Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

/**

[2] Fix | Delete

* Pure-PHP implementation of RC4.

[3] Fix | Delete

[4] Fix | Delete

* Uses mcrypt, if available, and an internal implementation, otherwise.

[5] Fix | Delete

[6] Fix | Delete

* PHP versions 4 and 5

[7] Fix | Delete

[8] Fix | Delete

* Useful resources are as follows:

[9] Fix | Delete

[10] Fix | Delete

* - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm}

[11] Fix | Delete

* - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4}

[12] Fix | Delete

[13] Fix | Delete

* RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not

[14] Fix | Delete

* ARCFOUR or ARC4 because RC4 is how it is referred to in the SSH1 specification.

[15] Fix | Delete

[16] Fix | Delete

* Here's a short example of how to use this library:

[17] Fix | Delete

* <code>

[18] Fix | Delete

* <?php

[19] Fix | Delete

* include 'Crypt/RC4.php';

[20] Fix | Delete

[21] Fix | Delete

* $rc4 = new Crypt_RC4();

[22] Fix | Delete

[23] Fix | Delete

* $rc4->setKey('abcdefgh');

[24] Fix | Delete

[25] Fix | Delete

* $size = 10 * 1024;

[26] Fix | Delete

* $plaintext = '';

[27] Fix | Delete

* for ($i = 0; $i < $size; $i++) {

[28] Fix | Delete

* $plaintext.= 'a';

[29] Fix | Delete

* }

[30] Fix | Delete

[31] Fix | Delete

* echo $rc4->decrypt($rc4->encrypt($plaintext));

[32] Fix | Delete

* ?>

[33] Fix | Delete

* </code>

[34] Fix | Delete

[35] Fix | Delete

* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy

[36] Fix | Delete

* of this software and associated documentation files (the "Software"), to deal

[37] Fix | Delete

* in the Software without restriction, including without limitation the rights

[38] Fix | Delete

* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

[39] Fix | Delete

* copies of the Software, and to permit persons to whom the Software is

[40] Fix | Delete

* furnished to do so, subject to the following conditions:

[41] Fix | Delete

[42] Fix | Delete

* The above copyright notice and this permission notice shall be included in

[43] Fix | Delete

* all copies or substantial portions of the Software.

[44] Fix | Delete

[45] Fix | Delete

* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

[46] Fix | Delete

* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

[47] Fix | Delete

* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

[48] Fix | Delete

* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

[49] Fix | Delete

* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

[50] Fix | Delete

* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

[51] Fix | Delete

* THE SOFTWARE.

[52] Fix | Delete

[53] Fix | Delete

* @category Crypt

[54] Fix | Delete

* @package Crypt_RC4

[55] Fix | Delete

* @author Jim Wigginton <terrafrost@php.net>

[56] Fix | Delete

* @copyright MMVII Jim Wigginton

[57] Fix | Delete

* @license http://www.opensource.org/licenses/mit-license.html MIT License

[58] Fix | Delete

* @link http://phpseclib.sourceforge.net

[59] Fix | Delete

[60] Fix | Delete

[61] Fix | Delete

/**

[62] Fix | Delete

* Include Crypt_Base

[63] Fix | Delete

[64] Fix | Delete

* Base cipher class

[65] Fix | Delete

[66] Fix | Delete

if (!class_exists('Crypt_Base')) {

[67] Fix | Delete

require_once dirname(__FILE__).'/Base.php';

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete

/**#@+

[71] Fix | Delete

* @access private

[72] Fix | Delete

* @see Crypt_RC4::Crypt_RC4()

[73] Fix | Delete

[74] Fix | Delete

/**

[75] Fix | Delete

* Toggles the internal implementation

[76] Fix | Delete

[77] Fix | Delete

define('CRYPT_RC4_MODE_INTERNAL', CRYPT_MODE_INTERNAL);

[78] Fix | Delete

/**

[79] Fix | Delete

* Toggles the mcrypt implementation

[80] Fix | Delete

[81] Fix | Delete

define('CRYPT_RC4_MODE_MCRYPT', CRYPT_MODE_MCRYPT);

