From 3094862ca5cce36390a6cc4e04c57e82795a68b4 Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Wed, 31 Jul 2013 11:56:58 +0200
Subject: [PATCH] auth_en/decrypt: Add explanation and more efficient
 decryption

Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST for
non-random (but unique) IVs. In the decryption process it's not
necessary to decrypt the IV, this should save some time.
---
 inc/auth.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/inc/auth.php b/inc/auth.php
index 227ee80fd..96b80e19e 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -459,10 +459,16 @@ function auth_random($min, $max) {
  * @return string The ciphertext
  */
 function auth_encrypt($data, $secret) {
-    $iv = auth_randombytes(16);
+    $iv     = auth_randombytes(16);
     $cipher = new Crypt_AES();
     $cipher->setPassword($secret);
 
+    /*
+    this uses the encrypted IV as IV as suggested in
+    http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, Appendix C
+    for unique but necessarily random IVs. The resulting ciphertext is
+    compatible to ciphertext that was created using a "normal" IV.
+    */
     return $cipher->encrypt($iv.$data);
 }
 
@@ -476,10 +482,12 @@ function auth_encrypt($data, $secret) {
  * @return string The decrypted data
  */
 function auth_decrypt($ciphertext, $secret) {
+    $iv     = substr($ciphertext, 0, 16);
     $cipher = new Crypt_AES();
     $cipher->setPassword($secret);
+    $cipher->setIV($iv);
 
-    return substr($cipher->decrypt($ciphertext), 16);
+    return $cipher->decrypt(substr($ciphertext, 16));
 }
 
 /**
-- 
GitLab