2023-04-05 jj5 - this happens when CONFIG_OPENSSL_SECRET_CURR is defined for the round-trip use case and the OpenSSL module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_OPENSSL_SECRET_CURR
= 'config invalid: CONFIG_OPENSSL_SECRET_CURR.'
2023-04-05 jj5 - this happens when CONFIG_OPENSSL_SECRET_LIST is defined for the at-rest use case and the OpenSSL module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_OPENSSL_SECRET_LIST
= 'config invalid: CONFIG_OPENSSL_SECRET_LIST.'
2023-04-05 jj5 - this happens when CONFIG_OPENSSL_SECRET_PREV is defined for the round-trip use case and the OpenSSL module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_OPENSSL_SECRET_PREV
= 'config invalid: CONFIG_OPENSSL_SECRET_PREV.'
2023-04-05 jj5 - this happens when CONFIG_SODIUM_SECRET_CURR is defined for the round-trip use case and the Sodium module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_SODIUM_SECRET_CURR
= 'config invalid: CONFIG_SODIUM_SECRET_CURR.'
2023-04-05 jj5 - this happens when CONFIG_SODIUM_SECRET_LIST is defined for the at-rest use case and the Sodium module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_SODIUM_SECRET_LIST
= 'config invalid: CONFIG_SODIUM_SECRET_LIST.'
2023-04-05 jj5 - this happens when CONFIG_SODIUM_SECRET_PREV is defined for the round-trip use case and the Sodium module but it is not valid.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_INVALID_SODIUM_SECRET_PREV
= 'config invalid: CONFIG_SODIUM_SECRET_PREV.'
2023-04-05 jj5 - this happens when CONFIG_OPENSSL_SECRET_CURR is not defined for the round-trip use case and the OpenSSL module.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_MISSING_OPENSSL_SECRET_CURR
= 'config missing: CONFIG_OPENSSL_SECRET_CURR.'
2023-04-05 jj5 - this happens when CONFIG_OPENSSL_SECRET_LIST is not defined for the at-rest use case and the OpenSSL module.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_MISSING_OPENSSL_SECRET_LIST
= 'config missing: CONFIG_OPENSSL_SECRET_LIST.'
2023-04-05 jj5 - this happens when CONFIG_SODIUM_SECRET_CURR is not defined for the round-trip use case and the Sodium module.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_MISSING_SODIUM_SECRET_CURR
= 'config missing: CONFIG_SODIUM_SECRET_CURR.'
2023-04-05 jj5 - this happens when CONFIG_SODIUM_SECRET_LIST is not defined for the at-rest use case and the Sodium module.
public
string
KICKASS_CRYPTO_CONFIG_PROBLEM_MISSING_SODIUM_SECRET_LIST
= 'config missing: CONFIG_SODIUM_SECRET_LIST.'
2023-04-04 jj5 - the JSON format uses the PHP json_encode() and json_decode() functions; the encoding format strings must be four characters long.
public
string
KICKASS_CRYPTO_DATA_ENCODING_JSON
= 'json'
2023-04-04 jj5 - uses the PHP serialize() and unserialize() functions (not enabled by default due to potential security issues, enable with CONFIG_ENCRYPTION_PHPS_ENABLE); the encoding format strings must be four characters long.
public
string
KICKASS_CRYPTO_DATA_ENCODING_PHPS
= 'phps'
2023-04-07 jj5 - encode as text.
public
string
KICKASS_CRYPTO_DATA_ENCODING_TEXT
= 'text'
2023-04-05 jj5 - the data format indicator must meet this maximum character length.
public
int
KICKASS_CRYPTO_DATA_FORMAT_LENGTH_MAX
= 8
..
2023-04-05 jj5 - the data format indicator must meet this minimum character length.
public
int
KICKASS_CRYPTO_DATA_FORMAT_LENGTH_MIN
= 2
..
2023-04-05 jj5 - the OpenSSL data format.
public
string
KICKASS_CRYPTO_DATA_FORMAT_OPENSSL
= 'KA0'
..
