Documentation

Base
in package

Base Class for all \phpseclib\Crypt\* cipher classes

Tags
author

Jim Wigginton terrafrost@php.net

author

Hans-Juergen Petrich petrich@tronic-media.com

Table of Contents

ENGINE_INTERNAL  = 1
Base value for the internal implementation $engine switch
ENGINE_MCRYPT  = 2
Base value for the mcrypt implementation $engine switch
ENGINE_OPENSSL  = 3
Base value for the mcrypt implementation $engine switch
MODE_CBC  = 2
Encrypt / decrypt using the Code Book Chaining mode.
MODE_CFB  = 3
Encrypt / decrypt using the Cipher Feedback mode.
MODE_CFB8  = 38
Encrypt / decrypt using the Cipher Feedback mode (8bit)
MODE_CTR  = -1
Encrypt / decrypt using the Counter mode.
MODE_ECB  = 1
Encrypt / decrypt using the Electronic Code Book mode.
MODE_OFB  = 4
Encrypt / decrypt using the Output Feedback mode.
MODE_STREAM  = 5
Encrypt / decrypt using streaming mode.
$block_size  : int
The Block Length of the block cipher
$cfb_init_len  : int
Optimizing value while CFB-encrypting
$changed  : bool
Does internal cipher state need to be (re)initialized?
$cipher_name_mcrypt  : string
The mcrypt specific name of the cipher
$cipher_name_openssl  : string
The openssl specific name of the cipher
$cipher_name_openssl_ecb  : string
The openssl specific name of the cipher in ECB mode
$continuousBuffer  : bool
Continuous Buffer status
$debuffer  : array<string|int, mixed>
Decryption buffer for CTR, OFB and CFB modes
$dechanged  : bool
Does the demcrypt resource need to be (re)initialized?
$decryptIV  : string
A "sliding" Initialization Vector
$demcrypt  : resource
mcrypt resource for decryption
$ecb  : resource
mcrypt resource for CFB mode
$enbuffer  : array<string|int, mixed>
Encryption buffer for CTR, OFB and CFB modes
$enchanged  : bool
Does the enmcrypt resource need to be (re)initialized?
$encryptIV  : string
A "sliding" Initialization Vector
$engine  : int
Holds which crypt engine internaly should be use, which will be determined automatically on __construct()
$enmcrypt  : resource
mcrypt resource for encryption
$explicit_key_length  : bool
Has the key length explicitly been set or should it be derived from the key, itself?
$inline_crypt  : callable
The name of the performance-optimized callback function
$iv  : string
The Initialization Vector
$key  : string
The Key
$mode  : int
The Encryption Mode
$openssl_emulate_ctr  : bool
If OpenSSL can be used in ECB but not in CTR we can emulate CTR
$openssl_options  : mixed
Determines what options are passed to openssl_encrypt/decrypt
$paddable  : bool
Is the mode one that is paddable?
$padding  : bool
Padding status
$password_default_salt  : string
The default salt used by setPassword()
$preferredEngine  : int
Holds the preferred crypt engine
$skip_key_adjustment  : bool
Don't truncate / null pad key
$use_inline_crypt  : mixed
Holds whether performance-optimized $inline_crypt() can/should be used.
$WHIRLPOOL_AVAILABLE  : bool
Whirlpool available flag
__construct()  : mixed
Default Constructor.
_createInlineCryptFunction()  : string
Creates the performance-optimized function for en/decrypt()
_decryptBlock()  : string
Decrypts a block
_encryptBlock()  : string
Encrypts a block
_getLambdaFunctions()  : array<string|int, mixed>
Holds the lambda_functions table (classwide)
_hashInlineCryptFunction()  : string
Generates a digest from $bytes
_increment_str()  : mixed
Increment the current string
_openssl_ctr_process()  : string
OpenSSL CTR Processor
_openssl_ofb_process()  : string
OpenSSL OFB Processor
_openssl_translate_mode()  : int
phpseclib <-> OpenSSL Mode Mapper
_pad()  : string
Pads a string
_setEngine()  : mixed
Sets the engine as appropriate
_setupKey()  : mixed
Setup the key (expansion)
_string_pop()  : string
String Pop
_string_shift()  : string
String Shift
_unpad()  : string
Unpads a string.
disablePadding()  : mixed
Do not pad packets.
enablePadding()  : mixed
Pad "packets".
getBlockLength()  : int
Returns the current block length in bits
getEngine()  : mixed
Returns the engine currently being utilized
getKeyLength()  : int
Returns the current key length in bits
isValidEngine()  : bool
Test for engine validity
safe_intval()  : int
Convert float to int
safe_intval_inline()  : string
eval()'able string for in-line float to int
setKeyLength()  : mixed
Sets the key length.
setPreferredEngine()  : mixed
Sets the preferred crypt engine