[82] Fix | Delete

/**#@-*/

[83] Fix | Delete

[84] Fix | Delete

/**#@+

[85] Fix | Delete

* @access private

[86] Fix | Delete

* @see Crypt_RC4::_crypt()

[87] Fix | Delete

[88] Fix | Delete

define('CRYPT_RC4_ENCRYPT', 0);

[89] Fix | Delete

define('CRYPT_RC4_DECRYPT', 1);

[90] Fix | Delete

/**#@-*/

[91] Fix | Delete

[92] Fix | Delete

/**

[93] Fix | Delete

* Pure-PHP implementation of RC4.

[94] Fix | Delete

[95] Fix | Delete

* @package Crypt_RC4

[96] Fix | Delete

* @author Jim Wigginton <terrafrost@php.net>

[97] Fix | Delete

* @access public

[98] Fix | Delete

[99] Fix | Delete

class Crypt_RC4 extends Crypt_Base

[100] Fix | Delete

{

[101] Fix | Delete

/**

[102] Fix | Delete

* Block Length of the cipher

[103] Fix | Delete

[104] Fix | Delete

* RC4 is a stream cipher

[105] Fix | Delete

* so we the block_size to 0

[106] Fix | Delete

[107] Fix | Delete

* @see Crypt_Base::block_size

[108] Fix | Delete

* @var Integer

[109] Fix | Delete

* @access private

[110] Fix | Delete

[111] Fix | Delete

public $block_size = 0;

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* The default password key_size used by setPassword()

[115] Fix | Delete

[116] Fix | Delete

* @see Crypt_Base::password_key_size

[117] Fix | Delete

* @see Crypt_Base::setPassword()

[118] Fix | Delete

* @var Integer

[119] Fix | Delete

* @access private

[120] Fix | Delete

[121] Fix | Delete

public $password_key_size = 128; // = 1024 bits

[122] Fix | Delete

[123] Fix | Delete

/**

[124] Fix | Delete

* The namespace used by the cipher for its constants.

[125] Fix | Delete

[126] Fix | Delete

* @see Crypt_Base::const_namespace

[127] Fix | Delete

* @var String

[128] Fix | Delete

* @access private

[129] Fix | Delete

[130] Fix | Delete

public $const_namespace = 'RC4';

[131] Fix | Delete

[132] Fix | Delete

/**

[133] Fix | Delete

* The mcrypt specific name of the cipher

[134] Fix | Delete

[135] Fix | Delete

* @see Crypt_Base::cipher_name_mcrypt

[136] Fix | Delete

* @var String

[137] Fix | Delete

* @access private

[138] Fix | Delete

[139] Fix | Delete

public $cipher_name_mcrypt = 'arcfour';

[140] Fix | Delete

[141] Fix | Delete

/**

[142] Fix | Delete

* Holds whether performance-optimized $inline_crypt() can/should be used.

[143] Fix | Delete

[144] Fix | Delete

* @see Crypt_Base::inline_crypt

[145] Fix | Delete

* @var mixed

[146] Fix | Delete

* @access private

[147] Fix | Delete

[148] Fix | Delete

public $use_inline_crypt = false; // currently not available

[149] Fix | Delete

[150] Fix | Delete

/**

[151] Fix | Delete

* The Key

[152] Fix | Delete

[153] Fix | Delete

* @see Crypt_RC4::setKey()

[154] Fix | Delete

* @var String

[155] Fix | Delete

* @access private

[156] Fix | Delete

[157] Fix | Delete

public $key = "\0";

[158] Fix | Delete

[159] Fix | Delete

/**

[160] Fix | Delete

* The Key Stream for decryption and encryption

[161] Fix | Delete

[162] Fix | Delete

* @see Crypt_RC4::setKey()

[163] Fix | Delete

* @var Array

[164] Fix | Delete

* @access private

[165] Fix | Delete

[166] Fix | Delete

public $stream;

[167] Fix | Delete

[168] Fix | Delete

/**

[169] Fix | Delete

* Default Constructor.