2023-04-05 jj5 - the Sodium data format.
public
string
KICKASS_CRYPTO_DATA_FORMAT_SODIUM
= 'KAS0'
..
2023-04-05 jj5 - this is the default chunk size; messages are padded up to the message length modulo the chunk size; 2^12 is 4KiB; this value might be changed in future.
public
int
KICKASS_CRYPTO_DEFAULT_CHUNK_SIZE
= \pow(2, 12)
2023-04-05 jj5 - this is the default maximum chunk size; 2^26 is 64 MiB; this value might be changed in future.
public
int
KICKASS_CRYPTO_DEFAULT_CHUNK_SIZE_MAX
= \pow(2, 26)
2023-04-05 jj5 - default data encoding format is JSON.
public
string
KICKASS_CRYPTO_DEFAULT_DATA_ENCODING
= \KICKASS_CRYPTO_DATA_ENCODING_JSON
2023-04-05 jj5 - this is the maximum data length supported; 2^26 is 64 MiB; this value might be changed in future.
public
int
KICKASS_CRYPTO_DEFAULT_DATA_LENGTH_MAX
= \pow(2, 26)
2023-04-05 jj5 - by default you can't encrypt false.
public
bool
KICKASS_CRYPTO_DEFAULT_FALSE_ENABLE
= \false
..
2023-04-05 jj5 - these are the default JSON decoding options passed to the PHP json_decode() function.
public
int
KICKASS_CRYPTO_DEFAULT_JSON_DECODE_OPTIONS
= \JSON_THROW_ON_ERROR
2023-04-05 jj5 - these are the default JSON encoding options passed to the PHP json_encode() function.
public
int
KICKASS_CRYPTO_DEFAULT_JSON_ENCODE_OPTIONS
= \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE
2023-04-05 jj5 - PHP serialization is disabled by default because it can lead to code execution vulnerabilities... (I don't have a source for this claim, that might be a rumor or not true any more).
public
bool
KICKASS_CRYPTO_DEFAULT_PHPS_ENABLE
= \false
2023-04-05 jj5 - also note that you would only deserialize data which was successfully encrypted, so that would presumably make it harder for an attacker to inject code via PHP serialization format.
2023-04-05 jj5 - if you want to enable PHP serialization you will need these two defines in your config file:
define( 'CONFIG_ENCRYPTION_PHPS_ENABLE', true );
define( 'CONFIG_ENCRYPTION_DATA_ENCODING', KICKASS_CRYPTO_DATA_ENCODING_PHPS );
2023-04-05 jj5 - the maximum random delay (in nanoseconds) used for timing attack mitigation; this value might be changed in future.
public
int
KICKASS_CRYPTO_DELAY_NANOSECONDS_MAX
= 10000000000
2023-04-05 jj5 - the minimum random delay (in nanoseconds) used for timing attack mitigation; this value might be changed in future.
public
int
KICKASS_CRYPTO_DELAY_NANOSECONDS_MIN
= 1000000
2023-04-03 jj5 - this delay is a floating-point value in seconds, it's for comparison of the value returned from the PHP microtime() to check that our delay implementation did actually delay for at least this minimum amount of time.
public
float
KICKASS_CRYPTO_DELAY_SECONDS_MIN
= 1.0 / (\KICKASS_CRYPTO_DELAY_NANOSECONDS_MIN / 1000)
2023-04-07 jj5 - programmers can disable cipher validation by defining this constant as true.
public
bool
KICKASS_CRYPTO_DISABLE_CIPHER_VALIDATION
= false
2023-04-07 jj5 - programmers can disable config validation by defining this constant as true.
public
bool
KICKASS_CRYPTO_DISABLE_CONFIG_VALIDATION
= false
2023-04-07 jj5 - programmers can disable initialization vector length validation by defining this constant as true.
public
bool
KICKASS_CRYPTO_DISABLE_IV_LENGTH_VALIDATION
= false
2023-04-07 jj5 - programmers can disable secret key hash function validation by defining this constant as true.
