ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
TripleDES.php
Go to the documentation of this file.
1 <?php
2 
37 namespace phpseclib\Crypt;
38 
39 use phpseclib\Crypt\Base;
40 use phpseclib\Crypt\DES;
41 
49 class TripleDES extends DES
50 {
56  const MODE_3CBC = -2;
57 
63  const MODE_CBC3 = Base::MODE_CBC;
64 
72  var $key_length = 24;
73 
82  var $password_default_salt = 'phpseclib';
83 
92  var $cipher_name_mcrypt = 'tripledes';
93 
101  var $cfb_init_len = 750;
102 
111  var $key_length_max = 24;
112 
119  var $mode_3cbc;
120 
129  var $des;
130 
157  function __construct($mode = Base::MODE_CBC)
158  {
159  switch ($mode) {
160  // In case of self::MODE_3CBC, we init as CRYPT_DES_MODE_CBC
161  // and additional flag us internally as 3CBC
162  case self::MODE_3CBC:
163  parent::__construct(Base::MODE_CBC);
164  $this->mode_3cbc = true;
165 
166  // This three $des'es will do the 3CBC work (if $key > 64bits)
167  $this->des = array(
168  new DES(Base::MODE_CBC),
169  new DES(Base::MODE_CBC),
170  new DES(Base::MODE_CBC),
171  );
172 
173  // we're going to be doing the padding, ourselves, so disable it in the \phpseclib\Crypt\DES objects
174  $this->des[0]->disablePadding();
175  $this->des[1]->disablePadding();
176  $this->des[2]->disablePadding();
177  break;
178  // If not 3CBC, we init as usual
179  default:
180  parent::__construct($mode);
181  }
182  }
183 
194  function isValidEngine($engine)
195  {
196  if ($engine == self::ENGINE_OPENSSL) {
197  $this->cipher_name_openssl_ecb = 'des-ede3';
198  $mode = $this->_openssl_translate_mode();
199  $this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode;
200  }
201 
202  return parent::isValidEngine($engine);
203  }
204 
215  function setIV($iv)
216  {
217  parent::setIV($iv);
218  if ($this->mode_3cbc) {
219  $this->des[0]->setIV($iv);
220  $this->des[1]->setIV($iv);
221  $this->des[2]->setIV($iv);
222  }
223  }
224 
234  function setKeyLength($length)
235  {
236  $length >>= 3;
237  switch (true) {
238  case $length <= 8:
239  $this->key_length = 8;
240  break;
241  case $length <= 16:
242  $this->key_length = 16;
243  break;
244  default:
245  $this->key_length = 24;
246  }
247 
248  parent::setKeyLength($length);
249  }
250 
266  function setKey($key)
267  {
268  $length = $this->explicit_key_length ? $this->key_length : strlen($key);
269  if ($length > 8) {
270  $key = str_pad(substr($key, 0, 24), 24, chr(0));
271  // if $key is between 64 and 128-bits, use the first 64-bits as the last, per this:
272  // http://php.net/function.mcrypt-encrypt#47973
273  $key = $length <= 16 ? substr_replace($key, substr($key, 0, 8), 16) : substr($key, 0, 24);
274  } else {
275  $key = str_pad($key, 8, chr(0));
276  }
277  parent::setKey($key);
278 
279  // And in case of self::MODE_3CBC:
280  // if key <= 64bits we not need the 3 $des to work,
281  // because we will then act as regular DES-CBC with just a <= 64bit key.
282  // So only if the key > 64bits (> 8 bytes) we will call setKey() for the 3 $des.
283  if ($this->mode_3cbc && $length > 8) {
284  $this->des[0]->setKey(substr($key, 0, 8));
285  $this->des[1]->setKey(substr($key, 8, 8));
286  $this->des[2]->setKey(substr($key, 16, 8));
287  }
288  }
289 
298  function encrypt($plaintext)
299  {
300  // parent::en/decrypt() is able to do all the work for all modes and keylengths,
301  // except for: self::MODE_3CBC (inner chaining CBC) with a key > 64bits
302 
303  // if the key is smaller then 8, do what we'd normally do
304  if ($this->mode_3cbc && strlen($this->key) > 8) {
305  return $this->des[2]->encrypt(
306  $this->des[1]->decrypt(
307  $this->des[0]->encrypt(
308  $this->_pad($plaintext)
309  )
310  )
311  );
312  }
313 
314  return parent::encrypt($plaintext);
315  }
316 
325  function decrypt($ciphertext)
326  {
327  if ($this->mode_3cbc && strlen($this->key) > 8) {
328  return $this->_unpad(
329  $this->des[0]->decrypt(
330  $this->des[1]->encrypt(
331  $this->des[2]->decrypt(
332  str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, "\0")
333  )
334  )
335  )
336  );
337  }
338 
339  return parent::decrypt($ciphertext);
340  }
341 
380  function enableContinuousBuffer()
381  {
382  parent::enableContinuousBuffer();
383  if ($this->mode_3cbc) {
384  $this->des[0]->enableContinuousBuffer();
385  $this->des[1]->enableContinuousBuffer();
386  $this->des[2]->enableContinuousBuffer();
387  }
388  }
389 
399  function disableContinuousBuffer()
400  {
401  parent::disableContinuousBuffer();
402  if ($this->mode_3cbc) {
403  $this->des[0]->disableContinuousBuffer();
404  $this->des[1]->disableContinuousBuffer();
405  $this->des[2]->disableContinuousBuffer();
406  }
407  }
408 
416  function _setupKey()
417  {
418  switch (true) {
419  // if $key <= 64bits we configure our internal pure-php cipher engine
420  // to act as regular [1]DES, not as 3DES. mcrypt.so::tripledes does the same.
