blob: b30a8cf0b9af13232a58a1a5552492581b0e2649 [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +00001<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
Greg Aker741de1c2010-11-10 14:52:57 -06005 * An open source application development framework for PHP 5.1.6 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +00006 *
7 * @package CodeIgniter
8 * @author ExpressionEngine Dev Team
Greg Aker0711dc82011-01-05 10:49:40 -06009 * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
Derek Allard2067d1a2008-11-13 22:59:24 +000010 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * CodeIgniter Encryption Class
20 *
21 * Provides two-way keyed encoding using XOR Hashing and Mcrypt
22 *
23 * @package CodeIgniter
24 * @subpackage Libraries
25 * @category Libraries
26 * @author ExpressionEngine Dev Team
27 * @link http://codeigniter.com/user_guide/libraries/encryption.html
28 */
29class CI_Encrypt {
30
31 var $CI;
32 var $encryption_key = '';
33 var $_hash_type = 'sha1';
34 var $_mcrypt_exists = FALSE;
35 var $_mcrypt_cipher;
36 var $_mcrypt_mode;
37
38 /**
39 * Constructor
40 *
41 * Simply determines whether the mcrypt library exists.
42 *
43 */
Greg Akera9263282010-11-10 15:26:43 -060044 public function __construct()
Derek Allard2067d1a2008-11-13 22:59:24 +000045 {
46 $this->CI =& get_instance();
47 $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;
48 log_message('debug', "Encrypt Class Initialized");
49 }
50
51 // --------------------------------------------------------------------
52
53 /**
54 * Fetch the encryption key
55 *
56 * Returns it as MD5 in order to have an exact-length 128 bit key.
57 * Mcrypt is sensitive to keys that are not the correct length
58 *
59 * @access public
60 * @param string
61 * @return string
62 */
63 function get_key($key = '')
64 {
65 if ($key == '')
66 {
67 if ($this->encryption_key != '')
68 {
69 return $this->encryption_key;
70 }
71
72 $CI =& get_instance();
73 $key = $CI->config->item('encryption_key');
74
Derek Jones7284f062010-08-31 00:30:21 -050075 if ($key == FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +000076 {
77 show_error('In order to use the encryption class requires that you set an encryption key in your config file.');
78 }
79 }
80
81 return md5($key);
82 }
83
84 // --------------------------------------------------------------------
85
86 /**
87 * Set the encryption key
88 *
89 * @access public
90 * @param string
91 * @return void
92 */
93 function set_key($key = '')
94 {
95 $this->encryption_key = $key;
96 }
97
98 // --------------------------------------------------------------------
99
100 /**
101 * Encode
102 *
103 * Encodes the message string using bitwise XOR encoding.
104 * The key is combined with a random hash, and then it
105 * too gets converted using XOR. The whole thing is then run
106 * through mcrypt (if supported) using the randomized key.
107 * The end result is a double-encrypted message string
108 * that is randomized with each call to this function,
109 * even if the supplied message and key are the same.
110 *
111 * @access public
112 * @param string the string to encode
113 * @param string the key
114 * @return string
115 */
116 function encode($string, $key = '')
117 {
118 $key = $this->get_key($key);
Derek Jones09c77932010-08-31 13:17:10 -0500119
Derek Allard2067d1a2008-11-13 22:59:24 +0000120 if ($this->_mcrypt_exists === TRUE)
121 {
Derek Jones09c77932010-08-31 13:17:10 -0500122 $enc = $this->mcrypt_encode($string, $key);
Derek Allard2067d1a2008-11-13 22:59:24 +0000123 }
Derek Jones09c77932010-08-31 13:17:10 -0500124 else
125 {
126 $enc = $this->_xor_encode($string, $key);
127 }
128
Derek Allard2067d1a2008-11-13 22:59:24 +0000129 return base64_encode($enc);
130 }
131
132 // --------------------------------------------------------------------
133
134 /**
135 * Decode
136 *
137 * Reverses the above process
138 *
139 * @access public
140 * @param string
141 * @param string
142 * @return string
143 */
144 function decode($string, $key = '')
145 {
146 $key = $this->get_key($key);
Barry Mienydd671972010-10-04 16:33:58 +0200147
Derek Allard2067d1a2008-11-13 22:59:24 +0000148 if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
149 {
150 return FALSE;
151 }
152
153 $dec = base64_decode($string);
154
155 if ($this->_mcrypt_exists === TRUE)
156 {
157 if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
158 {
159 return FALSE;
160 }
161 }
Derek Jones09c77932010-08-31 13:17:10 -0500162 else
163 {
164 $dec = $this->_xor_decode($dec, $key);
165 }
Barry Mienydd671972010-10-04 16:33:58 +0200166
Derek Jones09c77932010-08-31 13:17:10 -0500167 return $dec;
Derek Allard2067d1a2008-11-13 22:59:24 +0000168 }
169
170 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200171
Derek Jones09c77932010-08-31 13:17:10 -0500172 /**
173 * Encode from Legacy
174 *
175 * Takes an encoded string from the original Encryption class algorithms and
176 * returns a newly encoded string using the improved method added in 2.0.0
177 * This allows for backwards compatibility and a method to transition to the
178 * new encryption algorithms.
