Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 1e83d69a52a85a4f568bfa086d658556acd48980 / . / system / libraries / Encryption.php
blob: d6ffc9bfefd2576cf0f79346ad6784261ab4dba9 [file] [log] [blame]
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]1<?php
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 5.2.4 or newer
6 *
7 * NOTICE OF LICENSE
8 *
9 * Licensed under the Open Software License version 3.0
10 *
11 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
19 * @package CodeIgniter
20 * @author EllisLab Dev Team
darwinel871754a2014-02-11 17:34:57 +0100[diff] [blame]21 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]22 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
23 * @link http://codeigniter.com
24 * @since Version 3.0
25 * @filesource
26 */
27defined('BASEPATH') OR exit('No direct script access allowed');
28
29/**
30 * CodeIgniter Encryption Class
31 *
32 * Provides two-way keyed encryption via PHP's MCrypt and/or OpenSSL extensions.
33 *
34 * @package CodeIgniter
35 * @subpackage Libraries
36 * @category Libraries
37 * @author Andrey Andreev
38 * @link http://codeigniter.com/user_guide/libraries/encryption.html
39 */
40class CI_Encryption {
41
42 /**
43 * Encryption cipher
44 *
45 * @var string
46 */
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]47 protected $_cipher = 'aes-128';
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]48
49 /**
50 * Cipher mode
51 *
52 * @var string
53 */
54 protected $_mode = 'cbc';
55
56 /**
57 * Cipher handle
58 *
59 * @var mixed
60 */
61 protected $_handle;
62
63 /**
64 * Encryption key
65 *
66 * @var string
67 */
68 protected $_key;
69
70 /**
71 * PHP extension to be used
72 *
73 * @var string
74 */
75 protected $_driver;
76
77 /**
78 * List of usable drivers (PHP extensions)
79 *
80 * @var array
81 */
82 protected $_drivers = array();
83
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]84 /**
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]85 * List of available modes
86 *
87 * @var array
88 */
89 protected $_modes = array(
90 'mcrypt' => array(
91 'cbc' => 'cbc',
92 'ecb' => 'ecb',
93 'ofb' => 'nofb',
94 'ofb8' => 'ofb',
95 'cfb' => 'ncfb',
96 'cfb8' => 'cfb',
97 'ctr' => 'ctr',
98 'stream' => 'stream'
99 ),
100 'openssl' => array(
101 'cbc' => 'cbc',
102 'ecb' => 'ecb',
103 'ofb' => 'ofb',
104 'cfb' => 'cfb',
105 'cfb8' => 'cfb8',
106 'ctr' => 'ctr',
107 'stream' => '',
108 'gcm' => 'gcm',
109 'xts' => 'xts'
110 )
111 );
112
113 /**
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]114 * List of supported HMAC algorightms
115 *
116 * name => digest size pairs
117 *
118 * @var array
119 */
120 protected $_digests = array(
121 'sha224' => 28,
122 'sha256' => 32,
123 'sha384' => 48,
124 'sha512' => 64
125 );
126
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]127 // --------------------------------------------------------------------
128
129 /**
130 * Class constructor
131 *
132 * @param array $params Configuration parameters
133 * @return void
134 */
135 public function __construct(array $params = array())
136 {
137 $this->_drivers = array(
Andrey Andreev8e202162014-02-05 18:59:55 +0200[diff] [blame]138 'mcrypt' => defined('MCRYPT_DEV_URANDOM'),
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]139 // While OpenSSL is available for PHP 5.3.0, an IV parameter
140 // for the encrypt/decrypt functions is only available since 5.3.3
141 'openssl' => (is_php('5.3.3') && extension_loaded('openssl'))
142 );
143
144 if ( ! $this->_drivers['mcrypt'] && ! $this->_drivers['openssl'])
145 {
146 return show_error('Encryption: Unable to find an available encryption driver.');
147 }
148
149 $this->initialize($params);
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]150 if ( ! isset($this->_key) && strlen($key = config_item('encryption_key')) > 0)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]151 {
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]152 $this->_key = $key;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]153 }
154
155 log_message('debug', 'Encryption Class Initialized');
156 }
157
158 // --------------------------------------------------------------------
159
160 /**
161 * Initialize
162 *
