/**
* Decrypt a text encrypted by AES in counter mode of operation
*
* @param ciphertext source text to be decrypted
* @param password the password to use to generate a key
* @param nBits number of bits to be used in the key (128, 192, or 256)
* @return decrypted text
*/
function AESDecryptCtr($ciphertext, $password, $nBits)
{
$blockSize = 16;
// block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) {
return '';
}
// standard allows 128/192/256 bit keys
$ciphertext = base64_decode($ciphertext);
// use AES to encrypt password (mirroring encrypt routine)
$nBytes = $nBits / 8;
// no bytes in key
$pwBytes = array();
for ($i = 0; $i < $nBytes; $i++) {
$pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
}
$key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes - 16));
// expand key to 16/24/32 bytes long
// recover nonce from 1st element of ciphertext
$counterBlock = array();
$ctrTxt = substr($ciphertext, 0, 8);
for ($i = 0; $i < 8; $i++) {
$counterBlock[$i] = ord(substr($ctrTxt, $i, 1));
}
// generate key schedule
$keySchedule = KeyExpansion($key);
// separate ciphertext into blocks (skipping past initial 8 bytes)
$nBlocks = ceil((strlen($ciphertext) - 8) / $blockSize);
$ct = array();
for ($b = 0; $b < $nBlocks; $b++) {
$ct[$b] = substr($ciphertext, 8 + $b * $blockSize, 16);
}
$ciphertext = $ct;
// ciphertext is now array of block-length strings
// plaintext will get generated block-by-block into array of block-length strings
$plaintxt = array();
for ($b = 0; $b < $nBlocks; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
for ($c = 0; $c < 4; $c++) {
$counterBlock[15 - $c] = urs($b, $c * 8) & 0xff;
}
for ($c = 0; $c < 4; $c++) {
$counterBlock[15 - $c - 4] = urs(($b + 1) / 0x100000000 - 1, $c * 8) & 0xff;
}
$cipherCntr = Cipher($counterBlock, $keySchedule);
// encrypt counter block
$plaintxtByte = array();
for ($i = 0; $i < strlen($ciphertext[$b]); $i++) {
// -- xor plaintext with ciphered counter byte-by-byte --
$plaintxtByte[$i] = $cipherCntr[$i] ^ ord(substr($ciphertext[$b], $i, 1));
$plaintxtByte[$i] = chr($plaintxtByte[$i]);
}
$plaintxt[$b] = implode('', $plaintxtByte);
}
// join array of blocks into single plaintext string
$plaintext = implode('', $plaintxt);
return $plaintext;
}
function init()
{
if (is_null($this->pool)) {
$this->pool = array();
$this->pptr = 0;
while ($this->pptr < $this->psize) {
// extract some randomness from Math.random()
$t = floor(rand(0, 65536));
$this->pool[$this->pptr++] = urs($t, 8);
$this->pool[$this->pptr++] = $t & 255;
}
$this->pptr = 0;
$this->seed_time();
}
}
