diff -r d9dd2b2134c4 -r c433348f3628 includes/rijndael.php --- a/includes/rijndael.php Fri Feb 22 12:48:57 2008 -0500 +++ b/includes/rijndael.php Fri Feb 22 12:51:53 2008 -0500 @@ -1,1086 +1,1083 @@ - - * Ported to PHP by Dan Fuhry - * @package phijndael - * @author Fritz Schneider - * @author Dan Fuhry - * @license BSD-style license - */ - -error_reporting(E_ALL); - -define ('ENC_HEX', 201); -define ('ENC_BASE64', 202); -define ('ENC_BINARY', 203); - -$_aes_objcache = array(); - -class AESCrypt { - - var $debug = false; - var $mcrypt = false; - var $decrypt_cache = array(); - - // Rijndael parameters -- Valid values are 128, 192, or 256 - - var $keySizeInBits = 128; - var $blockSizeInBits = 128; - - /////// You shouldn't have to modify anything below this line except for - /////// the function getRandomBytes(). - // - // Note: in the following code the two dimensional arrays are indexed as - // you would probably expect, as array[row][column]. The state arrays - // are 2d arrays of the form state[4][Nb]. - - - // The number of rounds for the cipher, indexed by [Nk][Nb] - var $roundsArray = Array(0,0,0,0,Array(0,0,0,0,10,0, 12,0, 14),0, - Array(0,0,0,0,12,0, 12,0, 14),0, - Array(0,0,0,0,14,0, 14,0, 14) ); - - // The number of bytes to shift by in shiftRow, indexed by [Nb][row] - var $shiftOffsets = Array(0,0,0,0,Array(0,1, 2, 3),0,Array(0,1, 2, 3),0,Array(0,1, 3, 4) ); - - // The round constants used in subkey expansion - var $Rcon = Array( - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, - 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, - 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, - 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, - 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 ); - - // Precomputed lookup table for the SBox - var $SBox = Array( - 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, - 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, - 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, - 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, - 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, - 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, - 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, - 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, - 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, - 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, - 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, - 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, - 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, - 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, - 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, - 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, - 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, - 22 ); - - // Precomputed lookup table for the inverse SBox - var $SBoxInverse = Array( - 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, - 251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, - 233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, - 250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, - 109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, - 204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, - 70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247, - 228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2, - 193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220, - 234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173, - 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29, - 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75, - 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168, - 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81, - 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, - 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, - 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, - 125 ); - - function __construct($ks = 128, $bs = 128, $debug = false) - { - $this->keySizeInBits = $ks; - $this->blockSizeInBits = $bs; - - // Use the Mcrypt library? This speeds things up dramatically. - if(defined('MCRYPT_RIJNDAEL_' . $ks) && defined('MCRYPT_ACCEL')) - { - eval('$mcb = MCRYPT_RIJNDAEL_' . $ks.';'); - $bks = mcrypt_module_get_algo_block_size($mcb); - $bks = $bks * 8; - if ( $bks != $bs ) - { - $mcb = false; - echo (string)$bks; - } - } - else - { - $mcb = false; - } - - $this->mcrypt = $mcb; - - // Cipher parameters ... do not change these - $this->Nk = $this->keySizeInBits / 32; - $this->Nb = $this->blockSizeInBits / 32; - $this->Nr = $this->roundsArray[$this->Nk][$this->Nb]; - $this->debug = $debug; - } - - public static function singleton($key_size, $block_size) - { - static $_aes_objcache; - if ( isset($_aes_objcache["$key_size,$block_size"]) ) - { - return $_aes_objcache["$key_size,$block_size"]; - } - - $_aes_objcache["$key_size,$block_size"] = new AESCrypt($key_size, $block_size); - return $_aes_objcache["$key_size,$block_size"]; - } - - // Error handler - - function trigger_error($text, $level = E_USER_NOTICE) - { - $bt = debug_backtrace(); - $lastfunc =& $bt[1]; - switch($level) - { - case E_USER_NOTICE: - default: - $desc = 'Notice'; - break; - case E_USER_WARNING: - $desc = 'Warning'; - break; - case E_USER_ERROR: - $desc = 'Fatal'; - break; - } - ob_start(); - if($this->debug || $level == E_USER_ERROR) echo "AES encryption: {$desc}: $text in {$lastfunc['file']} on line {$lastfunc['line']} in function {$lastfunc['function']}
"; - if($this->debug) - { - //echo '
'.enano_debug_print_backtrace(true).'
'; - } - ob_end_flush(); - if($level == E_USER_ERROR) - { - echo '

This can sometimes happen if you are upgrading Enano to a new version and did not log out first. Click here to force cookies to clear and try again. You will be logged out.

'; - exit; - } - } - - function array_slice_js_compat($array, $start, $finish = 0) - { - $len = $finish - $start; - if($len < 0) $len = 0 - $len; - //if($this->debug) echo (string)$len . ' '; - //if(count($array) < $start + $len) - // $this->trigger_error('Index out of range', E_USER_WARNING); - return array_slice($array, $start, $len); - } - - function concat($s1, $s2) - { - if(is_array($s1) && is_array($s2)) - return array_merge($s1, $s2); - elseif( ( is_array($s1) && !is_array($s2) ) || ( !is_array($s1) && is_array($s2) ) ) - { - $this->trigger_error('incompatible types - you can\'t combine a non-array with an array', E_USER_WARNING); - return false; - } - else - return $s1 . $s2; - } - - // This method circularly shifts the array left by the number of elements - // given in its parameter. It returns the resulting array and is used for - // the ShiftRow step. Note that shift() and push() could be used for a more - // elegant solution, but they require IE5.5+, so I chose to do it manually. - - function cyclicShiftLeft($theArray, $positions) { - if(!is_int($positions)) - { - $this->trigger_error('$positions is not an integer! Backtrace:
'.print_r(debug_backtrace(), true).'
