Does not use mcrypt, even when available, for reasons that are explained below.
PHP versions 4 and 5
If {@link Crypt_Rijndael::setBlockLength() setBlockLength()} isn't called, it'll be assumed to be 128 bits. If
{@link Crypt_Rijndael::setKeyLength() setKeyLength()} isn't called, it'll be calculated from
{@link Crypt_Rijndael::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's
136-bits it'll be null-padded to 160-bits and 160 bits will be the key length until
{@link Crypt_Rijndael::setKey() setKey()} is called, again, at which point, it'll be recalculated.
Not all Rijndael implementations may support 160-bits or 224-bits as the block length / key length. mcrypt, for example,
does not. AES, itself, only supports block lengths of 128 and key lengths of 128, 192, and 256.
{@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=10 Rijndael-ammended.pdf#page=10} defines the
algorithm for block lengths of 192 and 256 but not for block lengths / key lengths of 160 and 224. Indeed, 160 and 224
are first defined as valid key / block lengths in
{@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=44 Rijndael-ammended.pdf#page=44}:
Extensions: Other block and Cipher Key lengths.
{@internal The variable names are the same as those in
{@link http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf#page=10 fips-197.pdf#page=10}.}}
Here's a short example of how to use this library:
setKey('abcdefghijklmnop');
$size = 10 * 1024;
$plaintext = '';
for ($i = 0; $i < $size; $i++) {
$plaintext.= 'a';
}
echo $rijndael->decrypt($rijndael->encrypt($plaintext));
?>
LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Constants
CRYPT_RIJNDAEL_MODE_CTR
= -1
Encrypt / decrypt using the Counter mode. Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.
CRYPT_RIJNDAEL_MODE_ECB
= 1
Encrypt / decrypt using the Electronic Code Book mode.
CRYPT_RIJNDAEL_MODE_CBC
= 2
Encrypt / decrypt using the Code Book Chaining mode.
Default Constructor. Determines whether or not the mcrypt extension should be used. $mode should only, at present, be
CRYPT_RIJNDAEL_MODE_ECB or CRYPT_RIJNDAEL_MODE_CBC. If not explictly set, CRYPT_RIJNDAEL_MODE_CBC will be used.
Generate CTR XOR encryption key Encrypt the output of this and XOR it against the ciphertext / plaintext to get the
plaintext / ciphertext in CTR mode.
Arguments
Name
Type
Description
Default
$length
Integer
$iv
String
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
see
access
public
_invSubWord(
$word,
)
:
n/a
Description
Performs inverse S-Box substitutions
Arguments
Name
Type
Description
Default
$word
n/a
Return value
Type
Description
n/a
n/a
Tags
Name
Description
access
private
_pad(
$text,
)
:
n/a
Description
Pads a string Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize.
$block_size - (strlen($text) % $block_size) bytes are added, each of which is equal to
chr($block_size - (strlen($text) % $block_size)
If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
and padding will, hence forth, be enabled.
Arguments
Name
Type
Description
Default
$text
n/a
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
private
_setup(
)
:
n/a
Description
Setup Rijndael Validates all the variables and calculates $Nr - the number of rounds that need to be performed - and $w - the key
key schedule.
Unpads a string. If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
and false will be returned.
Arguments
Name
Type
Description
Default
$text
n/a
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
private
decrypt(
String
$ciphertext,
)
:
n/a
Description
Decrypts a message. If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until
it is.
Arguments
Name
Type
Description
Default
$ciphertext
String
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
disableContinuousBuffer(
)
:
n/a
Description
Treat consecutive packets as if they are a discontinuous buffer. The default behavior.
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
disablePadding(
)
:
n/a
Description
Do not pad packets.
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
enableContinuousBuffer(
)
:
n/a
Description
Treat consecutive "packets" as if they are a continuous buffer. Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets
will yield different outputs:
echo $rijndael->encrypt(substr($plaintext, 0, 16));
echo $rijndael->encrypt(substr($plaintext, 16, 16));
echo $rijndael->encrypt($plaintext);
The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates
another, as demonstrated with the following:
$rijndael->encrypt(substr($plaintext, 0, 16));
echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16)));
echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16)));
With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different
outputs. The reason is due to the fact that the initialization vector's change after every encryption /
decryption round when the continuous buffer is enabled. When it's disabled, they remain constant.
Put another way, when the continuous buffer is enabled, the state of the Crypt_Rijndael() object changes after each
encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that
continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them),
however, they are also less intuitive and more likely to cause you problems.
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
enablePadding(
)
:
n/a
Description
Pad "packets". Rijndael works by encrypting between sixteen and thirty-two bytes at a time, provided that number is also a multiple
of four. If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to
pad the input so that it is of the proper length.
Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH,
where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping
away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is
transmitted separately)
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
encrypt(
String
$plaintext,
)
:
n/a
Description
Encrypts a message. $plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other Rjindael
implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's
necessary are discussed in the following
URL:
{@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that
length.
Arguments
Name
Type
Description
Default
$plaintext
String
Return value
Type
Description
n/a
n/a
Tags
Name
Description
see
access
public
setBlockLength(
Integer
$length,
)
:
n/a
Description
Sets the block length Valid block lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount.
Arguments
Name
Type
Description
Default
$length
Integer
Return value
Type
Description
n/a
n/a
Tags
Name
Description
access
public
setIV(
String
$iv,
)
:
n/a
Description
Sets the initialization vector. (optional) SetIV is not required when CRYPT_RIJNDAEL_MODE_ECB is being used. If not explictly set, it'll be assumed
to be all zero's.
Arguments
Name
Type
Description
Default
$iv
String
Return value
Type
Description
n/a
n/a
Tags
Name
Description
access
public
setKey(
String
$key,
)
:
n/a
Description
Sets the key. Keys can be of any length. Rijndael, itself, requires the use of a key that's between 128-bits and 256-bits long and
whose length is a multiple of 32. If the key is less than 256-bits and the key length isn't set, we round the length
up to the closest valid key length, padding $key with null bytes. If the key is more than 256-bits, we trim the
excess bits.
If the key is not explicitly set, it'll be assumed to be all null bytes.
Arguments
Name
Type
Description
Default
$key
String
Return value
Type
Description
n/a
n/a
Tags
Name
Description
access
public
setKeyLength(
Integer
$length,
)
:
n/a
Description
Sets the key length Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount.