2009-02-17 00:11:01 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Pure-PHP implementation of AES.
|
|
|
|
*
|
2013-06-02 11:21:32 +02:00
|
|
|
* Uses mcrypt, if available/possible, and an internal implementation, otherwise.
|
2009-02-17 00:11:01 +01:00
|
|
|
*
|
2015-04-02 12:57:52 +02:00
|
|
|
* PHP version 5
|
2009-02-17 00:11:01 +01:00
|
|
|
*
|
2015-07-15 03:52:31 +02:00
|
|
|
* NOTE: Since AES.php is (for compatibility and phpseclib-historical reasons) virtually
|
2014-01-31 00:13:14 +01:00
|
|
|
* just a wrapper to Rijndael.php you may consider using Rijndael.php instead of
|
|
|
|
* to save one include_once().
|
|
|
|
*
|
2016-04-10 18:30:59 +02:00
|
|
|
* If {@link self::setKeyLength() setKeyLength()} isn't called, it'll be calculated from
|
|
|
|
* {@link self::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's 136-bits
|
|
|
|
* it'll be null-padded to 192-bits and 192 bits will be the key length until {@link self::setKey() setKey()}
|
2009-02-17 00:11:01 +01:00
|
|
|
* is called, again, at which point, it'll be recalculated.
|
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* Since \phpseclib\Crypt\AES extends \phpseclib\Crypt\Rijndael, some functions are available to be called that, in the context of AES, don't
|
2016-04-10 18:30:59 +02:00
|
|
|
* make a whole lot of sense. {@link self::setBlockLength() setBlockLength()}, for instance. Calling that function,
|
2009-02-17 00:11:01 +01:00
|
|
|
* however possible, won't do anything (AES has a fixed block length whereas Rijndael has a variable one).
|
|
|
|
*
|
|
|
|
* Here's a short example of how to use this library:
|
|
|
|
* <code>
|
|
|
|
* <?php
|
2014-12-17 01:16:54 +01:00
|
|
|
* include 'vendor/autoload.php';
|
2009-02-17 00:11:01 +01:00
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* $aes = new \phpseclib\Crypt\AES();
|
2009-02-17 00:11:01 +01:00
|
|
|
*
|
|
|
|
* $aes->setKey('abcdefghijklmnop');
|
|
|
|
*
|
|
|
|
* $size = 10 * 1024;
|
|
|
|
* $plaintext = '';
|
|
|
|
* for ($i = 0; $i < $size; $i++) {
|
|
|
|
* $plaintext.= 'a';
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* echo $aes->decrypt($aes->encrypt($plaintext));
|
|
|
|
* ?>
|
|
|
|
* </code>
|
|
|
|
*
|
2013-12-10 20:10:37 +01:00
|
|
|
* @category Crypt
|
2014-12-17 01:16:54 +01:00
|
|
|
* @package AES
|
2013-12-10 20:10:37 +01:00
|
|
|
* @author Jim Wigginton <terrafrost@php.net>
|
2014-12-10 00:02:44 +01:00
|
|
|
* @copyright 2008 Jim Wigginton
|
2013-12-10 20:10:37 +01:00
|
|
|
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
|
|
|
* @link http://phpseclib.sourceforge.net
|
2009-02-17 00:11:01 +01:00
|
|
|
*/
|
|
|
|
|
2014-12-17 01:16:54 +01:00
|
|
|
namespace phpseclib\Crypt;
|
|
|
|
|
2018-12-27 15:31:35 +01:00
|
|
|
use phpseclib\Common\Functions\Strings;
|
|
|
|
|
2009-02-17 00:11:01 +01:00
|
|
|
/**
|
|
|
|
* Pure-PHP implementation of AES.
|
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* @package AES
|
2009-02-17 00:11:01 +01:00
|
|
|
* @author Jim Wigginton <terrafrost@php.net>
|
|
|
|
* @access public
|
|
|
|
*/
|
2014-12-17 01:16:54 +01:00
|
|
|
class AES extends Rijndael
|
2013-12-03 19:34:41 +01:00
|
|
|
{
|
2018-12-27 15:31:35 +01:00
|
|
|
/**
|
|
|
|
* Test for engine validity
|
|
|
|
*
|
|
|
|
* This is mainly just a wrapper to set things up for \phpseclib\Crypt\Common\SymmetricKey::isValidEngine()
|
|
|
|
*
|
|
|
|
* @see \phpseclib\Crypt\Common\SymmetricKey::__construct()
|
|
|
|
* @param int $engine
|
|
|
|
* @access protected
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function isValidEngineHelper($engine)
|
|
|
|
{
|
|
|
|
switch ($engine) {
|
|
|
|
case self::ENGINE_LIBSODIUM:
|
|
|
|
return function_exists('sodium_crypto_aead_aes256gcm_is_available') &&
|
|
|
|
sodium_crypto_aead_aes256gcm_is_available() &&
|
|
|
|
$this->mode == self::MODE_GCM &&
|
|
|
|
$this->key_length == 32 &&
|
|
|
|
$this->nonce && strlen($this->nonce) == 12;
|
|
|
|
case self::ENGINE_OPENSSL_GCM:
|
|
|
|
if (!extension_loaded('openssl')) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
$methods = openssl_get_cipher_methods();
|
|
|
|
return $this->mode == self::MODE_GCM &&
|
|
|
|
version_compare(PHP_VERSION, '7.1.0', '>=') &&
|
|
|
|
in_array('aes-' . $this->getKeyLength() . '-gcm', $methods);
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::isValidEngineHelper($engine);
|
|
|
|
}
|
|
|
|
|
2009-02-17 00:11:01 +01:00
|
|
|
/**
|
|
|
|
* Dummy function
|
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* Since \phpseclib\Crypt\AES extends \phpseclib\Crypt\Rijndael, this function is, technically, available, but it doesn't do anything.
|
2009-02-17 00:11:01 +01:00
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* @see \phpseclib\Crypt\Rijndael::setBlockLength()
|
2009-02-17 00:11:01 +01:00
|
|
|
* @access public
|
2016-04-10 18:30:59 +02:00
|
|
|
* @param int $length
|
2016-04-30 23:23:35 +02:00
|
|
|
* @throws \BadMethodCallException anytime it's called
|
2009-02-17 00:11:01 +01:00
|
|
|
*/
|
2016-12-03 21:39:11 +01:00
|
|
|
public function setBlockLength($length)
|
2009-02-17 00:11:01 +01:00
|
|
|
{
|
2016-04-30 23:23:35 +02:00
|
|
|
throw new \BadMethodCallException('The block length cannot be set for AES.');
|
2009-02-17 00:11:01 +01:00
|
|
|
}
|
2014-08-13 16:56:49 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the key length
|
|
|
|
*
|
2016-04-30 23:23:35 +02:00
|
|
|
* Valid key lengths are 128, 192, and 256. Set the link to bool(false) to disable a fixed key length
|
2014-08-13 16:56:49 +02:00
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* @see \phpseclib\Crypt\Rijndael:setKeyLength()
|
2014-08-13 16:56:49 +02:00
|
|
|
* @access public
|
2016-04-10 18:30:59 +02:00
|
|
|
* @param int $length
|
2016-04-30 23:23:35 +02:00
|
|
|
* @throws \LengthException if the key length isn't supported
|
2014-08-13 16:56:49 +02:00
|
|
|
*/
|
2016-12-03 21:39:11 +01:00
|
|
|
public function setKeyLength($length)
|
2014-08-13 16:56:49 +02:00
|
|
|
{
|
|
|
|
switch ($length) {
|
2016-04-30 23:23:35 +02:00
|
|
|
case 128:
|
|
|
|
case 192:
|
|
|
|
case 256:
|
2014-08-13 16:56:49 +02:00
|
|
|
break;
|
2016-04-30 23:23:35 +02:00
|
|
|
default:
|
|
|
|
throw new \LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 128, 192 or 256 supported');
|
2014-08-13 16:56:49 +02:00
|
|
|
}
|
|
|
|
parent::setKeyLength($length);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the key.
|
|
|
|
*
|
2014-08-15 06:09:17 +02:00
|
|
|
* Rijndael supports five different key lengths, AES only supports three.
