MODE_CTR
MODE_CTR
Encrypt / decrypt using the Counter mode.
Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.
Pure-PHP implementation of RC4.
$ecb : resource
mcrypt resource for CFB mode
mcrypt's CFB mode, in (and only in) buffered context, is broken, so phpseclib implements the CFB mode by it self, even when the mcrypt php extension is available.
In order to do the CFB-mode work (fast) phpseclib use a separate ECB-mode mcrypt resource.
$cfb_init_len : integer
Optimizing value while CFB-encrypting
Only relevant if $continuousBuffer enabled and $engine == self::ENGINE_MCRYPT
It's faster to re-init $enmcrypt if $buffer bytes > $cfb_init_len than using the $ecb resource furthermore.
This value depends of the chosen cipher and the time it would be needed for it's initialization [by mcrypt_generic_init()] which, typically, depends on the complexity on its internaly Key-expanding algorithm.
$engine : integer
Holds which crypt engine internaly should be use, which will be determined automatically on __construct()
Currently available $engines are:
__construct() : \phpseclib\Crypt\RC4
Default Constructor.
Determines whether or not the mcrypt extension should be used.
_openssl_ctr_process(string $plaintext, string $encryptIV, array $buffer) : string
OpenSSL CTR Processor
PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for CTR is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this function will emulate CTR with ECB when necessary.
| string | $plaintext | |
| string | $encryptIV | |
| array | $buffer |
_openssl_ofb_process(string $plaintext, string $encryptIV, array $buffer) : string
OpenSSL OFB Processor
PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for OFB is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt().
| string | $plaintext | |
| string | $encryptIV | |
| array | $buffer |
enablePadding()
Pad "packets".
Block ciphers working by encrypting between their specified [$this->]block_size at a time If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to pad the input so that it is of the proper length.
Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)
setPreferredEngine(integer $engine)
Sets the preferred crypt engine
Currently, $engine could be:
\phpseclib\Crypt\Base::ENGINE_OPENSSL [very fast]
\phpseclib\Crypt\Base::ENGINE_MCRYPT [fast]
If the preferred crypt engine is not available the fastest available one will be used
| integer | $engine |
_pad(string $text) : string
Pads a string
Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to chr($this->block_size - (strlen($text) % $this->block_size)
If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.
| string | $text |
_createInlineCryptFunction(array $cipher_code) : string
Creates the performance-optimized function for en/decrypt()
Internally for phpseclib developers:
_createInlineCryptFunction():
merge the $cipher_code [setup'ed by _setupInlineCrypt()] with the current [$this->]mode of operation code
create the $inline function, which called by encrypt() / decrypt() as its replacement to speed up the en/decryption operations.
return the name of the created $inline callback function
used to speed up en/decryption
The main reason why can speed up things [up to 50%] this way are:
using variables more effective then regular. (ie no use of expensive arrays but integers $k_0, $k_1 ... or even, for example, the pure $key[] values hardcoded)
avoiding 1000's of function calls of ie _encryptBlock() but inlining the crypt operations. in the mode of operation for() loop.
full loop unroll the (sometimes key-dependent) rounds avoiding this way ++$i counters and runtime-if's etc...
The basic code architectur of the generated $inline en/decrypt() lambda function, in pseudo php, is:
+----------------------------------------------------------------------------------------------+ |
callback $inline = create_function: | lambda_function_0001_crypt_ECB($action, $text) | { | INSERT PHP CODE OF: | $cipher_code['init_crypt']; // general init code. | // ie: $sbox'es declarations used for | // encrypt and decrypt'ing. | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| switch ($action) { | |||||||||||||
| case 'encrypt': | |||||||||||||
| INSERT PHP CODE OF: | |||||||||||||
| $cipher_code['init_encrypt']; // encrypt sepcific init code. | |||||||||||||
| ie: specified $key or $box | |||||||||||||
| declarations for encrypt'ing. | |||||||||||||
| foreach ($ciphertext) { | |||||||||||||
| $in = $block_size of $ciphertext; | |||||||||||||
| INSERT PHP CODE OF: | |||||||||||||
| $cipher_code['encrypt_block']; // encrypt's (string) $in, which is always: | |||||||||||||
| // strlen($in) == $this->block_size | |||||||||||||
| // here comes the cipher algorithm in action | |||||||||||||
| // for encryption. | |||||||||||||
| // $cipher_code['encrypt_block'] has to | |||||||||||||
| // encrypt the content of the $in variable | |||||||||||||
| $plaintext .= $in; | |||||||||||||
| } | |||||||||||||
| return $plaintext; | |||||||||||||
| case 'decrypt': | |||||||||||||
| INSERT PHP CODE OF: | |||||||||||||
| $cipher_code['init_decrypt']; // decrypt sepcific init code | |||||||||||||
| ie: specified $key or $box | |||||||||||||
| declarations for decrypt'ing. | |||||||||||||
| foreach ($plaintext) { | |||||||||||||
| $in = $block_size of $plaintext; | |||||||||||||
| INSERT PHP CODE OF: | |||||||||||||
| $cipher_code['decrypt_block']; // decrypt's (string) $in, which is always | |||||||||||||
| // strlen($in) == $this->block_size | |||||||||||||
| // here comes the cipher algorithm in action | |||||||||||||
| // for decryption. | |||||||||||||
| // $cipher_code['decrypt_block'] has to | |||||||||||||
| // decrypt the content of the $in variable | |||||||||||||
| $ciphertext .= $in; | |||||||||||||
| } | |||||||||||||
| return $ciphertext; | |||||||||||||
| } | |||||||||||||
| } |
+----------------------------------------------------------------------------------------------+
See also the \phpseclib\Crypt*::_setupInlineCrypt()'s for productive inline $cipher_code's how they works.
Structure of:
$cipher_code = array(
'init_crypt' => (string) '', // optional
'init_encrypt' => (string) '', // optional
'init_decrypt' => (string) '', // optional
'encrypt_block' => (string) '', // required
'decrypt_block' => (string) '' // required
);
| array | $cipher_code |
(the name of the created callback function)
_getLambdaFunctions() : array
Holds the lambda_functions table (classwide)
Each name of the lambda function, created from _setupInlineCrypt() && _createInlineCryptFunction() is stored, classwide (!), here for reusing.
The string-based index of $function is a classwide unique value representing, at least, the $mode of operation (or more... depends of the optimizing level) for which $mode the lambda function was created.
&$functions
setIV(string $iv)
Dummy function.
Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1]. If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before calling setKey().
[1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol, the IV's are relatively easy to predict, an attack described by Scott Fluhrer, Itsik Mantin, and Adi Shamir can be used to quickly guess at the rest of the key. The following links elaborate:
http://www.rsa.com/rsalabs/node.asp?id=2009 http://en.wikipedia.org/wiki/Related_key_attack
| string | $iv |