Barry Mienydd671972010-10-04 16:33:58 +0200179 *
Derek Jones09c77932010-08-31 13:17:10 -0500180 * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption
181 *
182 * @access public
183 * @param string
184 * @param int (mcrypt mode constant)
185 * @param string
186 * @return string
187 */
188 function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '')
189 {
190 if ($this->_mcrypt_exists === FALSE)
191 {
192 log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.');
193 return FALSE;
194 }
Barry Mienydd671972010-10-04 16:33:58 +0200195
Derek Jones09c77932010-08-31 13:17:10 -0500196 // decode it first
197 // set mode temporarily to what it was when string was encoded with the legacy
Barry Mienydd671972010-10-04 16:33:58 +0200198 // algorithm - typically MCRYPT_MODE_ECB
Derek Jones09c77932010-08-31 13:17:10 -0500199 $current_mode = $this->_get_mode();
200 $this->set_mode($legacy_mode);
Barry Mienydd671972010-10-04 16:33:58 +0200201
Derek Jones09c77932010-08-31 13:17:10 -0500202 $key = $this->get_key($key);
Barry Mienydd671972010-10-04 16:33:58 +0200203
Derek Jones09c77932010-08-31 13:17:10 -0500204 if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
205 {
206 return FALSE;
207 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000208
Derek Jones09c77932010-08-31 13:17:10 -0500209 $dec = base64_decode($string);
Barry Mienydd671972010-10-04 16:33:58 +0200210
Derek Jones09c77932010-08-31 13:17:10 -0500211 if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
212 {
213 return FALSE;
214 }
215
216 $dec = $this->_xor_decode($dec, $key);
217
218 // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC
Derek Jones092103e2010-09-02 11:11:58 -0500219 $this->set_mode($current_mode);
Derek Jones09c77932010-08-31 13:17:10 -0500220
221 // and re-encode
222 return base64_encode($this->mcrypt_encode($dec, $key));
223 }
224
225 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200226
Derek Allard2067d1a2008-11-13 22:59:24 +0000227 /**
228 * XOR Encode
229 *
230 * Takes a plain-text string and key as input and generates an
231 * encoded bit-string using XOR
232 *
233 * @access private
234 * @param string
235 * @param string
236 * @return string
237 */
238 function _xor_encode($string, $key)
239 {
240 $rand = '';
241 while (strlen($rand) < 32)
242 {
243 $rand .= mt_rand(0, mt_getrandmax());
244 }
245
246 $rand = $this->hash($rand);
247
248 $enc = '';
249 for ($i = 0; $i < strlen($string); $i++)
Barry Mienydd671972010-10-04 16:33:58 +0200250 {
Derek Allard2067d1a2008-11-13 22:59:24 +0000251 $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));
252 }
253
254 return $this->_xor_merge($enc, $key);
255 }
256
257 // --------------------------------------------------------------------
258
259 /**
260 * XOR Decode
261 *
262 * Takes an encoded string and key as input and generates the
263 * plain-text original message
264 *
265 * @access private
266 * @param string
267 * @param string
268 * @return string
269 */
270 function _xor_decode($string, $key)
271 {
272 $string = $this->_xor_merge($string, $key);
273
274 $dec = '';
275 for ($i = 0; $i < strlen($string); $i++)
276 {
277 $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1));
278 }
279
280 return $dec;
281 }
282
283 // --------------------------------------------------------------------
284
285 /**
286 * XOR key + string Combiner
287 *
288 * Takes a string and key as input and computes the difference using XOR
289 *
290 * @access private
291 * @param string
292 * @param string
293 * @return string
294 */
295 function _xor_merge($string, $key)
296 {
297 $hash = $this->hash($key);
298 $str = '';
299 for ($i = 0; $i < strlen($string); $i++)
300 {
301 $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);
302 }
303
304 return $str;
305 }
306
307 // --------------------------------------------------------------------
308
309 /**
310 * Encrypt using Mcrypt
311 *
312 * @access public
313 * @param string
314 * @param string
315 * @return string
316 */
317 function mcrypt_encode($data, $key)
318 {
319 $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
320 $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND);
321 return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);
322 }
323
324 // --------------------------------------------------------------------
325
326 /**
327 * Decrypt using Mcrypt
328 *
329 * @access public
330 * @param string
331 * @param string
332 * @return string
333 */
334 function mcrypt_decode($data, $key)
335 {
336 $data = $this->_remove_cipher_noise($data, $key);
337 $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
338
339 if ($init_size > strlen($data))
340 {
341 return FALSE;
342 }
343
