)
  1150. ,
  1151. (($key[1] & 0x02400000) >> 20) | (($key[1] & 0x00000001) << 4) |
  1152. (($key[1] & 0x00002000) >> 10) | (($key[1] & 0x00040000) >> 18) |
  1153. (($key[1] & 0x00000080) >> 6)
  1154. ,
  1155. ( $key[1] & 0x00000020 ) | (($key[1] & 0x00000200) >> 5) |
  1156. (($key[1] & 0x00010000) >> 13) | (($key[1] & 0x01000000) >> 22) |
  1157. (($key[1] & 0x00000004) >> 1) | (($key[1] & 0x00100000) >> 20)
  1158. ,
  1159. (($key[1] & 0x00001000) >> 7) | (($key[1] & 0x00200000) >> 17) |
  1160. (($key[1] & 0x00000002) << 2) | (($key[1] & 0x00000100) >> 6) |
  1161. (($key[1] & 0x00008000) >> 14) | (($key[1] & 0x04000000) >> 26)
  1162. ,
  1163. (($key[0] & 0x00008000) >> 10) | ( $key[0] & 0x00000010 ) |
  1164. (($key[0] & 0x02000000) >> 22) | (($key[0] & 0x00080000) >> 17) |
  1165. (($key[0] & 0x00000200) >> 8) | (($key[0] & 0x00000002) >> 1)
  1166. ,
  1167. (($key[0] & 0x04000000) >> 21) | (($key[0] & 0x00010000) >> 12) |
  1168. (($key[0] & 0x00000020) >> 2) | (($key[0] & 0x00000800) >> 9) |
  1169. (($key[0] & 0x00800000) >> 22) | (($key[0] & 0x00000100) >> 8)
  1170. ,
  1171. (($key[0] & 0x00001000) >> 7) | (($key[0] & 0x00000088) >> 3) |
  1172. (($key[0] & 0x00020000) >> 14) | (($key[0] & 0x00000001) << 2) |
  1173. (($key[0] & 0x00400000) >> 21)
  1174. ,
  1175. (($key[0] & 0x00000400) >> 5) | (($key[0] & 0x00004000) >> 10) |
  1176. (($key[0] & 0x00000040) >> 3) | (($key[0] & 0x00100000) >> 18) |
  1177. (($key[0] & 0x08000000) >> 26) | (($key[0] & 0x01000000) >> 24)
  1178. );
  1179. $keys[] = $temp;
  1180. }
  1181. $temp = array(
  1182. self::ENCRYPT => $keys,
  1183. self::DECRYPT => array_reverse($keys)
  1184. );
  1185. return $temp;
  1186. }
  1187. /**
  1188. * String Shift
  1189. *
  1190. * Inspired by array_shift
  1191. *
  1192. * @param String $string
  1193. * @param optional Integer $index
  1194. * @return String
  1195. * @access private
  1196. */
  1197. function _string_shift(&$string, $index = 1)
  1198. {
  1199. $substr = substr($string, 0, $index);
  1200. $string = substr($string, $index);
  1201. return $substr;
  1202. }
  1203. }
  1204. // vim: ts=4:sw=4:et:
  1205. // vim6: fdl=1: