ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
TripleDES.php
Go to the documentation of this file.
1<?php
2
37namespace phpseclib\Crypt;
38
39use phpseclib\Crypt\Base;
40use phpseclib\Crypt\DES;
41
49class TripleDES extends DES
50{
56 const MODE_3CBC = -2;
57
63 const MODE_CBC3 = Base::MODE_CBC;
64
72 var $key_length = 24;
73
82 var $password_default_salt = 'phpseclib';
83
92 var $cipher_name_mcrypt = 'tripledes';
93
101 var $cfb_init_len = 750;
102
111 var $key_length_max = 24;
112
119 var $mode_3cbc;
120
129 var $des;
130
157 function __construct($mode = Base::MODE_CBC)
158 {
159 switch ($mode) {
160 // In case of self::MODE_3CBC, we init as CRYPT_DES_MODE_CBC
161 // and additional flag us internally as 3CBC
162 case self::MODE_3CBC:
163 parent::__construct(Base::MODE_CBC);
164 $this->mode_3cbc = true;
165
166 // This three $des'es will do the 3CBC work (if $key > 64bits)
167 $this->des = array(
168 new DES(Base::MODE_CBC),
169 new DES(Base::MODE_CBC),
170 new DES(Base::MODE_CBC),
171 );
172
173 // we're going to be doing the padding, ourselves, so disable it in the \phpseclib\Crypt\DES objects
174 $this->des[0]->disablePadding();
175 $this->des[1]->disablePadding();
176 $this->des[2]->disablePadding();
177 break;
178 // If not 3CBC, we init as usual
179 default:
180 parent::__construct($mode);
181 }
182 }
183
194 function isValidEngine($engine)
195 {
196 if ($engine == self::ENGINE_OPENSSL) {
197 $this->cipher_name_openssl_ecb = 'des-ede3';
198 $mode = $this->_openssl_translate_mode();
199 $this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode;
200 }
201
202 return parent::isValidEngine($engine);
203 }
204
215 function setIV($iv)
216 {
217 parent::setIV($iv);
218 if ($this->mode_3cbc) {
219 $this->des[0]->setIV($iv);
220 $this->des[1]->setIV($iv);
221 $this->des[2]->setIV($iv);
222 }
223 }
224
234 function setKeyLength($length)
235 {
236 $length >>= 3;
237 switch (true) {
238 case $length <= 8:
239 $this->key_length = 8;
240 break;
241 case $length <= 16:
242 $this->key_length = 16;
243 break;
244 default:
245 $this->key_length = 24;
246 }
247
248 parent::setKeyLength($length);
249 }
250
266 function setKey($key)
267 {
268 $length = $this->explicit_key_length ? $this->key_length : strlen($key);
269 if ($length > 8) {
270 $key = str_pad(substr($key, 0, 24), 24, chr(0));
271 // if $key is between 64 and 128-bits, use the first 64-bits as the last, per this:
272 // http://php.net/function.mcrypt-encrypt#47973
273 $key = $length <= 16 ? substr_replace($key, substr($key, 0, 8), 16) : substr($key, 0, 24);
274 } else {
275 $key = str_pad($key, 8, chr(0));
276 }
277 parent::setKey($key);
278
279 // And in case of self::MODE_3CBC:
280 // if key <= 64bits we not need the 3 $des to work,
281 // because we will then act as regular DES-CBC with just a <= 64bit key.
282 // So only if the key > 64bits (> 8 bytes) we will call setKey() for the 3 $des.
283 if ($this->mode_3cbc && $length > 8) {
284 $this->des[0]->setKey(substr($key, 0, 8));
285 $this->des[1]->setKey(substr($key, 8, 8));
286 $this->des[2]->setKey(substr($key, 16, 8));
287 }
288 }
289
298 function encrypt($plaintext)
299 {
300 // parent::en/decrypt() is able to do all the work for all modes and keylengths,
301 // except for: self::MODE_3CBC (inner chaining CBC) with a key > 64bits
302
303 // if the key is smaller then 8, do what we'd normally do
304 if ($this->mode_3cbc && strlen($this->key) > 8) {
305 return $this->des[2]->encrypt(
306 $this->des[1]->decrypt(
307 $this->des[0]->encrypt(
308 $this->_pad($plaintext)
309 )
310 )
311 );
312 }
313
314 return parent::encrypt($plaintext);
315 }
316
325 function decrypt($ciphertext)
326 {
327 if ($this->mode_3cbc && strlen($this->key) > 8) {
328 return $this->_unpad(
329 $this->des[0]->decrypt(
330 $this->des[1]->encrypt(
331 $this->des[2]->decrypt(
332 str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, "\0")
333 )
334 )
335 )
336 );
337 }
338
339 return parent::decrypt($ciphertext);
340 }
341
380 function enableContinuousBuffer()
381 {
382 parent::enableContinuousBuffer();
383 if ($this->mode_3cbc) {
384 $this->des[0]->enableContinuousBuffer();
385 $this->des[1]->enableContinuousBuffer();
386 $this->des[2]->enableContinuousBuffer();
387 }
388 }
389
399 function disableContinuousBuffer()
400 {
401 parent::disableContinuousBuffer();
402 if ($this->mode_3cbc) {
403 $this->des[0]->disableContinuousBuffer();
404 $this->des[1]->disableContinuousBuffer();
405 $this->des[2]->disableContinuousBuffer();
406 }
407 }
408
416 function _setupKey()
417 {
418 switch (true) {
419 // if $key <= 64bits we configure our internal pure-php cipher engine
420 // to act as regular [1]DES, not as 3DES. mcrypt.so::tripledes does the same.
