From b2a73d608ea40bf1b6ebe2d83ec0a746e19199fd Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 16 Dec 2023 09:44:20 -0600 Subject: [PATCH] Crypt: keys of an invalid length weren't being resized --- src/Crypt/AES.php | 20 +++++-------- src/Crypt/Base.php | 4 +-- src/Crypt/Blowfish.php | 20 ++++++------- src/Crypt/DES.php | 9 +++--- src/Crypt/RC2.php | 25 ++++++++-------- src/Crypt/RC4.php | 21 +++++++------- src/Crypt/Rijndael.php | 64 +++++++++++++++-------------------------- src/Crypt/TripleDES.php | 19 +++++------- src/Crypt/Twofish.php | 19 +++++------- 9 files changed, 84 insertions(+), 117 deletions(-) diff --git a/src/Crypt/AES.php b/src/Crypt/AES.php index 7cb41e4..fac7639 100644 --- a/src/Crypt/AES.php +++ b/src/Crypt/AES.php @@ -59,27 +59,21 @@ class AES extends Base { /** - * Sets the key length + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Valid key lengths are 128, 192, and 256. If the length is less than 128, it will be rounded up to - * 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount. - * - * @see \phpseclib\Crypt\Rijndael:setKeyLength() - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { switch (true) { case $length <= 128: - $length = 128; - break; + return 128; case $length <= 192: - $length = 192; - break; + return 192; default: - $length = 256; + return 256; } - parent::setKeyLength($length); } } \ No newline at end of file diff --git a/src/Crypt/Base.php b/src/Crypt/Base.php index 0cec3bd..7074a38 100644 --- a/src/Crypt/Base.php +++ b/src/Crypt/Base.php @@ -263,7 +263,7 @@ public function setKeyLength($length) { // algorithms that have a fixed key length should override this with a method that does nothing $this->changed = true; - $this->key_length = $length; + $this->key_length = static::calculateNewKeyLength($length); $this->explicit_key_length = true; } @@ -307,7 +307,7 @@ public function setKey($key) { $this->key = $key; if (!$this->explicit_key_length) { - $this->key_length = strlen($key) << 3; + $this->key_length = static::calculateNewKeyLength(strlen($key) << 3); } $this->changed = true; } diff --git a/src/Crypt/Blowfish.php b/src/Crypt/Blowfish.php index c1a5bf4..f2cb68e 100644 --- a/src/Crypt/Blowfish.php +++ b/src/Crypt/Blowfish.php @@ -47,20 +47,20 @@ class Blowfish extends Base { /** - * Sets the key length. + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Key lengths can be between 32 and 448 bits. - * - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { - if ($length < 32) { - $length = 32; - } elseif ($length > 448) { - $length = 448; + switch (true) { + case $length < 32: + return 32; + case $length > 448: + return 448; } - parent::setKeyLength($length); + return $length; } } \ No newline at end of file diff --git a/src/Crypt/DES.php b/src/Crypt/DES.php index 5e33ce6..512c59a 100644 --- a/src/Crypt/DES.php +++ b/src/Crypt/DES.php @@ -52,13 +52,14 @@ class DES extends Base { /** - * Dummy method + * Turns key lengths, be they valid or invalid, to valid key lengths * - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { - parent::setKeyLength(64); + return 64; } } \ No newline at end of file diff --git a/src/Crypt/RC2.php b/src/Crypt/RC2.php index f7087f3..b23f73b 100644 --- a/src/Crypt/RC2.php +++ b/src/Crypt/RC2.php @@ -73,23 +73,22 @@ public function __construct($mode = self::MODE_CBC) } /** - * Sets the key length. + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Valid key lengths are 8 to 1024. - * Calling this function after setting the key has no effect until the next - * \phpseclib\Crypt\RC2::setKey() call. - * - * @access public - * @param int $length in bits + * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { - if ($length < 8) { - $length = 8; - } elseif ($length > 1024) { - $length = 1024; + switch (true) { + case $length < 8: + return 8; + case $length > 1024: + return 1024; } - parent::setKeyLength($length); + + return $length; } /** diff --git a/src/Crypt/RC4.php