diff --git a/phpseclib/Crypt/AES.php b/phpseclib/Crypt/AES.php index 76162bef..2e5188f8 100644 --- a/phpseclib/Crypt/AES.php +++ b/phpseclib/Crypt/AES.php @@ -50,59 +50,6 @@ if (!class_exists('Crypt_Rijndael')) { include_once 'Rijndael.php'; } -/**#@+ - * @access public - * @see Crypt_AES::encrypt() - * @see Crypt_AES::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_AES_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_AES_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_AES_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_AES_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_AES_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_AES_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_AES_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of AES. * diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index a2ba7ba3..1856f457 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -34,64 +34,6 @@ * @link http://phpseclib.sourceforge.net */ -/**#@+ - * @access public - * @see Crypt_Base::encrypt() - * @see Crypt_Base::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_MODE_CTR', -1); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_MODE_ECB', 1); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_MODE_CBC', 2); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_MODE_CFB', 3); -/** - * Encrypt / decrypt using the Output Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_MODE_OFB', 4); -/** - * Encrypt / decrypt using streaming mode. - * - */ -define('CRYPT_MODE_STREAM', 5); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Base value for the internal implementation $engine switch - */ -define('CRYPT_MODE_INTERNAL', 1); -/** - * Base value for the mcrypt implementation $engine switch - */ -define('CRYPT_MODE_MCRYPT', 2); -/**#@-*/ - /** * Base Class for all Crypt_* cipher classes * @@ -102,6 +44,64 @@ define('CRYPT_MODE_MCRYPT', 2); */ class Crypt_Base { + /**#@+ + * @access public + * @see Crypt_Base::encrypt() + * @see Crypt_Base::decrypt() + */ + /** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + */ + const MODE_CTR = -1; + /** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + */ + const MODE_ECB = 1; + /** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + */ + const MODE_CBC = 2; + /** + * Encrypt / decrypt using the Cipher Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 + */ + const MODE_CFB = 3; + /** + * Encrypt / decrypt using the Output Feedback mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 + */ + const MODE_OFB = 4; + /** + * Encrypt / decrypt using streaming mode. + * + */ + const MODE_STREAM = 5; + /**#@-*/ + + /**#@+ + * @access private + * @see Crypt_Base::__construct() + */ + /** + * Base value for the internal implementation $engine switch + */ + const ENGINE_INTERNAL = 1; + /** + * Base value for the mcrypt implementation $engine switch + */ + const ENGINE_MCRYPT = 2; + /**#@-*/ + /** * The Encryption Mode * @@ -253,7 +253,7 @@ class Crypt_Base * Optimizing value while CFB-encrypting * * Only relevant if $continuousBuffer enabled - * and $engine == CRYPT_MODE_MCRYPT + * and $engine == self::ENGINE_MCRYPT * * It's faster to re-init $enmcrypt if * $buffer bytes > $cfb_init_len than @@ -305,14 +305,14 @@ class Crypt_Base * which will be determined automatically on __construct() * * Currently available $engines are: - * - CRYPT_MODE_MCRYPT (fast, php-extension: mcrypt, extension_loaded('mcrypt') required) - * - CRYPT_MODE_INTERNAL (slower, pure php-engine, no php-extension required) + * - self::ENGINE_MCRYPT (fast, php-extension: mcrypt, extension_loaded('mcrypt') required) + * - self::ENGINE_INTERNAL (slower, pure php-engine, no php-extension required) * * In the pipeline... maybe. But currently not available: - * - CRYPT_MODE_OPENSSL (very fast, php-extension: openssl, extension_loaded('openssl') required) + * - self::ENGINE_OPENSSL (very fast, php-extension: openssl, extension_loaded('openssl') required) * - * If possible, CRYPT_MODE_MCRYPT will be used for each cipher. - * Otherwise CRYPT_MODE_INTERNAL + * If possible, self::ENGINE_MCRYPT will be used for each cipher. + * Otherwise self::ENGINE_INTERNAL * * @see Crypt_Base::encrypt() * @see Crypt_Base::decrypt() @@ -324,7 +324,7 @@ class Crypt_Base /** * The mcrypt specific name of the cipher * - * Only used if $engine == CRYPT_MODE_MCRYPT + * Only used if $engine == self::ENGINE_MCRYPT * * @link http://www.php.net/mcrypt_module_open * @link http://www.php.net/mcrypt_list_algorithms @@ -366,8 +366,8 @@ class Crypt_Base * for each cipher. * * Example: - * $aes = new Crypt_AES(CRYPT_AES_MODE_CFB); // $aes will operate in cfb mode - * $aes = new Crypt_AES(CRYPT_MODE_CFB); // identical + * $aes = new Crypt_AES(Crypt_AES::MODE_CFB); // $aes will operate in cfb mode + * $aes = new Crypt_AES(self::MODE_CFB); // identical * * @see Crypt_Base::__construct() * @var String @@ -379,7 +379,7 @@ class Crypt_Base * The name of the performance-optimized callback function * * Used by encrypt() / decrypt() - * only if $engine == CRYPT_MODE_INTERNAL + * only if $engine == self::ENGINE_INTERNAL * * @see Crypt_Base::encrypt() * @see Crypt_Base::decrypt() @@ -408,24 +408,24 @@ class Crypt_Base * * $mode could be: * - * - CRYPT_MODE_ECB + * - self::MODE_ECB * - * - CRYPT_MODE_CBC + * - self::MODE_CBC * - * - CRYPT_MODE_CTR + * - self::MODE_CTR * - * - CRYPT_MODE_CFB + * - self::MODE_CFB * - * - CRYPT_MODE_OFB + * - self::MODE_OFB * * (or the alias constants of the chosen cipher, for example for AES: CRYPT_AES_MODE_ECB or CRYPT_AES_MODE_CBC ...) * - * If not explicitly set, CRYPT_MODE_CBC will be used. + * If not explicitly set, self::MODE_CBC will be used. * * @param optional Integer $mode * @access public */ - function __construct($mode = CRYPT_MODE_CBC) + function __construct($mode = self::MODE_CBC) { $const_crypt_mode = 'CRYPT_' . $this->const_namespace . '_MODE'; @@ -433,42 +433,42 @@ class Crypt_Base if (!defined($const_crypt_mode)) { switch (true) { case extension_loaded('mcrypt') && in_array($this->cipher_name_mcrypt, mcrypt_list_algorithms()): - define($const_crypt_mode, CRYPT_MODE_MCRYPT); + define($const_crypt_mode, self::ENGINE_MCRYPT); break; default: - define($const_crypt_mode, CRYPT_MODE_INTERNAL); + define($const_crypt_mode, self::ENGINE_INTERNAL); } } // Determining which internal $engine should be used. // The fastes possible first. switch (true) { - case empty($this->cipher_name_mcrypt): // The cipher module has no mcrypt-engine support at all so we force CRYPT_MODE_INTERNAL - $this->engine = CRYPT_MODE_INTERNAL; + case empty($this->cipher_name_mcrypt): // The cipher module has no mcrypt-engine support at all so we force self::ENGINE_INTERNAL + $this->engine = self::ENGINE_INTERNAL; break; - case constant($const_crypt_mode) == CRYPT_MODE_MCRYPT: - $this->engine = CRYPT_MODE_MCRYPT; + case constant($const_crypt_mode) == self::ENGINE_MCRYPT: + $this->engine = self::ENGINE_MCRYPT; break; default: - $this->engine = CRYPT_MODE_INTERNAL; + $this->engine = self::ENGINE_INTERNAL; } // $mode dependent settings switch ($mode) { - case CRYPT_MODE_ECB: + case self::MODE_ECB: $this->paddable = true; $this->mode = $mode; break; - case CRYPT_MODE_CTR: - case CRYPT_MODE_CFB: - case CRYPT_MODE_OFB: - case CRYPT_MODE_STREAM: + case self::MODE_CTR: + case self::MODE_CFB: + case self::MODE_OFB: + case self::MODE_STREAM: $this->mode = $mode; break; - case CRYPT_MODE_CBC: + case self::MODE_CBC: default: $this->paddable = true; - $this->mode = CRYPT_MODE_CBC; + $this->mode = self::MODE_CBC; } // Determining whether inline crypting can be used by the cipher @@ -480,7 +480,7 @@ class Crypt_Base /** * Sets the initialization vector. (optional) * - * SetIV is not required when CRYPT_MODE_ECB (or ie for AES: CRYPT_AES_MODE_ECB) is being used. If not explicitly set, it'll be assumed + * SetIV is not required when self::MODE_ECB (or ie for AES: Crypt_AES::MODE_ECB) is being used. If not explicitly set, it'll be assumed * to be all zero's. * * Note: Could, but not must, extend by the child Crypt_* class @@ -490,7 +490,7 @@ class Crypt_Base */ function setIV($iv) { - if ($this->mode == CRYPT_MODE_ECB) { + if ($this->mode == self::MODE_ECB) { return; } @@ -636,7 +636,7 @@ class Crypt_Base */ function encrypt($plaintext) { - if ($this->engine == CRYPT_MODE_MCRYPT) { + if ($this->engine == self::ENGINE_MCRYPT) { if ($this->changed) { $this->_setupMcrypt(); $this->changed = false; @@ -649,7 +649,7 @@ class Crypt_Base // re: {@link http://phpseclib.sourceforge.net/cfb-demo.phps} // using mcrypt's default handing of CFB the above would output two different things. using phpseclib's // rewritten CFB implementation the above outputs the same thing twice. - if ($this->mode == CRYPT_MODE_CFB && $this->continuousBuffer) { + if ($this->mode == self::MODE_CFB && $this->continuousBuffer) { $block_size = $this->block_size; $iv = &$this->encryptIV; $pos = &$this->enbuffer['pos']; @@ -731,12 +731,12 @@ class Crypt_Base $block_size = $this->block_size; $ciphertext = ''; switch ($this->mode) { - case CRYPT_MODE_ECB: + case self::MODE_ECB: for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { $ciphertext.