[170] Fix | Delete

[171] Fix | Delete

* Determines whether or not the mcrypt extension should be used.

[172] Fix | Delete

[173] Fix | Delete

* @see Crypt_Base::Crypt_Base()

[174] Fix | Delete

* @return Crypt_RC4

[175] Fix | Delete

* @access public

[176] Fix | Delete

[177] Fix | Delete

public function __construct()

[178] Fix | Delete

{

[179] Fix | Delete

parent::__construct(CRYPT_MODE_STREAM);

[180] Fix | Delete

}

[181] Fix | Delete

[182] Fix | Delete

/**

[183] Fix | Delete

* Dummy function.

[184] Fix | Delete

[185] Fix | Delete

* Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1].

[186] Fix | Delete

* If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before

[187] Fix | Delete

* calling setKey().

[188] Fix | Delete

[189] Fix | Delete

* [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol,

[190] Fix | Delete

* the IV's are relatively easy to predict, an attack described by

[191] Fix | Delete

* {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir}

[192] Fix | Delete

* can be used to quickly guess at the rest of the key. The following links elaborate:

[193] Fix | Delete

[194] Fix | Delete

* {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009}

[195] Fix | Delete

* {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack}

[196] Fix | Delete

[197] Fix | Delete

* @param String $iv

[198] Fix | Delete

[199] Fix | Delete

* @see Crypt_RC4::setKey()

[200] Fix | Delete

* @access public

[201] Fix | Delete

[202] Fix | Delete

public function setIV($iv)

[203] Fix | Delete

{

[204] Fix | Delete

}

[205] Fix | Delete

[206] Fix | Delete

/**

[207] Fix | Delete

* Sets the key.

[208] Fix | Delete

[209] Fix | Delete

* Keys can be between 1 and 256 bytes long. If they are longer then 256 bytes, the first 256 bytes will

[210] Fix | Delete

* be used. If no key is explicitly set, it'll be assumed to be a single null byte.

[211] Fix | Delete

[212] Fix | Delete

* @access public

[213] Fix | Delete

* @see Crypt_Base::setKey()

[214] Fix | Delete

[215] Fix | Delete

* @param String $key

[216] Fix | Delete

[217] Fix | Delete

public function setKey($key)

[218] Fix | Delete

{

[219] Fix | Delete

parent::setKey(substr($key, 0, 256));

[220] Fix | Delete

}

[221] Fix | Delete

[222] Fix | Delete

/**

[223] Fix | Delete

* Encrypts a message.

[224] Fix | Delete

[225] Fix | Delete

* @see Crypt_Base::decrypt()

[226] Fix | Delete

* @see Crypt_RC4::_crypt()

[227] Fix | Delete

* @access public

[228] Fix | Delete

[229] Fix | Delete

* @param String $plaintext

[230] Fix | Delete

[231] Fix | Delete

* @return String $ciphertext

[232] Fix | Delete

[233] Fix | Delete

public function encrypt($plaintext)

[234] Fix | Delete

{

[235] Fix | Delete

if ($this->engine == CRYPT_MODE_MCRYPT) {

[236] Fix | Delete

return parent::encrypt($plaintext);

[237] Fix | Delete

}

[238] Fix | Delete

[239] Fix | Delete

return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT);

[240] Fix | Delete

}

[241] Fix | Delete

[242] Fix | Delete

/**

[243] Fix | Delete

* Decrypts a message.

[244] Fix | Delete

[245] Fix | Delete

* $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)).

[246] Fix | Delete

* At least if the continuous buffer is disabled.