163 * @param array $params Configuration parameters
164 * @return CI_Encryption
165 */
166 public function initialize(array $params)
167 {
168 if ( ! empty($params['driver']))
169 {
170 if (isset($this->_drivers[$params['driver']]))
171 {
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]172 if ($this->_drivers[$params['driver']])
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]173 {
174 $this->_driver = $params['driver'];
175 }
176 else
177 {
178 log_message('error', "Encryption: Driver '".$params['driver']."' is not available.");
179 }
180 }
181 else
182 {
183 log_message('error', "Encryption: Unknown driver '".$params['driver']."' cannot be configured.");
184 }
185 }
186
Andrey Andreev912831f2014-02-04 17:21:37 +0200[diff] [blame]187 if (empty($this->_driver))
188 {
Andrey Andreev8e202162014-02-05 18:59:55 +0200[diff] [blame]189 $this->_driver = ($this->_drivers['openssl'] === TRUE)
190 ? 'openssl'
191 : 'mcrypt';
Andrey Andreev912831f2014-02-04 17:21:37 +0200[diff] [blame]192
193 log_message('debug', "Encryption: Auto-configured driver '".$this->_driver."'.");
194 }
195
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]196 empty($params['key']) OR $this->_key = $params['key'];
197 $this->{'_'.$this->_driver.'_initialize'}($params);
198 return $this;
199 }
200
201 // --------------------------------------------------------------------
202
203 /**
204 * Initialize MCrypt
205 *
206 * @param array $params Configuration parameters
207 * @return void
208 */
209 protected function _mcrypt_initialize($params)
210 {
211 if ( ! empty($params['cipher']))
212 {
213 $params['cipher'] = strtolower($params['cipher']);
214 $this->_cipher_alias($params['cipher']);
215
216 if ( ! in_array($params['cipher'], mcrypt_list_algorithms(), TRUE))
217 {
218 log_message('error', 'Encryption: MCrypt cipher '.strtoupper($params['cipher']).' is not available.');
219 }
220 else
221 {
222 $this->_cipher = $params['cipher'];
223 }
224 }
225
226 if ( ! empty($params['mode']))
227 {
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]228 $params['mode'] = strtolower($params['mode']);
229 if ( ! isset($this->_modes['mcrypt'][$params['mode']]))
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]230 {
231 log_message('error', 'Encryption: MCrypt mode '.strtotupper($params['mode']).' is not available.');
232 }
233 else
234 {
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]235 $this->_mode = $this->_modes['mcrypt'][$params['mode']];
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]236 }
237 }
238
239 if (isset($this->_cipher, $this->_mode))
240 {
241 if (is_resource($this->_handle)
242 && (strtolower(mcrypt_enc_get_algorithms_name($this->_handle)) !== $this->_cipher
243 OR strtolower(mcrypt_enc_get_modes_name($this->_handle)) !== $this->_mode)
244 )
245 {
246 mcrypt_module_close($this->_handle);
247 }
248
249 if ($this->_handle = mcrypt_module_open($this->_cipher, '', $this->_mode, ''))
250 {
251 log_message('debug', 'Encryption: MCrypt cipher '.strtoupper($this->_cipher).' initialized in '.strtoupper($this->_mode).' mode.');
252 }
253 else
254 {
255 log_message('error', 'Encryption: Unable to initialize MCrypt with cipher '.strtoupper($this->_cipher).' in '.strtoupper($this->_mode).' mode.');
256 }
257 }
258 }
259
260 // --------------------------------------------------------------------
261
262 /**
263 * Initialize OpenSSL
264 *
265 * @param array $params Configuration parameters
266 * @return void
267 */
268 protected function _openssl_initialize($params)
269 {
270 if ( ! empty($params['cipher']))
271 {
272 $params['cipher'] = strtolower($params['cipher']);
273 $this->_cipher_alias($params['cipher']);
274 $this->_cipher = $params['cipher'];
275 }
276
277 if ( ! empty($params['mode']))
278 {
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]279 $params['mode'] = strtolower($params['mode']);
280 if ( ! isset($this->_modes['openssl'][$params['mode']]))
281 {
282 log_message('error', 'Encryption: OpenSSL mode '.strtotupper($params['mode']).' is not available.');
283 }
284 else
285 {
286 $this->_mode = $this->_modes['openssl'][$params['mode']];
287 }
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]288 }
289
290 if (isset($this->_cipher, $this->_mode))
291 {