', E_USER_WARNING); - return false; - } - $second = array_slice($theArray, 0, $positions); - $first = array_slice($theArray, $positions); - $theArray = array_merge($first, $second); - return $theArray; - } - - // Multiplies the element "poly" of GF(2^8) by x. See the Rijndael spec. - - function xtime($poly) { - $poly <<= 1; - return (($poly & 0x100) ? ($poly ^ 0x11B) : ($poly)); - } - - // Multiplies the two elements of GF(2^8) together and returns the result. - // See the Rijndael spec, but should be straightforward: for each power of - // the indeterminant that has a 1 coefficient in x, add y times that power - // to the result. x and y should be bytes representing elements of GF(2^8) - - function mult_GF256($x, $y) { - $result = 0; - - for ($bit = 1; $bit < 256; $bit *= 2, $y = $this->xtime($y)) { - if ($x & $bit) - $result ^= $y; - } - return $result; - } - - // Performs the substitution step of the cipher. State is the 2d array of - // state information (see spec) and direction is string indicating whether - // we are performing the forward substitution ("encrypt") or inverse - // substitution (anything else) - - function byteSub(&$state, $direction) { - //global $this->SBox, $this->SBoxInverse, $this->Nb; - if ($direction == "encrypt") // Point S to the SBox we're using - $S =& $this->SBox; - else - $S =& $this->SBoxInverse; - for ($i = 0; $i < 4; $i++) // Substitute for every byte in state - for ($j = 0; $j < $this->Nb; $j++) - $state[$i][$j] = $S[$state[$i][$j]]; - } - - // Performs the row shifting step of the cipher. - - function shiftRow(&$state, $direction) { - //global $this->Nb, $this->shiftOffsets; - for ($i=1; $i<4; $i++) // Row 0 never shifts - if ($direction == "encrypt") - $state[$i] = $this->cyclicShiftLeft($state[$i], $this->shiftOffsets[$this->Nb][$i]); - else - $state[$i] = $this->cyclicShiftLeft($state[$i], $this->Nb - $this->shiftOffsets[$this->Nb][$i]); - - } - - // Performs the column mixing step of the cipher. Most of these steps can - // be combined into table lookups on 32bit values (at least for encryption) - // to greatly increase the speed. - - function mixColumn(&$state, $direction) { - //global $this->Nb; - $b = Array(); // Result of matrix multiplications - for ($j = 0; $j < $this->Nb; $j++) { // Go through each column... - for ($i = 0; $i < 4; $i++) { // and for each row in the column... - if ($direction == "encrypt") - $b[$i] = $this->mult_GF256($state[$i][$j], 2) ^ // perform mixing - $this->mult_GF256($state[($i+1)%4][$j], 3) ^ - $state[($i+2)%4][$j] ^ - $state[($i+3)%4][$j]; - else - $b[$i] = $this->mult_GF256($state[$i][$j], 0xE) ^ - $this->mult_GF256($state[($i+1)%4][$j], 0xB) ^ - $this->mult_GF256($state[($i+2)%4][$j], 0xD) ^ - $this->mult_GF256($state[($i+3)%4][$j], 9); - } - for ($i = 0; $i < 4; $i++) // Place result back into column - $state[$i][$j] = $b[$i]; - } - } - - // Adds the current round key to the state information. Straightforward. - - function addRoundKey(&$state, $roundKey) { - //global $this->Nb; - for ($j = 0; $j < $this->Nb; $j++) { // Step through columns... - $state[0][$j] ^= ( $roundKey[$j] & 0xFF); // and XOR - $state[1][$j] ^= (($roundKey[$j]>>8) & 0xFF); - $state[2][$j] ^= (($roundKey[$j]>>16) & 0xFF); - $state[3][$j] ^= (($roundKey[$j]>>24) & 0xFF); - } - } - - // This function creates the expanded key from the input (128/192/256-bit) - // key. The parameter key is an array of bytes holding the value of the key. - // The returned value is an array whose elements are the 32-bit words that - // make up the expanded key. - - function keyExpansion($key) { - //global $this->keySizeInBits, $this->blockSizeInBits, $this->roundsArray, $this->Nk, $this->Nb, $this->Nr, $this->Nk, $this->SBox, $this->Rcon; - $expandedKey = Array(); - - // in case the key size or parameters were changed... - $this->Nk = $this->keySizeInBits / 32; - $this->Nb = $this->blockSizeInBits / 32; - $this->Nr = $this->roundsArray[$this->Nk][$this->Nb]; - - for ($j=0; $j < $this->Nk; $j++) // Fill in input key first - $expandedKey[$j] = - ($key[4*$j]) | ($key[4*$j+1]<<8) | ($key[4*$j+2]<<16) | ($key[4*$j+3]<<24); - - // Now walk down the rest of the array filling in expanded key bytes as - // per Rijndael's spec - for ($j = $this->Nk; $j < $this->Nb * ($this->Nr + 1); $j++) { // For each word of expanded key - $temp = $expandedKey[$j - 1]; - if ($j % $this->Nk == 0) - $temp = ( ($this->SBox[($temp>>8) & 0xFF]) | - ($this->SBox[($temp>>16) & 0xFF]<<8) | - ($this->SBox[($temp>>24) & 0xFF]<<16) | - ($this->SBox[$temp & 0xFF]<<24) ) ^ $this->Rcon[floor($j / $this->Nk) - 1]; - elseif ($this->Nk > 6 && $j % $this->Nk == 4) - $temp = ($this->SBox[($temp>>24) & 0xFF]<<24) | - ($this->SBox[($temp>>16) & 0xFF]<<16) | - ($this->SBox[($temp>>8) & 0xFF]<<8) | - ($this->SBox[ $temp & 0xFF]); - $expandedKey[$j] = $expandedKey[$j-$this->Nk] ^ $temp; - } - return $expandedKey; - } - - // Rijndael's round functions... - - function RijndaelRound(&$state, $roundKey) { - $this->byteSub($state, "encrypt"); - $this->shiftRow($state, "encrypt"); - $this->mixColumn($state, "encrypt"); - $this->addRoundKey($state, $roundKey); - } - - function InverseRijndaelRound(&$state, $roundKey) { - $this->addRoundKey($state, $roundKey); - $this->mixColumn($state, "decrypt"); - $this->shiftRow($state, "decrypt"); - $this->byteSub($state, "decrypt"); - } - - function FinalRijndaelRound(&$state, $roundKey) { - $this->byteSub($state, "encrypt"); - $this->shiftRow($state, "encrypt"); - $this->addRoundKey($state, $roundKey); - } - - function InverseFinalRijndaelRound(&$state, $roundKey){ - $this->addRoundKey($state, $roundKey); - $this->shiftRow($state, "decrypt"); - $this->byteSub($state, "decrypt"); - } - - // encrypt is the basic encryption function. It takes parameters - // block, an array of bytes representing a plaintext block, and expandedKey, - // an array of words representing the expanded key previously returned by - // keyExpansion(). The ciphertext block is returned as an array of bytes. - - function cryptBlock($block, $expandedKey) { - //global $this->blockSizeInBits, $this->Nb, $this->Nr; - $t=count($block)*8; - if (!is_array($block) || count($block)*8 != $this->blockSizeInBits) - { - $this->trigger_error('block is bad or block size is wrong
'.print_r($block, true).'

Aiming for size '.$this->blockSizeInBits.', got '.$t.'.', E_USER_WARNING); - return false; - } - if (!$expandedKey) - return; - - $block = $this->packBytes($block); - $this->addRoundKey($block, $expandedKey); - for ($i=1; $i<$this->Nr; $i++) - $this->RijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$i, $this->Nb*($i+1))); - $this->FinalRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$this->Nr)); - $ret = $this->unpackBytes($block); - return $ret; - } - - // decrypt is the basic decryption function. It takes parameters - // block, an array of bytes representing a ciphertext block, and expandedKey, - // an array of words representing the expanded key previously returned by - // keyExpansion(). The decrypted block is returned as an array of bytes. - - function unCryptBlock($block, $expandedKey) { - $t = count($block)*8; - if (!is_array($block) || count($block)*8 != $this->blockSizeInBits) - { - $this->trigger_error('$block is not a valid rijndael-block array: '.$this->byteArrayToHex($block).'

'.print_r($block, true).'

Block size is '.$t.', should be '.$this->blockSizeInBits.'