Constants

ENGINE_INTERNAL

Base value for the internal implementation $engine switch

public mixed ENGINE_INTERNAL = 1

ENGINE_MCRYPT

Base value for the mcrypt implementation $engine switch

public mixed ENGINE_MCRYPT = 2

ENGINE_OPENSSL

Base value for the mcrypt implementation $engine switch

public mixed ENGINE_OPENSSL = 3

MODE_CFB8

Encrypt / decrypt using the Cipher Feedback mode (8bit)

public mixed MODE_CFB8 = 38

MODE_STREAM

Encrypt / decrypt using streaming mode.

public mixed MODE_STREAM = 5

Properties

$block_size

The Block Length of the block cipher

public int $block_size = 16
Tags
access

private

$cfb_init_len

Optimizing value while CFB-encrypting

public int $cfb_init_len = 600

Only relevant if $continuousBuffer enabled and $engine == self::ENGINE_MCRYPT

It's faster to re-init $enmcrypt if $buffer bytes > $cfb_init_len than using the $ecb resource furthermore.

This value depends of the chosen cipher and the time it would be needed for it's initialization [by mcrypt_generic_init()] which, typically, depends on the complexity on its internaly Key-expanding algorithm.

Tags
see
self::encrypt()
access

private

$changed

Does internal cipher state need to be (re)initialized?

public bool $changed = true
Tags
see
self::setKey()
see
self::setIV()
see
self::disableContinuousBuffer()
access

private

$cipher_name_openssl_ecb

The openssl specific name of the cipher in ECB mode

public string $cipher_name_openssl_ecb

If OpenSSL does not support the mode we're trying to use (CTR) it can still be emulated with ECB mode.

Tags
link
http://www.php.net/openssl-get-cipher-methods
access

private

$continuousBuffer

Continuous Buffer status

public bool $continuousBuffer = false
Tags
see
self::enableContinuousBuffer()
access

private

$debuffer

Decryption buffer for CTR, OFB and CFB modes

public array<string|int, mixed> $debuffer
Tags
see
self::decrypt()
see
self::_clearBuffers()
access

private

$dechanged

Does the demcrypt resource need to be (re)initialized?

public bool $dechanged = true
Tags
see
Twofish::setKey()
see
Twofish::setIV()
access

private

$decryptIV

A "sliding" Initialization Vector

public string $decryptIV
Tags
see
self::enableContinuousBuffer()
see
self::_clearBuffers()
access

private

$demcrypt

mcrypt resource for decryption

public resource $demcrypt

The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.

Tags
see
self::decrypt()
access

private

$ecb

mcrypt resource for CFB mode

public resource $ecb

mcrypt's CFB mode, in (and only in) buffered context, is broken, so phpseclib implements the CFB mode by it self, even when the mcrypt php extension is available.

In order to do the CFB-mode work (fast) phpseclib use a separate ECB-mode mcrypt resource.

