Kickass Crypto

framework.php

2023-04-04 jj5 - these are the constants used by the library.

Tags

link

https://github.com/jj5/kickass-crypto

Table of Contents

KICKASS_CRYPTO_DATA_ENCODING_JSON  = 'json'

2023-04-04 jj5 - the JSON format uses the PHP json_encode() and json_decode() functions; the encoding format strings must be four characters long.

KICKASS_CRYPTO_DATA_ENCODING_PHPS  = 'phps'

2023-04-04 jj5 - uses the PHP serialize() and unserialize() functions (not enabled by default due to potential security issues, enable with CONFIG_ENCRYPTION_PHPS_ENABLE); the encoding format strings must be four characters long.

KICKASS_CRYPTO_DATA_ENCODING_TEXT  = 'text'

2023-04-07 jj5 - encode as text.

KICKASS_CRYPTO_DATA_FORMAT_LENGTH_MAX  = 8

2023-04-05 jj5 - the data format indicator must meet this maximum character length.

KICKASS_CRYPTO_DATA_FORMAT_LENGTH_MIN  = 2

2023-04-05 jj5 - the data format indicator must meet this minimum character length.

KICKASS_CRYPTO_DATA_FORMAT_OPENSSL  = 'KA0'

2023-04-05 jj5 - the OpenSSL data format.

KICKASS_CRYPTO_DATA_FORMAT_SODIUM  = 'KAS0'

2023-04-05 jj5 - the Sodium data format.

KICKASS_CRYPTO_DEFAULT_CHUNK_SIZE  = \pow(2, 12)

2023-04-05 jj5 - this is the default chunk size; messages are padded up to the message length modulo the chunk size; 2^12 is 4KiB; this value might be changed in future.

KICKASS_CRYPTO_DEFAULT_CHUNK_SIZE_MAX  = \pow(2, 26)

2023-04-05 jj5 - this is the default maximum chunk size; 2^26 is 64 MiB; this value might be changed in future.

KICKASS_CRYPTO_DEFAULT_DATA_ENCODING  = \KICKASS_CRYPTO_DATA_ENCODING_JSON

2023-04-05 jj5 - default data encoding format is JSON.

KICKASS_CRYPTO_DEFAULT_DATA_LENGTH_MAX  = \pow(2, 26)

2023-04-05 jj5 - this is the maximum data length supported; 2^26 is 64 MiB; this value might be changed in future.

KICKASS_CRYPTO_DEFAULT_FALSE_ENABLE  = \false

2023-04-05 jj5 - by default you can't encrypt false.

KICKASS_CRYPTO_DEFAULT_JSON_DECODE_OPTIONS  = \JSON_THROW_ON_ERROR

2023-04-05 jj5 - these are the default JSON decoding options passed to the PHP json_decode() function.

KICKASS_CRYPTO_DEFAULT_JSON_ENCODE_OPTIONS  = \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE

2023-04-05 jj5 - these are the default JSON encoding options passed to the PHP json_encode() function.

KICKASS_CRYPTO_DEFAULT_PHPS_ENABLE  = \false

2023-04-05 jj5 - PHP serialization is disabled by default because it can lead to code execution vulnerabilities... (I don't have a source for this claim, that might be a rumor or not true any more).

KICKASS_CRYPTO_DELAY_NANOSECONDS_MAX  = 10000000000

2023-04-05 jj5 - the maximum random delay (in nanoseconds) used for timing attack mitigation; this value might be changed in future.

KICKASS_CRYPTO_DELAY_NANOSECONDS_MIN  = 1000000

2023-04-05 jj5 - the minimum random delay (in nanoseconds) used for timing attack mitigation; this value might be changed in future.

KICKASS_CRYPTO_DELAY_SECONDS_MIN  = 1.0 / (\KICKASS_CRYPTO_DELAY_NANOSECONDS_MIN / 1000)

2023-04-03 jj5 - this delay is a floating-point value in seconds, it's for comparison of the value returned from the PHP microtime() to check that our delay implementation did actually delay for at least this minimum amount of time.

KICKASS_CRYPTO_ERROR_BASE64_DECODING_FAILED  = 'base64 decoding failed.'

KICKASS_CRYPTO_ERROR_BASE64_DECODING_FAILED_2  = 'base64 decoding failed (2).'

KICKASS_CRYPTO_ERROR_BINARY_DATA_INVALID  = 'binary data invalid.'

KICKASS_CRYPTO_ERROR_BINARY_LENGTH_INVALID  = 'binary length invalid.'

KICKASS_CRYPTO_ERROR_CANNOT_ENCRYPT_FALSE  = 'cannot encrypt false.'

KICKASS_CRYPTO_ERROR_CHUNK_SIZE_INVALID  = 'chunk size invalid.'