public
bool
KICKASS_CRYPTO_DISABLE_KEY_HASH_VALIDATION
= false
2023-04-05 jj5 - defines whether the PHP version check is disabled or not.
public
bool
KICKASS_CRYPTO_DISABLE_PHP_VERSION_CHECK
= false
2023-04-07 jj5 - programmers can disable validation of the random_bytes() function by defining this constant as true.
public
bool
KICKASS_CRYPTO_DISABLE_RANDOM_BYTES_VALIDATION
= false
public
string
KICKASS_CRYPTO_ERROR_BASE64_DECODING_FAILED
= 'base64 decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_BASE64_DECODING_FAILED_2
= 'base64 decoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_BINARY_DATA_INVALID
= 'binary data invalid.'
public
string
KICKASS_CRYPTO_ERROR_BINARY_LENGTH_INVALID
= 'binary length invalid.'
public
string
KICKASS_CRYPTO_ERROR_CANNOT_ENCRYPT_FALSE
= 'cannot encrypt false.'
public
string
KICKASS_CRYPTO_ERROR_CHUNK_SIZE_INVALID
= 'chunk size invalid.'
public
string
KICKASS_CRYPTO_ERROR_CIPHERTEXT_INVALID
= 'ciphertext invalid.'
public
string
KICKASS_CRYPTO_ERROR_CIPHERTEXT_INVALID_2
= 'ciphertext invalid (2).'
public
string
KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED
= 'data decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_2
= 'data decoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_3
= 'data decoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_DATA_DECODING_FAILED_4
= 'data decoding failed (4).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED
= 'data encoding failed.'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_2
= 'data encoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_3
= 'data encoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_FAILED_4
= 'data encoding failed (4).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID
= 'data encoding invalid.'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID_2
= 'data encoding invalid (2).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_INVALID_3
= 'data encoding invalid (3).'
public
string
KICKASS_CRYPTO_ERROR_DATA_ENCODING_TOO_LARGE
= 'data encoding too large.'
public
string
KICKASS_CRYPTO_ERROR_DECRYPTION_FAILED
= 'decryption failed.'
public
string
KICKASS_CRYPTO_ERROR_DECRYPTION_FAILED_2
= 'decryption failed (2).'
public
string
KICKASS_CRYPTO_ERROR_ENCRYPTION_FAILED
= 'encryption failed.'
public
string
KICKASS_CRYPTO_ERROR_ENCRYPTION_FAILED_2
= 'encryption failed (2).'
public
string
KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED
= 'exception raised.'
public
string
KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_2
= 'exception raised (2).'
public
string
KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_3
= 'exception raised (3).'
public
string
KICKASS_CRYPTO_ERROR_EXCEPTION_RAISED_4
= 'exception raised (4).'
public
string
KICKASS_CRYPTO_ERROR_IV_LENGTH_INVALID
= 'IV length invalid.'
public
string
KICKASS_CRYPTO_ERROR_IV_LENGTH_INVALID_2
= 'IV length invalid (2).'
public
string
KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED
= 'JSON decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_2
= 'JSON decoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_3
= 'JSON decoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_JSON_DECODING_FAILED_4
= 'JSON decoding failed (4).'
public
string
KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED
= 'JSON encoding failed.'
public
string
KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_2
= 'JSON encoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_3
= 'JSON encoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_JSON_ENCODING_FAILED_4
= 'JSON encoding failed (4).'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_DATA_LENGTH_RANGE_INVALID
= 'message data length range invalid.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_DATA_LENGTH_SPEC_INVALID
= 'message data length spec invalid.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_DECODING_FAILED
= 'message decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED
= 'message encoding failed.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_2
= 'message encoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_3
= 'message encoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_FAILED_4
= 'message encoding failed (4).'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_INVALID
= 'message encoding invalid.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_ENCODING_UNKNOWN
= 'message encoding unknown.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_FORMAT_INVALID
= 'message format invalid.'
public
string
KICKASS_CRYPTO_ERROR_MESSAGE_LENGTH_INVALID
= 'message length invalid.'