Tags
link
http://phpseclib.sourceforge.net/cfb-demo.phps
see
self::encrypt()
see
self::decrypt()
see
self::_setupMcrypt()
access

private

$enbuffer

Encryption buffer for CTR, OFB and CFB modes

public array<string|int, mixed> $enbuffer
Tags
see
self::encrypt()
see
self::_clearBuffers()
access

private

$enchanged

Does the enmcrypt resource need to be (re)initialized?

public bool $enchanged = true
Tags
see
Twofish::setKey()
see
Twofish::setIV()
access

private

$encryptIV

A "sliding" Initialization Vector

public string $encryptIV
Tags
see
self::enableContinuousBuffer()
see
self::_clearBuffers()
access

private

$engine

Holds which crypt engine internaly should be use, which will be determined automatically on __construct()

public int $engine

Currently available $engines are:

  • self::ENGINE_OPENSSL (very fast, php-extension: openssl, extension_loaded('openssl') required)
  • self::ENGINE_MCRYPT (fast, php-extension: mcrypt, extension_loaded('mcrypt') required)
  • self::ENGINE_INTERNAL (slower, pure php-engine, no php-extension required)
Tags
see
self::_setEngine()
see
self::encrypt()
see
self::decrypt()
access

private

$enmcrypt

mcrypt resource for encryption

public resource $enmcrypt

The mcrypt resource can be recreated every time something needs to be created or it can be created just once. Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode.

Tags
see
self::encrypt()
access

private

$explicit_key_length

Has the key length explicitly been set or should it be derived from the key, itself?

public bool $explicit_key_length = false
Tags
see
self::setKeyLength()
access

private

$inline_crypt

The name of the performance-optimized callback function

public callable $inline_crypt

Used by encrypt() / decrypt() only if $engine == self::ENGINE_INTERNAL

Tags
see
self::encrypt()
see
self::decrypt()
see
self::_setupInlineCrypt()
see
self::$use_inline_crypt
access

private

$iv

The Initialization Vector

public string $iv
Tags
see
self::setIV()
access

private

$key

The Key

public string $key = ""
Tags
see
self::setKey()
access

private

$mode

The Encryption Mode

public int $mode
Tags
see
self::__construct()
access

private

$openssl_emulate_ctr

If OpenSSL can be used in ECB but not in CTR we can emulate CTR

public bool $openssl_emulate_ctr = false
Tags
see
self::_openssl_ctr_process()
access

private

$openssl_options

Determines what options are passed to openssl_encrypt/decrypt

public mixed $openssl_options
Tags
see
self::isValidEngine()
access

private

$paddable

Is the mode one that is paddable?

public bool $paddable = false
Tags
see
self::__construct()
access

private

$padding

Padding status

public bool $padding = true
Tags
see
self::enablePadding()
access

private

$password_default_salt

The default salt used by setPassword()

public string $password_default_salt = 'phpseclib/salt'
Tags
see
self::setPassword()
access

private

$preferredEngine

Holds the preferred crypt engine

public int $preferredEngine
Tags
see
self::_setEngine()
see
self::setPreferredEngine()
access

private

$skip_key_adjustment

Don't truncate / null pad key

public bool $skip_key_adjustment = false
Tags
see
self::_clearBuffers()
access

private

$use_inline_crypt

Holds whether performance-optimized $inline_crypt() can/should be used.

public mixed $use_inline_crypt = true
Tags
see
self::encrypt()
see
self::decrypt()
see
self::inline_crypt
access

private

Methods

__construct()

Default Constructor.

public __construct([int $mode = self::MODE_CBC ]) : mixed

Determines whether or not the mcrypt extension should be used.

$mode could be:

  • self::MODE_ECB

  • self::MODE_CBC

  • self::MODE_CTR

  • self::MODE_CFB

  • self::MODE_OFB

If not explicitly set, self::MODE_CBC will be used.

Parameters
$mode : int = self::MODE_CBC
Tags
access

public

Return values
mixed

_createInlineCryptFunction()

Creates the performance-optimized function for en/decrypt()

public _createInlineCryptFunction(array<string|int, mixed> $cipher_code) : string

Internally for phpseclib developers:

_createInlineCryptFunction():

  • merge the $cipher_code [setup'ed by _setupInlineCrypt()] with the current [$this->]mode of operation code

  • create the $inline function, which called by encrypt() / decrypt() as its replacement to speed up the en/decryption operations.

