phpseclib API Documentation
Class

phpseclib\Crypt\DES

class DES extends Base

Pure-PHP implementation of DES.

Constants

MODE_CTR

Encrypt / decrypt using the Counter mode.

Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.

MODE_ECB

Encrypt / decrypt using the Electronic Code Book mode.

MODE_CBC

Encrypt / decrypt using the Code Book Chaining mode.

MODE_CFB

Encrypt / decrypt using the Cipher Feedback mode.

MODE_OFB

Encrypt / decrypt using the Output Feedback mode.

MODE_STREAM

Encrypt / decrypt using streaming mode.

ENGINE_INTERNAL

Base value for the internal implementation $engine switch

ENGINE_MCRYPT

Base value for the mcrypt implementation $engine switch

ENGINE_OPENSSL

Base value for the mcrypt implementation $engine switch

ENCRYPT

Contains $keys[self::ENCRYPT]

DECRYPT

Contains $keys[self::DECRYPT]

Properties

int $mode The Encryption Mode
int $block_size Block Length of the cipher
string $key The Key
string $iv The Initialization Vector
string $encryptIV A "sliding" Initialization Vector
string $decryptIV A "sliding" Initialization Vector
bool $continuousBuffer Continuous Buffer status
array $enbuffer Encryption buffer for CTR, OFB and CFB modes
array $debuffer Decryption buffer for CTR, OFB and CFB modes
resource $enmcrypt mcrypt resource for encryption
resource $demcrypt mcrypt resource for decryption
bool $enchanged Does the enmcrypt resource need to be (re)initialized?
bool $dechanged Does the demcrypt resource need to be (re)initialized?
resource $ecb mcrypt resource for CFB mode
int $cfb_init_len Optimizing value while CFB-encrypting
bool $changed Does internal cipher state need to be (re)initialized?
bool $padding Padding status
bool $paddable Is the mode one that is paddable?
int $engine Holds which crypt engine internaly should be use, which will be determined automatically on __construct()
int $preferredEngine Holds the preferred crypt engine
string $cipher_name_mcrypt The mcrypt specific name of the cipher
string $cipher_name_openssl The openssl specific name of the cipher
string $cipher_name_openssl_ecb The openssl specific name of the cipher in ECB mode
string $password_default_salt The default salt used by setPassword()
Callback $inline_crypt The name of the performance-optimized callback function
mixed $use_inline_crypt Holds whether performance-optimized $inline_crypt() can/should be used.
bool $openssl_emulate_ctr If OpenSSL can be used in ECB but not in CTR we can emulate CTR
mixed $openssl_options Determines what options are passed to openssl_encrypt/decrypt
bool $explicit_key_length Has the key length explicitly been set or should it be derived from the key, itself?
bool $skip_key_adjustment Don't truncate / null pad key
int $key_length Key Length (in bytes)
array $openssl_mode_names The OpenSSL names of the cipher / modes
int $des_rounds Switch for DES/3DES encryption
string $key_length_max max possible size of $key
array $keys The Key Schedule
array $shuffle Shuffle table.
array $ipmap IP mapping helper table.
array $invipmap Inverse IP mapping helper table.
array $sbox1 Pre-permuted S-box1
array $sbox2 Pre-permuted S-box2
array $sbox3 Pre-permuted S-box3
array $sbox4 Pre-permuted S-box4
array $sbox5 Pre-permuted S-box5
array $sbox6 Pre-permuted S-box6
array $sbox7 Pre-permuted S-box7
array $sbox8 Pre-permuted S-box8

Methods

__construct(int $mode = self::MODE_CBC)

Default Constructor.

from Base
setIV(string $iv)

Sets the initialization vector.

from Base
setKeyLength(int $length)

Sets the key length.

from Base
int getKeyLength()

Returns the current key length in bits

from Base
int getBlockLength()

Returns the current block length in bits

from Base
setKey(string $key)

Sets the key.

bool setPassword(string $password, string $method = 'pbkdf2')

Sets the password.

from Base
string encrypt(string $plaintext)

Encrypts a message.

from Base
string decrypt(string $ciphertext)

Decrypts a message.

from Base
string _openssl_ctr_process(string $plaintext, string $encryptIV, array $buffer)

OpenSSL CTR Processor

from Base
string _openssl_ofb_process(string $plaintext, string $encryptIV, array $buffer)

OpenSSL OFB Processor

from Base
int _openssl_translate_mode()

phpseclib <-> OpenSSL Mode Mapper

from Base
enablePadding()

Pad "packets".

from Base
disablePadding()

Do not pad packets.

from Base
enableContinuousBuffer()

Treat consecutive "packets" as if they are a continuous buffer.

from Base
disableContinuousBuffer()

Treat consecutive packets as if they are a discontinuous buffer.

from Base
bool isValidEngine(int $engine)

Test for engine validity

setPreferredEngine(int $engine)

Sets the preferred crypt engine

from Base
getEngine()

Returns the engine currently being utilized

from Base
_setEngine()

Sets the engine as appropriate

from Base
_setup()

Setup the self::ENGINE_INTERNAL $engine

from Base
_setupMcrypt()