421  case strlen($this->key) <= 8:
422  $this->des_rounds = 1;
423  break;
424 
425  // otherwise, if $key > 64bits, we configure our engine to work as 3DES.
426  default:
427  $this->des_rounds = 3;
428 
429  // (only) if 3CBC is used we have, of course, to setup the $des[0-2] keys also separately.
430  if ($this->mode_3cbc) {
431  $this->des[0]->_setupKey();
432  $this->des[1]->_setupKey();
433  $this->des[2]->_setupKey();
434 
435  // because $des[0-2] will, now, do all the work we can return here
436  // not need unnecessary stress parent::_setupKey() with our, now unused, $key.
437  return;
438  }
439  }
440  // setup our key
441  parent::_setupKey();
442  }
443 
453  function setPreferredEngine($engine)
454  {
455  if ($this->mode_3cbc) {
456  $this->des[0]->setPreferredEngine($engine);
457  $this->des[1]->setPreferredEngine($engine);
458  $this->des[2]->setPreferredEngine($engine);
459  }
460 
461  return parent::setPreferredEngine($engine);
462  }
463 }
phpseclib\Crypt\TripleDES\_setupKey
_setupKey()
Creates the key schedule.
Definition: TripleDES.php:416
phpseclib\Crypt\TripleDES\MODE_3CBC
const MODE_3CBC
Encrypt / decrypt using inner chaining.
Definition: TripleDES.php:56
phpseclib\Crypt\TripleDES\MODE_CBC3
const MODE_CBC3
Encrypt / decrypt using outer chaining.
Definition: TripleDES.php:63
phpseclib\Crypt\TripleDES\disableContinuousBuffer
disableContinuousBuffer()
Treat consecutive packets as if they are a discontinuous buffer.
Definition: TripleDES.php:399
phpseclib\Crypt\TripleDES\decrypt
decrypt($ciphertext)
Decrypts a message.
Definition: TripleDES.php:325
phpseclib\Crypt\TripleDES\enableContinuousBuffer
enableContinuousBuffer()
Treat consecutive "packets" as if they are a continuous buffer.
Definition: TripleDES.php:380
phpseclib\Crypt\TripleDES\setKeyLength
setKeyLength($length)
Sets the key length.
Definition: TripleDES.php:234
phpseclib\Crypt\TripleDES\setKey
setKey($key)
Sets the key.
Definition: TripleDES.php:266
phpseclib\Crypt\Base\_openssl_translate_mode
_openssl_translate_mode()
phpseclib <-> OpenSSL Mode Mapper
Definition: Base.php:1423
phpseclib\Crypt\TripleDES\setPreferredEngine
setPreferredEngine($engine)
Sets the internal crypt engine.
Definition: TripleDES.php:453
phpseclib\Crypt\Base\_unpad
_unpad($text)
Unpads a string.
Definition: Base.php:1851
phpseclib\Crypt
Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic...
Definition: AES.php:50
phpseclib\Crypt\Base\_pad
_pad($text)
Pads a string.
Definition: Base.php:1822
phpseclib\Crypt\TripleDES\__construct
__construct($mode=Base::MODE_CBC)
Default Constructor.
Definition: TripleDES.php:157
phpseclib\Crypt\TripleDES\encrypt
encrypt($plaintext)
Encrypts a message.
Definition: TripleDES.php:298
phpseclib\Crypt\Base\MODE_CBC
const MODE_CBC
Encrypt / decrypt using the Code Book Chaining mode.
Definition: Base.php:74
TripleDES
Pure-PHP implementation of Triple DES.
phpseclib\Crypt\TripleDES\setIV
setIV($iv)
Sets the initialization vector.
Definition: TripleDES.php:215
phpseclib\Crypt\TripleDES\isValidEngine
isValidEngine($engine)
Test for engine validity.
Definition: TripleDES.php:194
DES
Pure-PHP implementation of DES.