  • return the name of the created $inline callback function

  • used to speed up en/decryption

The main reason why can speed up things [up to 50%] this way are:

  • using variables more effective then regular. (ie no use of expensive arrays but integers $k_0, $k_1 ... or even, for example, the pure $key[] values hardcoded)

  • avoiding 1000's of function calls of ie _encryptBlock() but inlining the crypt operations. in the mode of operation for() loop.

  • full loop unroll the (sometimes key-dependent) rounds avoiding this way ++$i counters and runtime-if's etc...

The basic code architectur of the generated $inline en/decrypt() lambda function, in pseudo php, is:

+----------------------------------------------------------------------------------------------+ | callback $inline = create_function: | | lambda_function_0001_crypt_ECB($action, $text) | | { | | INSERT PHP CODE OF: | | $cipher_code['init_crypt']; // general init code. | | // ie: $sbox'es declarations used for | | // encrypt and decrypt'ing. | | | | switch ($action) { | | case 'encrypt': | | INSERT PHP CODE OF: | | $cipher_code['init_encrypt']; // encrypt sepcific init code. | | ie: specified $key or $box | | declarations for encrypt'ing. | | | | foreach ($ciphertext) { | | $in = $block_size of $ciphertext; | | | | INSERT PHP CODE OF: | | $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: | | // strlen($in) == $this->block_size | | // here comes the cipher algorithm in action | | // for encryption. | | // $cipher_code['encrypt_block'] has to | | // encrypt the content of the $in variable | | | | $plaintext .= $in; | | } | | return $plaintext; | | | | case 'decrypt': | | INSERT PHP CODE OF: | | $cipher_code['init_decrypt']; // decrypt sepcific init code | | ie: specified $key or $box | | declarations for decrypt'ing. | | foreach ($plaintext) { | | $in = $block_size of $plaintext; | | | | INSERT PHP CODE OF: | | $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always | | // strlen($in) == $this->block_size | | // here comes the cipher algorithm in action | | // for decryption. | | // $cipher_code['decrypt_block'] has to | | // decrypt the content of the $in variable | | $ciphertext .= $in; | | } | | return $ciphertext; | | } | | } | +----------------------------------------------------------------------------------------------+

See also the \phpseclib\Crypt*::_setupInlineCrypt()'s for productive inline $cipher_code's how they works.

Structure of: $cipher_code = array( 'init_crypt' => (string) '', // optional 'init_encrypt' => (string) '', // optional 'init_decrypt' => (string) '', // optional 'encrypt_block' => (string) '', // required 'decrypt_block' => (string) '' // required );

Parameters
$cipher_code : array<string|int, mixed>
Tags
see
self::_setupInlineCrypt()
see
self::encrypt()
see
self::decrypt()
access

private

Return values
string

(the name of the created callback function)

_decryptBlock()

Decrypts a block

public abstract _decryptBlock(string $in) : string

Note: Must be extended by the child \phpseclib\Crypt* class

Parameters
$in : string
Tags
access

private

Return values
string

_encryptBlock()

Encrypts a block

public abstract _encryptBlock(string $in) : string

Note: Must be extended by the child \phpseclib\Crypt* class

Parameters
$in : string
Tags
access

private

Return values
string

_getLambdaFunctions()

Holds the lambda_functions table (classwide)

public _getLambdaFunctions() : array<string|int, mixed>

Each name of the lambda function, created from _setupInlineCrypt() && _createInlineCryptFunction() is stored, classwide (!), here for reusing.

The string-based index of $function is a classwide unique value representing, at least, the $mode of operation (or more... depends of the optimizing level) for which $mode the lambda function was created.

Tags
access

private

Return values
array<string|int, mixed>

&$functions

_hashInlineCryptFunction()

Generates a digest from $bytes

public _hashInlineCryptFunction( $bytes) : string
Parameters
$bytes :
Tags
see
self::_setupInlineCrypt()
access

private

Return values
string

_increment_str()

Increment the current string

public _increment_str(string &$var) : mixed
Parameters
$var : string
Tags
see
self::decrypt()
see
self::encrypt()
access

private

Return values
mixed

_openssl_ctr_process()

OpenSSL CTR Processor

public _openssl_ctr_process(string $plaintext, string &$encryptIV, array<string|int, mixed> &$buffer) : string

PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for CTR is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this function will emulate CTR with ECB when necessary.