KICKASS_CRYPTO_ERROR_CIPHERTEXT_INVALID  = 'ciphertext invalid.'

KICKASS_CRYPTO_ERROR_CIPHERTEXT_INVALID_2  = 'ciphertext invalid (2).'

KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED  = 'data decoding failed.'

KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_2  = 'data decoding failed (2).'

KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_3  = 'data decoding failed (3).'

KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_4  = 'data decoding failed (4).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED  = 'data encoding failed.'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_2  = 'data encoding failed (2).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_3  = 'data encoding failed (3).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_4  = 'data encoding failed (4).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID  = 'data encoding invalid.'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID_2  = 'data encoding invalid (2).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID_3  = 'data encoding invalid (3).'

KICKASS_CRYPTO_ERROR_DATA_ENCODING_TOO_LARGE  = 'data encoding too large.'

KICKASS_CRYPTO_ERROR_DECRYPTION_FAILED  = 'decryption failed.'

KICKASS_CRYPTO_ERROR_DECRYPTION_FAILED_2  = 'decryption failed (2).'

KICKASS_CRYPTO_ERROR_ENCRYPTION_FAILED  = 'encryption failed.'

KICKASS_CRYPTO_ERROR_ENCRYPTION_FAILED_2  = 'encryption failed (2).'

KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED  = 'exception raised.'

KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_2  = 'exception raised (2).'

KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_3  = 'exception raised (3).'

KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_4  = 'exception raised (4).'

KICKASS_CRYPTO_ERROR_IV_LENGTH_INVALID  = 'IV length invalid.'

KICKASS_CRYPTO_ERROR_IV_LENGTH_INVALID_2  = 'IV length invalid (2).'

KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED  = 'JSON decoding failed.'

KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_2  = 'JSON decoding failed (2).'

KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_3  = 'JSON decoding failed (3).'

KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_4  = 'JSON decoding failed (4).'

KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED  = 'JSON encoding failed.'

KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_2  = 'JSON encoding failed (2).'

KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_3  = 'JSON encoding failed (3).'

KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_4  = 'JSON encoding failed (4).'

KICKASS_CRYPTO_ERROR_MESSAGE_DATA_LENGTH_RANGE_INVALID  = 'message data length range invalid.'

KICKASS_CRYPTO_ERROR_MESSAGE_DATA_LENGTH_SPEC_INVALID  = 'message data length spec invalid.'

KICKASS_CRYPTO_ERROR_MESSAGE_DECODING_FAILED  = 'message decoding failed.'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED  = 'message encoding failed.'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_2  = 'message encoding failed (2).'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_3  = 'message encoding failed (3).'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_4  = 'message encoding failed (4).'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_INVALID  = 'message encoding invalid.'

KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_UNKNOWN  = 'message encoding unknown.'

KICKASS_CRYPTO_ERROR_MESSAGE_FORMAT_INVALID  = 'message format invalid.'

KICKASS_CRYPTO_ERROR_MESSAGE_LENGTH_INVALID  = 'message length invalid.'

KICKASS_CRYPTO_ERROR_NO_VALID_KEY  = 'no valid key.'

KICKASS_CRYPTO_ERROR_PASSPHRASE_INVALID  = 'passphrase invalid.'

KICKASS_CRYPTO_ERROR_PASSPHRASE_LENGTH_INVALID  = 'passphrase length invalid.'

KICKASS_CRYPTO_ERROR_PASSPHRASE_LENGTH_INVALID_2  = 'passphrase length invalid (2).'

KICKASS_CRYPTO_ERROR_PASSPHRASE_MISSING  = 'passphrase missing.'

KICKASS_CRYPTO_ERROR_PHPS_DECODING_FAILED  = 'PHPS decoding failed.'

KICKASS_CRYPTO_ERROR_PHPS_DECODING_FAILED_2  = 'PHPS decoding failed (2).'

KICKASS_CRYPTO_ERROR_PHPS_ENCODING_DISABLED  = 'PHPS encoding disabled.'

KICKASS_CRYPTO_ERROR_PHPS_ENCODING_DISABLED_2  = 'PHPS encoding disabled (2).'

KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED  = 'PHPS encoding failed.'

KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED_2  = 'PHPS encoding failed (2).'

KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED_3  = 'PHPS encoding failed (3).'

KICKASS_CRYPTO_ERROR_RESULT_INVALID  = 'result invalid.'

KICKASS_CRYPTO_ERROR_TAG_LENGTH_INVALID  = 'tag length invalid.'

KICKASS_CRYPTO_ERROR_TAG_LENGTH_INVALID_2  = 'tag length invalid (2).'

KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED  = 'text decoding failed.'

KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED_2  = 'text decoding failed (2).'

KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED_3  = 'text decoding failed (3).'

KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED  = 'text encoding failed.'

KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED_2  = 'text encoding failed (2).'

KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED_3  = 'text encoding failed (3).'

KICKASS_CRYPTO_EXCEPTION_INSECURE_RANDOM  = 6000

2023-04-05 jj5 - if the PHP random_bytes() implementation is not using a secure PRNG then this exception is supposed to be raised.

KICKASS_CRYPTO_EXCEPTION_INVALID_CIPHER  = 4000

2023-04-05 jj5 - if the cipher nominated for the OpenSSL library is not available in the environment this exception is raise.

KICKASS_CRYPTO_EXCEPTION_INVALID_CONFIG  = 2000

2023-04-05 jj5 - this exception is raise if the config is invalid. Modules define what constitutes a valid config based on the use case.

KICKASS_CRYPTO_EXCEPTION_INVALID_ERROR_LIST  = 7000

2023-04-06 jj5 - if we can't get a valid error list from an implementation we bail with an exception.

KICKASS_CRYPTO_EXCEPTION_INVALID_EXCEPTION_CODE  = 1000

2023-04-05 jj5 - if an invalid exception code is passed to the exception raising facility this exception is raised instead.

KICKASS_CRYPTO_EXCEPTION_INVALID_IV_LENGTH  = 5000

2023-04-05 jj5 - if the initialization vector for the OpenSSL library is not what we've been coded to expect then this exception is raise.

KICKASS_CRYPTO_EXCEPTION_INVALID_KEY_HASH  = 3000

2023-04-05 jj5 - if the hash algorithm is invalid or not available this exception is raised.

KICKASS_CRYPTO_EXCEPTION_MESSAGE  = [\KICKASS_CRYPTO_EXCEPTION_INVALID_EXCEPTION_CODE => 'invalid exception code.', \KICKASS_CRYPTO_EXCEPTION_INVALID_CONFIG => 'invalid config.', \KICKASS_CRYPTO_EXCEPTION_INVALID_KEY_HASH => 'invalid key hash.', \KICKASS_CRYPTO_EXCEPTION_INVALID_CIPHER => 'invalid cipher.', \KICKASS_CRYPTO_EXCEPTION_INVALID_IV_LENGTH => 'invalid IV length.', \KICKASS_CRYPTO_EXCEPTION_INSECURE_RANDOM => 'insecure random.', \KICKASS_CRYPTO_EXCEPTION_INVALID_ERROR_LIST => 'invalid error list.', \KICKASS_CRYPTO_EXCEPTION_RECURSION_DETECTED => 'recursion detected.']

2023-03-30 jj5 - these are the exception messages for each exception code. These exception messages should be stable, you can add new ones but don't change existing ones.

KICKASS_CRYPTO_EXCEPTION_RECURSION_DETECTED  = 8000

2023-04-07 jj5 - called if recursion/reentrancy is detected.

KICKASS_CRYPTO_KEY_HASH  = 'sha512/256'

2023-04-05 jj5 - the key has is used to convert a secret key into a 32 byte (256-bit) passphrase for use with either the OpenSSL or Sodium encryption library.

KICKASS_CRYPTO_KEY_LENGTH_MIN  = 88

2023-04-05 jj5 - the minimum key length is used to ensure that secret keys meet at least a minimal requirement.

KICKASS_CRYPTO_LOG_ERROR_INVALID_PASSPHRASE  = 'error: invalid passphrase.'

KICKASS_CRYPTO_LOG_PREFIX_EMERGENCY_DELAY  = 'emergency delay: '

KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_HANDLE  = 'handled exception: '

KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_IGNORE  = 'ignored exception: '

KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_NOTIFY  = 'caught exception: '

KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_THROW  = 'throwing exception: '

KICKASS_CRYPTO_LOG_WARNING_DELAY  = 'warning: delayed due to error.'

KICKASS_CRYPTO_LOG_WARNING_SHORT_PASSPHRASE  = 'warning: passphrase shorter than recommended.'

KICKASS_CRYPTO_LOG_WARNING_SHORT_SECRET  = 'warning: secret shorter than recommended.'

KICKASS_CRYPTO_PASSPHRASE_LENGTH_MIN  = 32

2023-04-05 jj5 - the minimum key length is used to ensure that passphrases meet at least a minimal requirement.

KICKASS_CRYPTO_RECURSION_LIMIT  = 100

2023-04-07 jj5 - this is the limit of recursion that we allow... the Xdebug limit is 256 and PHP by itself has no limit (it will recurse until it runs out of memory); we pick a value less than the Xdebug limit so that we can handle things ourselves.

KICKASS_CRYPTO_REGEX_BASE64  = '/^[a-zA-Z0-9\\/+]{2,}={0,2}$/'

2023-04-05 jj5 - this is our Base64 validation regex; see the link for discussion concerning the previous regex and poor performance.