[PHP-DEV] Crypto++ extension happenings
As I reluctantly mentioned a few weeks ago, I'm working on a PHP crypto extension that uses Crypto++, a C++ library that provides implementations for a bunch of crypto and hash algorithms. I was reluctant to bring it up because I didn't know if I was going to finish it at all, and I didn't want to get anybody's hopes up. The rationale behind the extension was partially because we need a crypto library at work that we can use on win32 platforms for a Windows Media Services plugin and one that PHP can use to create ciphertext compatible with the aforementioned plugin. Unfortunately, libmcrypt now requires cygwin on win32, and that sort of depedency would be hellish for a WMS plugin. Crypto++ works fine on Windows using VC++, and also works fine on UNIX systems using g++. Thus, a crypto extension for PHP that works on both major platforms. Well, things have come along a bit further, and although the extension is still quite a way from being complete, it's getting there. The basic structure of the extension goes something like this: - there's a base class in C++ that a template inherits from that provides the basic members and methods needed to encrypt and decrypt messages, along with all of the usual methods that allow you to set the IV for a crypto algorithm, the secret key, key length, mode (CBC, ECB, etc.), and plaintext. The base class is pure abstract virtual, as is the template that encapsulates it. (The template may seem a bit unnecessary, but it's used to set things like the block size for ciphers with variable block sizes and such. The base class it derives from makes things easier when dealing with C++'s templates, which allows it to compile on several compilers, like g++ and VC++, which all seem to disagree on how to use templates.) - from there, there are a bunch of classes that provide interfaces to the various crypto algorithms, like Blowfish, 3-Way, Rijnadael, etc. So far, I've only implemented those three algorithms, but others will be done eventually, like the various CAST ciphers, RC5, etc. So far I've only worked with block ciphers -- I haven't started anything with the stream ciphers, like ARC4, WAKE, etc. All of the more popular block cipher modes are working, like OFB, CFB, several CBC padding modes, etc. - on the hash side, there's a base hash class, from which various other classes derive that provide interfaces to the hash algorithms. So far, MD5, MD2, Panama and RIPEMD160 are the only hashes I've implemented; HAVAL and others will follow. (Although, for whatever reason, HAVAL is being a bitch and doesn't like compiling properly. Don't know why yet.) Besides all of the C++ stuff, I've been working on C functions to access from the PHP code. (extern C stuff, that all jazz.) They're mostly complete for the cipher side; I haven't started on C stuff for the hashes yet. I'm thinking the PHP fuctions themselves will work much like the mcrypt library, something like described below. These function names are all subject to change, obviously, since I haven't started writing this portion of the project yet. I may end up going the object oriented route using PHP classes; I'm not sure yet. Depends on feedback. (And more importantly, what work wants -- please remember, this extension is being worked on for my job; the fact that I can allow everyone else to use it as free software is a luxury.) - resource cryptopp_create_cipher(int cipher) -- cipher is a constant that refers to the cipher algorithm, like CRYPTOPP_CIPHER_BLOWFISH, or CRYPTOPP_CIPHER_AES for AES/Rijnadael. The function returns a PHP resource that will be used for the other functions, or false on error. - bool cryptopp_destroy_cipher(resource cipher) -- closes a cipher. - bool cryptopp_set_rand_iv(resource cipher, int length [, int rand]) -- creates a random IV for cipher of the length specified. This is created via /dev/urandom or /dev/random on systems that support them; otherwise, it uses the standard rand() function. The rand argument can be used to specify the method used to create the IV, i.e. CRYPTOPP_RAND_URANDOM for /dev/urandom, CRYPTOPP_RAND_RAND for the rand() function, etc. Returns true on success, false on error. By default, win32 systems will likely use the rand() function, while systems that can provide either /dev/random or /dev/urandom will use one of them, preferably urandom. - bool cryptopp_set_iv(resource cipher, string iv [, bool hex]) -- add a specific IV to the resource. hex is used to determine whether the IV being added is being given in hex or in binary, with binary being the default. True/false on success/error. - string cryptopp_get_iv(resource cipher [, bool hex]) -- returns the IV of resource or false on error. hex specifies whether the IV should be returned in binary or in hex, with binary being the default. false on error. - bool cryptopp_set_mode(resource cipher, int mode) -- sets the mode of the cipher, i.e.