Setup the self::ENGINE_MCRYPT $engine

from Base
string _pad(string $text)

Pads a string

from Base
string _unpad(string $text)

Unpads a string.

from Base
_clearBuffers()

Clears internal buffers

from Base
string _string_shift(string $string, int $index = 1)

String Shift

from Base
string _string_pop(string $string, int $index = 1)

String Pop

from Base
_increment_str(string $var)

Increment the current string

from Base
_setupInlineCrypt()

Setup the performance-optimized function for de/encrypt()

string _createInlineCryptFunction(array $cipher_code)

Creates the performance-optimized function for en/decrypt()

from Base
array _getLambdaFunctions()

Holds the lambda_functions table (classwide)

from Base
string _hashInlineCryptFunction($bytes $bytes)

Generates a digest from $bytes

from Base
string _encryptBlock(string $in)

Encrypts a block

string _decryptBlock(string $in)

Decrypts a block

string _processBlock(string $block, int $mode)

Encrypts or decrypts a 64-bit block

_setupKey()

Creates the key schedule

Details

in Base at line 472
public __construct(int $mode = self::MODE_CBC)

Default Constructor.

Determines whether or not the mcrypt extension should be used.

$mode could be:

If not explicitly set, self::MODE_CBC will be used.

Parameters

int $mode

in Base at line 510
public setIV(string $iv)

Sets the initialization vector.

(optional)

SetIV is not required when self::MODEECB (or ie for AES: \phpseclib\Crypt\AES::MODEECB) is being used. If not explicitly set, it'll be assumed to be all zero's.

Parameters

string $iv

in Base at line 528
public setKeyLength(int $length)

Sets the key length.

Keys with explicitly set lengths need to be treated accordingly

Parameters

int $length

in Base at line 541
public int getKeyLength()

Returns the current key length in bits

Return Value

int

in Base at line 552
public int getBlockLength()

Returns the current block length in bits

Return Value

int

at line 618
public setKey(string $key)

Sets the key.

Keys can be of any length. DES, itself, uses 64-bit keys (eg. strlen($key) == 8), however, we only use the first eight, if $key has more then eight characters in it, and pad $key with the null byte if it is less then eight characters long.

DES also requires that every eighth bit be a parity bit, however, we'll ignore that.

If the key is not explicitly set, it'll be assumed to be all zero's.

Parameters

string $key

See also

\phpseclib\Crypt\Base::setKey()

in Base at line 599
public bool setPassword(string $password, string $method = 'pbkdf2')

Sets the password.

Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: $hash, $salt, $count, $dkLen

    Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php

Parameters

string $password
string $method

Return Value

bool

See also

Crypt/Hash.php

in Base at line 690
public string encrypt(string $plaintext)

Encrypts a message.

$plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other cipher implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following URL:

{@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}

An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. strlen($plaintext) will still need to be a multiple of the block size, however, arbitrary values can be added to make it that length.

Parameters

string $plaintext

Return Value

string $ciphertext

See also

self::decrypt()

in Base at line 991
public string decrypt(string $ciphertext)

Decrypts a message.

If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until it is.

Parameters

string $ciphertext

Return Value

string $plaintext

See also

self::encrypt()

in Base at line 1287
public string _openssl_ctr_process(string $plaintext, string $encryptIV, array $buffer)

OpenSSL CTR Processor

PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for CTR is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this function will emulate CTR with ECB when necesary.

Parameters

string $plaintext
string $encryptIV
array $buffer

Return Value

string

See also

self::encrypt()
self::decrypt()

in Base at line 1381
public string _openssl_ofb_process(string $plaintext, string $encryptIV, array $buffer)

OpenSSL OFB Processor

PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream for OFB is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() and Base::decrypt().

Parameters

string $plaintext
string $encryptIV
array $buffer

Return Value

string

See also

self::encrypt()
self::decrypt()

in Base at line 1427
public int _openssl_translate_mode()

phpseclib <-> OpenSSL Mode Mapper

May need to be overwritten by classes extending this one in some cases

Return Value

int

in Base at line 1458
public enablePadding()

Pad "packets".

Block ciphers working by encrypting between their specified [$this->]block_size at a time If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to pad the input so that it is of the proper length.

Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is transmitted separately)

See also

self::disablePadding()

in Base at line 1469
public disablePadding()

Do not pad packets.

See also

self::enablePadding()

in Base at line 1512
public enableContinuousBuffer()

Treat consecutive "packets" as if they are a continuous buffer.

Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets will yield different outputs:

echo $rijndael->encrypt(substr($plaintext, 0, 16)); echo $rijndael->encrypt(substr($plaintext, 16, 16)); echo $rijndael->encrypt($plaintext);

The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates another, as demonstrated with the following:

$rijndael->encrypt(substr($plaintext, 0, 16)); echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16))); echo $rijndael->decrypt($rijndael->encrypt(substr($plaintext, 16, 16)));

With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different outputs. The reason is due to the fact that the initialization vector's change after every encryption / decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.