', E_USER_WARNING); - return false; - } - if (!$expandedKey) - { - $this->trigger_error('$expandedKey is invalid', E_USER_WARNING); - return false; - } - - $block = $this->packBytes($block); - $this->InverseFinalRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$this->Nr)); - for ($i = $this->Nr - 1; $i>0; $i--) - { - $this->InverseRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$i, $this->Nb*($i+1))); - } - $this->addRoundKey($block, $expandedKey); - $ret = $this->unpackBytes($block); - if(!is_array($ret)) - { - $this->trigger_error('$ret is not an array', E_USER_WARNING); - } - return $ret; - } - - // This method takes a byte array (byteArray) and converts it to a string by - // applying String.fromCharCode() to each value and concatenating the result. - // The resulting string is returned. Note that this function SKIPS zero bytes - // under the assumption that they are padding added in formatPlaintext(). - // Obviously, do not invoke this method on raw data that can contain zero - // bytes. It is really only appropriate for printable ASCII/Latin-1 - // values. Roll your own function for more robust functionality :) - - function byteArrayToString($byteArray) { - $result = ""; - for($i=0; $i "10ff". The function returns a - // string. - - /* - function byteArrayToHex($byteArray) { - $result = ""; - if (!$byteArray) - return; - for ($i=0; $i [16, 255]. This - // function returns an array. - - /* - function hexToByteArray($hexString) { - $byteArray = Array(); - if (strlen($hexString) % 2) // must have even length - return; - if (strstr($hexString, "0x") == $hexString || strstr($hexString, "0X") == $hexString) - $hexString = substr($hexString, 2); - for ($i = 0; $ienano_str_split($str, 2); - foreach($str as $s) - { - $arr[] = intval(hexdec($s)); - } - return $arr; - } - - // This function packs an array of bytes into the four row form defined by - // Rijndael. It assumes the length of the array of bytes is divisible by - // four. Bytes are filled in according to the Rijndael spec (starting with - // column 0, row 0 to 3). This function returns a 2d array. - - function packBytes($octets) { - $state = Array(); - if (!$octets || count($octets) % 4) - return; - - $state[0] = Array(); $state[1] = Array(); - $state[2] = Array(); $state[3] = Array(); - for ($j=0; $jblockSizeInBits; - $bpb = $this->blockSizeInBits / 8; // bytes per block - - // if primitive string or String instance - if (is_string($plaintext)) { - $plaintext = $this->enano_str_split($plaintext); - // Unicode issues here (ignoring high byte) - for ($i=0; $icharCodeAt($plaintext[$i], 0) & 0xFF; - } - - for ($i = $bpb - (sizeof($plaintext) % $bpb); $i > 0 && $i < $bpb; $i--) - $plaintext[] = 0; - - return $plaintext; - } - - // Returns an array containing "howMany" random bytes. YOU SHOULD CHANGE THIS - // TO RETURN HIGHER QUALITY RANDOM BYTES IF YOU ARE USING THIS FOR A "REAL" - // APPLICATION. (edit: done, mt_rand() is relatively secure) - - function getRandomBytes($howMany) { - $bytes = Array(); - for ($i=0; $i<$howMany; $i++) - $bytes[$i] = mt_rand(0, 255); - return $bytes; - } - - // rijndaelEncrypt(plaintext, key, mode) - // Encrypts the plaintext using the given key and in the given mode. - // The parameter "plaintext" can either be a string or an array of bytes. - // The parameter "key" must be an array of key bytes. If you have a hex - // string representing the key, invoke hexToByteArray() on it to convert it - // to an array of bytes. The third parameter "mode" is a string indicating - // the encryption mode to use, either "ECB" or "CBC". If the parameter is - // omitted, ECB is assumed. - // - // An array of bytes representing the cihpertext is returned. To convert - // this array to hex, invoke byteArrayToHex() on it. If you are using this - // "for real" it is a good idea to change the function getRandomBytes() to - // something that returns truly random bits. - - function rijndaelEncrypt($plaintext, $key, $mode = 'ECB') { - //global $this->blockSizeInBits, $this->keySizeInBits; - $bpb = $this->blockSizeInBits / 8; // bytes per block - // var ct; // ciphertext - - if($mode == 'CBC') - { - if (!is_string($plaintext) || !is_array($key)) - { - $this->trigger_error('In CBC mode the first and second parameters should be strings', E_USER_WARNING); - return false; - } - } else { - if (!is_array($plaintext) || !is_array($key)) - { - $this->trigger_error('In ECB mode the first and second parameters should be byte arrays', E_USER_WARNING); - return false; - } - } - if (sizeof($key)*8 != $this->keySizeInBits) - { - $this->trigger_error('The key needs to be '. ( $this->keySizeInBits / 8 ) .' bytes in length', E_USER_WARNING); - return false; - } - if ($mode == "CBC") - $ct = $this->getRandomBytes($bpb); // get IV - else { - $mode = "ECB"; - $ct = Array(); - } - - // convert plaintext to byte array and pad with zeros if necessary. - $plaintext = $this->formatPlaintext($plaintext); - - $expandedKey = $this->keyExpansion($key); - - for ($block=0; $blockarray_slice_js_compat($plaintext, $block*$bpb, ($block+1)*$bpb); - if ($mode == "CBC") - { - for ($i=0; $i<$bpb; $i++) - { - $aBlock[$i] ^= $ct[$block*$bpb + $i]; - } - } - $cp = $this->cryptBlock($aBlock, $expandedKey); - $ct = $this->concat($ct, $cp); - } - - return $ct; - } - - // rijndaelDecrypt(ciphertext, key, mode) - // Decrypts the using the given key and mode. The parameter "ciphertext" - // must be an array of bytes. The parameter "key" must be an array of key - // bytes. If you have a hex string representing the ciphertext or key, - // invoke hexToByteArray() on it to convert it to an array of bytes. The - // parameter "mode" is a string, either "CBC" or "ECB". - // - // An array of bytes representing the plaintext is returned. To convert - // this array to a hex string, invoke byteArrayToHex() on it. To convert it - // to a string of characters, you can use byteArrayToString(). - - function rijndaelDecrypt($ciphertext, $key, $mode = 'ECB') { - //global $this->blockSizeInBits, $this->keySizeInBits; - $bpb = $this->blockSizeInBits / 8; // bytes per block - $pt = Array(); // plaintext array - // $aBlock; // a decrypted block - // $block; // current block number - - if (!$ciphertext) - { - $this->trigger_error('$ciphertext should be a byte array', E_USER_WARNING); - return false; - } - if( !is_array($key) ) - { - $this->trigger_error('$key should be a byte array', E_USER_WARNING); - return false; - } - if( is_string($ciphertext) ) - { - $this->trigger_error('$ciphertext should be a byte array', E_USER_WARNING); - return false; - } - if (sizeof($key)*8 != $this->keySizeInBits) - { - $this->trigger_error('Encryption key is the wrong length', E_USER_WARNING); - return false; - } - if (!$mode) - $mode = "ECB"; // assume ECB if mode omitted - - $expandedKey = $this->keyExpansion($key); - - // work backwards to accomodate CBC mode - for ($block=(sizeof($ciphertext) / $bpb)-1; $block>0; $block--) - { - if( ( $block*$bpb ) + ( ($block+1)*$bpb ) > count($ciphertext) ) - { - //$this->trigger_error('$ciphertext index out of bounds', E_USER_ERROR); - } - $current_block = $this->array_slice_js_compat($ciphertext, $block*$bpb, ($block+1)*$bpb); - if(count($current_block) * 8 != $this->blockSizeInBits) - { - // $c=count($current_block)*8; - // $this->trigger_error('We got a '.$c.'-bit block, instead of '.$this->blockSizeInBits.'', E_USER_ERROR); - } - $aBlock = $this->uncryptBlock($current_block, $expandedKey); - if(!$aBlock) - { - $this->trigger_error('Shared block decryption routine returned false', E_USER_WARNING); - return false; - } - if ($mode == "CBC") - for ($i=0; $i<$bpb; $i++) - $pt[($block-1)*$bpb + $i] = $aBlock[$i] ^ $ciphertext[($block-1)*$bpb + $i]; - else - $pt = $this->concat($aBlock, $pt); - } - - // do last block if ECB (skips the IV in CBC) - if ($mode == "ECB") - { - $x = $this->uncryptBlock($this->array_slice_js_compat($ciphertext, 0, $bpb), $expandedKey); - if(!$x) - { - $this->trigger_error('ECB block decryption routine returned false', E_USER_WARNING); - return false; - } - $pt = $this->concat($x, $pt); - if(!$pt) - { - $this->trigger_error('ECB concatenation routine returned false', E_USER_WARNING); - return false; - } - } - - return $pt; - } - - /** - * Wrapper for encryption. - * @param string $text the text to encrypt - * @param string $key the raw binary key to encrypt with - * @param int $return_encoding optional - can be ENC_BINARY, ENC_HEX or ENC_BASE64 - */ - - function encrypt($text, $key, $return_encoding = ENC_HEX) - { - if ( $text == '' ) - return ''; - if ( $this->mcrypt && $this->blockSizeInBits == mcrypt_module_get_algo_block_size(eval('return MCRYPT_RIJNDAEL_'.$this->keySizeInBits.';')) ) - { - $iv_size = mcrypt_get_iv_size($this->mcrypt, MCRYPT_MODE_ECB); - $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); - $cryptext = mcrypt_encrypt($this->mcrypt, $key, $text, MCRYPT_MODE_ECB, $iv); - switch($return_encoding) - { - case ENC_HEX: - default: - $cryptext = $this->strtohex($cryptext); - break; - case ENC_BINARY: - $cryptext = $cryptext; - break; - case ENC_BASE64: - $cryptext = base64_encode($cryptext); - break; - } - } - else - { - $key = $this->prepare_string($key); - $text = $this->prepare_string($text); - profiler_log('AES: Started encryption of a string'); - $cryptext = $this->rijndaelEncrypt($text, $key, 'ECB'); - profiler_log('AES: Finished encryption of a string'); - if(!is_array($cryptext)) - { - echo 'Warning: encryption failed for string: '.print_r($text,true).'