public
string
KICKASS_CRYPTO_ERROR_NO_VALID_KEY
= 'no valid key.'
public
string
KICKASS_CRYPTO_ERROR_PASSPHRASE_INVALID
= 'passphrase invalid.'
public
string
KICKASS_CRYPTO_ERROR_PASSPHRASE_LENGTH_INVALID
= 'passphrase length invalid.'
public
string
KICKASS_CRYPTO_ERROR_PASSPHRASE_LENGTH_INVALID_2
= 'passphrase length invalid (2).'
public
string
KICKASS_CRYPTO_ERROR_PASSPHRASE_MISSING
= 'passphrase missing.'
public
string
KICKASS_CRYPTO_ERROR_PHPS_DECODING_FAILED
= 'PHPS decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_PHPS_DECODING_FAILED_2
= 'PHPS decoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_PHPS_ENCODING_DISABLED
= 'PHPS encoding disabled.'
public
string
KICKASS_CRYPTO_ERROR_PHPS_ENCODING_DISABLED_2
= 'PHPS encoding disabled (2).'
public
string
KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED
= 'PHPS encoding failed.'
public
string
KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED_2
= 'PHPS encoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_PHPS_ENCODING_FAILED_3
= 'PHPS encoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_RESULT_INVALID
= 'result invalid.'
public
string
KICKASS_CRYPTO_ERROR_TAG_LENGTH_INVALID
= 'tag length invalid.'
public
string
KICKASS_CRYPTO_ERROR_TAG_LENGTH_INVALID_2
= 'tag length invalid (2).'
public
string
KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED
= 'text decoding failed.'
public
string
KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED_2
= 'text decoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_TEXT_DECODING_FAILED_3
= 'text decoding failed (3).'
public
string
KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED
= 'text encoding failed.'
public
string
KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED_2
= 'text encoding failed (2).'
public
string
KICKASS_CRYPTO_ERROR_TEXT_ENCODING_FAILED_3
= 'text encoding failed (3).'
2023-04-05 jj5 - if the PHP random_bytes() implementation is not using a secure PRNG then this exception is supposed to be raised.
public
int
KICKASS_CRYPTO_EXCEPTION_INSECURE_RANDOM
= 6000
2023-04-05 jj5 - if the cipher nominated for the OpenSSL library is not available in the environment this exception is raise.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_CIPHER
= 4000
2023-04-05 jj5 - this exception is raise if the config is invalid. Modules define what constitutes a valid config based on the use case.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_CONFIG
= 2000
2023-04-05 jj5 - possible combinations of encryption module and use case are:
2023-04-06 jj5 - if we can't get a valid error list from an implementation we bail with an exception.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_ERROR_LIST
= 7000
2023-04-05 jj5 - if an invalid exception code is passed to the exception raising facility this exception is raised instead.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_EXCEPTION_CODE
= 1000
2023-04-05 jj5 - if the initialization vector for the OpenSSL library is not what we've been coded to expect then this exception is raise.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_IV_LENGTH
= 5000
2023-04-05 jj5 - if the hash algorithm is invalid or not available this exception is raised.
public
int
KICKASS_CRYPTO_EXCEPTION_INVALID_KEY_HASH
= 3000
2023-03-30 jj5 - these are the exception messages for each exception code. These exception messages should be stable, you can add new ones but don't change existing ones.
public
array<int, string>
KICKASS_CRYPTO_EXCEPTION_MESSAGE
= [\KICKASS_CRYPTO_EXCEPTION_INVALID_EXCEPTION_CODE => 'invalid exception code.', \KICKASS_CRYPTO_EXCEPTION_INVALID_CONFIG => 'invalid config.', \KICKASS_CRYPTO_EXCEPTION_INVALID_KEY_HASH => 'invalid key hash.', \KICKASS_CRYPTO_EXCEPTION_INVALID_CIPHER => 'invalid cipher.', \KICKASS_CRYPTO_EXCEPTION_INVALID_IV_LENGTH => 'invalid IV length.', \KICKASS_CRYPTO_EXCEPTION_INSECURE_RANDOM => 'insecure random.', \KICKASS_CRYPTO_EXCEPTION_INVALID_ERROR_LIST => 'invalid error list.', \KICKASS_CRYPTO_EXCEPTION_RECURSION_DETECTED => 'recursion detected.']
