PHP Classes

PHP Constant Time String Encoding: Encode text without leaking context information

Recommend this page to a friend!
  Info   View files Documentation   View files View files (26)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 87 This week: 1All time: 9,971 This week: 560Up
Version License PHP version Categories
constant_time_encodi 1.0MIT/X Consortium ...5PHP 5, Text processing
Description 

Authors

Paragon Initiative Enterprises
Steve 'Sc00bz' Thomas


Contributor

This package can encode and decode text without leaking context information.

It provides pure PHP based functions that encode and decode without leaking information about what you are encoding and decoding via processor cache misses.

Currently it provides functions to encode and decode data using the algorithms for base64, base32, base16 and hexadecimal.

Innovation Award
PHP Programming Innovation award nominee
February 2019
Number 10
Constant time encoding is an approach to generate variable data that takes the same length of time regardless of the data that it is generating.

This is important because if different data values passed to code that implements a given processing algorithm take a variable length of time to run, it may help to expose secret values that the algorithm is using, thus compromising the security of the system.

This package provides an implementation of several data encoding algorithms in pure PHP code, in such a way that they always take the same length of time to execute regardless of the data that it is processing, thus providing more security protection to applications that use this package.

Manuel Lemos
Picture of Scott Arciszewski
  Performance   Level  
Name: Scott Arciszewski <contact>
Classes: 36 packages by
Country: United States United States
Age: ???
All time rank: 1180171 in United States United States
Week rank: 52 Up6 in United States United States Up
Innovation award
Innovation award
Nominee: 28x

Winner: 1x

Documentation

Constant-Time Encoding

Build Status Latest Stable Version Latest Unstable Version License Downloads

Based on the constant-time base64 implementation made by Steve "Sc00bz" Thomas, this library aims to offer character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses. Further reading on cache-timing attacks.

Our fork offers the following enchancements:

  • `mbstring.func_overload` resistance
  • Unit tests
  • Composer- and Packagist-ready
  • Base16 encoding
  • Base32 encoding
  • Uses `pack()` and `unpack()` instead of `chr()` and `ord()`

PHP Version Requirements

Version 2 of this library should work on PHP 7 or newer. For PHP 5 support, see the v1.x branch.

If you are adding this as a dependency to a project intended to work on both PHP 5 and PHP 7, please set the required version to ^1|^2 instead of just ^1 or ^2.

How to Install

composer require paragonie/constant_time_encoding

How to Use

use \ParagonIE\ConstantTime\Encoding;

// possibly (if applicable): 
// require 'vendor/autoload.php';

$data = random_bytes(32);
echo Encoding::base64Encode($data), "\n";
echo Encoding::base32EncodeUpper($data), "\n";
echo Encoding::base32Encode($data), "\n";
echo Encoding::hexEncode($data), "\n";
echo Encoding::hexEncodeUpper($data), "\n";

Example output:

1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ====
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1
D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1

If you only need a particular variant, you can just reference the required class like so:

use \ParagonIE\ConstantTime\Base64;
use \ParagonIE\ConstantTime\Base32;

$data = random_bytes(32);
echo Base64::encode($data), "\n";
echo Base32::encode($data), "\n";

Example output:

1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.


  Files folder image Files  
File Role Description
Files folder imagesrc (11 files)
Files folder imagetests (9 files)
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file LICENSE.txt Doc. Documentation
Accessible without login Plain text file phpunit.xml.dist Data Auxiliary data
Accessible without login Plain text file psalm.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  src  
File Role Description
  Accessible without login Plain text file Base32.php Class Class source
  Accessible without login Plain text file Base32Hex.php Class Class source
  Accessible without login Plain text file Base64.php Class Class source
  Accessible without login Plain text file Base64DotSlash.php Class Class source
  Accessible without login Plain text file Base64DotSlashOrdered.php Class Class source
  Accessible without login Plain text file Base64UrlSafe.php Class Class source
  Accessible without login Plain text file Binary.php Class Class source
  Accessible without login Plain text file EncoderInterface.php Class Class source
  Accessible without login Plain text file Encoding.php Class Class source
  Accessible without login Plain text file Hex.php Class Class source
  Accessible without login Plain text file RFC4648.php Class Class source

  Files folder image Files  /  tests  
File Role Description
  Accessible without login Plain text file Base32HexTest.php Class Class source
  Accessible without login Plain text file Base32Test.php Class Class source
  Accessible without login Plain text file Base64DotSlashOrderedTest.php Class Class source
  Accessible without login Plain text file Base64DotSlashTest.php Class Class source
  Accessible without login Plain text file Base64Test.php Class Class source
  Accessible without login Plain text file Base64UrlSafeTest.php Class Class source
  Accessible without login Plain text file EncodingTest.php Class Class source
  Accessible without login Plain text file HexTest.php Class Class source
  Accessible without login Plain text file RFC4648Test.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:87
This week:1
All time:9,971
This week:560Up