Crypt_DES()
_generate_xor()
_pad()
_prepareKey()
_processBlock()
_string_shift()
_unpad()
decrypt()
disableContinuousBuffer()
disablePadding()
enableContinuousBuffer()
enablePadding()
encrypt()
setIV()
setKey()
$continuousBuffer
$debuffer
$dechanged
$decryptIV
$demcrypt
$ecb
$enbuffer
$enchanged
$encryptIV
$enmcrypt
$iv
$keys
$mode
$paddable
$padding
Pure-PHP implementation of DES.
author | Jim Wigginton |
---|---|
version | 0.1.0 |
access | public |
package | Crypt_DES |
Crypt_DES(\optional $mode) : \Crypt_DES
Determines whether or not the mcrypt extension should be used. $mode should only, at present, be CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly set, CRYPT_DES_MODE_CBC will be used.
access | public |
---|
\optional
Integer $mode
_generate_xor(Integer $length, String $iv)
Encrypt the output of this and XOR it against the ciphertext / plaintext to get the plaintext / ciphertext in CTR mode.
see | \global\Crypt_DES::decrypt() |
---|---|
see | \global\Crypt_DES::encrypt() |
access | public |
Integer
String
_pad($text)
Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8). 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7)
If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.
see | \global\Crypt_DES::_unpad() |
---|---|
access | private |
_prepareKey(String $key) : Array
access | private |
---|
String
Array
_processBlock(String $block, Integer $mode) : String
$mode should be either CRYPT_DES_ENCRYPT or CRYPT_DES_DECRYPT. See Feistel.png to get a general idea of what this function does.
access | private |
---|
String
Integer
String
_string_shift(String $string, \optional $index) : String
Inspired by array_shift
access | private |
---|
String
\optional
Integer $index
String
_unpad($text)
If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.
see | \global\Crypt_DES::_pad() |
---|---|
access | private |
decrypt(String $ciphertext)
If strlen($ciphertext) is not a multiple of 8, null bytes will be added to the end of the string until it is.
see | \global\Crypt_DES::encrypt() |
---|---|
access | public |
String
disableContinuousBuffer()
The default behavior.
see | \global\Crypt_DES::enableContinuousBuffer() |
---|---|
access | public |
disablePadding()
see | \global\Crypt_DES::enablePadding() |
---|---|
access | public |
enableContinuousBuffer()
Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets will yield different outputs:
echo $des->encrypt(substr($plaintext, 0, 8));
echo $des->encrypt(substr($plaintext, 8, 8));
echo $des->encrypt($plaintext);
The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates another, as demonstrated with the following:
$des->encrypt(substr($plaintext, 0, 8));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8)));
With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different outputs. The reason is due to the fact that the initialization vector's change after every encryption / decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), however, they are also less intuitive and more likely to cause you problems.
see | \global\Crypt_DES::disableContinuousBuffer() |
---|---|
access | public |
enablePadding()
DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight.
Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)
see | \global\Crypt_DES::disablePadding() |
---|---|
access | public |
encrypt(String $plaintext)
$plaintext will be padded with up to 8 additional bytes. Other DES implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following URL:
http://www.di-mgt.com.au/cryptopad.html
An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that length.
see | \global\Crypt_DES::decrypt() |
---|---|
access | public |
String
setIV(String $iv)
(optional)
SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly set, it'll be assumed to be all zero's.
access | public |
---|
String
setKey(String $key)
Keys can be of any length. DES, itself, uses 64-bit keys (eg. strlen($key) == 8), however, we only use the first eight, if $key has more then eight characters in it, and pad $key with the null byte if it is less then eight characters long.
DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
If the key is not explicitly set, it'll be assumed to be all zero's.
access | public |
---|
String
$continuousBuffer : Boolean
see | \global\Crypt_DES::enableContinuousBuffer() |
---|---|
access | private |
$debuffer : String
see | \global\Crypt_DES::decrypt() |
---|---|
access | private |
$dechanged : Boolean
see | \global\Crypt_DES::setKey() |
---|---|
see | \global\Crypt_DES::setIV() |
access | private |
$decryptIV : String
see | \global\Crypt_DES::enableContinuousBuffer() |
---|---|
access | private |
$demcrypt : String
The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
see | \global\Crypt_DES::decrypt() |
---|---|
access | private |
$ecb : String
see | \global\Crypt_DES::encrypt() |
---|---|
see | \global\Crypt_DES::decrypt() |
access | private |
$enbuffer : String
see | \global\Crypt_DES::encrypt() |
---|---|
access | private |
$enchanged : Boolean
see | \global\Crypt_DES::setKey() |
---|---|
see | \global\Crypt_DES::setIV() |
access | private |
$encryptIV : String
see | \global\Crypt_DES::enableContinuousBuffer() |
---|---|
access | private |
$enmcrypt : String
The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.
see | \global\Crypt_DES::encrypt() |
---|---|
access | private |
$iv : String
see | \global\Crypt_DES::setIV() |
---|---|
access | private |
$keys : Array
see | \global\Crypt_DES::setKey() |
---|---|
access | private |
$mode : Integer
see | \global\Crypt_DES::Crypt_DES() |
---|---|
access | private |
$paddable : Boolean
see | \global\Crypt_DES::Crypt_DES() |
---|---|
access | private |
$padding : Boolean
see | \global\Crypt_DES::enablePadding() |
---|---|
access | private |