'; - return false; - } - switch($return_encoding) - { - case ENC_HEX: - default: - $cryptext = $this->byteArrayToHex($cryptext); - break; - case ENC_BINARY: - $cryptext = $this->byteArrayToString($cryptext); - break; - case ENC_BASE64: - $cryptext = base64_encode($this->byteArrayToString($cryptext)); - break; - } - } - return $cryptext; - } - - /** - * Wrapper for decryption. - * @param string $text the encrypted text - * @param string $key the raw binary key used to encrypt the text - * @param int $input_encoding the encoding used for the encrypted string. Can be ENC_BINARY, ENC_HEX, or ENC_BASE64. - * @return string - */ - - function decrypt($text, $key, $input_encoding = ENC_HEX) - { - if ( $text == '' ) - return ''; - - switch($input_encoding) - { - case ENC_BINARY: - default: - break; - case ENC_HEX: - $text = $this->hextostring($text); - break; - case ENC_BASE64: - $text = base64_decode($text); - break; - } - - // Run memory-cache check - if ( isset($this->decrypt_cache[$key]) && is_array($this->decrypt_cache[$key]) ) - { - if ( isset($this->decrypt_cache[$key][$text]) ) - { - return $this->decrypt_cache[$key][$text]; - } - } - - // Run disk-cache check - $hash = sha1($text . '::' . $key); - if ( $dypt = aes_decrypt_cache_fetch($hash) ) - return $dypt; - - $text_bin = $text; - $key_bin = $key; - - if ( $this->mcrypt ) - { - $iv_size = mcrypt_get_iv_size($this->mcrypt, MCRYPT_MODE_ECB); - $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); - $dypt = mcrypt_decrypt($this->mcrypt, $key, $text, MCRYPT_MODE_ECB, $iv); - } - else - { - $etext = $this->prepare_string($text); - $ekey = $this->prepare_string($key); - $mod = count($etext) % $this->blockSizeInBits; - profiler_log('AES: Started decryption of a string'); - $dypt = $this->rijndaelDecrypt($etext, $ekey, 'ECB'); - profiler_log('AES: Finished decryption of a string'); - if(!$dypt) - { - echo '
'.print_r($dypt, true).'
'; - $this->trigger_error('Rijndael main decryption routine failed', E_USER_ERROR); - } - $dypt = $this->byteArrayToString($dypt); - } - if ( !isset($this->decrypt_cache[$key_bin]) ) - $this->decrypt_cache[$key_bin] = array(); - - $this->decrypt_cache[$key_bin][$text_bin] = $dypt; - - aes_decrypt_cache_store($text_bin, $dypt, $key_bin); - - return $dypt; - } - - /** - * Enano-ese equivalent of str_split() which is only found in PHP5 - * @param $text string the text to split - * @param $inc int size of each block - * @return array - */ - - function enano_str_split($text, $inc = 1) - { - if($inc < 1) return false; - if($inc >= strlen($text)) return Array($text); - $len = ceil(strlen($text) / $inc); - $ret = Array(); - for($i=0;$itrigger_error('First parameter should be an array', E_USER_WARNING); - return false; - } - $ret = ''; - foreach($arr as $a) - { - if($a != 0) $ret .= chr($a); - } - return $ret; - } - */ - - function strtohex($str) - { - $str = $this->enano_str_split($str); - $ret = ''; - foreach($str as $s) - { - $chr = dechex(ord($s)); - if(strlen($chr) < 2) $chr = '0' . $chr; - $ret .= $chr; - } - return $ret; - } - - function gen_readymade_key() - { - $key = $this->strtohex($this->randkey($this->keySizeInBits / 8)); - return $key; - } - - function prepare_string($text) - { - $ret = $this->hexToByteArray($this->strtohex($text)); - if(count($ret) != strlen($text)) - { - die('Could not convert string "' . $text . '" to hex byte array for encryption'); - } - return $ret; - } - - /** - * Decodes a hex string. - * @param string $hex The hex code to decode - * @return string - */ - - function hextostring($hex) - { - $hex = $this->enano_str_split($hex, 2); - $bin_key = ''; - foreach($hex as $nibble) - { - $byte = chr(hexdec($nibble)); - $bin_key .= $byte; - } - return $bin_key; - } -} - -function aes_decrypt_cache_store($encrypted, $decrypted, $key) -{ - $cache_file = ENANO_ROOT . '/cache/aes_decrypt.php'; - // only cache if $decrypted is long enough to actually warrant caching - if ( strlen($decrypted) < 32 ) - { - profiler_log("AES: Skipped caching a string (probably a password, we dunno) because it's too short"); - return false; - } - if ( file_exists($cache_file) ) - { - require_once($cache_file); - global $aes_decrypt_cache; - $cachekey = sha1($encrypted . '::' . $key); - $aes_decrypt_cache[$cachekey] = $decrypted; - - if ( count($aes_decrypt_cache) > 5000 ) - { - // we've got a lot of strings in the cache, clear out a few - $keys = array_keys($aes_decrypt_cache); - for ( $i = 0; $i < 2500; $i++ ) - { - unset($aes_decrypt_cache[$keys[$i]]); - unset($aes_decrypt_cache[$keys[$i]]); - } - } - } - else - { - $aes_decrypt_cache = array( - sha1($encrypted . '::' . $key) => $decrypted - ); - } - // call var_export and collect contents - ob_start(); - var_export($aes_decrypt_cache); - $dec_cache_string = ob_get_contents(); - ob_end_clean(); - $f = @fopen($cache_file, 'w'); - if ( !$f ) - return false; - fwrite($f, " + + * Ported to PHP by Dan Fuhry + * @package phijndael + * @author Fritz Schneider + * @author Dan Fuhry + * @license BSD-style license + */ + +define ('ENC_BASE64', 202); +define ('ENC_BINARY', 203); + +$_aes_objcache = array(); + +class AESCrypt { + + var $debug = false; + var $mcrypt = false; + var $decrypt_cache = array(); + + // Rijndael parameters -- Valid values are 128, 192, or 256 + + var $keySizeInBits = 128; + var $blockSizeInBits = 128; + + /////// You shouldn't have to modify anything below this line except for + /////// the function getRandomBytes(). + // + // Note: in the following code the two dimensional arrays are indexed as + // you would probably expect, as array[row][column]. The state arrays + // are 2d arrays of the form state[4][Nb]. + + + // The number of rounds for the cipher, indexed by [Nk][Nb] + var $roundsArray = Array(0,0,0,0,Array(0,0,0,0,10,0, 12,0, 