= $this->_encryptBlock(substr($plaintext, $i, $block_size)); } break; - case CRYPT_MODE_CBC: + case self::MODE_CBC: $xor = $this->encryptIV; for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { $block = substr($plaintext, $i, $block_size); @@ -748,7 +748,7 @@ class Crypt_Base $this->encryptIV = $xor; } break; - case CRYPT_MODE_CTR: + case self::MODE_CTR: $xor = $this->encryptIV; if (strlen($buffer['encrypted'])) { for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { @@ -773,7 +773,7 @@ class Crypt_Base } } break; - case CRYPT_MODE_CFB: + case self::MODE_CFB: // cfb loosely routines inspired by openssl's: // {@link http://cvs.openssl.org/fileview?f=openssl/crypto/modes/cfb128.c&v=1.3.2.2.2.1} if ($this->continuousBuffer) { @@ -815,7 +815,7 @@ class Crypt_Base $pos = $len; } break; - case CRYPT_MODE_OFB: + case self::MODE_OFB: $xor = $this->encryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { @@ -841,7 +841,7 @@ class Crypt_Base } } break; - case CRYPT_MODE_STREAM: + case self::MODE_STREAM: $ciphertext = $this->_encryptBlock($plaintext); break; } @@ -864,7 +864,7 @@ class Crypt_Base */ function decrypt($ciphertext) { - if ($this->engine == CRYPT_MODE_MCRYPT) { + if ($this->engine == self::ENGINE_MCRYPT) { $block_size = $this->block_size; if ($this->changed) { $this->_setupMcrypt(); @@ -875,7 +875,7 @@ class Crypt_Base $this->dechanged = false; } - if ($this->mode == CRYPT_MODE_CFB && $this->continuousBuffer) { + if ($this->mode == self::MODE_CFB && $this->continuousBuffer) { $iv = &$this->decryptIV; $pos = &$this->debuffer['pos']; $len = strlen($ciphertext); @@ -946,12 +946,12 @@ class Crypt_Base $buffer = &$this->debuffer; $plaintext = ''; switch ($this->mode) { - case CRYPT_MODE_ECB: + case self::MODE_ECB: for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { $plaintext.= $this->_decryptBlock(substr($ciphertext, $i, $block_size)); } break; - case CRYPT_MODE_CBC: + case self::MODE_CBC: $xor = $this->decryptIV; for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { $block = substr($ciphertext, $i, $block_size); @@ -962,7 +962,7 @@ class Crypt_Base $this->decryptIV = $xor; } break; - case CRYPT_MODE_CTR: + case self::MODE_CTR: $xor = $this->decryptIV; if (strlen($buffer['ciphertext'])) { for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { @@ -987,7 +987,7 @@ class Crypt_Base } } break; - case CRYPT_MODE_CFB: + case self::MODE_CFB: if ($this->continuousBuffer) { $iv = &$this->decryptIV; $pos = &$buffer['pos']; @@ -1028,7 +1028,7 @@ class Crypt_Base $pos = $len; } break; - case CRYPT_MODE_OFB: + case self::MODE_OFB: $xor = $this->decryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { @@ -1054,7 +1054,7 @@ class Crypt_Base } } break; - case CRYPT_MODE_STREAM: + case self::MODE_STREAM: $plaintext = $this->_decryptBlock($ciphertext); break; } @@ -1133,7 +1133,7 @@ class Crypt_Base */ function enableContinuousBuffer() { - if ($this->mode == CRYPT_MODE_ECB) { + if ($this->mode == self::MODE_ECB) { return; } @@ -1152,7 +1152,7 @@ class Crypt_Base */ function disableContinuousBuffer() { - if ($this->mode == CRYPT_MODE_ECB) { + if ($this->mode == self::MODE_ECB) { return; } if (!$this->continuousBuffer) { @@ -1194,7 +1194,7 @@ class Crypt_Base /** * Setup the key (expansion) * - * Only used if $engine == CRYPT_MODE_INTERNAL + * Only used if $engine == self::ENGINE_INTERNAL * * Note: Must extend by the child Crypt_* class * @@ -1207,10 +1207,10 @@ class Crypt_Base } /** - * Setup the CRYPT_MODE_INTERNAL $engine + * Setup the self::ENGINE_INTERNAL $engine * * (re)init, if necessary, the internal cipher $engine and flush all $buffers - * Used (only) if $engine == CRYPT_MODE_INTERNAL + * Used (only) if $engine == self::ENGINE_INTERNAL * * _setup() will be called each time if $changed === true * typically this happens when using one or more of following public methods: @@ -1243,10 +1243,10 @@ class Crypt_Base } /** - * Setup the CRYPT_MODE_MCRYPT $engine + * Setup the self::ENGINE_MCRYPT $engine * * (re)init, if necessary, the (ext)mcrypt resources and flush all $buffers - * Used (only) if $engine = CRYPT_MODE_MCRYPT + * Used (only) if $engine = self::ENGINE_MCRYPT * * _setupMcrypt() will be called each time if $changed === true * typically this happens when using one or more of following public methods: @@ -1274,12 +1274,12 @@ class Crypt_Base if (!isset($this->enmcrypt)) { static $mcrypt_modes = array( - CRYPT_MODE_CTR => 'ctr', - CRYPT_MODE_ECB => MCRYPT_MODE_ECB, - CRYPT_MODE_CBC => MCRYPT_MODE_CBC, - CRYPT_MODE_CFB => 'ncfb', - CRYPT_MODE_OFB => MCRYPT_MODE_NOFB, - CRYPT_MODE_STREAM => MCRYPT_MODE_STREAM, + self::MODE_CTR => 'ctr', + self::MODE_ECB => MCRYPT_MODE_ECB, + self::MODE_CBC => MCRYPT_MODE_CBC, + self::MODE_CFB => 'ncfb', + self::MODE_OFB => MCRYPT_MODE_NOFB, + self::MODE_STREAM => MCRYPT_MODE_STREAM, ); $this->demcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], ''); @@ -1288,13 +1288,13 @@ class Crypt_Base // we need the $ecb mcrypt resource (only) in MODE_CFB with enableContinuousBuffer() // to workaround mcrypt's broken ncfb implementation in buffered mode // see: {@link http://phpseclib.sourceforge.net/cfb-demo.phps} - if ($this->mode == CRYPT_MODE_CFB) { + if ($this->mode == self::MODE_CFB) { $this->ecb = mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, ''); } } // else should mcrypt_generic_deinit be called? - if ($this->mode == CRYPT_MODE_CFB) { + if ($this->mode == self::MODE_CFB) { mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size)); } } @@ -1446,7 +1446,7 @@ class Crypt_Base * * _setupInlineCrypt() would be called only if: * - * - $engine == CRYPT_MODE_INTERNAL and + * - $engine == self::ENGINE_INTERNAL and * * - $use_inline_crypt === true * @@ -1635,7 +1635,7 @@ class Crypt_Base // merged with the $cipher_code algorithm // for encrypt- and decryption. switch ($this->mode) { - case CRYPT_MODE_ECB: + case self::MODE_ECB: $encrypt = $init_encrypt . ' $_ciphertext = ""; $_text = $self->_pad($_text); @@ -1664,7 +1664,7 @@ class Crypt_Base return $self->_unpad($_plaintext); '; break; - case CRYPT_MODE_CTR: + case self::MODE_CTR: $encrypt = $init_encrypt . ' $_ciphertext = ""; $_plaintext_len = strlen($_text); @@ -1737,7 +1737,7 @@ class Crypt_Base return $_plaintext; '; break; - case CRYPT_MODE_CFB: + case self::MODE_CFB: $encrypt = $init_encrypt . ' $_ciphertext = ""; $_buffer = &$self->enbuffer; @@ -1836,7 +1836,7 @@ class Crypt_Base return $_plaintext; '; break; - case CRYPT_MODE_OFB: + case self::MODE_OFB: $encrypt = $init_encrypt . ' $_ciphertext = ""; $_plaintext_len = strlen($_text); @@ -1909,7 +1909,7 @@ class Crypt_Base return $_plaintext; '; break; - case CRYPT_MODE_STREAM: + case self::MODE_STREAM: $encrypt = $init_encrypt . ' $_ciphertext = ""; '.$encrypt_block.' @@ -1921,7 +1921,7 @@ class Crypt_Base return $_plaintext; '; break; - // case CRYPT_MODE_CBC: + // case self::MODE_CBC: default: $encrypt = $init_encrypt . ' $_ciphertext = ""; diff --git a/phpseclib/Crypt/Blowfish.php b/phpseclib/Crypt/Blowfish.php index 7c26d232..cd998736 100644 --- a/phpseclib/Crypt/Blowfish.php +++ b/phpseclib/Crypt/Blowfish.php @@ -44,59 +44,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access public - * @see Crypt_Blowfish::encrypt() - * @see Crypt_Blowfish::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_BLOWFISH_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_BLOWFISH_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_BLOWFISH_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_BLOWFISH_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_BLOWFISH_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_BLOWFISH_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_BLOWFISH_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of Blowfish. * diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 66c10899..e9bb6269 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -49,74 +49,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access private - * @see Crypt_DES::_setupKey() - * @see Crypt_DES::_processBlock() - */ -/** - * Contains $keys[CRYPT_DES_ENCRYPT] - */ -define('CRYPT_DES_ENCRYPT', 0); -/** - * Contains $keys[CRYPT_DES_DECRYPT] - */ -define('CRYPT_DES_DECRYPT', 1); -/**#@-*/ - -/**#@+ - * @access public - * @see Crypt_DES::encrypt() - * @see Crypt_DES::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_DES_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_DES_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_DES_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_DES_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_DES_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_DES_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_DES_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of DES. * @@ -126,6 +58,21 @@ define('CRYPT_DES_MODE_MCRYPT', CRYPT_MODE_MCRYPT); */ class Crypt_DES extends Crypt_Base { + /**#@+ + * @access private + * @see Crypt_DES::_setupKey() + * @see Crypt_DES::_processBlock() + */ + /** + * Contains $keys[self::ENCRYPT] + */ + const ENCRYPT = 0; + /** + * Contains $keys[self::DECRYPT] + */ + const DECRYPT = 1; + /**#@-*/ + /** * Block Length of the cipher * @@ -185,7 +132,7 @@ class Crypt_DES extends Crypt_Base /** * Switch for DES/3DES encryption * - * Used only if $engine == CRYPT_DES_MODE_INTERNAL + * Used only if $engine == self::ENGINE_INTERNAL * * @see Crypt_DES::_setupKey() * @see Crypt_DES::_processBlock() @@ -682,7 +629,7 @@ class Crypt_DES extends Crypt_Base */ function _encryptBlock($in) { - return $this->_processBlock($in, CRYPT_DES_ENCRYPT); + return $this->_processBlock($in, self::ENCRYPT); } /** @@ -697,13 +644,13 @@ class Crypt_DES extends Crypt_Base */ function _decryptBlock($in) { - return $this->_processBlock($in, CRYPT_DES_DECRYPT); + return $this->_processBlock($in, self::DECRYPT); } /** * Encrypts or decrypts a 64-bit block * - * $mode should be either CRYPT_DES_ENCRYPT or CRYPT_DES_DECRYPT. See + * $mode should be either self::ENCRYPT or self::DECRYPT. See * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general * idea of what this function does. * @@ -1273,8 +1220,8 @@ class Crypt_DES extends Crypt_Base $d = (($key['d'] >> 4) & 0x0FFFFFF0) | ($key['c'] & 0x0F); $keys[$des_round] = array( - CRYPT_DES_ENCRYPT => array(), - CRYPT_DES_DECRYPT => array_fill(0, 32, 0) + self::ENCRYPT => array(), + self::DECRYPT => array_fill(0, 32, 0) ); for ($i = 0, $ki = 31; $i < 16; ++$i, $ki-= 2) { $c <<= $shifts[$i]; @@ -1293,33 +1240,33 @@ class Crypt_DES extends Crypt_Base (($dp >> 16) & 0x0000FF00) | (($dp >> 8) & 0x000000FF); $val2 = (($cp << 8) & 0xFF000000) | (($cp << 16) & 0x00FF0000) | (($dp >> 8) & 0x0000FF00) | ( $dp & 0x000000FF); - $keys[$des_round][CRYPT_DES_ENCRYPT][ ] = $val1; - $keys[$des_round][CRYPT_DES_DECRYPT][$ki - 1] = $val1; - $keys[$des_round][CRYPT_DES_ENCRYPT][ ] = $val2; - $keys[$des_round][CRYPT_DES_DECRYPT][$ki ] = $val2; + $keys[$des_round][self::ENCRYPT][ ] = $val1; + $keys[$des_round][self::DECRYPT][$ki - 1] = $val1; + $keys[$des_round][self::ENCRYPT][ ] = $val2; + $keys[$des_round][self::DECRYPT][$ki ] = $val2; } } switch ($this->des_rounds) { case 3: // 3DES keys $this->keys = array( - CRYPT_DES_ENCRYPT => array_merge( - $keys[0][CRYPT_DES_ENCRYPT], - $keys[1][CRYPT_DES_DECRYPT], - $keys[2][CRYPT_DES_ENCRYPT] + self::ENCRYPT => array_merge( + $keys[0][self::ENCRYPT], + $keys[1][self::DECRYPT], + $keys[2][self::ENCRYPT] ), - CRYPT_DES_DECRYPT => array_merge( - $keys[2][CRYPT_DES_DECRYPT], - $keys[1][CRYPT_DES_ENCRYPT], - $keys[0][CRYPT_DES_DECRYPT] + self::DECRYPT => array_merge( + $keys[2][self::DECRYPT], + $keys[1][self::ENCRYPT], + $keys[0][self::DECRYPT] ) ); break; // case 1: // DES keys default: $this->keys = array( - CRYPT_DES_ENCRYPT => $keys[0][CRYPT_DES_ENCRYPT], - CRYPT_DES_DECRYPT => $keys[0][CRYPT_DES_DECRYPT] + self::ENCRYPT => $keys[0][self::ENCRYPT], + self::DECRYPT => $keys[0][self::DECRYPT] ); } } @@ -1384,8 +1331,8 @@ class Crypt_DES extends Crypt_Base // No futher initialisation of the $keys schedule is necessary. // That is the extra performance boost. $k = array( - CRYPT_DES_ENCRYPT => $this->keys[CRYPT_DES_ENCRYPT], - CRYPT_DES_DECRYPT => $this->keys[CRYPT_DES_DECRYPT] + self::ENCRYPT => $this->keys[self::ENCRYPT], + self::DECRYPT => $this->keys[self::DECRYPT] ); $init_encrypt = ''; $init_decrypt = ''; @@ -1394,21 +1341,21 @@ class Crypt_DES extends Crypt_Base // In generic optimized code mode, we have to use, as the best compromise [currently], // our key schedule as $ke/$kd arrays. (with hardcoded indexes...) $k = array( - CRYPT_DES_ENCRYPT => array(), - CRYPT_DES_DECRYPT => array() + self::ENCRYPT => array(), + self::DECRYPT => array() ); - for ($i = 0, $c = count($this->keys[CRYPT_DES_ENCRYPT]); $i < $c; ++$i) { - $k[CRYPT_DES_ENCRYPT][$i] = '$ke[' . $i . ']'; - $k[CRYPT_DES_DECRYPT][$i] = '$kd[' . $i . ']'; + for ($i = 0, $c = count($this->keys[self::ENCRYPT]); $i < $c; ++$i) { + $k[self::ENCRYPT][$i] = '$ke[' . $i . ']'; + $k[self::DECRYPT][$i] = '$kd[' . $i . ']'; } - $init_encrypt = '$ke = $self->keys[CRYPT_DES_ENCRYPT];'; - $init_decrypt = '$kd = $self->keys[CRYPT_DES_DECRYPT];'; + $init_encrypt = '$ke = $self->keys[self::ENCRYPT];'; + $init_decrypt = '$kd = $self->keys[self::DECRYPT];'; break; } // Creating code for en- and decryption. $crypt_block = array(); - foreach (array(CRYPT_DES_ENCRYPT, CRYPT_DES_DECRYPT) as $c) { + foreach (array(self::ENCRYPT, self::DECRYPT) as $c) { /* Do the initial IP permutation. */ $crypt_block[$c] = ' @@ -1476,8 +1423,8 @@ class Crypt_DES extends Crypt_Base 'init_crypt' => $init_crypt, 'init_encrypt' => $init_encrypt, 'init_decrypt' => $init_decrypt, - 'encrypt_block' => $crypt_block[CRYPT_DES_ENCRYPT], - 'decrypt_block' => $crypt_block[CRYPT_DES_DECRYPT] + 'encrypt_block' => $crypt_block[self::ENCRYPT], + 'decrypt_block' => $crypt_block[self::DECRYPT] ) ); } diff --git a/phpseclib/Crypt/Hash.php b/phpseclib/Crypt/Hash.php index 35886a2c..8f0dd4aa 100644 --- a/phpseclib/Crypt/Hash.php +++ b/phpseclib/Crypt/Hash.php @@ -38,24 +38,6 @@ use \phpseclib\Math\BigInteger; -/**#@+ - * @access private - * @see Crypt_Hash::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_HASH_MODE_INTERNAL', 1); -/** - * Toggles the mhash() implementation, which has been deprecated on PHP 5.3.0+. - */ -define('CRYPT_HASH_MODE_MHASH', 2); -/** - * Toggles the hash() implementation, which works on PHP 5.1.2+. - */ -define('CRYPT_HASH_MODE_HASH', 3); -/**#@-*/ - /** * Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions. * @@ -65,6 +47,24 @@ define('CRYPT_HASH_MODE_HASH', 3); */ class Crypt_Hash { + /**#@+ + * @access private + * @see Crypt_Hash::__construct() + */ + /** + * Toggles the internal implementation + */ + const MODE_INTERNAL = 1; + /** + * Toggles the mhash() implementation, which has been deprecated on PHP 5.3.0+. + */ + const MODE_MHASH = 2; + /** + * Toggles the hash() implementation, which works on PHP 5.1.2+. + */ + const MODE_HASH = 3; + /**#@-*/ + /** * Hash Parameter * @@ -140,13 +140,13 @@ class Crypt_Hash if ( !defined('CRYPT_HASH_MODE') ) { switch (true) { case extension_loaded('hash'): - define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_HASH); + define('CRYPT_HASH_MODE', self::MODE_HASH); break; case extension_loaded('mhash'): - define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_MHASH); + define('CRYPT_HASH_MODE', self::MODE_MHASH); break; default: - define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_INTERNAL); + define('CRYPT_HASH_MODE', self::MODE_INTERNAL); } } @@ -215,19 +215,19 @@ class Crypt_Hash switch ($hash) { case 'md2': - $mode = CRYPT_HASH_MODE == CRYPT_HASH_MODE_HASH && in_array('md2', hash_algos()) ? - CRYPT_HASH_MODE_HASH : CRYPT_HASH_MODE_INTERNAL; + $mode = CRYPT_HASH_MODE == self::MODE_HASH && in_array('md2', hash_algos()) ? + self::MODE_HASH : self::MODE_INTERNAL; break; case 'sha384': case 'sha512': - $mode = CRYPT_HASH_MODE == CRYPT_HASH_MODE_MHASH ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE; + $mode = CRYPT_HASH_MODE == self::MODE_MHASH ? self::MODE_INTERNAL : CRYPT_HASH_MODE; break; default: $mode = CRYPT_HASH_MODE; } switch ( $mode ) { - case CRYPT_HASH_MODE_MHASH: + case self::MODE_MHASH: switch ($hash) { case 'md5': $this->hash = MHASH_MD5; @@ -240,7 +240,7 @@ class Crypt_Hash $this->hash = MHASH_SHA1; } return; - case CRYPT_HASH_MODE_HASH: + case self::MODE_HASH: switch ($hash) { case 'md5': $this->hash = 'md5'; @@ -295,17 +295,17 @@ class Crypt_Hash */ function hash($text) { - $mode = is_array($this->hash) ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE; + $mode = is_array($this->hash) ? self::MODE_INTERNAL : CRYPT_HASH_MODE; if (!empty($this->key) || is_string($this->key)) { switch ( $mode ) { - case CRYPT_HASH_MODE_MHASH: + case self::MODE_MHASH: $output = mhash($this->hash, $text, $this->key); break; - case CRYPT_HASH_MODE_HASH: + case self::MODE_HASH: $output = hash_hmac($this->hash, $text, $this->key, true); break; - case CRYPT_HASH_MODE_INTERNAL: + case self::MODE_INTERNAL: /* "Applications that use keys longer than B bytes will first hash the key using H and then use the resultant L byte string as the actual key to HMAC." @@ -322,13 +322,13 @@ class Crypt_Hash } } else { switch ( $mode ) { - case CRYPT_HASH_MODE_MHASH: + case self::MODE_MHASH: $output = mhash($this->hash, $text); break; - case CRYPT_HASH_MODE_HASH: + case self::MODE_HASH: $output = hash($this->hash, $text, true); break; - case CRYPT_HASH_MODE_INTERNAL: + case self::MODE_INTERNAL: $output = call_user_func($this->hash, $text); } } diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index 9648c395..9d97316f 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -42,59 +42,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access public - * @see Crypt_RC2::encrypt() - * @see Crypt_RC2::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_RC2_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_RC2_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_RC2_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_RC2_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_RC2_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_RC2::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_RC2_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_RC2_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of RC2. * @@ -304,23 +251,23 @@ class Crypt_RC2 extends Crypt_Base * * $mode could be: * - * - CRYPT_RC2_MODE_ECB + * - Crypt_Base::MODE_ECB * - * - CRYPT_RC2_MODE_CBC + * - Crypt_Base::MODE_CBC * - * - CRYPT_RC2_MODE_CTR + * - Crypt_Base::MODE_CTR * - * - CRYPT_RC2_MODE_CFB + * - Crypt_Base::MODE_CFB * - * - CRYPT_RC2_MODE_OFB + * - Crypt_Base::MODE_OFB * - * If not explicitly set, CRYPT_RC2_MODE_CBC will be used. + * If not explicitly set, Crypt_Base::MODE_CBC will be used. * * @see Crypt_Base::__construct() * @param optional Integer $mode * @access public */ - function __construct($mode = CRYPT_RC2_MODE_CBC) + function __construct($mode = Crypt_Base::MODE_CBC) { parent::__construct($mode); $this->setKey(''); diff --git a/phpseclib/Crypt/RC4.php b/phpseclib/Crypt/RC4.php index d570c5a8..05e0afaf 100644 --- a/phpseclib/Crypt/RC4.php +++ b/phpseclib/Crypt/RC4.php @@ -51,28 +51,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access private - * @see Crypt_RC4::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_RC4_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_RC4_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_RC4::_crypt() - */ -define('CRYPT_RC4_ENCRYPT', 0); -define('CRYPT_RC4_DECRYPT', 1); -/**#@-*/ - /** * Pure-PHP implementation of RC4. * @@ -82,6 +60,14 @@ define('CRYPT_RC4_DECRYPT', 1); */ class Crypt_RC4 extends Crypt_Base { + /**#@+ + * @access private + * @see Crypt_RC4::_crypt() + */ + const ENCRYPT = 0; + const DECRYPT = 1; + /**#@-*/ + /** * Block Length of the cipher * @@ -160,7 +146,7 @@ class Crypt_RC4 extends Crypt_Base */ function __construct() { - parent::__construct(CRYPT_MODE_STREAM); + parent::__construct(Crypt_Base::MODE_STREAM); } /** @@ -212,10 +198,10 @@ class Crypt_RC4 extends Crypt_Base */ function encrypt($plaintext) { - if ($this->engine == CRYPT_MODE_MCRYPT) { + if ($this->engine == Crypt_Base::ENGINE_MCRYPT) { return parent::encrypt($plaintext); } - return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT); + return $this->_crypt($plaintext, self::ENCRYPT); } /** @@ -232,10 +218,10 @@ class Crypt_RC4 extends Crypt_Base */ function decrypt($ciphertext) { - if ($this->engine == CRYPT_MODE_MCRYPT) { + if ($this->engine == Crypt_Base::ENGINE_MCRYPT) { return parent::decrypt($ciphertext); } - return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT); + return $this->_crypt($ciphertext, self::DECRYPT); } @@ -259,7 +245,7 @@ class Crypt_RC4 extends Crypt_Base } $this->stream = array(); - $this->stream[CRYPT_RC4_DECRYPT] = $this->stream[CRYPT_RC4_ENCRYPT] = array( + $this->stream[self::DECRYPT] = $this->stream[self::ENCRYPT] = array( 