b/src/Crypt/RC4.php index ff52299..78781f5 100644 --- a/src/Crypt/RC4.php +++ b/src/Crypt/RC4.php @@ -54,20 +54,21 @@ class RC4 extends Base { /** - * Sets the key length + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Keys can be between 1 and 256 bytes long. - * - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { - if ($length < 8) { - $length = 8; - } elseif ($length > 2048) { - $length = 2048; + switch (true) { + case $length < 8: + return 8; + case $length > 2048: + return 2048; } - parent::setKeyLength($length); + + return $length; } } \ No newline at end of file diff --git a/src/Crypt/Rijndael.php b/src/Crypt/Rijndael.php index 5a6de69..fe2dadc 100644 --- a/src/Crypt/Rijndael.php +++ b/src/Crypt/Rijndael.php @@ -63,47 +63,6 @@ */ class Rijndael extends Base { - /** - * Sets the key length. - * - * Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to - * 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount. - * - * Note: phpseclib extends Rijndael (and AES) for using 160- and 224-bit keys but they are officially not defined - * and the most (if not all) implementations are not able using 160/224-bit keys but round/pad them up to - * 192/256 bits as, for example, mcrypt will do. - * - * That said, if you want be compatible with other Rijndael and AES implementations, - * you should not setKeyLength(160) or setKeyLength(224). - * - * Additional: In case of 160- and 224-bit keys, phpseclib will/can, for that reason, not use - * the mcrypt php extension, even if available. - * This results then in slower encryption. - * - * @access public - * @param int $length - */ - public function setKeyLength($length) - { - switch (true) { - case $length <= 128: - $length = 128; - break; - case $length <= 160: - $length = 160; - break; - case $length <= 192: - $length = 192; - break; - case $length <= 224: - $length = 224; - break; - default: - $length = 256; - } - parent::setKeyLength($length); - } - /** * Sets the block length * @@ -123,4 +82,27 @@ public function setBlockLength($length) } $this->cipher->setBlockLength($length); } + + /** + * Turns key lengths, be they valid or invalid, to valid key lengths + * + * @param int $length + * @access private + * @return int + */ + protected function calculateNewKeyLength($length) + { + switch (true) { + case $length <= 128: + return 128; + case $length <= 160: + return 160; + case $length <= 192: + return 192; + case $length <= 224: + return 224; + default: + return 256; + } + } } \ No newline at end of file diff --git a/src/Crypt/TripleDES.php b/src/Crypt/TripleDES.php index b88a21c..d66dc74 100644 --- a/src/Crypt/TripleDES.php +++ b/src/Crypt/TripleDES.php @@ -96,26 +96,21 @@ public function __construct($mode = self::MODE_CBC) } /** - * Sets the key length + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Keys can be between 1 and 256 bytes long. - * - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { switch (true) { case $length <= 64: - $length = 64; - break; + return 64; case $length <= 128: - $length = 128; - break; + return 128; default: - $length = 192; + return 192; } - - parent::setKeyLength($length); } } \ No newline at end of file diff --git a/src/Crypt/Twofish.php b/src/Crypt/Twofish.php index ae6aebd..f57c54c 100644 --- a/src/Crypt/Twofish.php +++ b/src/Crypt/Twofish.php @@ -47,26 +47,21 @@ class Twofish extends Base { /** - * Sets the key length + * Turns key lengths, be they valid or invalid, to valid key lengths * - * Keys can be between 1 and 256 bytes long. - * - * @access public * @param int $length + * @access private + * @return int */ - public function setKeyLength($length) + protected function calculateNewKeyLength($length) { switch (true) { case $length <= 128: - $length = 128; - break; + return 128; case $length <= 192: - $length = 192; - break; + return 192; default: - $length = 256; + return 256; } - - parent::setKeyLength($length); } } \ No newline at end of file