14),0, + Array(0,0,0,0,12,0, 12,0, 14),0, + Array(0,0,0,0,14,0, 14,0, 14) ); + + // The number of bytes to shift by in shiftRow, indexed by [Nb][row] + var $shiftOffsets = Array(0,0,0,0,Array(0,1, 2, 3),0,Array(0,1, 2, 3),0,Array(0,1, 3, 4) ); + + // The round constants used in subkey expansion + var $Rcon = Array( + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, + 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, + 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, + 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, + 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 ); + + // Precomputed lookup table for the SBox + var $SBox = Array( + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, + 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, + 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, + 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, + 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, + 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, + 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, + 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, + 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, + 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, + 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, + 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, + 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, + 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, + 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, + 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, + 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, + 22 ); + + // Precomputed lookup table for the inverse SBox + var $SBoxInverse = Array( + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, + 251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, + 233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, + 250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, + 109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, + 204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, + 70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247, + 228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2, + 193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220, + 234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173, + 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29, + 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75, + 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168, + 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81, + 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, + 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, + 125 ); + + function __construct($ks = 128, $bs = 128, $debug = false) + { + $this->keySizeInBits = $ks; + $this->blockSizeInBits = $bs; + + // Use the Mcrypt library? This speeds things up dramatically. + if(defined('MCRYPT_RIJNDAEL_' . $ks) && defined('MCRYPT_ACCEL')) + { + eval('$mcb = MCRYPT_RIJNDAEL_' . $ks.';'); + $bks = mcrypt_module_get_algo_block_size($mcb); + $bks = $bks * 8; + if ( $bks != $bs ) + { + $mcb = false; + echo (string)$bks; + } + } + else + { + $mcb = false; + } + + $this->mcrypt = $mcb; + + // Cipher parameters ... do not change these + $this->Nk = $this->keySizeInBits / 32; + $this->Nb = $this->blockSizeInBits / 32; + $this->Nr = $this->roundsArray[$this->Nk][$this->Nb]; + $this->debug = $debug; + } + + public static function singleton($key_size, $block_size) + { + static $_aes_objcache; + if ( isset($_aes_objcache["$key_size,$block_size"]) ) + { + return $_aes_objcache["$key_size,$block_size"]; + } + + $_aes_objcache["$key_size,$block_size"] = new AESCrypt($key_size, $block_size); + return $_aes_objcache["$key_size,$block_size"]; + } + + // Error handler + + function trigger_error($text, $level = E_USER_NOTICE) + { + $bt = debug_backtrace(); + $lastfunc =& $bt[1]; + switch($level) + { + case E_USER_NOTICE: + default: + $desc = 'Notice'; + break; + case E_USER_WARNING: + $desc = 'Warning'; + break; + case E_USER_ERROR: + $desc = 'Fatal'; + break; + } + ob_start(); + if($this->debug || $level == E_USER_ERROR) echo "AES encryption: {$desc}: $text in {$lastfunc['file']} on line {$lastfunc['line']} in function {$lastfunc['function']}
"; + if($this->debug) + { + //echo '
'.enano_debug_print_backtrace(true).'
'; + } + ob_end_flush(); + if($level == E_USER_ERROR) + { + echo '

This can sometimes happen if you are upgrading Enano to a new version and did not log out first. Click here to force cookies to clear and try again. You will be logged out.

'; + exit; + } + } + + function array_slice_js_compat($array, $start, $finish = 0) + { + $len = $finish - $start; + if($len < 0) $len = 0 - $len; + //if($this->debug) echo (string)$len . ' '; + //if(count($array) < $start + $len) + // $this->trigger_error('Index out of range', E_USER_WARNING); + return array_slice($array, $start, $len); + } + + function concat($s1, $s2) + { + if(is_array($s1) && is_array($s2)) + return array_merge($s1, $s2); + elseif( ( is_array($s1) && !is_array($s2) ) || ( !is_array($s1) && is_array($s2) ) ) + { + $this->trigger_error('incompatible types - you can\'t combine a non-array with an array', E_USER_WARNING); + return false; + } + else + return $s1 . $s2; + } + + // This method circularly shifts the array left by the number of elements + // given in its parameter. It returns the resulting array and is used for + // the ShiftRow step. Note that shift() and push() could be used for a more + // elegant solution, but they require IE5.5+, so I chose to do it manually. + + function cyclicShiftLeft($theArray, $positions) { + if(!is_int($positions)) + { + $this->trigger_error('$positions is not an integer! Backtrace:
'.print_r(debug_backtrace(), true).'