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]292 // This is mostly for the stream mode, which doesn't get suffixed in OpenSSL
293 $handle = empty($this->_mode)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]294 ? $this->_cipher
295 : $this->_cipher.'-'.$this->_mode;
296
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]297 if ( ! in_array($handle, openssl_get_cipher_methods(), TRUE))
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]298 {
299 $this->_handle = NULL;
300 log_message('error', 'Encryption: Unable to initialize OpenSSL with method '.strtoupper($handle).'.');
301 }
302 else
303 {
304 $this->_handle = $handle;
305 log_message('debug', 'Encryption: OpenSSL initialized with method '.strtoupper($handle).'.');
306 }
307 }
308 }
309
310 // --------------------------------------------------------------------
311
312 /**
313 * Encrypt
314 *
315 * @param string $data Input data
316 * @param array $params Input parameters
317 * @return string
318 */
319 public function encrypt($data, array $params = NULL)
320 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]321 if (($params = $this->_get_params($params)) === FALSE)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]322 {
323 return FALSE;
324 }
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]325
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]326 isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, strlen($this->_key), 'encryption');
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]327
328 if (($data = $this->{'_'.$this->_driver.'_encrypt'}($data, $params)) === FALSE)
329 {
330 return FALSE;
331 }
332
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]333 $params['base64'] && $data = base64_encode($data);
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]334
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]335 if (isset($params['hmac_digest']))
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]336 {
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]337 isset($params['hmac_key']) OR $params['hmac_key'] = $this->hkdf($this->_key, 'sha512', NULL, NULL, 'authentication');
338 return hash_hmac($params['hmac_digest'], $data, $params['hmac_key'], ! $params['base64']).$data;
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]339 }
340
341 return $data;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]342 }
343
344 // --------------------------------------------------------------------
345
346 /**
347 * Encrypt via MCrypt
348 *
349 * @param string $data Input data
350 * @param array $params Input parameters
351 * @return string
352 */
353 protected function _mcrypt_encrypt($data, $params)
354 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]355 if ( ! is_resource($params['handle']))
356 {
357 return FALSE;
358 }
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]359
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]360 // The greater-than-1 comparison is mostly a work-around for a bug,
361 // where 1 is returned for ARCFour instead of 0.
362 $iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
363 ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
364 : NULL;
365
366 if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]367 {
368 if ($params['handle'] !== $this->_handle)
369 {
370 mcrypt_module_close($params['handle']);
371 }
372
373 return FALSE;
374 }
375
376 // Use PKCS#7 padding in order to ensure compatibility with OpenSSL
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]377 // and other implementations outside of PHP.
378 if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE))
379 {
380 $block_size = mcrypt_enc_get_block_size($params['handle']);
381 $pad = $block_size - (strlen($data) % $block_size);
382 $data .= str_repeat(chr($pad), $pad);
383 }
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]384
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]385 // Work-around for yet another strange behavior in MCrypt.
386 //
387 // When encrypting in ECB mode, the IV is ignored. Yet
388 // mcrypt_enc_get_iv_size() returns a value larger than 0
389 // even if ECB is used AND mcrypt_generic_init() complains
390 // if you don't pass an IV with length equal to the said
391 // return value.