344 $init_vect = substr($data, 0, $init_size);
345 $data = substr($data, $init_size);
346 return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");
347 }
348
349 // --------------------------------------------------------------------
350
351 /**
352 * Adds permuted noise to the IV + encrypted data to protect
353 * against Man-in-the-middle attacks on CBC mode ciphers
354 * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
355 *
356 * Function description
357 *
358 * @access private
359 * @param string
360 * @param string
361 * @return string
362 */
363 function _add_cipher_noise($data, $key)
364 {
365 $keyhash = $this->hash($key);
366 $keylen = strlen($keyhash);
367 $str = '';
368
369 for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
370 {
371 if ($j >= $keylen)
372 {
373 $j = 0;
374 }
375
376 $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);
377 }
378
379 return $str;
380 }
381
382 // --------------------------------------------------------------------
383
384 /**
385 * Removes permuted noise from the IV + encrypted data, reversing
386 * _add_cipher_noise()
387 *
388 * Function description
389 *
390 * @access public
391 * @param type
392 * @return type
393 */
394 function _remove_cipher_noise($data, $key)
395 {
396 $keyhash = $this->hash($key);
397 $keylen = strlen($keyhash);
398 $str = '';
399
400 for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
401 {
402 if ($j >= $keylen)
403 {
404 $j = 0;
405 }
406
407 $temp = ord($data[$i]) - ord($keyhash[$j]);
408
409 if ($temp < 0)
410 {
411 $temp = $temp + 256;
412 }
Barry Mienydd671972010-10-04 16:33:58 +0200413
Derek Allard2067d1a2008-11-13 22:59:24 +0000414 $str .= chr($temp);
415 }
416
417 return $str;
418 }
419
420 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200421
Derek Allard2067d1a2008-11-13 22:59:24 +0000422 /**
423 * Set the Mcrypt Cipher
424 *
425 * @access public
426 * @param constant
427 * @return string
428 */
429 function set_cipher($cipher)
430 {
431 $this->_mcrypt_cipher = $cipher;
432 }
433
434 // --------------------------------------------------------------------
435
436 /**
437 * Set the Mcrypt Mode
438 *
439 * @access public
440 * @param constant
441 * @return string
442 */
443 function set_mode($mode)
444 {
445 $this->_mcrypt_mode = $mode;
446 }
447
448 // --------------------------------------------------------------------
449
450 /**
451 * Get Mcrypt cipher Value
452 *
453 * @access private
454 * @return string
455 */
456 function _get_cipher()
457 {
458 if ($this->_mcrypt_cipher == '')
459 {
460 $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
461 }
462
463 return $this->_mcrypt_cipher;
464 }
465
466 // --------------------------------------------------------------------
467
468 /**
469 * Get Mcrypt Mode Value
470 *
471 * @access private
472 * @return string
473 */
474 function _get_mode()
475 {
476 if ($this->_mcrypt_mode == '')
477 {
Derek Jones09c77932010-08-31 13:17:10 -0500478 $this->_mcrypt_mode = MCRYPT_MODE_CBC;
Derek Allard2067d1a2008-11-13 22:59:24 +0000479 }
Barry Mienydd671972010-10-04 16:33:58 +0200480
Derek Allard2067d1a2008-11-13 22:59:24 +0000481 return $this->_mcrypt_mode;
482 }
483
484 // --------------------------------------------------------------------
485
486 /**
487 * Set the Hash type
488 *
489 * @access public
490 * @param string
491 * @return string
492 */
493 function set_hash($type = 'sha1')
494 {
495 $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type;
496 }
497
498 // --------------------------------------------------------------------
499
500 /**
501 * Hash encode a string
502 *
503 * @access public
504 * @param string
505 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200506 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000507 function hash($str)
508 {
509 return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str);
510 }
511
512 // --------------------------------------------------------------------
513
514 /**
515 * Generate an SHA1 Hash
516 *
517 * @access public
518 * @param string
519 * @return string
520 */
521 function sha1($str)
522 {
523 if ( ! function_exists('sha1'))
524 {
525 if ( ! function_exists('mhash'))
526 {
Greg Aker3a746652011-04-19 10:59:47 -0500527 require_once(BASEPATH.'libraries/Sha1.php');
Derek Allard2067d1a2008-11-13 22:59:24 +0000528 $SH = new CI_SHA;
529 return $SH->generate($str);
530 }
531 else
532 {
533 return bin2hex(mhash(MHASH_SHA1, $str));
534 }
535 }
536 else
537 {
538 return sha1($str);
539 }
540 }
541
542}
543
544// END CI_Encrypt class
545
546/* End of file Encrypt.php */
Derek Jonesa3ffbbb2008-05-11 18:18:29 +0000547/* Location: ./system/libraries/Encrypt.php */