Constant-Time Character Encoding in PHP Projects
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Fix Psalm. Nov 3, 2018
tests Add unit tests against string truncation Feb 5, 2018
.gitignore
.travis.yml Type safety, with vimeo/psalm. Sep 16, 2017
LICENSE.txt Update copyright year, make totallyTyped (Psalm). Jan 23, 2018
README.md More buttons! Nov 21, 2017
composer.json Fix Psalm. Nov 3, 2018
phpunit.xml.dist Initial commit. Feb 3, 2016
psalm.xml Remove attribute Nov 3, 2018

README.md

Constant-Time Encoding

Build Status Latest Stable Version Latest Unstable Version License Downloads

Based on the constant-time base64 implementation made by Steve "Sc00bz" Thomas, this library aims to offer character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses. Further reading on cache-timing attacks.

Our fork offers the following enchancements:

  • mbstring.func_overload resistance
  • Unit tests
  • Composer- and Packagist-ready
  • Base16 encoding
  • Base32 encoding
  • Uses pack() and unpack() instead of chr() and ord()

PHP Version Requirements

Version 2 of this library should work on PHP 7 or newer. For PHP 5 support, see the v1.x branch.

If you are adding this as a dependency to a project intended to work on both PHP 5 and PHP 7, please set the required version to ^1|^2 instead of just ^1 or ^2.

How to Install

composer require paragonie/constant_time_encoding

How to Use

use \ParagonIE\ConstantTime\Encoding;

// possibly (if applicable): 
// require 'vendor/autoload.php';

$data = random_bytes(32);
echo Encoding::base64Encode($data), "\n";
echo Encoding::base32EncodeUpper($data), "\n";
echo Encoding::base32Encode($data), "\n";
echo Encoding::hexEncode($data), "\n";
echo Encoding::hexEncodeUpper($data), "\n";

Example output:

1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ====
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1
D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1

If you only need a particular variant, you can just reference the required class like so:

use \ParagonIE\ConstantTime\Base64;
use \ParagonIE\ConstantTime\Base32;

$data = random_bytes(32);
echo Base64::encode($data), "\n";
echo Base32::encode($data), "\n";

Example output:

1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====