392 //
393 // This probably would've been fine (even though still wasteful),
394 // but OpenSSL isn't that dumb and we need to make the process
395 // portable, so ...
396 $data = (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB')
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]397 ? $iv.mcrypt_generic($params['handle'], $data)
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]398 : mcrypt_generic($params['handle'], $data);
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]399
400 mcrypt_generic_deinit($params['handle']);
401 if ($params['handle'] !== $this->_handle)
402 {
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]403 mcrypt_module_close($params['handle']);
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]404 }
405
406 return $data;
407 }
408
409 // --------------------------------------------------------------------
410
411 /**
412 * Encrypt via OpenSSL
413 *
414 * @param string $data Input data
415 * @param array $params Input parameters
416 * @return string
417 */
418 protected function _openssl_encrypt($data, $params)
419 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]420 if (empty($params['handle']))
421 {
422 return FALSE;
423 }
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]424
425 $iv = ($iv_size = openssl_cipher_iv_length($params['handle']))
426 ? openssl_random_pseudo_bytes($iv_size)
427 : NULL;
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]428
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]429 $data = openssl_encrypt(
430 $data,
431 $params['handle'],
432 $params['key'],
433 1, // DO NOT TOUCH!
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]434 $iv
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]435 );
436
437 if ($data === FALSE)
438 {
439 return FALSE;
440 }
441
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]442 return $iv.$data;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]443 }
444
445 // --------------------------------------------------------------------
446
447 /**
448 * Decrypt
449 *
450 * @param string $data Encrypted data
451 * @param array $params Input parameters
452 * @return string
453 */
454 public function decrypt($data, array $params = NULL)
455 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]456 if (($params = $this->_get_params($params)) === FALSE)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]457 {
458 return FALSE;
459 }
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]460
461 if (isset($params['hmac_digest']))
462 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]463 // This might look illogical, but it is done during encryption as well ...
Andrey Andreev177144f2014-02-04 18:07:34 +0200[diff] [blame]464 // The 'base64' value is effectively an inverted "raw data" parameter
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]465 $digest_size = ($params['base64'])
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]466 ? $this->_digests[$params['hmac_digest']] * 2
467 : $this->_digests[$params['hmac_digest']];
Andrey Andreev7c554482014-02-06 02:38:27 +0200[diff] [blame]468
469 if (strlen($data) <= $digest_size)
470 {
471 return FALSE;
472 }
473
474 $hmac_input = substr($data, 0, $digest_size);
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]475 $data = substr($data, $digest_size);
476
Andrey Andreev7c554482014-02-06 02:38:27 +0200[diff] [blame]477 isset($params['hmac_key']) OR $params['hmac_key'] = $this->hkdf($this->_key, 'sha512', NULL, NULL, 'authentication');
478 $hmac_check = hash_hmac($params['hmac_digest'], $data, $params['hmac_key'], ! $params['base64']);
479
480 // Time-attack-safe comparison
481 $diff = 0;
482 for ($i = 0; $i < $digest_size; $i++)
483 {
484 $diff |= ord($hmac_input[$i]) ^ ord($hmac_check[$i]);
485 }
486
487 if ($diff !== 0)
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]488 {
489 return FALSE;
490 }
491 }
492
493 if ($params['base64'])
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]494 {
495 $data = base64_decode($data);
496 }
497
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]498 isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, strlen($this->_key), 'encryption');
499
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]500 return $this->{'_'.$this->_driver.'_decrypt'}($data, $params);
501 }
502
503 // --------------------------------------------------------------------
504
505 /**
506 * Decrypt via MCrypt
507 *
508 * @param string $data Encrypted data
509 * @param array $params Input parameters
510 * @return string
511 */
512 protected function _mcrypt_decrypt($data, $params)
513 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]514 if ( ! is_resource($params['handle']))
515 {
516 return FALSE;
517 }
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]518
519 // The greater-than-1 comparison is mostly a work-around for a bug,
520 // where 1 is returned for ARCFour instead of 0.
