compared with
Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (44)

View Page History

{zone-data:revision}
1.0 - 13 July 2007
1.1 - 12 September 2007
{zone-data}

The purpose of Zend_Crypt is to offer PHP5 implemented cryptographic and encryption algorithms for use by other components (e.g. Zend_Mail, Zend_OpenId) and application developers themselves. In proposing Zend_Crypt, a primary goal is to reduce reliance on disparate implementations within the framework by offering very flexible implementations which will utilise available PHP5 core extensions. This reduces duplication and centralises maintenance of essential core cryptographic algorithms.

The two initial Zend_Crypt implementations of the Hashed Message Authentication Code (HMAC; RFC 2104) and Diffie-Hellman Key Exchange (DH; RFC 2631) are proposed first since they are required algorithms of the OpenID 2.0 Authentication Specification which is being implemented as Zend_OpenId. Others will follow should the proposal be accepted.

A base Zend_Crypt class will additionally collate static methods for common tasks such as hashing and random number generation which may rely on more than one PHP extensions or functions.
{zone-data}

* *Must* implement Diffie-Hellman Key Exchange (RFC2631)
* *Must* implement Math methods for enabling big integer (> 32 bit) support and methods for transforming big integer strings to binary forms, and vice versa.
* *Must* contain ability to use future ext/openssl support for Diffie-Hellman computations.
{zone-data}

{zone-data:dependencies}
* Zend_Crypt_Math
* Zend_Exception
{zone-data}

{zone-data:operation}
Zend_Crypt will be form a collection of cryptographic and encryption classes. As such each component can be used in isolation, or to perform aggregate operations (e.g. using Diffie-Hellman to negotiate an HMAC). Operation is intended to be flexible, with support for input and output (where warranted) forms like big integers and binary. General purpose static methods will be contained in a base Zend_Crypt class.

Part of each class's responsibility will be to implement each algorithm with support for a range of PHP extensions. This will increase support coverage for all PHP5.1+ versions where arbritrary precision math and hashing extensions may vary widely. At a minimum support for ext/hash, ext/mhash, ext/bcmath, ext/openssl (from PHP 5.3) and ext/gmp will be implemented.

Please refer to Use Cases for additional API overviews.
{zone-data}

{zone-data:class-list}
* Zend_Crypt
* Zend_Crypt_Hmac
* Zend_Crypt_DiffieHellman
$data = 'Hi There';
$key = str_repeat("\x0b", 16);
$hmac = new Zend_Crypt_Hmac($key, 'MD5'); Zend_Crypt_Hmac::compute($key, 'MD5', $data);
$this->assertEquals('9294727a3638bb1c13f48ef8158bfc9d', $hmac->hash($data)); $hmac);
}

$data = str_repeat("\xcd",50);
$key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19";
$hmac = new Zend_Crypt_Hmac($key, 'SHA1'); Zend_Crypt_Hmac::compute($key, 'SHA1', $data);
$this->assertEquals('4c9007f4026250c6bc8414f9bf50c86c2d7235da', $hmac->hash($data)); $hmac);
}

$data = 'Test Using Larger Than Block-Size Key - Hash Key First';
$key = str_repeat("\xaa",80);
$hmac = Zend_Crypt_Hmac($key, 'RIPEMD160', $data);
$hmac = new Zend_Crypt_Hmac($key, 'RIPEMD160'); $this->assertEquals('6466ca07ac5eac29e1bd523e5ada7605b791fd8b', $hmac);
$this->assertEquals('6466ca07ac5eac29e1bd523e5ada7605b791fd8b', $hmac->hash($data));
}

{code}

Please note that these simple Unit Tests are matched with far more realistic tests using big integers. The above are simple test cases used for illustrative purposes. HMAC tests in particular follow an RFC which defines the test data and expected results.

* Zend_Crypt_DiffieHellman *
'private'=>'14'
);

$alice = new Zend_Crypt_DiffieHellman($aliceOptions['prime'], $aliceOptions['generator'], $aliceOptions['private']);
$bob = new Zend_Crypt_DiffieHellman($bobOptions['prime'], $bobOptions['generator'], $bobOptions['private']);
$this->assertEquals('534', $bob->getPublicKey());

$aliceSecretKey = $alice->computeSecretKey($bob->getPublicKey())->getSharedSecretKey();
$bobSecretKey = $bob->computeSecretKey($alice->getPublicKey())->getSharedSecretKey();

// both Alice and Bob should now have the same secret key
* @copyright Copyright (c) 2007 Pádraic Brady (http://blog.astrumfutura.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @todo Check if mhash() is a required alternative (will be PECL-only soon)
*/
class Zend_Crypt_Hmac
* @var string
*/
private protected static $_key = null;

/**
* @var string
*/
private protected static $_packFormat = null;

/**
* @var string
*/
private protected static $_hashAlgorithm = 'md5';

/**
* @var array
*/
private protected static $_supportedHashNativeFunctions = array(
'md5',
'sha1',
* @var array
*/
private protected static $_hashPackFormats = array(
'md5' => 'H32',
'sha1' => 'H40'
* @var array
*/
private protected static $_supportedMhashAlgorithms = array('adler32',' crc32', 'crc32b', 'gost',
'haval128', 'haval160', 'haval192', 'haval256', 'md4', 'md5', 'ripemd160',
'sha1', 'sha256', 'tiger', 'tiger128', 'tiger160');

/**
* Performs a HMAC computation given relevant details such as Key, Hashing
* algorithm, the data to compute MAC of, and an output format of String,
* Constructor; optionally set Key and Hash at this point Binary notation or BTWOC.
*
* @param string $key
* @param string $hash
* @return void @param string $data
*/
public function __construct($key = null, $hash = null)
{}

/**
* Set the key to use when hashing @param string $output
* @param boolean $internal
* @param string $key
* @return Zend_Crypt_Hmac
*/
public function setKey($key)
{}

/**
* Getter to return the currently set key
*
* @return string
*/
public function getKey()
public static function compute($key, $hash, $data, $output = self::STRING, $internal = false)
{}

* @return Zend_Crypt_Hmac
*/
public function setHashAlgorithm($hash)
protected static function _setHashAlgorithm($hash)
{}

/**
* Return the current hashing algorithm
*
* @return string
*/
public function getHashAlgorithm()
{}

/**
* Perform HMAC and return the keyed data
*
* @return string
*/
public protected static function _hash($data, $output = self::STRING, $internal = false)
{}

* @return integer
*/
protected static function _getMhashDefinition($hashAlgorithm)
{}

* of raw binary output.
*
* @todo Replace with Zend_Crypt::digest() once committed
* @param string $hash
* @param string $key
* @return string
*/
protected static function _digest($hash, $key, $mode)
{}

* @param string $publicKey
* @param string $type
* @return Zend_Crypt_DiffieHellman string
*/
public function computeSecretKey($publicKey, $type = self::NUMBER)