0, // index $i 0, // index $j $keyStream diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 1e9ca16b..3e41bc65 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -59,184 +59,6 @@ if (!class_exists('Crypt_Hash')) { include_once 'Hash.php'; } -/**#@+ - * @access public - * @see Crypt_RSA::encrypt() - * @see Crypt_RSA::decrypt() - */ -/** - * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} - * (OAEP) for encryption / decryption. - * - * Uses sha1 by default. - * - * @see Crypt_RSA::setHash() - * @see Crypt_RSA::setMGFHash() - */ -define('CRYPT_RSA_ENCRYPTION_OAEP', 1); -/** - * Use PKCS#1 padding. - * - * Although CRYPT_RSA_ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards - * compatibility with protocols (like SSH-1) written before OAEP's introduction. - */ -define('CRYPT_RSA_ENCRYPTION_PKCS1', 2); -/**#@-*/ - -/**#@+ - * @access public - * @see Crypt_RSA::sign() - * @see Crypt_RSA::verify() - * @see Crypt_RSA::setHash() - */ -/** - * Use the Probabilistic Signature Scheme for signing - * - * Uses sha1 by default. - * - * @see Crypt_RSA::setSaltLength() - * @see Crypt_RSA::setMGFHash() - */ -define('CRYPT_RSA_SIGNATURE_PSS', 1); -/** - * Use the PKCS#1 scheme by default. - * - * Although CRYPT_RSA_SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards - * compatibility with protocols (like SSH-2) written before PSS's introduction. - */ -define('CRYPT_RSA_SIGNATURE_PKCS1', 2); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_RSA::createKey() - */ -/** - * ASN1 Integer - */ -define('CRYPT_RSA_ASN1_INTEGER', 2); -/** - * ASN1 Bit String - */ -define('CRYPT_RSA_ASN1_BITSTRING', 3); -/** - * ASN1 Octet String - */ -define('CRYPT_RSA_ASN1_OCTETSTRING', 4); -/** - * ASN1 Object Identifier - */ -define('CRYPT_RSA_ASN1_OBJECT', 6); -/** - * ASN1 Sequence (with the constucted bit set) - */ -define('CRYPT_RSA_ASN1_SEQUENCE', 48); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_RSA::__construct() - */ -/** - * To use the pure-PHP implementation - */ -define('CRYPT_RSA_MODE_INTERNAL', 1); -/** - * To use the OpenSSL library - * - * (if enabled; otherwise, the internal implementation will be used) - */ -define('CRYPT_RSA_MODE_OPENSSL', 2); -/**#@-*/ - -/** - * Default openSSL configuration file. - */ -define('CRYPT_RSA_OPENSSL_CONFIG', dirname(__FILE__) . '/../openssl.cnf'); - -/**#@+ - * @access public - * @see Crypt_RSA::createKey() - * @see Crypt_RSA::setPrivateKeyFormat() - */ -/** - * PKCS#1 formatted private key - * - * Used by OpenSSH - */ -define('CRYPT_RSA_PRIVATE_FORMAT_PKCS1', 0); -/** - * PuTTY formatted private key - */ -define('CRYPT_RSA_PRIVATE_FORMAT_PUTTY', 1); -/** - * XML formatted private key - */ -define('CRYPT_RSA_PRIVATE_FORMAT_XML', 2); -/** - * PKCS#8 formatted private key - */ -define('CRYPT_RSA_PRIVATE_FORMAT_PKCS8', 3); -/**#@-*/ - -/**#@+ - * @access public - * @see Crypt_RSA::createKey() - * @see Crypt_RSA::setPublicKeyFormat() - */ -/** - * Raw public key - * - * An array containing two \phpseclib\Math\BigInteger objects. - * - * The exponent can be indexed with any of the following: - * - * 0, e, exponent, publicExponent - * - * The modulus can be indexed with any of the following: - * - * 1, n, modulo, modulus - */ -define('CRYPT_RSA_PUBLIC_FORMAT_RAW', 3); -/** - * PKCS#1 formatted public key (raw) - * - * Used by File/X509.php - * - * Has the following header: - * - * -----BEGIN RSA PUBLIC KEY----- - * - * Analogous to ssh-keygen's pem format (as specified by -m) - */ -define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1', 4); -define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW', 4); -/** - * XML formatted public key - */ -define('CRYPT_RSA_PUBLIC_FORMAT_XML', 5); -/** - * OpenSSH formatted public key - * - * Place in $HOME/.ssh/authorized_keys - */ -define('CRYPT_RSA_PUBLIC_FORMAT_OPENSSH', 6); -/** - * PKCS#1 formatted public key (encapsulated) - * - * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set) - * - * Has the following header: - * - * -----BEGIN PUBLIC KEY----- - * - * Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8 - * is specific to private keys it's basically creating a DER-encoded wrapper - * for keys. This just extends that same concept to public keys (much like ssh-keygen) - */ -define('CRYPT_RSA_PUBLIC_FORMAT_PKCS8', 7); -/**#@-*/ - /** * Pure-PHP PKCS#1 compliant implementation of RSA. * @@ -246,6 +68,179 @@ define('CRYPT_RSA_PUBLIC_FORMAT_PKCS8', 7); */ class Crypt_RSA { + /**#@+ + * @access public + * @see Crypt_RSA::encrypt() + * @see Crypt_RSA::decrypt() + */ + /** + * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} + * (OAEP) for encryption / decryption. + * + * Uses sha1 by default. + * + * @see Crypt_RSA::setHash() + * @see Crypt_RSA::setMGFHash() + */ + const ENCRYPTION_OAEP = 1; + /** + * Use PKCS#1 padding. + * + * Although self::ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards + * compatibility with protocols (like SSH-1) written before OAEP's introduction. + */ + const ENCRYPTION_PKCS1 = 2; + /**#@-*/ + + /**#@+ + * @access public + * @see Crypt_RSA::sign() + * @see Crypt_RSA::verify() + * @see Crypt_RSA::setHash() + */ + /** + * Use the Probabilistic Signature Scheme for signing + * + * Uses sha1 by default. + * + * @see Crypt_RSA::setSaltLength() + * @see Crypt_RSA::setMGFHash() + */ + const SIGNATURE_PSS = 1; + /** + * Use the PKCS#1 scheme by default. + * + * Although self::SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards + * compatibility with protocols (like SSH-2) written before PSS's introduction. + */ + const SIGNATURE_PKCS1 = 2; + /**#@-*/ + + /**#@+ + * @access private + * @see Crypt_RSA::createKey() + */ + /** + * ASN1 Integer + */ + const ASN1_INTEGER = 2; + /** + * ASN1 Bit String + */ + const ASN1_BITSTRING = 3; + /** + * ASN1 Octet String + */ + const ASN1_OCTETSTRING = 4; + /** + * ASN1 Object Identifier + */ + const ASN1_OBJECT = 6; + /** + * ASN1 Sequence (with the constucted bit set) + */ + const ASN1_SEQUENCE = 48; + /**#@-*/ + + /**#@+ + * @access private + * @see Crypt_RSA::__construct() + */ + /** + * To use the pure-PHP implementation + */ + const MODE_INTERNAL = 1; + /** + * To use the OpenSSL library + * + * (if enabled; otherwise, the internal implementation will be used) + */ + const MODE_OPENSSL = 2; + /**#@-*/ + + /**#@+ + * @access public + * @see Crypt_RSA::createKey() + * @see Crypt_RSA::setPrivateKeyFormat() + */ + /** + * PKCS#1 formatted private key + * + * Used by OpenSSH + */ + const PRIVATE_FORMAT_PKCS1 = 0; + /** + * PuTTY formatted private key + */ + const PRIVATE_FORMAT_PUTTY = 1; + /** + * XML formatted private key + */ + const PRIVATE_FORMAT_XML = 2; + /** + * PKCS#8 formatted private key + */ + const PRIVATE_FORMAT_PKCS8 = 3; + /**#@-*/ + + /**#@+ + * @access public + * @see Crypt_RSA::createKey() + * @see Crypt_RSA::setPublicKeyFormat() + */ + /** + * Raw public key + * + * An array containing two \phpseclib\Math\BigInteger objects. + * + * The exponent can be indexed with any of the following: + * + * 0, e, exponent, publicExponent + * + * The modulus can be indexed with any of the following: + * + * 1, n, modulo, modulus + */ + const PUBLIC_FORMAT_RAW = 3; + /** + * PKCS#1 formatted public key (raw) + * + * Used by File/X509.php + * + * Has the following header: + * + * -----BEGIN RSA PUBLIC KEY----- + * + * Analogous to ssh-keygen's pem format (as specified by -m) + */ + const PUBLIC_FORMAT_PKCS1 = 4; + const PUBLIC_FORMAT_PKCS1_RAW = 4; + /** + * XML formatted public key + */ + const PUBLIC_FORMAT_XML = 5; + /** + * OpenSSH formatted public key + * + * Place in $HOME/.ssh/authorized_keys + */ + const PUBLIC_FORMAT_OPENSSH = 6; + /** + * PKCS#1 formatted public key (encapsulated) + * + * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set) + * + * Has the following header: + * + * -----BEGIN PUBLIC KEY----- + * + * Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8 + * is specific to private keys it's basically creating a DER-encoded wrapper + * for keys. This just extends that same concept to public keys (much like ssh-keygen) + */ + const PUBLIC_FORMAT_PKCS8 = 7; + /**#@-*/ + /** * Precomputed Zero * @@ -268,7 +263,7 @@ class Crypt_RSA * @var Integer * @access private */ - var $privateKeyFormat = CRYPT_RSA_PRIVATE_FORMAT_PKCS1; + var $privateKeyFormat = self::PRIVATE_FORMAT_PKCS1; /** * Public Key Format @@ -276,7 +271,7 @@ class Crypt_RSA * @var Integer * @access public */ - var $publicKeyFormat = CRYPT_RSA_PUBLIC_FORMAT_PKCS8; + var $publicKeyFormat = self::PUBLIC_FORMAT_PKCS8; /** * Modulus (ie. n) @@ -380,7 +375,7 @@ class Crypt_RSA * @var Integer * @access private */ - var $encryptionMode = CRYPT_RSA_ENCRYPTION_OAEP; + var $encryptionMode = self::ENCRYPTION_OAEP; /** * Signature mode @@ -388,7 +383,7 @@ class Crypt_RSA * @var Integer * @access private */ - var $signatureMode = CRYPT_RSA_SIGNATURE_PSS; + var $signatureMode = self::SIGNATURE_PSS; /** * Public Exponent @@ -460,7 +455,7 @@ class Crypt_RSA */ function __construct() { - $this->configFile = CRYPT_RSA_OPENSSL_CONFIG; + $this->configFile = dirname(__FILE__) . '/../openssl.cnf'; if ( !defined('CRYPT_RSA_MODE') ) { switch (true) { @@ -468,11 +463,11 @@ class Crypt_RSA // Math/BigInteger doesn't require an openssl.cfg file whereas Crypt/RSA does. so if Math/BigInteger // can't use OpenSSL it can be pretty trivially assumed, then, that Crypt/RSA can't either. case defined('MATH_BIGINTEGER_OPENSSL_DISABLE'): - define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + define('CRYPT_RSA_MODE', self::MODE_INTERNAL); break; // openssl_pkey_get_details - which is used in the only place Crypt/RSA.php uses OpenSSL - was introduced in PHP 5.2.0 case !function_exists('openssl_pkey_get_details'): - define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + define('CRYPT_RSA_MODE', self::MODE_INTERNAL); break; case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>=') && file_exists($this->configFile): // some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work @@ -495,15 +490,15 @@ class Crypt_RSA case !isset($versions['Header']): case !isset($versions['Library']): case $versions['Header'] == $versions['Library']: - define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_OPENSSL); + define('CRYPT_RSA_MODE', self::MODE_OPENSSL); break; default: - define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + define('CRYPT_RSA_MODE', self::MODE_INTERNAL); define('MATH_BIGINTEGER_OPENSSL_DISABLE', true); } break; default: - define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + define('CRYPT_RSA_MODE', self::MODE_INTERNAL); } } @@ -540,7 +535,7 @@ class Crypt_RSA // per , this number ought not result in primes smaller // than 256 bits. as a consequence if the key you're trying to create is 1024 bits and you've set CRYPT_RSA_SMALLEST_PRIME // to 384 bits then you're going to get a 384 bit prime and a 640 bit prime (384 + 1024 % 384). at least if - // CRYPT_RSA_MODE is set to CRYPT_RSA_MODE_INTERNAL. if CRYPT_RSA_MODE is set to CRYPT_RSA_MODE_OPENSSL then + // CRYPT_RSA_MODE is set to self::MODE_INTERNAL. if CRYPT_RSA_MODE is set to self::MODE_OPENSSL then // CRYPT_RSA_SMALLEST_PRIME is ignored (ie. multi-prime RSA support is more intended as a way to speed up RSA key // generation when there's a chance neither gmp nor OpenSSL are installed) if (!defined('CRYPT_RSA_SMALLEST_PRIME')) { @@ -548,7 +543,7 @@ class Crypt_RSA } // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum - if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) { + if ( CRYPT_RSA_MODE == self::MODE_OPENSSL && $bits >= 384 && CRYPT_RSA_EXPONENT == 65537) { $config = array(); if (isset($this->configFile)) { $config['config'] = $this->configFile; @@ -558,8 +553,8 @@ class Crypt_RSA $publickey = openssl_pkey_get_details($rsa); $publickey = $publickey['key']; - $privatekey = call_user_func_array(array($this, '_convertPrivateKey'), array_values($this->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1))); - $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, CRYPT_RSA_PUBLIC_FORMAT_PKCS1))); + $privatekey = call_user_func_array(array($this, '_convertPrivateKey'), array_values($this->_parseKey($privatekey, self::PRIVATE_FORMAT_PKCS1))); + $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, self::PUBLIC_FORMAT_PKCS1))); // clear the buffer of error strings stemming from a minimalistic openssl.cnf while (openssl_error_string() !== false); @@ -712,7 +707,7 @@ class Crypt_RSA */ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) { - $signed = $this->privateKeyFormat != CRYPT_RSA_PRIVATE_FORMAT_XML; + $signed = $this->privateKeyFormat != self::PRIVATE_FORMAT_XML; $num_primes = count($primes); $raw = array( 'version' => $num_primes == 2 ? chr(0) : chr(1), // two-prime vs. multi @@ -729,7 +724,7 @@ class Crypt_RSA // if the format in question does not support multi-prime rsa and multi-prime rsa was used, // call _convertPublicKey() instead. switch ($this->privateKeyFormat) { - case CRYPT_RSA_PRIVATE_FORMAT_XML: + case self::PRIVATE_FORMAT_XML: if ($num_primes != 2) { return false; } @@ -744,7 +739,7 @@ class Crypt_RSA ' ' . base64_encode($raw['privateExponent']) . "\r\n" . ''; break; - case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: + case self::PRIVATE_FORMAT_PUTTY: if ($num_primes != 2) { return false; } @@ -801,10 +796,10 @@ class Crypt_RSA $key.= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n"; return $key; - default: // eg. CRYPT_RSA_PRIVATE_FORMAT_PKCS1 + default: // eg. self::PRIVATE_FORMAT_PKCS1 $components = array(); foreach ($raw as $name => $value) { - $components[$name] = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value); + $components[$name] = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value); } $RSAPrivateKey = implode('', $components); @@ -819,22 +814,22 @@ class Crypt_RSA // exponent INTEGER, -- di // coefficient INTEGER -- ti // } - $OtherPrimeInfo = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true)); - $OtherPrimeInfo.= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true)); - $OtherPrimeInfo.= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true)); - $OtherPrimeInfos.= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo); + $OtherPrimeInfo = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true)); + $OtherPrimeInfo.= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true)); + $OtherPrimeInfo.= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true)); + $OtherPrimeInfos.= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo); } - $RSAPrivateKey.= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos); + $RSAPrivateKey.= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos); } - $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); + $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); - if ($this->privateKeyFormat == CRYPT_RSA_PRIVATE_FORMAT_PKCS8) { + if ($this->privateKeyFormat == self::PRIVATE_FORMAT_PKCS8) { $rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA $RSAPrivateKey = pack('Ca*a*Ca*a*', - CRYPT_RSA_ASN1_INTEGER, "\01\00", $rsaOID, 4, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey + self::ASN1_INTEGER, "\01\00", $rsaOID, 4, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey ); - $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); + $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); if (!empty($this->password) || is_string($this->password)) { $salt = Random::string(8); $iterationCount = 2048; @@ -847,22 +842,22 @@ class Crypt_RSA $RSAPrivateKey = $crypto->encrypt($RSAPrivateKey); $parameters = pack('Ca*a*Ca*N', - CRYPT_RSA_ASN1_OCTETSTRING, $this->_encodeLength(strlen($salt)), $salt, - CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(4), $iterationCount + self::ASN1_OCTETSTRING, $this->_encodeLength(strlen($salt)), $salt, + self::ASN1_INTEGER, $this->_encodeLength(4), $iterationCount ); $pbeWithMD5AndDES_CBC = "\x2a\x86\x48\x86\xf7\x0d\x01\x05\x03"; $encryptionAlgorithm = pack('Ca*a*Ca*a*', - CRYPT_RSA_ASN1_OBJECT, $this->_encodeLength(strlen($pbeWithMD5AndDES_CBC)), $pbeWithMD5AndDES_CBC, - CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($parameters)), $parameters + self::ASN1_OBJECT, $this->_encodeLength(strlen($pbeWithMD5AndDES_CBC)), $pbeWithMD5AndDES_CBC, + self::ASN1_SEQUENCE, $this->_encodeLength(strlen($parameters)), $parameters ); $RSAPrivateKey = pack('Ca*a*Ca*a*', - CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($encryptionAlgorithm)), $encryptionAlgorithm, - CRYPT_RSA_ASN1_OCTETSTRING, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey + self::ASN1_SEQUENCE, $this->_encodeLength(strlen($encryptionAlgorithm)), $encryptionAlgorithm, + self::ASN1_OCTETSTRING, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey ); - $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); + $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); $RSAPrivateKey = "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey), 64) . @@ -912,21 +907,21 @@ class Crypt_RSA */ function _convertPublicKey($n, $e) { - $signed = $this->publicKeyFormat != CRYPT_RSA_PUBLIC_FORMAT_XML; + $signed = $this->publicKeyFormat != self::PUBLIC_FORMAT_XML; $modulus = $n->toBytes($signed); $publicExponent = $e->toBytes($signed); switch ($this->publicKeyFormat) { - case CRYPT_RSA_PUBLIC_FORMAT_RAW: + case self::PUBLIC_FORMAT_RAW: return array('e' => $e->copy(), 'n' => $n->copy()); - case CRYPT_RSA_PUBLIC_FORMAT_XML: + case self::PUBLIC_FORMAT_XML: return "\r\n" . ' ' . base64_encode($modulus) . "\r\n" . ' ' . base64_encode($publicExponent) . "\r\n" . ''; break; - case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: + case self::PUBLIC_FORMAT_OPENSSH: // from : // string "ssh-rsa" // mpint e @@ -935,23 +930,23 @@ class Crypt_RSA $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . $this->comment; return $RSAPublicKey; - default: // eg. CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW or CRYPT_RSA_PUBLIC_FORMAT_PKCS1 + default: // eg. self::PUBLIC_FORMAT_PKCS1_RAW or self::PUBLIC_FORMAT_PKCS1 // from : // RSAPublicKey ::= SEQUENCE { // modulus INTEGER, -- n // publicExponent INTEGER -- e // } $components = array( - 'modulus' => pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($modulus)), $modulus), - 'publicExponent' => pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($publicExponent)), $publicExponent) + 'modulus' => pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($modulus)), $modulus), + 'publicExponent' => pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($publicExponent)), $publicExponent) ); $RSAPublicKey = pack('Ca*a*a*', - CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($components['modulus']) + strlen($components['publicExponent'])), + self::ASN1_SEQUENCE, $this->_encodeLength(strlen($components['modulus']) + strlen($components['publicExponent'])), $components['modulus'], $components['publicExponent'] ); - if ($this->publicKeyFormat == CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW) { + if ($this->publicKeyFormat == self::PUBLIC_FORMAT_PKCS1_RAW) { $RSAPublicKey = "-----BEGIN RSA PUBLIC KEY-----\r\n" . chunk_split(base64_encode($RSAPublicKey), 64) . '-----END RSA PUBLIC KEY-----'; @@ -962,7 +957,7 @@ class Crypt_RSA $RSAPublicKey = chr(3) . $this->_encodeLength(strlen($RSAPublicKey)) . $RSAPublicKey; $RSAPublicKey = pack('Ca*a*', - CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey + self::ASN1_SEQUENCE, $this->_encodeLength(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey ); $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" . @@ -986,12 +981,12 @@ class Crypt_RSA */ function _parseKey($key, $type) { - if ($type != CRYPT_RSA_PUBLIC_FORMAT_RAW && !is_string($key)) { + if ($type != self::PUBLIC_FORMAT_RAW && !is_string($key)) { return false; } switch ($type) { - case CRYPT_RSA_PUBLIC_FORMAT_RAW: + case self::PUBLIC_FORMAT_RAW: if (!is_array($key)) { return false; } @@ -1023,9 +1018,9 @@ class Crypt_RSA $components['modulus'] = $key[1]->copy(); } return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false; - case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: - case CRYPT_RSA_PRIVATE_FORMAT_PKCS8: - case CRYPT_RSA_PUBLIC_FORMAT_PKCS1: + case self::PRIVATE_FORMAT_PKCS1: + case self::PRIVATE_FORMAT_PKCS8: + case self::PUBLIC_FORMAT_PKCS1: /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding @@ -1069,7 +1064,7 @@ class Crypt_RSA if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } - $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); + $crypto = new Crypt_TripleDES(Crypt_TripleDES::MODE_CFB); break; case 'DES-EDE3-CBC': if (!class_exists('Crypt_TripleDES')) { @@ -1100,7 +1095,7 @@ class Crypt_RSA $components = array(); - if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { @@ -1119,14 +1114,14 @@ class Crypt_RSA ie. PKCS8 keys*/ - if ($tag == CRYPT_RSA_ASN1_INTEGER && substr($key, 0, 3) == "\x01\x00\x30") { + if ($tag == self::ASN1_INTEGER && substr($key, 0, 3) == "\x01\x00\x30") { $this->_string_shift($key, 3); - $tag = CRYPT_RSA_ASN1_SEQUENCE; + $tag = self::ASN1_SEQUENCE; } - if ($tag == CRYPT_RSA_ASN1_SEQUENCE) { + if ($tag == self::ASN1_SEQUENCE) { $temp = $this->_string_shift($key, $this->_decodeLength($key)); - if (ord($this->_string_shift($temp)) != CRYPT_RSA_ASN1_OBJECT) { + if (ord($this->_string_shift($temp)) != self::ASN1_OBJECT) { return false; } $length = $this->_decodeLength($temp); @@ -1139,7 +1134,7 @@ class Crypt_RSA salt OCTET STRING (SIZE(8)), iterationCount INTEGER } */ - if (ord($this->_string_shift($temp)) != CRYPT_RSA_ASN1_SEQUENCE) { + if (ord($this->_string_shift($temp)) != self::ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($temp) != strlen($temp)) { @@ -1147,7 +1142,7 @@ class Crypt_RSA } $this->_string_shift($temp); // assume it's an octet string $salt = $this->_string_shift($temp, $this->_decodeLength($temp)); - if (ord($this->_string_shift($temp)) != CRYPT_RSA_ASN1_INTEGER) { + if (ord($this->_string_shift($temp)) != self::ASN1_INTEGER) { return false; } $this->_decodeLength($temp); @@ -1167,7 +1162,7 @@ class Crypt_RSA if ($key === false) { return false; } - return $this->_parseKey($key, CRYPT_RSA_PRIVATE_FORMAT_PKCS1); + return $this->_parseKey($key, self::PRIVATE_FORMAT_PKCS1); default: return false; } @@ -1183,10 +1178,10 @@ class Crypt_RSA // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of // unused bits in the final subsequent octet. The number shall be in the range zero to seven." // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2) - if ($tag == CRYPT_RSA_ASN1_BITSTRING) { + if ($tag == self::ASN1_BITSTRING) { $this->_string_shift($key); } - if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { @@ -1194,7 +1189,7 @@ class Crypt_RSA } $tag = ord($this->_string_shift($key)); } - if ($tag != CRYPT_RSA_ASN1_INTEGER) { + if ($tag != self::ASN1_INTEGER) { return false; } @@ -1202,13 +1197,13 @@ class Crypt_RSA $temp = $this->_string_shift($key, $length); if (strlen($temp) != 1 || ord($temp) > 2) { $components['modulus'] = new BigInteger($temp, 256); - $this->_string_shift($key); // skip over CRYPT_RSA_ASN1_INTEGER + $this->_string_shift($key); // skip over self::ASN1_INTEGER $length = $this->_decodeLength($key); - $components[$type == CRYPT_RSA_PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new BigInteger($this->_string_shift($key, $length), 256); + $components[$type == self::PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new BigInteger($this->_string_shift($key, $length), 256); return $components; } - if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_INTEGER) { + if (ord($this->_string_shift($key)) != self::ASN1_INTEGER) { return false; } $length = $this->_decodeLength($key); @@ -1236,12 +1231,12 @@ class Crypt_RSA $components['coefficients'] = array(2 => new BigInteger($this->_string_shift($key, $length), 256)); if (!empty($key)) { - if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); while (!empty($key)) { - if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); @@ -1258,7 +1253,7 @@ class Crypt_RSA } return $components; - case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: + case self::PUBLIC_FORMAT_OPENSSH: $parts = explode(' ', $key, 3); $key = isset($parts[1]) ? base64_decode($parts[1]) : false; @@ -1301,8 +1296,8 @@ class Crypt_RSA } // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://en.wikipedia.org/wiki/XML_Signature - case CRYPT_RSA_PRIVATE_FORMAT_XML: - case CRYPT_RSA_PUBLIC_FORMAT_XML: + case self::PRIVATE_FORMAT_XML: + case self::PUBLIC_FORMAT_XML: $this->components = array(); $xml = xml_parser_create('UTF-8'); @@ -1316,7 +1311,7 @@ class Crypt_RSA return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false; // from PuTTY's SSHPUBK.C - case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: + case self::PRIVATE_FORMAT_PUTTY: $components = array(); $key = preg_split('#\r\n|\r|\n#', $key); $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0])); @@ -1540,11 +1535,11 @@ class Crypt_RSA if ($type === false) { $types = array( - CRYPT_RSA_PUBLIC_FORMAT_RAW, - CRYPT_RSA_PRIVATE_FORMAT_PKCS1, - CRYPT_RSA_PRIVATE_FORMAT_XML, - CRYPT_RSA_PRIVATE_FORMAT_PUTTY, - CRYPT_RSA_PUBLIC_FORMAT_OPENSSH + self::PUBLIC_FORMAT_RAW, + self::PRIVATE_FORMAT_PKCS1, + self::PRIVATE_FORMAT_XML, + self::PRIVATE_FORMAT_PUTTY, + self::PUBLIC_FORMAT_OPENSSH ); foreach ($types as $type) { $components = $this->_parseKey($key, $type); @@ -1580,11 +1575,11 @@ class Crypt_RSA } switch ($type) { - case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: - case CRYPT_RSA_PUBLIC_FORMAT_RAW: + case self::PUBLIC_FORMAT_OPENSSH: + case self::PUBLIC_FORMAT_RAW: $this->setPublicKey(); break; - case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: + case self::PRIVATE_FORMAT_PKCS1: switch (true) { case strpos($key, '-BEGIN PUBLIC KEY-') !== false: case strpos($key, '-BEGIN RSA PUBLIC KEY-') !== false: @@ -1646,10 +1641,10 @@ class Crypt_RSA if ($type === false) { $types = array( - CRYPT_RSA_PUBLIC_FORMAT_RAW, - CRYPT_RSA_PUBLIC_FORMAT_PKCS1, - CRYPT_RSA_PUBLIC_FORMAT_XML, - CRYPT_RSA_PUBLIC_FORMAT_OPENSSH + self::PUBLIC_FORMAT_RAW, + self::PUBLIC_FORMAT_PKCS1, + self::PUBLIC_FORMAT_XML, + self::PUBLIC_FORMAT_OPENSSH ); foreach ($types as $type) { $components = $this->_parseKey($key, $type); @@ -1722,7 +1717,7 @@ class Crypt_RSA * @param String $key * @param Integer $type optional */ - function getPublicKey($type = CRYPT_RSA_PUBLIC_FORMAT_PKCS8) + function getPublicKey($type = self::PUBLIC_FORMAT_PKCS8) { if (empty($this->modulus) || empty($this->publicExponent)) { return false; @@ -1745,7 +1740,7 @@ class Crypt_RSA * @param String $key * @param Integer $type optional */ - function getPrivateKey($type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1) + function getPrivateKey($type = self::PUBLIC_FORMAT_PKCS1) { if (empty($this->primes)) { return false; @@ -1769,7 +1764,7 @@ class Crypt_RSA * @param String $key * @param Integer $type optional */ - function _getPrivatePublicKey($mode = CRYPT_RSA_PUBLIC_FORMAT_PKCS8) + function _getPrivatePublicKey($mode = self::PUBLIC_FORMAT_PKCS8) { if (empty($this->modulus) || empty($this->exponent)) { return false; @@ -1920,7 +1915,7 @@ class Crypt_RSA /** * Determines which hashing function should be used * - * Used with signature production / verification and (if the encryption mode is CRYPT_RSA_ENCRYPTION_OAEP) encryption and + * Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and * decryption. If $hash isn't supported, sha1 is used. * * @access public @@ -1949,7 +1944,7 @@ class Crypt_RSA /** * Determines which hashing function should be used for the mask generation function * - * The mask generation function is used by CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_SIGNATURE_PSS and although it's + * The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's * best if Hash and MGFHash are set to the same thing this is not a requirement. * * @access public @@ -2757,7 +2752,7 @@ class Crypt_RSA /** * Set Encryption Mode * - * Valid values include CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1. + * Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1. * * @access public * @param Integer $mode @@ -2770,7 +2765,7 @@ class Crypt_RSA /** * Set Signature Mode * - * Valid values include CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1 + * Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1 * * @access public * @param Integer $mode @@ -2805,7 +2800,7 @@ class Crypt_RSA /** * Encryption * - * Both CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. + * Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will * be concatenated together. * @@ -2817,7 +2812,7 @@ class Crypt_RSA function encrypt($plaintext) { switch ($this->encryptionMode) { - case CRYPT_RSA_ENCRYPTION_PKCS1: + case self::ENCRYPTION_PKCS1: $length = $this->k - 11; if ($length <= 0) { return false; @@ -2829,7 +2824,7 @@ class Crypt_RSA $ciphertext.= $this->_rsaes_pkcs1_v1_5_encrypt($m); } return $ciphertext; - //case CRYPT_RSA_ENCRYPTION_OAEP: + //case self::ENCRYPTION_OAEP: default: $length = $this->k - 2 * $this->hLen - 2; if ($length <= 0) { @@ -2865,10 +2860,10 @@ class Crypt_RSA $plaintext = ''; switch ($this->encryptionMode) { - case CRYPT_RSA_ENCRYPTION_PKCS1: + case self::ENCRYPTION_PKCS1: $decrypt = '_rsaes_pkcs1_v1_5_decrypt'; break; - //case CRYPT_RSA_ENCRYPTION_OAEP: + //case self::ENCRYPTION_OAEP: default: $decrypt = '_rsaes_oaep_decrypt'; } @@ -2899,9 +2894,9 @@ class Crypt_RSA } switch ($this->signatureMode) { - case CRYPT_RSA_SIGNATURE_PKCS1: + case self::SIGNATURE_PKCS1: return $this->_rsassa_pkcs1_v1_5_sign($message); - //case CRYPT_RSA_SIGNATURE_PSS: + //case self::SIGNATURE_PSS: default: return $this->_rsassa_pss_sign($message); } @@ -2923,9 +2918,9 @@ class Crypt_RSA } switch ($this->signatureMode) { - case CRYPT_RSA_SIGNATURE_PKCS1: + case self::SIGNATURE_PKCS1: return $this->_rsassa_pkcs1_v1_5_verify($message, $signature); - //case CRYPT_RSA_SIGNATURE_PSS: + //case self::SIGNATURE_PSS: default: return $this->_rsassa_pss_verify($message, $signature); } diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index c9cd09e3..a67eb3f8 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -176,31 +176,31 @@ class Random if (!class_exists('Crypt_AES')) { include_once 'AES.php'; } - $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR); + $crypto = new Crypt_AES(Crypt_AES::MODE_CTR); break; case stream_resolve_include_path('Crypt/Twofish.php'): if (!class_exists('Crypt_Twofish')) { include_once 'Twofish.php'; } - $crypto = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); + $crypto = new Crypt_Twofish(Crypt_Twofish::MODE_CTR); break; case stream_resolve_include_path('Crypt/Blowfish.php'): if (!class_exists('Crypt_Blowfish')) { include_once 'Blowfish.php'; } - $crypto = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); + $crypto = new Crypt_Blowfish(Crypt_Blowfish::MODE_CTR); break; case stream_resolve_include_path('Crypt/TripleDES.php'): if (!class_exists('Crypt_TripleDES')) { include_once 'TripleDES.php'; } - $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); + $crypto = new Crypt_TripleDES(Crypt_TripleDES::MODE_CTR); break; case stream_resolve_include_path('Crypt/DES.php'): if (!class_exists('Crypt_DES')) { include_once 'DES.php'; } - $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR); + $crypto = new Crypt_DES(Crypt_DES::MODE_CTR); break; case stream_resolve_include_path('Crypt/RC4.php'): if (!class_exists('Crypt_RC4')) { diff --git a/phpseclib/Crypt/Rijndael.php b/phpseclib/Crypt/Rijndael.php index e87e342f..2fc3aeec 100644 --- a/phpseclib/Crypt/Rijndael.php +++ b/phpseclib/Crypt/Rijndael.php @@ -61,59 +61,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access public - * @see Crypt_Rijndael::encrypt() - * @see Crypt_Rijndael::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_RIJNDAEL_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_RIJNDAEL_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_RIJNDAEL_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_RIJNDAEL_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_RIJNDAEL_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_RIJNDAEL_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_RIJNDAEL_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of Rijndael. * @@ -770,10 +717,10 @@ class Crypt_Rijndael extends Crypt_Base /** * Setup the fastest possible $engine * - * Determines if the mcrypt (MODE_MCRYPT) $engine available + * Determines if the mcrypt (Crypt_Base::ENGINE_MCRYPT) $engine available * and usable for the current $block_size and $key_size. * - * If not, the slower MODE_INTERNAL $engine will be set. + * If not, the slower Crypt_Base::ENGINE_INTERNAL $engine will be set. * * @see setKey() * @see setKeyLength() @@ -782,7 +729,7 @@ class Crypt_Rijndael extends Crypt_Base */ function _setupEngine() { - if (constant('CRYPT_' . $this->const_namespace . '_MODE') == CRYPT_MODE_INTERNAL) { + if (constant('CRYPT_' . $this->const_namespace . '_MODE') == Crypt_Base::ENGINE_INTERNAL) { // No mcrypt support at all for rijndael return; } @@ -794,10 +741,10 @@ class Crypt_Rijndael extends Crypt_Base switch (true) { case $this->key_size % 8: // mcrypt is not usable for 160/224-bit keys, only for 128/192/256-bit keys case !in_array($cipher_name_mcrypt, mcrypt_list_algorithms()): // $cipher_name_mcrypt is not available for the current $block_size - $engine = CRYPT_MODE_INTERNAL; + $engine = Crypt_Base::ENGINE_INTERNAL; break; default: - $engine = CRYPT_MODE_MCRYPT; + $engine = Crypt_Base::ENGINE_MCRYPT; } if ($this->engine == $engine && $this->cipher_name_mcrypt == $cipher_name_mcrypt) { @@ -825,7 +772,7 @@ class Crypt_Rijndael extends Crypt_Base } /** - * Setup the CRYPT_MODE_MCRYPT $engine + * Setup the Crypt_Base::ENGINE_MCRYPT $engine * * @see Crypt_Base::_setupMcrypt() * @access private diff --git a/phpseclib/Crypt/TripleDES.php b/phpseclib/Crypt/TripleDES.php index c15e7cae..784cfc1f 100644 --- a/phpseclib/Crypt/TripleDES.php +++ b/phpseclib/Crypt/TripleDES.php @@ -41,20 +41,6 @@ if (!class_exists('Crypt_DES')) { include_once 'DES.php'; } -/** - * Encrypt / decrypt using inner chaining - * - * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (CRYPT_DES_MODE_CBC3). - */ -define('CRYPT_DES_MODE_3CBC', -2); - -/** - * Encrypt / decrypt using outer chaining - * - * Outer chaining is used by SSH-2 and when the mode is set to CRYPT_DES_MODE_CBC. - */ -define('CRYPT_DES_MODE_CBC3', CRYPT_DES_MODE_CBC); - /** * Pure-PHP implementation of Triple DES. * @@ -64,6 +50,21 @@ define('CRYPT_DES_MODE_CBC3', CRYPT_DES_MODE_CBC); */ class Crypt_TripleDES extends Crypt_DES { + + /** + * Encrypt / decrypt using inner chaining + * + * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (self::MODE_CBC3). + */ + const MODE_3CBC = -2; + + /** + * Encrypt / decrypt using outer chaining + * + * Outer chaining is used by SSH-2 and when the mode is set to Crypt_Base::MODE_CBC. + */ + const MODE_CBC3 = Crypt_Base::MODE_CBC; + /** * The default password key_size used by setPassword() * @@ -125,7 +126,7 @@ class Crypt_TripleDES extends Crypt_DES var $key_size_max = 24; /** - * Internal flag whether using CRYPT_DES_MODE_3CBC or not + * Internal flag whether using self::MODE_3CBC or not * * @var Boolean * @access private @@ -149,39 +150,39 @@ class Crypt_TripleDES extends Crypt_DES * * $mode could be: * - * - CRYPT_DES_MODE_ECB + * - Crypt_Base::MODE_ECB * - * - CRYPT_DES_MODE_CBC + * - Crypt_Base::MODE_CBC * - * - CRYPT_DES_MODE_CTR + * - Crypt_Base::MODE_CTR * - * - CRYPT_DES_MODE_CFB + * - Crypt_Base::MODE_CFB * - * - CRYPT_DES_MODE_OFB + * - Crypt_Base::MODE_OFB * - * - CRYPT_DES_MODE_3CBC + * - self::MODE_3CBC * - * If not explicitly set, CRYPT_DES_MODE_CBC will be used. + * If not explicitly set, Crypt_Base::MODE_CBC will be used. * * @see Crypt_DES::__construct() * @see Crypt_Base::__construct() * @param optional Integer $mode * @access public */ - function __construct($mode = CRYPT_DES_MODE_CBC) + function __construct($mode = Crypt_Base::MODE_CBC) { switch ($mode) { - // In case of CRYPT_DES_MODE_3CBC, we init as CRYPT_DES_MODE_CBC + // In case of self::MODE_3CBC, we init as CRYPT_DES_MODE_CBC // and additional flag us internally as 3CBC - case CRYPT_DES_MODE_3CBC: - parent::__construct(CRYPT_DES_MODE_CBC); + case self::MODE_3CBC: + parent::__construct(Crypt_Base::MODE_CBC); $this->mode_3cbc = true; // This three $des'es will do the 3CBC work (if $key > 64bits) $this->des = array( - new Crypt_DES(CRYPT_DES_MODE_CBC), - new Crypt_DES(CRYPT_DES_MODE_CBC), - new Crypt_DES(CRYPT_DES_MODE_CBC), + new Crypt_DES(Crypt_Base::MODE_CBC), + new Crypt_DES(Crypt_Base::MODE_CBC), + new Crypt_DES(Crypt_Base::MODE_CBC), ); // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects @@ -198,7 +199,7 @@ class Crypt_TripleDES extends Crypt_DES /** * Sets the initialization vector. (optional) * - * SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explicitly set, it'll be assumed + * SetIV is not required when Crypt_Base::MODE_ECB is being used. If not explicitly set, it'll be assumed * to be all zero's. * * @see Crypt_Base::setIV() @@ -243,7 +244,7 @@ class Crypt_TripleDES extends Crypt_DES } parent::setKey($key); - // And in case of CRYPT_DES_MODE_3CBC: + // And in case of self::MODE_3CBC: // if key <= 64bits we not need the 3 $des to work, // because we will then act as regular DES-CBC with just a <= 64bit key. // So only if the key > 64bits (> 8 bytes) we will call setKey() for the 3 $des. @@ -265,7 +266,7 @@ class Crypt_TripleDES extends Crypt_DES function encrypt($plaintext) { // parent::en/decrypt() is able to do all the work for all modes and keylengths, - // except for: CRYPT_DES_MODE_3CBC (inner chaining CBC) with a key > 64bits + // except for: self::MODE_3CBC (inner chaining CBC) with a key > 64bits // if the key is smaller then 8, do what we'd normally do if ($this->mode_3cbc && strlen($this->key) > 8) { diff --git a/phpseclib/Crypt/Twofish.php b/phpseclib/Crypt/Twofish.php index 9376a104..28cddb9e 100644 --- a/phpseclib/Crypt/Twofish.php +++ b/phpseclib/Crypt/Twofish.php @@ -44,59 +44,6 @@ if (!class_exists('Crypt_Base')) { include_once 'Base.php'; } -/**#@+ - * @access public - * @see Crypt_Twofish::encrypt() - * @see Crypt_Twofish::decrypt() - */ -/** - * Encrypt / decrypt using the Counter mode. - * - * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 - */ -define('CRYPT_TWOFISH_MODE_CTR', CRYPT_MODE_CTR); -/** - * Encrypt / decrypt using the Electronic Code Book mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 - */ -define('CRYPT_TWOFISH_MODE_ECB', CRYPT_MODE_ECB); -/** - * Encrypt / decrypt using the Code Book Chaining mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 - */ -define('CRYPT_TWOFISH_MODE_CBC', CRYPT_MODE_CBC); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 - */ -define('CRYPT_TWOFISH_MODE_CFB', CRYPT_MODE_CFB); -/** - * Encrypt / decrypt using the Cipher Feedback mode. - * - * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 - */ -define('CRYPT_TWOFISH_MODE_OFB', CRYPT_MODE_OFB); -/**#@-*/ - -/**#@+ - * @access private - * @see Crypt_Base::__construct() - */ -/** - * Toggles the internal implementation - */ -define('CRYPT_TWOFISH_MODE_INTERNAL', CRYPT_MODE_INTERNAL); -/** - * Toggles the mcrypt implementation - */ -define('CRYPT_TWOFISH_MODE_MCRYPT', CRYPT_MODE_MCRYPT); -/**#@-*/ - /** * Pure-PHP implementation of Twofish. * diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index cccc49a5..e13d7492 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2122,7 +2122,7 @@ class File_X509 case 'sha384WithRSAEncryption': case 'sha512WithRSAEncryption': $rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)); - $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); + $rsa->setSignatureMode(Crypt_RSA::SIGNATURE_PKCS1); if (!