', E_USER_WARNING); + return false; + } + $second = array_slice($theArray, 0, $positions); + $first = array_slice($theArray, $positions); + $theArray = array_merge($first, $second); + return $theArray; + } + + // Multiplies the element "poly" of GF(2^8) by x. See the Rijndael spec. + + function xtime($poly) { + $poly <<= 1; + return (($poly & 0x100) ? ($poly ^ 0x11B) : ($poly)); + } + + // Multiplies the two elements of GF(2^8) together and returns the result. + // See the Rijndael spec, but should be straightforward: for each power of + // the indeterminant that has a 1 coefficient in x, add y times that power + // to the result. x and y should be bytes representing elements of GF(2^8) + + function mult_GF256($x, $y) { + $result = 0; + + for ($bit = 1; $bit < 256; $bit *= 2, $y = $this->xtime($y)) { + if ($x & $bit) + $result ^= $y; + } + return $result; + } + + // Performs the substitution step of the cipher. State is the 2d array of + // state information (see spec) and direction is string indicating whether + // we are performing the forward substitution ("encrypt") or inverse + // substitution (anything else) + + function byteSub(&$state, $direction) { + //global $this->SBox, $this->SBoxInverse, $this->Nb; + if ($direction == "encrypt") // Point S to the SBox we're using + $S =& $this->SBox; + else + $S =& $this->SBoxInverse; + for ($i = 0; $i < 4; $i++) // Substitute for every byte in state + for ($j = 0; $j < $this->Nb; $j++) + $state[$i][$j] = $S[$state[$i][$j]]; + } + + // Performs the row shifting step of the cipher. + + function shiftRow(&$state, $direction) { + //global $this->Nb, $this->shiftOffsets; + for ($i=1; $i<4; $i++) // Row 0 never shifts + if ($direction == "encrypt") + $state[$i] = $this->cyclicShiftLeft($state[$i], $this->shiftOffsets[$this->Nb][$i]); + else + $state[$i] = $this->cyclicShiftLeft($state[$i], $this->Nb - $this->shiftOffsets[$this->Nb][$i]); + + } + + // Performs the column mixing step of the cipher. Most of these steps can + // be combined into table lookups on 32bit values (at least for encryption) + // to greatly increase the speed. + + function mixColumn(&$state, $direction) { + //global $this->Nb; + $b = Array(); // Result of matrix multiplications + for ($j = 0; $j < $this->Nb; $j++) { // Go through each column... + for ($i = 0; $i < 4; $i++) { // and for each row in the column... + if ($direction == "encrypt") + $b[$i] = $this->mult_GF256($state[$i][$j], 2) ^ // perform mixing + $this->mult_GF256($state[($i+1)%4][$j], 3) ^ + $state[($i+2)%4][$j] ^ + $state[($i+3)%4][$j]; + else + $b[$i] = $this->mult_GF256($state[$i][$j], 0xE) ^ + $this->mult_GF256($state[($i+1)%4][$j], 0xB) ^ + $this->mult_GF256($state[($i+2)%4][$j], 0xD) ^ + $this->mult_GF256($state[($i+3)%4][$j], 9); + } + for ($i = 0; $i < 4; $i++) // Place result back into column + $state[$i][$j] = $b[$i]; + } + } + + // Adds the current round key to the state information. Straightforward. + + function addRoundKey(&$state, $roundKey) { + //global $this->Nb; + for ($j = 0; $j < $this->Nb; $j++) { // Step through columns... + $state[0][$j] ^= ( $roundKey[$j] & 0xFF); // and XOR + $state[1][$j] ^= (($roundKey[$j]>>8) & 0xFF); + $state[2][$j] ^= (($roundKey[$j]>>16) & 0xFF); + $state[3][$j] ^= (($roundKey[$j]>>24) & 0xFF); + } + } + + // This function creates the expanded key from the input (128/192/256-bit) + // key. The parameter key is an array of bytes holding the value of the key. + // The returned value is an array whose elements are the 32-bit words that + // make up the expanded key. + + function keyExpansion($key) { + //global $this->keySizeInBits, $this->blockSizeInBits, $this->roundsArray, $this->Nk, $this->Nb, $this->Nr, $this->Nk, $this->SBox, $this->Rcon; + $expandedKey = Array(); + + // in case the key size or parameters were changed... + $this->Nk = $this->keySizeInBits / 32; + $this->Nb = $this->blockSizeInBits / 32; + $this->Nr = $this->roundsArray[$this->Nk][$this->Nb]; + + for ($j=0; $j < $this->Nk; $j++) // Fill in input key first + $expandedKey[$j] = + ($key[4*$j]) | ($key[4*$j+1]<<8) | ($key[4*$j+2]<<16) | ($key[4*$j+3]<<24); + + // Now walk down the rest of the array filling in expanded key bytes as + // per Rijndael's spec + for ($j = $this->Nk; $j < $this->Nb * ($this->Nr + 1); $j++) { // For each word of expanded key + $temp = $expandedKey[$j - 1]; + if ($j % $this->Nk == 0) + $temp = ( ($this->SBox[($temp>>8) & 0xFF]) | + ($this->SBox[($temp>>16) & 0xFF]<<8) | + ($this->SBox[($temp>>24) & 0xFF]<<16) | + ($this->SBox[$temp & 0xFF]<<24) ) ^ $this->Rcon[floor($j / $this->Nk) - 1]; + elseif ($this->Nk > 6 && $j % $this->Nk == 4) + $temp = ($this->SBox[($temp>>24) & 0xFF]<<24) | + ($this->SBox[($temp>>16) & 0xFF]<<16) | + ($this->SBox[($temp>>8) & 0xFF]<<8) | + ($this->SBox[ $temp & 0xFF]); + $expandedKey[$j] = $expandedKey[$j-$this->Nk] ^ $temp; + } + return $expandedKey; + } + + // Rijndael's round functions... + + function RijndaelRound(&$state, $roundKey) { + $this->byteSub($state, "encrypt"); + $this->shiftRow($state, "encrypt"); + $this->mixColumn($state, "encrypt"); + $this->addRoundKey($state, $roundKey); + } + + function InverseRijndaelRound(&$state, $roundKey) { + $this->addRoundKey($state, $roundKey); + $this->mixColumn($state, "decrypt"); + $this->shiftRow($state, "decrypt"); + $this->byteSub($state, "decrypt"); + } + + function FinalRijndaelRound(&$state, $roundKey) { + $this->byteSub($state, "encrypt"); + $this->shiftRow($state, "encrypt"); + $this->addRoundKey($state, $roundKey); + } + + function InverseFinalRijndaelRound(&$state, $roundKey){ + $this->addRoundKey($state, $roundKey); + $this->shiftRow($state, "decrypt"); + $this->byteSub($state, "decrypt"); + } + + // encrypt is the basic encryption function. It takes parameters + // block, an array of bytes representing a plaintext block, and expandedKey, + // an array of words representing the expanded key previously returned by + // keyExpansion(). The ciphertext block is returned as an array of bytes. + + function cryptBlock($block, $expandedKey) { + //global $this->blockSizeInBits, $this->Nb, $this->Nr; + $t=count($block)*8; + if (!is_array($block) || count($block)*8 != $this->blockSizeInBits) + { + $this->trigger_error('block is bad or block size is wrong
'.print_r($block, true).'

Aiming for size '.$this->blockSizeInBits.', got '.$t.'.', E_USER_WARNING); + return false; + } + if (!$expandedKey) + return; + + $block = $this->packBytes($block); + $this->addRoundKey($block, $expandedKey); + for ($i=1; $i<$this->Nr; $i++) + $this->RijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$i, $this->Nb*($i+1))); + $this->FinalRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$this->Nr)); + $ret = $this->unpackBytes($block); + return $ret; + } + + // decrypt is the basic decryption function. It takes parameters + // block, an array of bytes representing a ciphertext block, and expandedKey, + // an array of words representing the expanded key previously returned by + // keyExpansion(). The decrypted block is returned as an array of bytes. + + function unCryptBlock($block, $expandedKey) { + $t = count($block)*8; + if (!is_array($block) || count($block)*8 != $this->blockSizeInBits) + { + $this->trigger_error('$block is not a valid rijndael-block array: '.$this->byteArrayToHex($block).'

'.print_r($block, true).'

Block size is '.$t.', should be '.$this->blockSizeInBits.'