Put another way, when the continuous buffer is enabled, the state of the \phpseclib\Crypt*() object changes after each encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), however, they are also less intuitive and more likely to cause you problems.

See also

self::disableContinuousBuffer()

in Base at line 1532
public disableContinuousBuffer()

Treat consecutive packets as if they are a discontinuous buffer.

The default behavior.

See also

self::enableContinuousBuffer()

at line 591
public bool isValidEngine(int $engine)

Test for engine validity

This is mainly just a wrapper to set things up for \phpseclib\Crypt\Base::isValidEngine()

Parameters

int $engine

Return Value

bool

See also

\phpseclib\Crypt\Base::isValidEngine()

in Base at line 1621
public setPreferredEngine(int $engine)

Sets the preferred crypt engine

Currently, $engine could be:

If the preferred crypt engine is not available the fastest available one will be used

Parameters

int $engine

See also

self::__construct()

in Base at line 1642
public getEngine()

Returns the engine currently being utilized

See also

self::_setEngine()

in Base at line 1653
public _setEngine()

Sets the engine as appropriate

See also

self::__construct()

in Base at line 1747
public _setup()

Setup the self::ENGINE_INTERNAL $engine

(re)init, if necessary, the internal cipher $engine and flush all $buffers Used (only) if $engine == self::ENGINE_INTERNAL

_setup() will be called each time if $changed === true typically this happens when using one or more of following public methods:

See also

self::setKey()
self::setIV()
self::disableContinuousBuffer()

in Base at line 1780
public _setupMcrypt()

Setup the self::ENGINE_MCRYPT $engine

(re)init, if necessary, the (ext)mcrypt resources and flush all $buffers Used (only) if $engine = self::ENGINE_MCRYPT

_setupMcrypt() will be called each time if $changed === true typically this happens when using one or more of following public methods:

See also

self::setKey()
self::setIV()
self::disableContinuousBuffer()

in Base at line 1826
public string _pad(string $text)

Pads a string

Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. $this->blocksize - (strlen($text) % $this->blocksize) bytes are added, each of which is equal to chr($this->blocksize - (strlen($text) % $this->blocksize)

If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless and padding will, hence forth, be enabled.

Parameters

string $text

Return Value

string

See also

self::_unpad()

in Base at line 1855
public string _unpad(string $text)

Unpads a string.

If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong and false will be returned.

Parameters

string $text

Return Value

string

See also

self::_pad()

in Base at line 1880
public _clearBuffers()

Clears internal buffers

Clearing/resetting the internal buffers is done everytime after disableContinuousBuffer() or on cipher $engine (re)init ie after setKey() or setIV()

in Base at line 1903
public string _string_shift(string $string, int $index = 1)

String Shift

Inspired by array_shift

Parameters

string $string
int $index

Return Value

string

in Base at line 1920
public string _string_pop(string $string, int $index = 1)

String Pop

Inspired by array_pop

Parameters

string $string
int $index

Return Value

string

in Base at line 1935
public _increment_str(string $var)

Increment the current string

Parameters

string $var

See also

self::decrypt()
self::encrypt()

at line 1290
public _setupInlineCrypt()

Setup the performance-optimized function for de/encrypt()

See also

\phpseclib\Crypt\Base::_setupInlineCrypt()

in Base at line 2146
public string _createInlineCryptFunction(array $cipher_code)

Creates the performance-optimized function for en/decrypt()

Internally for phpseclib developers:

_createInlineCryptFunction():

Parameters

array $cipher_code

Return Value

string (the name of the created callback function)

See also

self::_setupInlineCrypt()
self::encrypt()
self::decrypt()

in Base at line 2513
public array _getLambdaFunctions()

Holds the lambda_functions table (classwide)

Each name of the lambda function, created from _setupInlineCrypt() && _createInlineCryptFunction() is stored, classwide (!), here for reusing.

The string-based index of $function is a classwide uniqe value representing, at least, the $mode of operation (or more... depends of the optimizing level) for which $mode the lambda function was created.

Return Value

array &$functions

in Base at line 2527
public string _hashInlineCryptFunction($bytes $bytes)

Generates a digest from $bytes

Parameters

$bytes $bytes

Return Value

string

See also

self::_setupInlineCrypt()

at line 640
public string _encryptBlock(string $in)

Encrypts a block

Parameters

string $in

Return Value

string

See also

\phpseclib\Crypt\Base::_encryptBlock()
\phpseclib\Crypt\Base::encrypt()
self::encrypt()

at line 655
public string _decryptBlock(string $in)

Decrypts a block

Parameters

string $in

Return Value

string

See also

\phpseclib\Crypt\Base::_decryptBlock()
\phpseclib\Crypt\Base::decrypt()
self::decrypt()

at line 674
public string _processBlock(string $block, int $mode)

Encrypts or decrypts a 64-bit block

$mode should be either self::ENCRYPT or self::DECRYPT. See {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general idea of what this function does.

Parameters

string $block
int $mode

Return Value

string

See also

self::_encryptBlock()
self::_decryptBlock()

at line 755
public _setupKey()

Creates the key schedule

See also

\phpseclib\Crypt\Base::_setupKey()