public
Crypt_DES
|
#
Crypt_DES( optional $mode = CRYPT_MODE_DES_CBC )
Default Constructor.
Determines whether or not the mcrypt extension should be used. $mode should
only, at present, be CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly
set, CRYPT_DES_MODE_CBC will be used.
Parameters
- $mode
optional Integer $mode
Returns
|
public
|
#
setKey( String $key )
Sets the key.
Keys can be of any length. DES, itself, uses 64-bit keys (eg. strlen($key) ==
8), however, we only use the first eight, if $key has more then eight characters
in it, and pad $key with the null byte if it is less then eight characters
long.
DES also requires that every eighth bit be a parity bit, however, we'll
ignore that.
If the key is not explicitly set, it'll be assumed to be all zero's.
Parameters
|
public
|
#
setPassword( String $password, optional $method = 'pbkdf2' )
Sets the password.
Depending on what $method is set to, setPassword()'s (optional) parameters
are as follows: pbkdf2: $hash, $salt, $count
Parameters
- $password
String $password
- $method
optional String $method
|
public
|
#
setIV( String $iv )
Sets the initialization vector. (optional)
Sets the initialization vector. (optional)
SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly
set, it'll be assumed to be all zero's.
Parameters
|
public
|
#
_generate_xor( Integer $length, String & $iv )
Generate CTR XOR encryption key
Generate CTR XOR encryption key
Encrypt the output of this and XOR it against the ciphertext / plaintext to
get the plaintext / ciphertext in CTR mode.
Parameters
- $length
Integer $length
- $iv
String $iv
See
|
public
|
#
encrypt( String $plaintext )
Encrypts a message.
$plaintext will be padded with up to 8 additional bytes. Other DES
implementations may or may not pad in the same manner. Other common approaches
to padding and the reasons why it's necessary are discussed in the following
URL:
http://www.di-mgt.com.au/cryptopad.html
An alternative to padding is to, separately, send the length of the file.
This is what SSH, in fact, does. strlen($plaintext) will still need to be a
multiple of 8, however, arbitrary values can be added to make it that
length.
Parameters
- $plaintext
String $plaintext
See
|
public
|
#
decrypt( String $ciphertext )
Decrypts a message.
If strlen($ciphertext) is not a multiple of 8, null bytes will be added to
the end of the string until it is.
Parameters
- $ciphertext
String $ciphertext
See
|
public
|
#
enableContinuousBuffer( )
Treat consecutive "packets" as if they are a continuous buffer.
Treat consecutive "packets" as if they are a continuous buffer.
Say you have a 16-byte plaintext $plaintext. Using the default behavior, the
two following code snippets will yield different outputs:
echo $des->encrypt(substr($plaintext, 0, 8));
echo $des->encrypt(substr($plaintext, 8, 8));
echo $des->encrypt($plaintext);
The solution is to enable the continuous buffer. Although this will resolve
the above discrepancy, it creates another, as demonstrated with the
following:
$des->encrypt(substr($plaintext, 0, 8));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
With the continuous buffer disabled, these would yield the same output. With
it enabled, they yield different outputs. The reason is due to the fact that the
initialization vector's change after every encryption / decryption round when
the continuous buffer is enabled. When it's disabled, they remain constant.
Put another way, when the continuous buffer is enabled, the state of the
Crypt_DES() object changes after each encryption / decryption round, whereas
otherwise, it'd remain constant. For this reason, it's recommended that
continuous buffers not be used. They do offer better security and are, in fact,
sometimes required (SSH uses them), however, they are also less intuitive and
more likely to cause you problems.
See
|
public
|
#
disableContinuousBuffer( )
Treat consecutive packets as if they are a discontinuous buffer.
Treat consecutive packets as if they are a discontinuous buffer.
The default behavior.
See
|
public
|
#
enablePadding( )
Pad "packets".
DES works by encrypting eight bytes at a time. If you ever need to encrypt or
decrypt something that's not a multiple of eight, it becomes necessary to pad
the input so that it's length is a multiple of eight.
Padding is enabled by default. Sometimes, however, it is undesirable to pad
strings. Such is the case in SSH1, where "packets" are padded with random bytes
before being encrypted. Unpad these packets and you risk stripping away
characters that shouldn't be stripped away. (SSH knows how many bytes are added
because the length is transmitted separately)
See
|
public
|
|
public
|
#
_pad( mixed $text )
Pads a string
Pads a string using the RSA PKCS padding standards so that its length is a
multiple of the blocksize (8). 8 - (strlen($text) & 7) bytes are added, each
of which is equal to chr(8 - (strlen($text) & 7)
If padding is disabled and $text is not a multiple of the blocksize, the
string will be padded regardless and padding will, hence forth, be enabled.
See
|
public
|
#
_unpad( mixed $text )
Unpads a string
If padding is enabled and the reported padding length is invalid the
encryption key will be assumed to be wrong and false will be returned.
See
|
public
String
|
#
_processBlock( String $block, Integer $mode )
Encrypts or decrypts a 64-bit block
Encrypts or decrypts a 64-bit block
$mode should be either CRYPT_DES_ENCRYPT or CRYPT_DES_DECRYPT. See Feistel.png to get a general idea of what this function does.
Parameters
- $block
String $block
- $mode
Integer $mode
Returns
String
|
public
Array
|
#
_prepareKey( String $key )
Creates the key schedule.
Creates the key schedule.
Parameters
Returns
Array
|
public
String
|
#
_string_shift( String & $string, optional $index = 1 )
String Shift
Inspired by array_shift
Parameters
- $string
String $string
- $index
optional Integer $index
Returns
String
|
public
Array
|
$keys |
|
public
Integer
|
$mode |
|
public
Boolean
|
$continuousBuffer |
#
Continuous Buffer status
See
|
public
Boolean
|
$padding |
|
public
String
|
$iv |
#
The Initialization Vector
The Initialization Vector
See
|
public
String
|
$encryptIV |
#
A "sliding" Initialization Vector
A "sliding" Initialization Vector
See
|
public
String
|
$decryptIV |
#
A "sliding" Initialization Vector
A "sliding" Initialization Vector
See
|
public
String
|
$enmcrypt |
#
mcrypt resource for encryption
mcrypt resource for encryption
The mcrypt resource can be recreated every time something needs to be created
or it can be created just once. Since mcrypt operates in continuous mode, by
default, it'll need to be recreated when in non-continuous mode.
See
|
public
String
|
$demcrypt |
#
mcrypt resource for decryption
mcrypt resource for decryption
The mcrypt resource can be recreated every time something needs to be created
or it can be created just once. Since mcrypt operates in continuous mode, by
default, it'll need to be recreated when in non-continuous mode.
See
|
public
Boolean
|
$enchanged |
#
Does the enmcrypt resource need to be (re)initialized?
Does the enmcrypt resource need to be (re)initialized?
See
|
public
Boolean
|
$dechanged |
#
Does the demcrypt resource need to be (re)initialized?
Does the demcrypt resource need to be (re)initialized?
See
|
public
Boolean
|
$paddable |
#
Is the mode one that is paddable?
Is the mode one that is paddable?
See
|
public
String
|
$enbuffer |
#
Encryption buffer for CTR, OFB and CFB modes
Encryption buffer for CTR, OFB and CFB modes
See
|
public
String
|
$debuffer |
#
Decryption buffer for CTR, OFB and CFB modes
Decryption buffer for CTR, OFB and CFB modes
See
|
public
String
|
$ecb |
#
mcrypt resource for CFB mode
mcrypt resource for CFB mode
See
|