Parameters
$plaintext : string
$encryptIV : string
$buffer : array<string|int, mixed>
Tags
see
self::encrypt()
see
self::decrypt()
access

private

Return values
string

_openssl_ofb_process()

OpenSSL OFB Processor

public _openssl_ofb_process(string $plaintext, string &$encryptIV, array<string|int, mixed> &$buffer) : string

PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for OFB is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt().

Parameters
$plaintext : string
$encryptIV : string
$buffer : array<string|int, mixed>
Tags
see
self::encrypt()
see
self::decrypt()
access

private

Return values
string

_openssl_translate_mode()

phpseclib <-> OpenSSL Mode Mapper

public _openssl_translate_mode() : int

May need to be overwritten by classes extending this one in some cases

Tags
access

private

Return values
int

_pad()

Pads a string

public _pad(string $text) : string

Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to chr($this->block_size - (strlen($text) % $this->block_size)

If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.

Parameters
$text : string
Tags
see
self::_unpad()
access

private

Return values
string

_setEngine()

Sets the engine as appropriate

public _setEngine() : mixed
Tags
see
self::__construct()
access

private

Return values
mixed

_setupKey()

Setup the key (expansion)

public abstract _setupKey() : mixed

Only used if $engine == self::ENGINE_INTERNAL

Note: Must extend by the child \phpseclib\Crypt* class

Tags
see
self::_setup()
access

private

Return values
mixed

_string_pop()

String Pop

public _string_pop(string &$string[, int $index = 1 ]) : string

Inspired by array_pop

Parameters
$string : string
$index : int = 1
Tags
access

private

Return values
string

_string_shift()

String Shift

public _string_shift(string &$string[, int $index = 1 ]) : string

Inspired by array_shift

Parameters
$string : string
$index : int = 1
Tags
access

private

Return values
string

_unpad()

Unpads a string.

public _unpad(string $text) : string

If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.

Parameters
$text : string
Tags
see
self::_pad()
access

private

Return values
string

disablePadding()

Do not pad packets.

public disablePadding() : mixed
Tags
see
self::enablePadding()
access

public

Return values
mixed

enablePadding()

Pad "packets".

public enablePadding() : mixed

Block ciphers working by encrypting between their specified [$this->]block_size at a time If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to pad the input so that it is of the proper length.

Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)

Tags
see
self::disablePadding()
access

public

Return values
mixed

getBlockLength()

Returns the current block length in bits

public getBlockLength() : int
Tags
access

public

Return values
int

getEngine()

Returns the engine currently being utilized

public getEngine() : mixed
Tags
see
self::_setEngine()
access

public

Return values
mixed

getKeyLength()

Returns the current key length in bits

public getKeyLength() : int
Tags
access

public

Return values
int

isValidEngine()

Test for engine validity

public isValidEngine(int $engine) : bool
Parameters
$engine : int
Tags
see
self::__construct()
access

public

Return values
bool

safe_intval()

Convert float to int

public safe_intval(string $x) : int

On ARM CPUs converting floats to ints doesn't always work

Parameters
$x : string
Tags
access

private

Return values
int

safe_intval_inline()

eval()'able string for in-line float to int

public safe_intval_inline() : string
Tags
access

private

Return values
string

setKeyLength()

Sets the key length.

public setKeyLength(int $length) : mixed

Keys with explicitly set lengths need to be treated accordingly

Parameters
$length : int
Tags
access

public

Return values
mixed

setPreferredEngine()

Sets the preferred crypt engine

public setPreferredEngine(int $engine) : mixed

Currently, $engine could be:

  • \phpseclib\Crypt\Base::ENGINE_OPENSSL [very fast]

  • \phpseclib\Crypt\Base::ENGINE_MCRYPT [fast]

  • \phpseclib\Crypt\Base::ENGINE_INTERNAL [slow]

If the preferred crypt engine is not available the fastest available one will be used

Parameters
$engine : int
Tags
see
self::__construct()
access

public

Return values
mixed

Search results