2023-04-07 jj5 - called if recursion/reentrancy is detected.
public
int
KICKASS_CRYPTO_EXCEPTION_RECURSION_DETECTED
= 8000
2023-04-05 jj5 - the error level to return when the program exits due to an assertion violation.
public
int
KICKASS_CRYPTO_EXIT_ASSERT
= 83
2023-04-05 jj5 - the error level to return when the program can't run due to an invalid run-time environment.
public
int
KICKASS_CRYPTO_EXIT_BAD_ENVIRONMENT
= 60
2023-04-05 jj5 - the error level to return when nothing is broken or wrong but the program cannot continue.
public
int
KICKASS_CRYPTO_EXIT_CANNOT_CONTINUE
= 10
2023-04-05 jj5 - the error level to return when the program exits due to an error.
public
int
KICKASS_CRYPTO_EXIT_ERROR
= 81
2023-04-05 jj5 - the error level to return when the program exits due to an exception.
public
int
KICKASS_CRYPTO_EXIT_EXCEPTION
= 82
2023-04-05 jj5 - the error level to return when a file is missing.
public
int
KICKASS_CRYPTO_EXIT_FILE_MISSING
= 61
2023-04-05 jj5 - the error level to return when help (or version) has been requested; this is not an error but it does return a non-zero error level for safety.
public
int
KICKASS_CRYPTO_EXIT_HELP
= 99
2023-04-05 jj5 - the error level to return when the program tries to exit with an invalid error level.
public
int
KICKASS_CRYPTO_EXIT_INVALID
= 89
2023-04-05 jj5 - the error level to return when program options have been requested; this is not an error but it does return a non-zero error level for safety.
public
int
KICKASS_CRYPTO_EXIT_OPTIONS_LISTED
= 98
2023-04-05 jj5 - the error level to return when there's a problem with the program.
public
int
KICKASS_CRYPTO_EXIT_PROBLEM
= 80
2023-04-05 jj5 - the error level to return upon success.
public
int
KICKASS_CRYPTO_EXIT_SUCCESS
= 0
2023-04-05 jj5 - the error level to return when a unit-test failed.
public
int
KICKASS_CRYPTO_EXIT_TEST_FAILED
= 84
2023-04-05 jj5 - the key has is used to convert a secret key into a 32 byte (256-bit) passphrase for use with either the OpenSSL or Sodium encryption library.
public
string
KICKASS_CRYPTO_KEY_HASH
= 'sha512/256'
2023-04-05 jj5 - the minimum key length is used to ensure that secret keys meet at least a minimal requirement.
public
int
KICKASS_CRYPTO_KEY_LENGTH_MIN
= 88
public
string
KICKASS_CRYPTO_LOG_ERROR_INVALID_PASSPHRASE
= 'error: invalid passphrase.'
public
string
KICKASS_CRYPTO_LOG_PREFIX_EMERGENCY_DELAY
= 'emergency delay: '
public
string
KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_HANDLE
= 'handled exception: '
public
string
KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_IGNORE
= 'ignored exception: '
public
string
KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_NOTIFY
= 'caught exception: '
public
string
KICKASS_CRYPTO_LOG_PREFIX_EXCEPTION_THROW
= 'throwing exception: '
public
string
KICKASS_CRYPTO_LOG_WARNING_DELAY
= 'warning: delayed due to error.'
public
string
KICKASS_CRYPTO_LOG_WARNING_SHORT_PASSPHRASE
= 'warning: passphrase shorter than recommended.'
public
string
KICKASS_CRYPTO_LOG_WARNING_SHORT_SECRET
= 'warning: secret shorter than recommended.'