@$rsa->verify($signatureSubject, $signature)) { return false; } @@ -3628,7 +3628,7 @@ class File_X509 case 'sha384WithRSAEncryption': case 'sha512WithRSAEncryption': $key->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)); - $key->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); + $key->setSignatureMode(Crypt_RSA::SIGNATURE_PKCS1); $this->currentCert['signature'] = base64_encode("\0" . $key->sign($this->signatureSubject)); return $this->currentCert; @@ -4215,7 +4215,7 @@ class File_X509 } return false; default: // Should be a key object (i.e.: Crypt_RSA). - $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1); + $key = $key->getPublicKey(Crypt_RSA::PUBLIC_FORMAT_PKCS1); break; } @@ -4256,7 +4256,7 @@ class File_X509 //return new File_ASN1_Element(base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->getPublicKey()))); return array( 'algorithm' => array('algorithm' => 'rsaEncryption'), - 'subjectPublicKey' => $this->publicKey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1) + 'subjectPublicKey' => $this->publicKey->getPublicKey(Crypt_RSA::PUBLIC_FORMAT_PKCS1) ); default: return false; diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php index dd383034..14363819 100644 --- a/phpseclib/Net/SSH1.php +++ b/phpseclib/Net/SSH1.php @@ -669,7 +669,7 @@ class Net_SSH1 if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } - $this->crypto = new Crypt_TripleDES(CRYPT_DES_MODE_3CBC); + $this->crypto = new Crypt_TripleDES(Crypt_TripleDES::MODE_3CBC); $this->crypto->disablePadding(); $this->crypto->enableContinuousBuffer(); $this->crypto->setKey(substr($session_key, 0, 24)); @@ -1321,8 +1321,8 @@ class Net_SSH1 } $rsa = new Crypt_RSA(); - $rsa->loadKey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW); - $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); + $rsa->loadKey($key, Crypt_RSA::PUBLIC_FORMAT_RAW); + $rsa->setEncryptionMode(Crypt_RSA::ENCRYPTION_PKCS1); return $rsa->encrypt($m); */ diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 7155be7d..3f359592 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -1516,7 +1516,7 @@ class Net_SSH2 if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } - $this->encrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); + $this->encrypt = new Crypt_TripleDES(Crypt_Base::MODE_CTR); // $this->encrypt_block_size = 64 / 8 == the default break; case 'aes256-cbc': @@ -1534,7 +1534,7 @@ class Net_SSH2 if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } - $this->encrypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CTR); + $this->encrypt = new Crypt_Rijndael(Crypt_Base::MODE_CTR); $this->encrypt_block_size = 16; // eg. 128 / 8 break; case 'blowfish-cbc': @@ -1548,7 +1548,7 @@ class Net_SSH2 if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } - $this->encrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); + $this->encrypt = new Crypt_Blowfish(Crypt_Base::MODE_CTR); $this->encrypt_block_size = 8; break; case 'twofish128-cbc': @@ -1567,7 +1567,7 @@ class Net_SSH2 if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } - $this->encrypt = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); + $this->encrypt = new Crypt_Twofish(Crypt_Base::MODE_CTR); $this->encrypt_block_size = 16; break; case 'arcfour': @@ -1593,7 +1593,7 @@ class Net_SSH2 if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } - $this->decrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); + $this->decrypt = new Crypt_TripleDES(Crypt_Base::MODE_CTR); break; case 'aes256-cbc': case 'aes192-cbc': @@ -1610,7 +1610,7 @@ class Net_SSH2 if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } - $this->decrypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CTR); + $this->decrypt = new Crypt_Rijndael(Crypt_Base::MODE_CTR); $this->decrypt_block_size = 16; break; case 'blowfish-cbc': @@ -1624,7 +1624,7 @@ class Net_SSH2 if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } - $this->decrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); + $this->decrypt = new Crypt_Blowfish(Crypt_Base::MODE_CTR); $this->decrypt_block_size = 8; break; case 'twofish128-cbc': @@ -1643,7 +1643,7 @@ class Net_SSH2 if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } - $this->decrypt = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); + $this->decrypt = new Crypt_Twofish(Crypt_Base::MODE_CTR); $this->decrypt_block_size = 16; break; case 'arcfour': @@ -2170,7 +2170,7 @@ class Net_SSH2 function _privatekey_login($username, $privatekey) { // see http://tools.ietf.org/html/rfc4253#page-15 - $publickey = $privatekey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_RAW); + $publickey = $privatekey->getPublicKey(Crypt_RSA::PUBLIC_FORMAT_RAW); if ($publickey === false) { return false; } @@ -2220,7 +2220,7 @@ class Net_SSH2 } $packet = $part1 . chr(1) . $part2; - $privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); + $privatekey->setSignatureMode(Crypt_RSA::SIGNATURE_PKCS1); $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet)); $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature); $packet.= pack('Na*', strlen($signature), $signature); @@ -3779,8 +3779,8 @@ class Net_SSH2 } $rsa = new Crypt_RSA(); - $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); - $rsa->loadKey(array('e' => $e, 'n' => $n), CRYPT_RSA_PUBLIC_FORMAT_RAW); + $rsa->setSignatureMode(Crypt_RSA::SIGNATURE_PKCS1); + $rsa->loadKey(array('e' => $e, 'n' => $n), Crypt_RSA::PUBLIC_FORMAT_RAW); if (!$rsa->verify($this->exchange_hash, $signature)) { user_error('Bad server signature'); return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php index c7e148e9..08d2f61f 100644 --- a/phpseclib/System/SSH/Agent/Identity.php +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -114,7 +114,7 @@ class System_SSH_Agent_Identity * Set Signature Mode * * Doesn't do anything as ssh-agent doesn't let you pick and choose the signature mode. ie. - * ssh-agent's only supported mode is CRYPT_RSA_SIGNATURE_PKCS1 + * ssh-agent's only supported mode is Crypt_RSA::SIGNATURE_PKCS1 * * @param Integer $mode * @access public diff --git a/tests/PhpseclibFunctionalTestCase.php b/tests/PhpseclibFunctionalTestCase.php index 6326f38f..cf3b3803 100644 --- a/tests/PhpseclibFunctionalTestCase.php +++ b/tests/PhpseclibFunctionalTestCase.php @@ -11,7 +11,7 @@ abstract class PhpseclibFunctionalTestCase extends PhpseclibTestCase { if (extension_loaded('runkit')) { self::ensureConstant('MATH_BIGINTEGER_MODE', \phpseclib\Math\BigInteger::MODE_GMP); - self::ensureConstant('CRYPT_HASH_MODE', CRYPT_HASH_MODE_HASH); + self::ensureConstant('CRYPT_HASH_MODE', Crypt_Hash::MODE_HASH); self::reRequireFile('Math/BigInteger.php'); self::reRequireFile('Crypt/Hash.php'); } diff --git a/tests/Unit/Crypt/AES/InternalTest.php b/tests/Unit/Crypt/AES/InternalTest.php index 2a9652ca..c0ef873d 100644 --- a/tests/Unit/Crypt/AES/InternalTest.php +++ b/tests/Unit/Crypt/AES/InternalTest.php @@ -11,7 +11,7 @@ class Unit_Crypt_AES_InternalTest extends Unit_Crypt_AES_TestCase { parent::setUpBeforeClass(); - self::ensureConstant('CRYPT_AES_MODE', CRYPT_AES_MODE_INTERNAL); - self::ensureConstant('CRYPT_RIJNDAEL_MODE', CRYPT_RIJNDAEL_MODE_INTERNAL); + self::ensureConstant('CRYPT_AES_ENGINE', Crypt_AES::ENGINE_INTERNAL); + self::ensureConstant('CRYPT_RIJNDAEL_ENGINE', Crypt_Rijndael::ENGINE_INTERNAL); } } diff --git a/tests/Unit/Crypt/AES/McryptTest.php b/tests/Unit/Crypt/AES/McryptTest.php index 4327c7ea..255b6805 100644 --- a/tests/Unit/Crypt/AES/McryptTest.php +++ b/tests/Unit/Crypt/AES/McryptTest.php @@ -15,7 +15,7 @@ class Unit_Crypt_AES_McryptTest extends Unit_Crypt_AES_TestCase parent::setUpBeforeClass(); - self::ensureConstant('CRYPT_AES_MODE', CRYPT_AES_MODE_MCRYPT); - self::ensureConstant('CRYPT_RIJNDAEL_MODE', CRYPT_RIJNDAEL_MODE_MCRYPT); + self::ensureConstant('CRYPT_AES_ENGINE', Crypt_AES::ENGINE_MCRYPT); + self::ensureConstant('CRYPT_RIJNDAEL_ENGINE', Crypt_Rijndael::ENGINE_MCRYPT); } } diff --git a/tests/Unit/Crypt/AES/TestCase.php b/tests/Unit/Crypt/AES/TestCase.php index 91cb9792..87f6441a 100644 --- a/tests/Unit/Crypt/AES/TestCase.php +++ b/tests/Unit/Crypt/AES/TestCase.php @@ -25,9 +25,9 @@ abstract class Unit_Crypt_AES_TestCase extends PhpseclibTestCase public function continuousBufferCombos() { $modes = array( - 'CRYPT_AES_MODE_CTR', - 'CRYPT_AES_MODE_OFB', - 'CRYPT_AES_MODE_CFB', + 'Crypt_AES::MODE_CTR', + 'Crypt_AES::MODE_OFB', + 'Crypt_AES::MODE_CFB', ); $plaintexts = array( '', diff --git a/tests/Unit/Crypt/Hash/TestCase.php b/tests/Unit/Crypt/Hash/TestCase.php index 040bce2c..3b79185f 100644 --- a/tests/Unit/Crypt/Hash/TestCase.php +++ b/tests/Unit/Crypt/Hash/TestCase.php @@ -12,15 +12,15 @@ abstract class Unit_Crypt_Hash_TestCase extends PhpseclibTestCase static public function setUpBeforeClass() { if (!defined('CRYPT_HASH_MODE')) { - define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_INTERNAL); + define('CRYPT_HASH_MODE', Crypt_Hash::MODE_INTERNAL); } } public function setUp() { - if (defined('CRYPT_HASH_MODE') && CRYPT_HASH_MODE !== CRYPT_HASH_MODE_INTERNAL) { + if (defined('CRYPT_HASH_MODE') && CRYPT_HASH_MODE !== Crypt_Hash::MODE_INTERNAL) { $this->markTestSkipped( - 'Skipping test because CRYPT_HASH_MODE is not defined as CRYPT_HASH_MODE_INTERNAL.' + 'Skipping test because CRYPT_HASH_MODE is not defined as Crypt_Hash::MODE_INTERNAL.' ); } } diff --git a/tests/Unit/Crypt/RSA/LoadKeyTest.php b/tests/Unit/Crypt/RSA/LoadKeyTest.php index 6506c478..9538f4a0 100644 --- a/tests/Unit/Crypt/RSA/LoadKeyTest.php +++ b/tests/Unit/Crypt/RSA/LoadKeyTest.php @@ -184,7 +184,7 @@ U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ $this->assertTrue($rsa->loadKey($key)); - $key = $rsa->getPrivateKey(CRYPT_RSA_PRIVATE_FORMAT_PKCS8); + $key = $rsa->getPrivateKey(Crypt_RSA::PRIVATE_FORMAT_PKCS8); $this->assertInternalType('string', $key); $this->assertTrue($rsa->loadKey($key)); @@ -276,7 +276,7 @@ Ao8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB $rsa->loadKey($key); $rsa->setPublicKey(); - $newkey = $rsa->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_XML); + $newkey = $rsa->getPublicKey(Crypt_RSA::PUBLIC_FORMAT_XML); $this->assertSame(preg_replace('#\s#', '', $key), preg_replace('#\s#', '', $newkey)); }