421 case strlen($this->key) <= 8:
422 $this->des_rounds = 1;
423 break;
424
425 // otherwise, if $key > 64bits, we configure our engine to work as 3DES.
426 default:
427 $this->des_rounds = 3;
428
429 // (only) if 3CBC is used we have, of course, to setup the $des[0-2] keys also separately.
430 if ($this->mode_3cbc) {
431 $this->des[0]->_setupKey();
432 $this->des[1]->_setupKey();
433 $this->des[2]->_setupKey();
434
435 // because $des[0-2] will, now, do all the work we can return here
436 // not need unnecessary stress parent::_setupKey() with our, now unused, $key.
437 return;
438 }
439 }
440 // setup our key
441 parent::_setupKey();
442 }
443
453 function setPreferredEngine($engine)
454 {
455 if ($this->mode_3cbc) {
456 $this->des[0]->setPreferredEngine($engine);
457 $this->des[1]->setPreferredEngine($engine);
458 $this->des[2]->setPreferredEngine($engine);
459 }
460
461 return parent::setPreferredEngine($engine);
462 }
463}
php
An exception for terminatinating execution or to throw for unit testing.
phpseclib\Crypt\Base\MODE_CBC
const MODE_CBC
Encrypt / decrypt using the Code Book Chaining mode.
Definition: Base.php:74
phpseclib\Crypt\Base\_openssl_translate_mode
_openssl_translate_mode()
phpseclib <-> OpenSSL Mode Mapper
Definition: Base.php:1423
phpseclib\Crypt\Base\_pad
_pad($text)
Pads a string.
Definition: Base.php:1822
phpseclib\Crypt\Base\_unpad
_unpad($text)
Unpads a string.
Definition: Base.php:1851
phpseclib\Crypt\TripleDES\decrypt
decrypt($ciphertext)
Decrypts a message.
Definition: TripleDES.php:325
phpseclib\Crypt\TripleDES\isValidEngine
isValidEngine($engine)
Test for engine validity.
Definition: TripleDES.php:194
phpseclib\Crypt\TripleDES\disableContinuousBuffer
disableContinuousBuffer()
Treat consecutive packets as if they are a discontinuous buffer.
Definition: TripleDES.php:399
phpseclib\Crypt\TripleDES\setKeyLength
setKeyLength($length)
Sets the key length.
Definition: TripleDES.php:234
phpseclib\Crypt\TripleDES\MODE_CBC3
const MODE_CBC3
Encrypt / decrypt using outer chaining.
Definition: TripleDES.php:63
phpseclib\Crypt\TripleDES\setPreferredEngine
setPreferredEngine($engine)
Sets the internal crypt engine.
Definition: TripleDES.php:453
phpseclib\Crypt\TripleDES\encrypt
encrypt($plaintext)
Encrypts a message.
Definition: TripleDES.php:298
phpseclib\Crypt\TripleDES\setIV
setIV($iv)
Sets the initialization vector.
Definition: TripleDES.php:215
phpseclib\Crypt\TripleDES\__construct
__construct($mode=Base::MODE_CBC)
Default Constructor.
Definition: TripleDES.php:157
phpseclib\Crypt\TripleDES\setKey
setKey($key)
Sets the key.
Definition: TripleDES.php:266
phpseclib\Crypt\TripleDES\enableContinuousBuffer
enableContinuousBuffer()
Treat consecutive "packets" as if they are a continuous buffer.
Definition: TripleDES.php:380
phpseclib\Crypt\TripleDES\_setupKey
_setupKey()
Creates the key schedule.
Definition: TripleDES.php:416
phpseclib\Crypt\TripleDES\MODE_3CBC
const MODE_3CBC
Encrypt / decrypt using inner chaining.
Definition: TripleDES.php:56
DES
Pure-PHP implementation of DES.
TripleDES
Pure-PHP implementation of Triple DES.
phpseclib\Crypt
Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic...
Definition: AES.php:50