2023-04-05 jj5 - this is the OpenSSL cipher we use, this should never be changed... at least not without a lot of support to upgrading to a new cipher.
public
string
KICKASS_CRYPTO_OPENSSL_CIPHER
= 'aes-256-gcm'
2023-04-05 jj5 - this is the length of the initialization vector expected by the openssl_encrypt() and openssl_decrypt() fucntions, this should not be changed.
public
int
KICKASS_CRYPTO_OPENSSL_IV_LENGTH
= 12
2023-04-05 jj5 - these are the options for the OpenSSL openssl_encrypt() function, these should not be changed.
public
int
KICKASS_CRYPTO_OPENSSL_OPTIONS
= \OPENSSL_RAW_DATA
2023-04-05 jj5 - this is the passphrase length excepted by the openssl_encrypt() function, this should not be changed.
public
int
KICKASS_CRYPTO_OPENSSL_PASSPHRASE_LENGTH
= 32
2023-04-05 jj5 - this is the tag length of the tag generated by the openssl_encrypt() function and expected by the openssl_decrypt() function, this should not be changed.
public
int
KICKASS_CRYPTO_OPENSSL_TAG_LENGTH
= 16
2023-04-05 jj5 - the minimum key length is used to ensure that passphrases meet at least a minimal requirement.
public
int
KICKASS_CRYPTO_PASSPHRASE_LENGTH_MIN
= 32
2023-04-07 jj5 - this is the limit of recursion that we allow... the Xdebug limit is 256 and PHP by itself has no limit (it will recurse until it runs out of memory); we pick a value less than the Xdebug limit so that we can handle things ourselves.
public
int
KICKASS_CRYPTO_RECURSION_LIMIT
= 100
2023-04-05 jj5 - this is our Base64 validation regex; see the link for discussion concerning the previous regex and poor performance.
public
string
KICKASS_CRYPTO_REGEX_BASE64
= '/^[a-zA-Z0-9\\/+]{2,}={0,2}$/'
2023-04-05 jj5 - this is the length of the passphrase (it's the $key parameter) expected by the sodium_crypto_secretbox() function.
public
int
KICKASS_CRYPTO_SODIUM_PASSPHRASE_LENGTH
= \SODIUM_CRYPTO_SECRETBOX_KEYBYTES
2023-04-05 jj5 - this function registered with PHP's spl_autoload_register() to provide automatic loading of namespace elements.
kickass_crypto_autoload(string $class_name) : bool
the full name of the relevant interface, class, or trait.
true on success or false on failure (the return value is not used by PHP).
2023-03-31 jj5 - this function is for validating our run-time environment. If there's a problem then we exit, unless the programmer has overridden that behavior by defining certain constants.
kickass_crypto_validate_environment() : void
define( 'KICKASS_CRYPTO_DISABLE_PHP_VERSION_CHECK', true );
define( 'KICKASS_CRYPTO_DISABLE_WORD_SIZE_CHECK', true );
2023-03-31 jj5 - this function is for validating our run-time environment. If there's a problem then we exit, unless the programmer has overridden that behavior by defining certain constants.
kickass_crypto_validate_environment_openssl() : void
define( 'KICKASS_CRYPTO_DISABLE_OPENSSL_CHECK', true );
2023-04-03 jj5 - this function is for validating our run-time environment. If there's a problem then we exit, unless the programmer has overridden that behavior by defining certain constants.
kickass_crypto_validate_environment_sodium() : void
define( 'KICKASS_CRYPTO_DISABLE_SODIUM_CHECK', true );
2023-03-31 jj5 - this function hosts a unit test, it's just for convenience. It sets up your environment and then calls run_test() which you should define. If debugging is enabled then no try-catch block is used, otherwise it is. Also we make sure DEBUG is defined before we run your code so you shouldn't have to worry about whether it is defined or not.
main(array<string|int, mixed> $argv) : void
the command-line options.