521 if (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]522 {
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]523 if (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB')
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]524 {
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]525 $iv = substr($data, 0, $iv_size);
526 $data = substr($data, $iv_size);
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]527 }
528 else
529 {
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]530 // MCrypt is dumb and this is ignored, only size matters
531 $iv = str_repeat("\x0", $iv_size);
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]532 }
533 }
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]534 else
535 {
536 $iv = NULL;
537 }
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]538
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]539 if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]540 {
541 if ($params['handle'] !== $this->_handle)
542 {
543 mcrypt_module_close($params['handle']);
544 }
545
546 return FALSE;
547 }
548
549 $data = mdecrypt_generic($params['handle'], $data);
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]550 // Remove PKCS#7 padding, if necessary
551 if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE))
552 {
553 $data = substr($data, 0, -ord($data[strlen($data)-1]));
554 }
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]555
556 mcrypt_generic_deinit($params['handle']);
557 if ($params['handle'] !== $this->_handle)
558 {
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]559 mcrypt_module_close($params['handle']);
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]560 }
561
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]562 return $data;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]563 }
564
565 // --------------------------------------------------------------------
566
567 /**
568 * Decrypt via OpenSSL
569 *
570 * @param string $data Encrypted data
571 * @param array $params Input parameters
572 * @return string
573 */
574 protected function _openssl_decrypt($data, $params)
575 {
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]576 if ($iv_size = openssl_cipher_iv_length($params['handle']))
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]577 {
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]578 $iv = substr($data, 0, $iv_size);
579 $data = substr($data, $iv_size);
580 }
581 else
582 {
583 $iv = NULL;
Andrey Andreeve7516b02014-02-05 13:45:31 +0200[diff] [blame]584 }
585
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]586 return empty($params['handle'])
587 ? FALSE
588 : openssl_decrypt(
589 $data,
590 $params['handle'],
591 $params['key'],
592 1, // DO NOT TOUCH!
Andrey Andreev1e83d692014-06-19 20:08:59 +0300[diff] [blame^]593 $iv
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]594 );
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]595 }
596
597 // --------------------------------------------------------------------
598
599 /**
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]600 * Get params
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]601 *
602 * @param array $params Input parameters
603 * @return array
604 */
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]605 protected function _get_params($params)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]606 {
607 if (empty($params))
608 {
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]609 return isset($this->_cipher, $this->_mode, $this->_key, $this->_handle)
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]610 ? array(
611 'handle' => $this->_handle,
612 'cipher' => $this->_cipher,
613 'mode' => $this->_mode,
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]614 'key' => NULL,
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]615 'base64' => TRUE,
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]616 'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
617 'hmac_key' => NULL
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]618 )
619 : FALSE;
620 }
621 elseif ( ! isset($params['cipher'], $params['mode'], $params['key']))
622 {
623 return FALSE;
624 }
625
Andrey Andreevf4017672014-02-05 18:51:15 +0200[diff] [blame]626 if (isset($params['mode']))
627 {
628 $params['mode'] = strtolower($params['mode']);
629 if ( ! isset($this->_modes[$this->_driver][$params['mode']]))
630 {
631 return FALSE;
632 }
633 else
634 {
635 $params['mode'] = $this->_modes[$this->_driver][$params['mode']];
636 }
637 }
638
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]639 if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]640 {
641 $params['hmac_digest'] = $params['hmac_key'] = NULL;
642 }
643 else
644 {
645 if ( ! isset($params['hmac_key']))
646 {
647 return FALSE;
648 }
649 elseif (isset($params['hmac_digest']))
