|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types = 1); |
|
4
|
|
|
|
|
5
|
|
|
namespace Sop\GCM; |
|
6
|
|
|
|
|
7
|
|
|
/** |
|
8
|
|
|
* Implements GHASH function. |
|
9
|
|
|
* |
|
10
|
|
|
* This algorithm is specified in NIST SP-300-38D section 6.4. |
|
11
|
|
|
* |
|
12
|
|
|
* @link http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |
|
13
|
|
|
*/ |
|
14
|
|
|
class GHASH |
|
15
|
|
|
{ |
|
16
|
|
|
/** |
|
17
|
|
|
* Fixed R-block. |
|
18
|
|
|
* |
|
19
|
|
|
* @var string |
|
20
|
|
|
*/ |
|
21
|
|
|
const R = "\xE1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Hash subkey. |
|
25
|
|
|
* |
|
26
|
|
|
* @var string $_subkey |
|
27
|
|
|
*/ |
|
28
|
|
|
protected $_subkey; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* Constructor. |
|
32
|
|
|
* |
|
33
|
|
|
* @param string $subkey Hash subkey |
|
34
|
|
|
*/ |
|
35
|
51 |
|
public function __construct(string $subkey) |
|
36
|
|
|
{ |
|
37
|
51 |
|
if (strlen($subkey) != 16) { |
|
38
|
1 |
|
throw new \LengthException("Subkey must be 128 bits."); |
|
39
|
|
|
} |
|
40
|
50 |
|
$this->_subkey = $subkey; |
|
41
|
50 |
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Compute hash. |
|
45
|
|
|
* |
|
46
|
|
|
* @param string $X Input string |
|
47
|
|
|
* @return string Hash |
|
48
|
|
|
*/ |
|
49
|
53 |
|
public function compute(string $X): string |
|
50
|
|
|
{ |
|
51
|
53 |
|
$len = strlen($X); |
|
52
|
53 |
|
if (0 != $len % 16) { |
|
53
|
1 |
|
throw new \UnexpectedValueException( |
|
54
|
1 |
|
"Input string must be a multiple of 128 bits."); |
|
55
|
|
|
} |
|
56
|
52 |
|
$Y = GCM::ZB_128; |
|
57
|
|
|
// number of 128-bit blocks |
|
58
|
52 |
|
$m = $len >> 4; |
|
59
|
52 |
|
for ($i = 0; $i < $m; ++$i) { |
|
60
|
52 |
|
$xi = substr($X, $i << 4, 16); |
|
61
|
52 |
|
$Y = $this->_mult($Y ^ $xi, $this->_subkey); |
|
62
|
|
|
} |
|
63
|
52 |
|
return $Y; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
/** |
|
67
|
|
|
* Functor method for <code>compute</code>. |
|
68
|
|
|
* |
|
69
|
|
|
* @param string $arg |
|
70
|
|
|
* @return string |
|
71
|
|
|
*/ |
|
72
|
50 |
|
public function __invoke(string $arg): string |
|
73
|
|
|
{ |
|
74
|
50 |
|
return $this->compute($arg); |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
|
|
/** |
|
78
|
|
|
* Apply block multiplication operation. |
|
79
|
|
|
* |
|
80
|
|
|
* See NIST SP-800-38D, chapter 6.3 for the details. |
|
81
|
|
|
* |
|
82
|
|
|
* @param string $X |
|
83
|
|
|
* @param string $Y |
|
84
|
|
|
* @return string |
|
85
|
|
|
*/ |
|
86
|
52 |
|
private function _mult(string $X, string $Y): string |
|
87
|
|
|
{ |
|
88
|
52 |
|
$x = GCM::strToGMP($X); |
|
89
|
52 |
|
$Z = GCM::strToGMP(GCM::ZB_128); |
|
90
|
52 |
|
$V = GCM::strToGMP($Y); |
|
91
|
52 |
|
$R = GCM::strToGMP(self::R); |
|
92
|
52 |
|
for ($i = 0; $i < 128; ++$i) { |
|
93
|
|
|
// if bit at X[i] is set |
|
94
|
52 |
|
if (gmp_testbit($x, 127 - $i)) { |
|
95
|
48 |
|
$Z ^= $V; |
|
96
|
|
|
} |
|
97
|
|
|
// if LSB(Vi) = 0 |
|
|
|
|
|
|
98
|
52 |
|
if (!gmp_testbit($V, 0)) { |
|
99
|
52 |
|
$V >>= 1; |
|
100
|
|
|
} else { |
|
101
|
52 |
|
$V = ($V >> 1) ^ $R; |
|
102
|
|
|
} |
|
103
|
|
|
} |
|
104
|
52 |
|
return GCM::gmpToStr($Z, 16); |
|
105
|
|
|
} |
|
106
|
|
|
} |
|
107
|
|
|
|
sop /
gcm
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.