2023-04-04 jj5 - this function makes sure we're running a supported version of PHP; don't use fancy PHP features because they might not be available in older versions.
kickass_crypto_validate_php() : void
2023-04-05 jj5 - this is the round-trip service locator defined for use by the OpenSSL module.
kickass_round_trip([IKickassCrypto $set = false ]) : IKickassCrypto
This component will use the round-trip keys defined for the OpenSSL module, those keys are defined with the CONFIG_OPENSSL_SECRET_CURR configuration constant (required) and the CONFIG_OPENSSL_SECRET_PREV configuration constant (optional).
pass a valid instance to reconfigure the service locator with a new service instance.
the crypto interface.
2023-04-05 jj5 - this is the at-rest service locator defined for use by the OpenSSL module.
kickass_at_rest([IKickassCrypto $set = false ]) : IKickassCrypto
This component will use the at-rest keys defined for the OpenSSL module, those keys are defined with the CONFIG_OPENSSL_SECRET_LIST configuration constant.
pass a valid instance to reconfigure the service locator with a new service instance.
the crypto interface.
2023-04-05 jj5 - this is the round-trip service locator defined for use by the Sodium module.
kickass_round_trip([IKickassCrypto $set = false ]) : IKickassCrypto
This component will use the round-trip keys defined for the Sodium module, those keys are defined with the CONFIG_SODIUM_SECRET_CURR configuration constant (required) and the CONFIG_SODIUM_SECRET_PREV configuration constant (optional).
pass a valid instance to reconfigure the service locator with a new service instance.
the crypto interface.
2023-04-05 jj5 - this is the at-rest service locator defined for use by the Sodium module.
kickass_at_rest([IKickassCrypto $set = false ]) : IKickassCrypto
This component will use the at-rest keys defined for the Sodium module, those keys are defined with the CONFIG_SODIUM_SECRET_LIST configuration constant.
pass a valid instance to reconfigure the service locator with a new service instance.
the crypto interface.
2023-04-05 jj5 - this function will set up a test environment.
kickass_crypto_setup_unit_test_environment() : void
2023-04-05 jj5 - this function will generate a bunch of special purpose floating-point values.
kickass_crypto_get_floats([float &$nan = null ][, float &$pos_inf = null ][, float &$neg_inf = null ][, float &$pos_zero = null ][, float &$neg_zero = null ][, float &$float_min = null ][, float &$float_max = null ][, float &$epslion = null ]) : void
the NaN (Not a Number) floating-point value
the positive infinity floating-point value
the negative infinity floating-point value
the positive zero floating-point value
the negative zero floating-point value
the minimum floating-point value
the maximum floating-point value
the smallest absolute non-zero floating-point value
2023-04-05 jj5 - this function will set up a standard run-time environment.
kickass_crypto_setup_environment() : void
2023-04-05 jj5 - this function handles a PHP error by throwing it as an ErrorException. This function is called by PHP when it's registered as an error handler with the set_error_handler() function. This function doesn't throw if error reporting is disabled.
kickass_crypto_handle_error(int $errno, string $errstr, string $errfile, string $errline) : mixed
the error number.
the error string.
the file the error was triggered from.
the line in the file the error was triggered from.
2023-04-05 jj5 - this function will exit the process with a suitable error level.
kickass_crypto_exit([int|Exception $error = KICKASS_CRYPTO_EXIT_SUCCESS ][, int $default = KICKASS_CRYPTO_EXIT_PROBLEM ]) : void
either the integer error level or an exception.
the error level to use if $error is not valid.
2023-04-05 jj5 - this function will change the current directory; if there's any sort of problem the program will be immediately aborted with an appropriate error level; this function is for command-line scripts, not web services.
kickass_crypto_change_dir(string $dir) : void
the directory to change into.
2023-04-05 jj5 - this function prints a line of text to STDERR.
kickass_crypto_report_error(string $line) : void
the line of text to print to STDERR.
2023-04-05 jj5 - this function tests to see if a given flag is set within a set of flags.
kickass_crypto_is_set(int $flags, int $flag) : bool
the flags which are specified.
the flag which you're interested in.
true if the flag is set.
2023-04-05 jj5 - this function splits a set of flags into a list of singular flag values.
kickass_crypto_bits_split(int $flags) : array<int, int>
the flags which are specified.
the list of singular flag values.