Pure-PHP implementation of Triple DES.

author Jim Wigginton
version 0.1.0
access public
package Crypt_TerraDES

 Methods

Default Constructor.

Crypt_TripleDES(\optional $mode) : \Crypt_TripleDES

Determines whether or not the mcrypt extension should be used. $mode should only, at present, be CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly set, CRYPT_DES_MODE_CBC will be used.

access public

Parameters

$mode

\optional

Integer $mode

Returns

Generate CTR XOR encryption key

_generate_xor(Integer $length, String $iv) 

Encrypt the output of this and XOR it against the ciphertext / plaintext to get the plaintext / ciphertext in CTR mode.

see \global\Crypt_TripleDES::decrypt()
see \global\Crypt_TripleDES::encrypt()
access private

Parameters

$length

Integer

$iv

String

Pads a string

_pad($text) 

Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8). 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7)

If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.

see \global\Crypt_TripleDES::_unpad()
access private

Parameters

$text

String Shift

_string_shift(String $string, \optional $index) : String

Inspired by array_shift

access private

Parameters

$string

String

$index

\optional

Integer $index

Returns

String

Unpads a string

_unpad($text) 

If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.

see \global\Crypt_TripleDES::_pad()
access private

Parameters

$text

Decrypts a message.

decrypt(String $ciphertext) 

access public

Parameters

$ciphertext

String

Treat consecutive packets as if they are a discontinuous buffer.

disableContinuousBuffer() 

The default behavior.

see \global\Crypt_TripleDES::enableContinuousBuffer()
access public

Do not pad packets.

disablePadding() 

see \global\Crypt_TripleDES::enablePadding()
access public

Treat consecutive "packets" as if they are a continuous buffer.

enableContinuousBuffer() 

Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets will yield different outputs:

   echo $des->encrypt(substr($plaintext, 0, 8));
   echo $des->encrypt(substr($plaintext, 8, 8));
   echo $des->encrypt($plaintext);

The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates another, as demonstrated with the following:

   $des->encrypt(substr($plaintext, 0, 8));
   echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
   echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));

With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different outputs. The reason is due to the fact that the initialization vector's change after every encryption / decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.

Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), however, they are also less intuitive and more likely to cause you problems.

see \global\Crypt_TripleDES::disableContinuousBuffer()
access public

Pad "packets".

enablePadding() 

DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight.

Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)

see \global\Crypt_TripleDES::disablePadding()
access public

Encrypts a message.

encrypt(String $plaintext) 

access public

Parameters

$plaintext

String

Sets the initialization vector.

setIV(String $iv) 

(optional)

SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly set, it'll be assumed to be all zero's.

access public

Parameters

$iv

String

Sets the key.

setKey(String $key) 

Keys can be of any length. Triple DES, itself, can use 128-bit (eg. strlen($key) == 16) or 192-bit (eg. strlen($key) == 24) keys. This function pads and truncates $key as appropriate.

DES also requires that every eighth bit be a parity bit, however, we'll ignore that.

If the key is not explicitly set, it'll be assumed to be all zero's.

access public

Parameters

$key

String

 Properties

 

Continuous Buffer status

$continuousBuffer : Boolean

see \global\Crypt_TripleDES::enableContinuousBuffer()
access private
 

Decryption buffer for CTR, OFB and CFB modes

$debuffer : String

see \global\Crypt_TripleDES::decrypt()
access private
 

Does the demcrypt resource need to be (re)initialized?

$dechanged : Boolean

see \global\Crypt_TripleDES::setKey()
see \global\Crypt_TripleDES::setIV()
access private
 

A "sliding" Initialization Vector

$decryptIV : String

see \global\Crypt_TripleDES::enableContinuousBuffer()
access private
 

mcrypt resource for decryption

$demcrypt : String

The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.

see \global\Crypt_TripleDES::decrypt()
access private
 

The Crypt_DES objects

$des : Array

access private
 

mcrypt resource for CFB mode

$ecb : String

see \global\Crypt_TripleDES::encrypt()
see \global\Crypt_TripleDES::decrypt()
access private
 

Encryption buffer for CTR, OFB and CFB modes

$enbuffer : String

see \global\Crypt_TripleDES::encrypt()
access private
 

Does the enmcrypt resource need to be (re)initialized?

$enchanged : Boolean

see \global\Crypt_TripleDES::setKey()
see \global\Crypt_TripleDES::setIV()
access private
 

A "sliding" Initialization Vector

$encryptIV : String

see \global\Crypt_TripleDES::enableContinuousBuffer()
access private
 

mcrypt resource for encryption

$enmcrypt : String

The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.

see \global\Crypt_TripleDES::encrypt()
access private
 

The Initialization Vector

$iv : String

see \global\Crypt_TripleDES::setIV()
access private
 

The Three Keys

$key : String

see \global\Crypt_TripleDES::setKey()
access private
 

The Encryption Mode

$mode : Integer

see \global\Crypt_TripleDES::Crypt_TripleDES()
access private
 

Is the mode one that is paddable?

$paddable : Boolean

see \global\Crypt_TripleDES::Crypt_TripleDES()
access private
 

Padding status

$padding : Boolean

see \global\Crypt_TripleDES::enablePadding()
access private