|
2014-08-13 16:56:49 +02:00
|
|
|
*
|
2014-12-17 01:16:54 +01:00
|
|
|
* @see \phpseclib\Crypt\Rijndael:setKey()
|
2014-08-13 16:56:49 +02:00
|
|
|
* @see setKeyLength()
|
|
|
|
* @access public
|
2016-04-10 18:30:59 +02:00
|
|
|
* @param string $key
|
2016-04-30 23:23:35 +02:00
|
|
|
* @throws \LengthException if the key length isn't supported
|
2014-08-13 16:56:49 +02:00
|
|
|
*/
|
2016-12-03 21:39:11 +01:00
|
|
|
public function setKey($key)
|
2014-08-13 16:56:49 +02:00
|
|
|
{
|
2016-04-30 23:23:35 +02:00
|
|
|
switch (strlen($key)) {
|
|
|
|
case 16:
|
|
|
|
case 24:
|
|
|
|
case 32:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported');
|
2016-04-28 22:34:10 +02:00
|
|
|
}
|
2016-04-30 23:23:35 +02:00
|
|
|
|
|
|
|
parent::setKey($key);
|
2014-08-13 16:56:49 +02:00
|
|
|
}
|
2018-12-27 15:31:35 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Encrypts a message.
|
|
|
|
*
|
|
|
|
* @see self::decrypt()
|
|
|
|
* @see parent::encrypt()
|
|
|
|
* @access public
|
|
|
|
* @param string $plaintext
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function encrypt($plaintext)
|
|
|
|
{
|
|
|
|
switch ($this->engine) {
|
|
|
|
case self::ENGINE_LIBSODIUM:
|
|
|
|
$this->checkForChanges();
|
|
|
|
$this->newtag = sodium_crypto_aead_aes256gcm_encrypt($plaintext, $this->aad, $this->nonce, $this->key);
|
|
|
|
return Strings::shift($this->newtag, strlen($plaintext));
|
|
|
|
case self::ENGINE_OPENSSL_GCM:
|
|
|
|
$this->checkForChanges();
|
|
|
|
return openssl_encrypt(
|
|
|
|
$plaintext,
|
|
|
|
'aes-' . $this->getKeyLength() . '-gcm',
|
|
|
|
$this->key,
|
|
|
|
OPENSSL_RAW_DATA,
|
|
|
|
$this->nonce,
|
|
|
|
$this->newtag,
|
|
|
|
$this->aad
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::encrypt($plaintext);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Decrypts a message.
|
|
|
|
*
|
|
|
|
* @see self::encrypt()
|
|
|
|
* @see parent::decrypt()
|
|
|
|
* @access public
|
|
|
|
* @param string $ciphertext
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function decrypt($ciphertext)
|
|
|
|
{
|
|
|
|
switch ($this->engine) {
|
|
|
|
case self::ENGINE_LIBSODIUM:
|
|
|
|
$this->checkForChanges();
|
|
|
|
if ($this->oldtag === false) {
|
|
|
|
throw new \UnexpectedValueException('Authentication Tag has not been set');
|
|
|
|
}
|
|
|
|
if (strlen($this->oldtag) != 16) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
$plaintext = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $this->oldtag, $this->aad, $this->nonce, $this->key);
|
|
|
|
if ($plaintext === false) {
|
|
|
|
$this->oldtag = false;
|
|
|
|
throw new \UnexpectedValueException('Error decrypting ciphertext with libsodium');
|
|
|
|
}
|
|
|
|
return $plaintext;
|
|
|
|
case self::ENGINE_OPENSSL_GCM:
|
|
|
|
$this->checkForChanges();
|
|
|
|
if ($this->oldtag === false) {
|
|
|
|
throw new \UnexpectedValueException('Authentication Tag has not been set');
|
|
|
|
}
|
|
|
|
$plaintext = openssl_decrypt(
|
|
|
|
$ciphertext,
|
|
|
|
'aes-' . $this->getKeyLength() . '-gcm',
|
|
|
|
$this->key,
|
|
|
|
OPENSSL_RAW_DATA,
|
|
|
|
$this->nonce,
|
|
|
|
$this->oldtag,
|
|
|
|
$this->aad
|
|
|
|
);
|
|
|
|
if ($plaintext === false) {
|
|
|
|
$this->oldtag = false;
|
|
|
|
throw new \UnexpectedValueException('Error decrypting ciphertext with OpenSSL');
|
|
|
|
}
|
|
|
|
return $plaintext;
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::decrypt($ciphertext);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check For Changes
|
|
|
|
*
|
|
|
|
* @see self::encrypt()
|
|
|
|
* @see self::decrypt()
|
|
|
|
* @access private
|
|
|
|
*/
|
|
|
|
private function checkForChanges()
|
|
|
|
{
|
|
|
|
if ($this->changed) {
|
|
|
|
$this->clearBuffers();
|
|
|
|
$this->changed = false;
|
|
|
|
}
|
|
|
|
}
|
2009-02-17 00:11:01 +01:00
|
|
|
}
|