auth_en/decrypt: Add explanation and more efficient decryption

Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST for
non-random (but unique) IVs. In the decryption process it's not
necessary to decrypt the IV, this should save some time.

1 files changed, 10 insertions, 2 deletions

diff --git a/inc/auth.php b/inc/auth.php
index 227ee80fd..96b80e19e 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -459,10 +459,16 @@ function auth_random($min, $max) {
  * @return string The ciphertext
  */
 function auth_encrypt($data, $secret) {
-    $iv = auth_randombytes(16);
+    $iv     = auth_randombytes(16);
     $cipher = new Crypt_AES();
     $cipher->setPassword($secret);
 
+    /*
+    this uses the encrypted IV as IV as suggested in
+    http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, Appendix C
+    for unique but necessarily random IVs. The resulting ciphertext is
+    compatible to ciphertext that was created using a "normal" IV.
+    */
     return $cipher->encrypt($iv.$data);
 }
 
@@ -476,10 +482,12 @@ function auth_encrypt($data, $secret) {
  * @return string The decrypted data
  */
 function auth_decrypt($ciphertext, $secret) {
+    $iv     = substr($ciphertext, 0, 16);
     $cipher = new Crypt_AES();
     $cipher->setPassword($secret);
+    $cipher->setIV($iv);
 
-    return substr($cipher->decrypt($ciphertext), 16);
+    return $cipher->decrypt(substr($ciphertext, 16));
 }
 
 /**