', E_USER_WARNING); + return false; + } + if (!$expandedKey) + { + $this->trigger_error('$expandedKey is invalid', E_USER_WARNING); + return false; + } + + $block = $this->packBytes($block); + $this->InverseFinalRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$this->Nr)); + for ($i = $this->Nr - 1; $i>0; $i--) + { + $this->InverseRijndaelRound($block, $this->array_slice_js_compat($expandedKey, $this->Nb*$i, $this->Nb*($i+1))); + } + $this->addRoundKey($block, $expandedKey); + $ret = $this->unpackBytes($block); + if(!is_array($ret)) + { + $this->trigger_error('$ret is not an array', E_USER_WARNING); + } + return $ret; + } + + // This method takes a byte array (byteArray) and converts it to a string by + // applying String.fromCharCode() to each value and concatenating the result. + // The resulting string is returned. Note that this function SKIPS zero bytes + // under the assumption that they are padding added in formatPlaintext(). + // Obviously, do not invoke this method on raw data that can contain zero + // bytes. It is really only appropriate for printable ASCII/Latin-1 + // values. Roll your own function for more robust functionality :) + + function byteArrayToString($byteArray) { + $result = ""; + for($i=0; $i "10ff". The function returns a + // string. + + /* + function byteArrayToHex($byteArray) { + $result = ""; + if (!$byteArray) + return; + for ($i=0; $i [16, 255]. This + // function returns an array. + + /* + function hexToByteArray($hexString) { + $byteArray = Array(); + if (strlen($hexString) % 2) // must have even length + return; + if (strstr($hexString, "0x") == $hexString || strstr($hexString, "0X") == $hexString) + $hexString = substr($hexString, 2); + for ($i = 0; $ienano_str_split($str, 2); + foreach($str as $s) + { + $arr[] = intval(hexdec($s)); + } + return $arr; + } + + // This function packs an array of bytes into the four row form defined by + // Rijndael. It assumes the length of the array of bytes is divisible by + // four. Bytes are filled in according to the Rijndael spec (starting with + // column 0, row 0 to 3). This function returns a 2d array. + + function packBytes($octets) { + $state = Array(); + if (!$octets || count($octets) % 4) + return; + + $state[0] = Array(); $state[1] = Array(); + $state[2] = Array(); $state[3] = Array(); + for ($j=0; $jblockSizeInBits; + $bpb = $this->blockSizeInBits / 8; // bytes per block + + // if primitive string or String instance + if (is_string($plaintext)) { + $plaintext = $this->enano_str_split($plaintext); + // Unicode issues here (ignoring high byte) + for ($i=0; $icharCodeAt($plaintext[$i], 0) & 0xFF; + } + + for ($i = $bpb - (sizeof($plaintext) % $bpb); $i > 0 && $i < $bpb; $i--) + $plaintext[] = 0; + + return $plaintext; + } + + // Returns an array containing "howMany" random bytes. YOU SHOULD CHANGE THIS + // TO RETURN HIGHER QUALITY RANDOM BYTES IF YOU ARE USING THIS FOR A "REAL" + // APPLICATION. (edit: done, mt_rand() is relatively secure) + + function getRandomBytes($howMany) { + $bytes = Array(); + for ($i=0; $i<$howMany; $i++) + $bytes[$i] = mt_rand(0, 255); + return $bytes; + } + + // rijndaelEncrypt(plaintext, key, mode) + // Encrypts the plaintext using the given key and in the given mode. + // The parameter "plaintext" can either be a string or an array of bytes. + // The parameter "key" must be an array of key bytes. If you have a hex + // string representing the key, invoke hexToByteArray() on it to convert it + // to an array of bytes. The third parameter "mode" is a string indicating + // the encryption mode to use, either "ECB" or "CBC". If the parameter is + // omitted, ECB is assumed. + // + // An array of bytes representing the cihpertext is returned. To convert + // this array to hex, invoke byteArrayToHex() on it. If you are using this + // "for real" it is a good idea to change the function getRandomBytes() to + // something that returns truly random bits. + + function rijndaelEncrypt($plaintext, $key, $mode = 'ECB') { + //global $this->blockSizeInBits, $this->keySizeInBits; + $bpb = $this->blockSizeInBits / 8; // bytes per block + // var ct; // ciphertext + + if($mode == 'CBC') + { + if (!is_string($plaintext) || !is_array($key)) + { + $this->trigger_error('In CBC mode the first and second parameters should be strings', E_USER_WARNING); + return false; + } + } else { + if (!is_array($plaintext) || !is_array($key)) + { + $this->trigger_error('In ECB mode the first and second parameters should be byte arrays', E_USER_WARNING); + return false; + } + } + if (sizeof($key)*8 != $this->keySizeInBits) + { + $this->trigger_error('The key needs to be '. ( $this->keySizeInBits / 8 ) .' bytes in length', E_USER_WARNING); + return false; + } + if ($mode == "CBC") + $ct = $this->getRandomBytes($bpb); // get IV + else { + $mode = "ECB"; + $ct = Array(); + } + + // convert plaintext to byte array and pad with zeros if necessary. + $plaintext = $this->formatPlaintext($plaintext); + + $expandedKey = $this->keyExpansion($key); + + for ($block=0; $blockarray_slice_js_compat($plaintext, $block*$bpb, ($block+1)*$bpb); + if ($mode == "CBC") + { + for ($i=0; $i<$bpb; $i++) + { + $aBlock[$i] ^= $ct[$block*$bpb + $i]; + } + } + $cp = $this->cryptBlock($aBlock, $expandedKey); + $ct = $this->concat($ct, $cp); + } + + return $ct; + } + + // rijndaelDecrypt(ciphertext, key, mode) + // Decrypts the using the given key and mode. The parameter "ciphertext" + // must be an array of bytes. The parameter "key" must be an array of key + // bytes. If you have a hex string representing the ciphertext or key, + // invoke hexToByteArray() on it to convert it to an array of bytes. The + // parameter "mode" is a string, either "CBC" or "ECB". + // + // An array of bytes representing the plaintext is returned. To convert + // this array to a hex string, invoke byteArrayToHex() on it. To convert it + // to a string of characters, you can use byteArrayToString(). + + function rijndaelDecrypt($ciphertext, $key, $mode = 'ECB') { + //global $this->blockSizeInBits, $this->keySizeInBits; + $bpb = $this->blockSizeInBits / 8; // bytes per block + $pt = Array(); // plaintext array + // $aBlock; // a decrypted block + // $block; // current block number + + if (!$ciphertext) + { + $this->trigger_error('$ciphertext should be a byte array', E_USER_WARNING); + return false; + } + if( !is_array($key) ) + { + $this->trigger_error('$key should be a byte array', E_USER_WARNING); + return false; + } + if( is_string($ciphertext) ) + { + $this->trigger_error('$ciphertext should be a byte array', E_USER_WARNING); + return false; + } + if (sizeof($key)*8 != $this->keySizeInBits) + { + $this->trigger_error('Encryption key is the wrong length', E_USER_WARNING); + return false; + } + if (!$mode) + $mode = "ECB"; // assume ECB if mode omitted + + $expandedKey = $this->keyExpansion($key); + + // work backwards to accomodate CBC mode + for ($block=(sizeof($ciphertext) / $bpb)-1; $block>0; $block--) + { + if( ( $block*$bpb ) + ( ($block+1)*$bpb ) > count($ciphertext) ) + { + //$this->trigger_error('$ciphertext index out of bounds', E_USER_ERROR); + } + $current_block = $this->array_slice_js_compat($ciphertext, $block*$bpb, ($block+1)*$bpb); + if(count($current_block) * 8 != $this->blockSizeInBits) + { + // $c=count($current_block)*8; + // $this->trigger_error('We got a '.$c.'-bit block, instead of '.$this->blockSizeInBits.'', E_USER_ERROR); + } + $aBlock = $this->uncryptBlock($current_block, $expandedKey); + if(!$aBlock) + { + $this->trigger_error('Shared block decryption routine returned false', E_USER_WARNING); + return false; + } + if ($mode == "CBC") + for ($i=0; $i<$bpb; $i++) + $pt[($block-1)*$bpb + $i] = $aBlock[$i] ^ $ciphertext[($block-1)*$bpb + $i]; + else + $pt = $this->concat($aBlock, $pt); + } + + // do last block if ECB (skips the IV in CBC) + if ($mode == "ECB") + { + $x = $this->uncryptBlock($this->array_slice_js_compat($ciphertext, 0, $bpb), $expandedKey); + if(!$x) + { + $this->trigger_error('ECB block decryption routine returned false', E_USER_WARNING); + return false; + } + $pt = $this->concat($x, $pt); + if(!$pt) + { + $this->trigger_error('ECB concatenation routine returned false', E_USER_WARNING); + return false; + } + } + + return $pt; + } + + /** + * Wrapper for encryption. + * @param string $text the text to encrypt + * @param string $key the raw binary key to encrypt with + * @param int $return_encoding optional - can be ENC_BINARY, ENC_HEX or ENC_BASE64 + */ + + function encrypt($text, $key, $return_encoding = ENC_HEX) + { + if ( $text == '' ) + return ''; + if ( $this->mcrypt && $this->blockSizeInBits == mcrypt_module_get_algo_block_size(eval('return MCRYPT_RIJNDAEL_'.$this->keySizeInBits.';')) ) + { + $iv_size = mcrypt_get_iv_size($this->mcrypt, MCRYPT_MODE_ECB); + $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); + $cryptext = mcrypt_encrypt($this->mcrypt, $key, $text, MCRYPT_MODE_ECB, $iv); + switch($return_encoding) + { + case ENC_HEX: + default: + $cryptext = $this->strtohex($cryptext); + break; + case ENC_BINARY: + $cryptext = $cryptext; + break; + case ENC_BASE64: + $cryptext = base64_encode($cryptext); + break; + } + } + else + { + $key = $this->prepare_string($key); + $text = $this->prepare_string($text); + profiler_log('AES: Started encryption of a string'); + $cryptext = $this->rijndaelEncrypt($text, $key, 'ECB'); + profiler_log('AES: Finished encryption of a string'); + if(!is_array($cryptext)) + { + echo 'Warning: encryption failed for string: '.print_r($text,true).'