[247] Fix | Delete

[248] Fix | Delete

* @see Crypt_Base::encrypt()

[249] Fix | Delete

* @see Crypt_RC4::_crypt()

[250] Fix | Delete

* @access public

[251] Fix | Delete

[252] Fix | Delete

* @param String $ciphertext

[253] Fix | Delete

[254] Fix | Delete

* @return String $plaintext

[255] Fix | Delete

[256] Fix | Delete

public function decrypt($ciphertext)

[257] Fix | Delete

{

[258] Fix | Delete

if ($this->engine == CRYPT_MODE_MCRYPT) {

[259] Fix | Delete

return parent::decrypt($ciphertext);

[260] Fix | Delete

}

[261] Fix | Delete

[262] Fix | Delete

return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT);

[263] Fix | Delete

}

[264] Fix | Delete

[265] Fix | Delete

/**

[266] Fix | Delete

* Setup the key (expansion)

[267] Fix | Delete

[268] Fix | Delete

* @see Crypt_Base::_setupKey()

[269] Fix | Delete

* @access private

[270] Fix | Delete

[271] Fix | Delete

public function _setupKey()

[272] Fix | Delete

{

[273] Fix | Delete

$key = $this->key;

[274] Fix | Delete

$keyLength = strlen($key);

[275] Fix | Delete

$keyStream = range(0, 255);

[276] Fix | Delete

$j = 0;

[277] Fix | Delete

for ($i = 0; $i < 256; $i++) {

[278] Fix | Delete

$j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255;

[279] Fix | Delete

$temp = $keyStream[$i];

[280] Fix | Delete

$keyStream[$i] = $keyStream[$j];

[281] Fix | Delete

$keyStream[$j] = $temp;

[282] Fix | Delete

}

[283] Fix | Delete

[284] Fix | Delete

$this->stream = array();

[285] Fix | Delete

$this->stream[CRYPT_RC4_DECRYPT] = $this->stream[CRYPT_RC4_ENCRYPT] = array(

[286] Fix | Delete

0, // index $i

[287] Fix | Delete

0, // index $j

[288] Fix | Delete

$keyStream,

[289] Fix | Delete

);

[290] Fix | Delete

}

[291] Fix | Delete

[292] Fix | Delete

/**

[293] Fix | Delete

* Encrypts or decrypts a message.

[294] Fix | Delete

[295] Fix | Delete

* @see Crypt_RC4::encrypt()

[296] Fix | Delete

* @see Crypt_RC4::decrypt()

[297] Fix | Delete

* @access private

[298] Fix | Delete

[299] Fix | Delete

* @param String $text

[300] Fix | Delete

* @param Integer $mode

[301] Fix | Delete

[302] Fix | Delete

* @return String $text

[303] Fix | Delete

[304] Fix | Delete

public function _crypt($text, $mode)

[305] Fix | Delete

{

[306] Fix | Delete

if ($this->changed) {

[307] Fix | Delete

$this->_setup();

[308] Fix | Delete

$this->changed = false;

[309] Fix | Delete

}

[310] Fix | Delete

[311] Fix | Delete

$stream = &$this->stream[$mode];

[312] Fix | Delete

if ($this->continuousBuffer) {

[313] Fix | Delete

$i = &$stream[0];

[314] Fix | Delete

$j = &$stream[1];

[315] Fix | Delete

$keyStream = &$stream[2];

[316] Fix | Delete

} else {

[317] Fix | Delete

$i = $stream[0];

[318] Fix | Delete

$j = $stream[1];

[319] Fix | Delete

$keyStream = $stream[2];

[320] Fix | Delete

}

[321] Fix | Delete

[322] Fix | Delete

$len = strlen($text);

[323] Fix | Delete

for ($k = 0; $k < $len; ++$k) {

[324] Fix | Delete

$i = ($i + 1) & 255;

[325] Fix | Delete

$ksi = $keyStream[$i];

[326] Fix | Delete

$j = ($j + $ksi) & 255;

[327] Fix | Delete

$ksj = $keyStream[$j];

[328] Fix | Delete

[329] Fix | Delete

$keyStream[$i] = $ksj;

[330] Fix | Delete

$keyStream[$j] = $ksi;

[331] Fix | Delete

$text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]);

[332] Fix | Delete

}

[333] Fix | Delete

[334] Fix | Delete

return $text;

[335] Fix | Delete

}

[336] Fix | Delete

}

[337] Fix | Delete

[338] Fix | Delete