650 {
651 $params['hmac_digest'] = strtolower($params['hmac_digest']);
652 if ( ! isset($this->_digests[$params['hmac_digest']]))
653 {
654 return FALSE;
655 }
656 }
657 else
658 {
659 $params['hmac_digest'] = 'sha512';
660 }
661 }
662
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]663 $params = array(
664 'handle' => NULL,
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]665 'cipher' => $params['cipher'],
666 'mode' => $params['mode'],
667 'key' => $params['key'],
Andrey Andreev4b450652014-02-10 06:59:54 +0200[diff] [blame]668 'base64' => isset($params['raw_data']) ? ! $params['raw_data'] : FALSE,
Andrey Andreev8d33a9a2014-02-05 23:11:23 +0200[diff] [blame]669 'hmac_digest' => $params['hmac_digest'],
670 'hmac_key' => $params['hmac_key']
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]671 );
672
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]673 $this->_cipher_alias($params['cipher']);
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]674 $params['handle'] = ($params['cipher'] !== $this->_cipher OR $params['mode'] !== $this->_mode)
675 ? $this->{'_'.$this->_driver.'_get_handle'}($params['cipher'], $params['mode'])
676 : $this->_handle;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]677
678 return $params;
679 }
680
681 // --------------------------------------------------------------------
682
683 /**
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]684 * Get MCrypt handle
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]685 *
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]686 * @param string $cipher Cipher name
687 * @param string $mode Encryption mode
688 * @return resource
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]689 */
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]690 protected function _mcrypt_get_handle($cipher, $mode)
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]691 {
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]692 return mcrypt_module_open($cipher, '', $mode, '');
693 }
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]694
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]695 // --------------------------------------------------------------------
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]696
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]697 /**
698 * Get OpenSSL handle
699 *
700 * @param string $cipher Cipher name
701 * @param string $mode Encryption mode
702 * @return string
703 */
704 protected function _openssl_get_handle($cipher, $mode)
705 {
706 // OpenSSL methods aren't suffixed with '-stream' for this mode
707 return ($mode === 'stream')
708 ? $cipher
709 : $cipher.'-'.$mode;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]710 }
711
712 // --------------------------------------------------------------------
713
714 /**
715 * Cipher alias
716 *
717 * Tries to translate cipher names between MCrypt and OpenSSL's "dialects".
718 *
719 * @param string $cipher Cipher name
720 * @return void
721 */
722 protected function _cipher_alias(&$cipher)
723 {
724 static $dictionary;
725
726 if (empty($dictionary))
727 {
728 $dictionary = array(
729 'mcrypt' => array(
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]730 'aes-128' => 'rijndael-128',
731 'aes-192' => 'rijndael-128',
732 'aes-256' => 'rijndael-128',
Andrey Andreevd9a48da2014-02-05 14:10:28 +0200[diff] [blame]733 'des3-ede3' => 'tripledes',
734 'bf' => 'blowfish',
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]735 'cast5' => 'cast-128',
736 'rc4' => 'arcfour',
737 'rc4-40' => 'arcfour'
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]738 ),
739 'openssl' => array(
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]740 'rijndael-128' => 'aes-128',
Andrey Andreevd9a48da2014-02-05 14:10:28 +0200[diff] [blame]741 'tripledes' => 'des-ede3',
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]742 'blowfish' => 'bf',
743 'cast-128' => 'cast5',
744 'arcfour' => 'rc4-40',
745 'rc4' => 'rc4-40'
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]746 )
747 );
748
Andrey Andreevd9a48da2014-02-05 14:10:28 +0200[diff] [blame]749 // Notes:
750 //
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]751 // - Rijndael-128 is, at the same time all three of AES-128,
752 // AES-192 and AES-256. The only difference between them is
753 // the key size. Rijndael-192, Rijndael-256 on the other hand
754 // also have different block sizes and are NOT AES-compatible.
755 //
Andrey Andreevd9a48da2014-02-05 14:10:28 +0200[diff] [blame]756 // - Blowfish is said to be supporting key sizes between
757 // 4 and 56 bytes, but it appears that between MCrypt and
758 // OpenSSL, only those of 16 and more bytes are compatible.
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]759 // Also, don't know what MCrypt's 'blowfish-compat' is.