'; + return false; + } + switch($return_encoding) + { + case ENC_HEX: + default: + $cryptext = $this->byteArrayToHex($cryptext); + break; + case ENC_BINARY: + $cryptext = $this->byteArrayToString($cryptext); + break; + case ENC_BASE64: + $cryptext = base64_encode($this->byteArrayToString($cryptext)); + break; + } + } + return $cryptext; + } + + /** + * Wrapper for decryption. + * @param string $text the encrypted text + * @param string $key the raw binary key used to encrypt the text + * @param int $input_encoding the encoding used for the encrypted string. Can be ENC_BINARY, ENC_HEX, or ENC_BASE64. + * @return string + */ + + function decrypt($text, $key, $input_encoding = ENC_HEX) + { + if ( $text == '' ) + return ''; + + switch($input_encoding) + { + case ENC_BINARY: + default: + break; + case ENC_HEX: + $text = $this->hextostring($text); + break; + case ENC_BASE64: + $text = base64_decode($text); + break; + } + + // Run memory-cache check + if ( isset($this->decrypt_cache[$key]) && is_array($this->decrypt_cache[$key]) ) + { + if ( isset($this->decrypt_cache[$key][$text]) ) + { + return $this->decrypt_cache[$key][$text]; + } + } + + // Run disk-cache check + $hash = sha1($text . '::' . $key); + if ( $dypt = aes_decrypt_cache_fetch($hash) ) + return $dypt; + + $text_bin = $text; + $key_bin = $key; + + if ( $this->mcrypt ) + { + $iv_size = mcrypt_get_iv_size($this->mcrypt, MCRYPT_MODE_ECB); + $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); + $dypt = mcrypt_decrypt($this->mcrypt, $key, $text, MCRYPT_MODE_ECB, $iv); + } + else + { + $etext = $this->prepare_string($text); + $ekey = $this->prepare_string($key); + $mod = count($etext) % $this->blockSizeInBits; + profiler_log('AES: Started decryption of a string'); + $dypt = $this->rijndaelDecrypt($etext, $ekey, 'ECB'); + profiler_log('AES: Finished decryption of a string'); + if(!$dypt) + { + echo '
'.print_r($dypt, true).'
'; + $this->trigger_error('Rijndael main decryption routine failed', E_USER_ERROR); + } + $dypt = $this->byteArrayToString($dypt); + } + if ( !isset($this->decrypt_cache[$key_bin]) ) + $this->decrypt_cache[$key_bin] = array(); + + $this->decrypt_cache[$key_bin][$text_bin] = $dypt; + + aes_decrypt_cache_store($text_bin, $dypt, $key_bin); + + return $dypt; + } + + /** + * Enano-ese equivalent of str_split() which is only found in PHP5 + * @param $text string the text to split + * @param $inc int size of each block + * @return array + */ + + function enano_str_split($text, $inc = 1) + { + if($inc < 1) return false; + if($inc >= strlen($text)) return Array($text); + $len = ceil(strlen($text) / $inc); + $ret = Array(); + for($i=0;$itrigger_error('First parameter should be an array', E_USER_WARNING); + return false; + } + $ret = ''; + foreach($arr as $a) + { + if($a != 0) $ret .= chr($a); + } + return $ret; + } + */ + + function strtohex($str) + { + $str = $this->enano_str_split($str); + $ret = ''; + foreach($str as $s) + { + $chr = dechex(ord($s)); + if(strlen($chr) < 2) $chr = '0' . $chr; + $ret .= $chr; + } + return $ret; + } + + function gen_readymade_key() + { + $key = $this->strtohex($this->randkey($this->keySizeInBits / 8)); + return $key; + } + + function prepare_string($text) + { + $ret = $this->hexToByteArray($this->strtohex($text)); + if(count($ret) != strlen($text)) + { + die('Could not convert string "' . $text . '" to hex byte array for encryption'); + } + return $ret; + } + + /** + * Decodes a hex string. + * @param string $hex The hex code to decode + * @return string + */ + + function hextostring($hex) + { + $hex = $this->enano_str_split($hex, 2); + $bin_key = ''; + foreach($hex as $nibble) + { + $byte = chr(hexdec($nibble)); + $bin_key .= $byte; + } + return $bin_key; + } +} + +function aes_decrypt_cache_store($encrypted, $decrypted, $key) +{ + $cache_file = ENANO_ROOT . '/cache/aes_decrypt.php'; + // only cache if $decrypted is long enough to actually warrant caching + if ( strlen($decrypted) < 32 ) + { + profiler_log("AES: Skipped caching a string (probably a password, we dunno) because it's too short"); + return false; + } + if ( file_exists($cache_file) ) + { + require_once($cache_file); + global $aes_decrypt_cache; + $cachekey = sha1($encrypted . '::' . $key); + $aes_decrypt_cache[$cachekey] = $decrypted; + + if ( count($aes_decrypt_cache) > 5000 ) + { + // we've got a lot of strings in the cache, clear out a few + $keys = array_keys($aes_decrypt_cache); + for ( $i = 0; $i < 2500; $i++ ) + { + unset($aes_decrypt_cache[$keys[$i]]); + unset($aes_decrypt_cache[$keys[$i]]); + } + } + } + else + { + $aes_decrypt_cache = array( + sha1($encrypted . '::' . $key) => $decrypted + ); + } + // call var_export and collect contents + ob_start(); + var_export($aes_decrypt_cache); + $dec_cache_string = ob_get_contents(); + ob_end_clean(); + $f = @fopen($cache_file, 'w'); + if ( !$f ) + return false; + fwrite($f, "