Constants

HEADER_VERSION_SIZE

HEADER_VERSION_SIZE

MINIMUM_CIPHERTEXT_SIZE

MINIMUM_CIPHERTEXT_SIZE

CURRENT_VERSION

CURRENT_VERSION

CIPHER_METHOD

CIPHER_METHOD

BLOCK_BYTE_SIZE

BLOCK_BYTE_SIZE

KEY_BYTE_SIZE

KEY_BYTE_SIZE

SALT_BYTE_SIZE

SALT_BYTE_SIZE

MAC_BYTE_SIZE

MAC_BYTE_SIZE

HASH_FUNCTION_NAME

HASH_FUNCTION_NAME

ENCRYPTION_INFO_STRING

ENCRYPTION_INFO_STRING

AUTHENTICATION_INFO_STRING

AUTHENTICATION_INFO_STRING

BUFFER_BYTE_SIZE

BUFFER_BYTE_SIZE

LEGACY_CIPHER_METHOD

LEGACY_CIPHER_METHOD

LEGACY_BLOCK_BYTE_SIZE

LEGACY_BLOCK_BYTE_SIZE

LEGACY_KEY_BYTE_SIZE

LEGACY_KEY_BYTE_SIZE

LEGACY_HASH_FUNCTION_NAME

LEGACY_HASH_FUNCTION_NAME

LEGACY_MAC_BYTE_SIZE

LEGACY_MAC_BYTE_SIZE

LEGACY_ENCRYPTION_INFO_STRING

LEGACY_ENCRYPTION_INFO_STRING

LEGACY_AUTHENTICATION_INFO_STRING

LEGACY_AUTHENTICATION_INFO_STRING

Methods

incrementCounter()

incrementCounter(string  $ctr, integer  $inc) : string

Adds an integer to a block-sized counter.

Parameters

string $ctr
integer $inc

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

string

secureRandom()

secureRandom(integer  $octets) : string

Returns a random byte string of the specified length.

Parameters

integer $octets

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

string

HKDF()

HKDF(string  $hash, string  $ikm, integer  $length, string  $info = '', string  $salt = null) : string

Computes the HKDF key derivation function specified in http://tools.ietf.org/html/rfc5869.

Parameters

string $hash

Hash Function

string $ikm

Initial Keying Material

integer $length

How many bytes?

string $info

What sort of key are we deriving?

string $salt

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

string

hashEquals()

hashEquals(string  $expected, string  $given) : boolean

Checks if two equal-length strings are the same without leaking information through side channels.

Parameters

string $expected
string $given

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

boolean

ensureConstantExists()

ensureConstantExists(string  $name) : void

Throws an exception if the constant doesn't exist.

Parameters

string $name

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

ensureFunctionExists()

ensureFunctionExists(string  $name) : void

Throws an exception if the function doesn't exist.

Parameters

string $name

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

ourStrlen()

ourStrlen(string  $str) : integer

Computes the length of a string in bytes.

Parameters

string $str

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

integer

ourSubstr()

ourSubstr(string  $str, integer  $start, integer  $length = null) : string|boolean

Behaves roughly like the function substr() in PHP 7 does.

Parameters

string $str
integer $start
integer $length

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

string|boolean

pbkdf2()

pbkdf2(string  $algorithm, string  $password, string  $salt, integer  $count, integer  $key_length, boolean  $raw_output = false) : string

Computes the PBKDF2 password-based key derivation function.

The PBKDF2 function is defined in RFC 2898. Test vectors can be found in RFC 6070. This implementation of PBKDF2 was originally created by Taylor Hornby, with improvements from http://www.variations-of-shadow.com/.

Parameters

string $algorithm

The hash algorithm to use. Recommended: SHA256

string $password

The password.

string $salt

A salt that is unique to the password.

integer $count

Iteration count. Higher is better, but slower. Recommended: At least 1000.

integer $key_length

The length of the derived key in bytes.

boolean $raw_output

If true, the key is returned in raw binary format. Hex encoded otherwise.

Throws

\Defuse\Crypto\Exception\EnvironmentIsBrokenException

Returns

string —

A $key_length-byte key derived from the password and salt.