Re: [PHP-DEV] Crypto++ extension happenings
Hello, I'm currently designing a new 'encryption' extension which should be able to have different backend encryption libaries like mcrypt and crypto++. however this extension will be developped with an OO approach and for ZE2. Th eidea is only in my mind at this moment, but I'm sure we can get a API defined which supports both of these libraries. What do you think of this? Derick On Sat, 16 Mar 2002, J Smith wrote: As I reluctantly mentioned a few weeks ago, I'm working on a PHP crypto extension that uses Crypto++, a C++ library that provides implementations for a bunch of crypto and hash algorithms. I was reluctant to bring it up because I didn't know if I was going to finish it at all, and I didn't want to get anybody's hopes up. The rationale behind the extension was partially because we need a crypto library at work that we can use on win32 platforms for a Windows Media Services plugin and one that PHP can use to create ciphertext compatible with the aforementioned plugin. Unfortunately, libmcrypt now requires cygwin on win32, and that sort of depedency would be hellish for a WMS plugin. Crypto++ works fine on Windows using VC++, and also works fine on UNIX systems using g++. Thus, a crypto extension for PHP that works on both major platforms. Well, things have come along a bit further, and although the extension is still quite a way from being complete, it's getting there. The basic structure of the extension goes something like this: - there's a base class in C++ that a template inherits from that provides the basic members and methods needed to encrypt and decrypt messages, along with all of the usual methods that allow you to set the IV for a crypto algorithm, the secret key, key length, mode (CBC, ECB, etc.), and plaintext. The base class is pure abstract virtual, as is the template that encapsulates it. (The template may seem a bit unnecessary, but it's used to set things like the block size for ciphers with variable block sizes and such. The base class it derives from makes things easier when dealing with C++'s templates, which allows it to compile on several compilers, like g++ and VC++, which all seem to disagree on how to use templates.) - from there, there are a bunch of classes that provide interfaces to the various crypto algorithms, like Blowfish, 3-Way, Rijnadael, etc. So far, I've only implemented those three algorithms, but others will be done eventually, like the various CAST ciphers, RC5, etc. So far I've only worked with block ciphers -- I haven't started anything with the stream ciphers, like ARC4, WAKE, etc. All of the more popular block cipher modes are working, like OFB, CFB, several CBC padding modes, etc. - on the hash side, there's a base hash class, from which various other classes derive that provide interfaces to the hash algorithms. So far, MD5, MD2, Panama and RIPEMD160 are the only hashes I've implemented; HAVAL and others will follow. (Although, for whatever reason, HAVAL is being a bitch and doesn't like compiling properly. Don't know why yet.) Besides all of the C++ stuff, I've been working on C functions to access from the PHP code. (extern C stuff, that all jazz.) They're mostly complete for the cipher side; I haven't started on C stuff for the hashes yet. I'm thinking the PHP fuctions themselves will work much like the mcrypt library, something like described below. These function names are all subject to change, obviously, since I haven't started writing this portion of the project yet. I may end up going the object oriented route using PHP classes; I'm not sure yet. Depends on feedback. (And more importantly, what work wants -- please remember, this extension is being worked on for my job; the fact that I can allow everyone else to use it as free software is a luxury.) - resource cryptopp_create_cipher(int cipher) -- cipher is a constant that refers to the cipher algorithm, like CRYPTOPP_CIPHER_BLOWFISH, or CRYPTOPP_CIPHER_AES for AES/Rijnadael. The function returns a PHP resource that will be used for the other functions, or false on error. - bool cryptopp_destroy_cipher(resource cipher) -- closes a cipher. - bool cryptopp_set_rand_iv(resource cipher, int length [, int rand]) -- creates a random IV for cipher of the length specified. This is created via /dev/urandom or /dev/random on systems that support them; otherwise, it uses the standard rand() function. The rand argument can be used to specify the method used to create the IV, i.e. CRYPTOPP_RAND_URANDOM for /dev/urandom, CRYPTOPP_RAND_RAND for the rand() function, etc. Returns true on success, false on error. By default, win32 systems will likely use the rand() function, while systems that can provide either /dev/random or /dev/urandom will use one of them, preferably urandom. - bool cryptopp_set_iv(resource cipher, string iv [, bool hex]) -- add a
Re: [PHP-DEV] Crypto++ extension happenings
Doesn't sound like a bad idea. It's a bit more grand than what I had in mind for the Crypto++ extension, but I'd be willing to work on it. The main thing for me right now is that the Crypto++ extension is being done for work, and isn't entirely a hobby-type of thing. (Although I'm glad I work for a company that lets me combine the two, as we need a crypto library for PHP and I'm glad to be writing one that other people will be able to use.) Because it's for work, I'm still going to have to work towards getting the Crypto++ library working in some general sense, but if this API you're thinking of can be used with it, I'm all for it. Let me know what you're thinking and we'll see what happens. J [EMAIL PROTECTED] wrote: Hello, I'm currently designing a new 'encryption' extension which should be able to have different backend encryption libaries like mcrypt and crypto++. however this extension will be developped with an OO approach and for ZE2. Th eidea is only in my mind at this moment, but I'm sure we can get a API defined which supports both of these libraries. What do you think of this? Derick -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php