760 //
761 // - CAST-128/CAST5 produces a longer cipher when encrypted via
762 // OpenSSL, but (strangely enough) can be decrypted by either
763 // extension anyway.
Andrey Andreev18767e32014-03-04 22:21:35 +0200[diff] [blame]764 // Also, it appears that OpenSSL uses 16 rounds regardless of
765 // the key size, while RFC2144 says that for key sizes lower
766 // than 11 bytes, only 12 rounds should be used. This makes
767 // it portable only with keys of between 11 and 16 bytes.
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]768 //
769 // - RC4 (ARCFour) has a strange implementation under OpenSSL.
770 // Its 'rc4-40' cipher method seems to work flawlessly, yet
771 // there's another one, 'rc4' that only works with a 16-byte key.
772 //
773 // - DES is compatible, but doesn't need an alias.
Andrey Andreevd9a48da2014-02-05 14:10:28 +0200[diff] [blame]774 //
775 // Other seemingly matching ciphers between MCrypt, OpenSSL:
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]776 //
Andrey Andreeve8088d62014-02-06 05:01:48 +0200[diff] [blame]777 // - RC2 is NOT compatible and only an obscure forum post
778 // confirms that it is MCrypt's fault.
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]779 }
780
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]781 if (isset($dictionary[$this->_driver][$cipher]))
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]782 {
Andrey Andreev50ccc382014-02-04 23:30:06 +0200[diff] [blame]783 $cipher = $dictionary[$this->_driver][$cipher];
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]784 }
785 }
786
787 // --------------------------------------------------------------------
788
789 /**
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]790 * HKDF
791 *
792 * @link https://tools.ietf.org/rfc/rfc5869.txt
793 * @param $key Input key
794 * @param $digest A SHA-2 hashing algorithm
795 * @param $salt Optional salt
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]796 * @param $length Output length (defaults to the selected digest size)
Andrey Andreev4b450652014-02-10 06:59:54 +0200[diff] [blame]797 * @param $info Optional context/application-specific info
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]798 * @return string A pseudo-random key
799 */
800 public function hkdf($key, $digest = 'sha512', $salt = NULL, $length = NULL, $info = '')
801 {
802 if ( ! isset($this->_digests[$digest]))
803 {
804 return FALSE;
805 }
806
807 if (empty($length) OR ! is_int($length))
808 {
809 $length = $this->_digests[$digest];
810 }
811 elseif ($length > (255 * $this->_digests[$digest]))
812 {
813 return FALSE;
814 }
815
Andrey Andreeva4f113e2014-02-18 21:18:31 +0200[diff] [blame]816 strlen($salt) OR $salt = str_repeat("\0", $this->_digests[$digest]);
Andrey Andreev29cade42014-02-04 14:05:58 +0200[diff] [blame]817
818 $prk = hash_hmac($digest, $key, $salt, TRUE);
819 $key = '';
820 for ($key_block = '', $block_index = 1; strlen($key) < $length; $block_index++)
821 {
822 $key_block = hash_hmac($digest, $key_block.$info.chr($block_index), $prk, TRUE);
823 $key .= $key_block;
824 }
825
826 return substr($key, 0, $length);
827 }
828
829 // --------------------------------------------------------------------
830
831 /**
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]832 * __get() magic
833 *
834 * @param string $key Property name
835 * @return mixed
836 */
837 public function __get($key)
838 {
Andrey Andreev81e10642014-02-07 01:43:36 +0200[diff] [blame]839 // Because aliases
840 if ($key === 'mode')
841 {
842 return array_search($this->_mode, $this->_modes[$this->_driver], TRUE);
843 }
844 elseif (in_array($key, array('cipher', 'driver', 'drivers', 'digests'), TRUE))
845 {
846 return $this->{'_'.$key};
847 }
848
849 return NULL;
Andrey Andreev818aedb2014-02-03 11:30:25 +0200[diff] [blame]850 }
851
852}
853
854/* End of file Encryption.php */
855/* Location: ./system/libraries/Encryption.php */