Blame - system/libraries/Encryption.php - code-igniter-v3-giggi

blob: ef67b4cd5cf6e29f7b3ffed7afd90e423d254107 [file] [log] [blame]

Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	1	<?php
				2	/**
				3	* CodeIgniter
				4	*
Andrey Andreev	fe9309d	2015-01-09 17:48:58 +0200	[diff] [blame^]	5	* An open source application development framework for PHP
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	6	*
Andrey Andreev	bdb96ca	2014-10-28 00:13:31 +0200	[diff] [blame]	7	* This content is released under the MIT License (MIT)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	8	*
Andrey Andreev	fe9309d	2015-01-09 17:48:58 +0200	[diff] [blame^]	9	* Copyright (c) 2014 - 2015, British Columbia Institute of Technology
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	10	*
Andrey Andreev	bdb96ca	2014-10-28 00:13:31 +0200	[diff] [blame]	11	* Permission is hereby granted, free of charge, to any person obtaining a copy
				12	* of this software and associated documentation files (the "Software"), to deal
				13	* in the Software without restriction, including without limitation the rights
				14	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
				15	* copies of the Software, and to permit persons to whom the Software is
				16	* furnished to do so, subject to the following conditions:
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	17	*
Andrey Andreev	bdb96ca	2014-10-28 00:13:31 +0200	[diff] [blame]	18	* The above copyright notice and this permission notice shall be included in
				19	* all copies or substantial portions of the Software.
				20	*
				21	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
				22	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
				23	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
				24	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
				25	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
				26	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
				27	* THE SOFTWARE.
				28	*
				29	* @package CodeIgniter
				30	* @author EllisLab Dev Team
darwinel	871754a	2014-02-11 17:34:57 +0100	[diff] [blame]	31	* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
Andrey Andreev	fe9309d	2015-01-09 17:48:58 +0200	[diff] [blame^]	32	* @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
Andrey Andreev	bdb96ca	2014-10-28 00:13:31 +0200	[diff] [blame]	33	* @license http://opensource.org/licenses/MIT MIT License
				34	* @link http://codeigniter.com
				35	* @since Version 3.0.0
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	36	* @filesource
				37	*/
				38	defined('BASEPATH') OR exit('No direct script access allowed');
				39
				40	/**
				41	* CodeIgniter Encryption Class
				42	*
				43	* Provides two-way keyed encryption via PHP's MCrypt and/or OpenSSL extensions.
				44	*
				45	* @package CodeIgniter
				46	* @subpackage Libraries
				47	* @category Libraries
				48	* @author Andrey Andreev
				49	* @link http://codeigniter.com/user_guide/libraries/encryption.html
				50	*/
				51	class CI_Encryption {
				52
				53	/**
				54	* Encryption cipher
				55	*
				56	* @var string
				57	*/
Andrey Andreev	81e1064	2014-02-07 01:43:36 +0200	[diff] [blame]	58	protected $_cipher = 'aes-128';
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	59
				60	/**
				61	* Cipher mode
				62	*
				63	* @var string
				64	*/
				65	protected $_mode = 'cbc';
				66
				67	/**
				68	* Cipher handle
				69	*
				70	* @var mixed
				71	*/
				72	protected $_handle;
				73
				74	/**
				75	* Encryption key
				76	*
				77	* @var string
				78	*/
				79	protected $_key;
				80
				81	/**
				82	* PHP extension to be used
				83	*
				84	* @var string
				85	*/
				86	protected $_driver;
				87
				88	/**
				89	* List of usable drivers (PHP extensions)
				90	*
				91	* @var array
				92	*/
				93	protected $_drivers = array();
				94
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	95	/**
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	96	* List of available modes
				97	*
				98	* @var array
				99	*/
				100	protected $_modes = array(
				101	'mcrypt' => array(
				102	'cbc' => 'cbc',
				103	'ecb' => 'ecb',
				104	'ofb' => 'nofb',
				105	'ofb8' => 'ofb',
				106	'cfb' => 'ncfb',
				107	'cfb8' => 'cfb',
				108	'ctr' => 'ctr',
				109	'stream' => 'stream'
				110	),
				111	'openssl' => array(
				112	'cbc' => 'cbc',
				113	'ecb' => 'ecb',
				114	'ofb' => 'ofb',
				115	'cfb' => 'cfb',
				116	'cfb8' => 'cfb8',
				117	'ctr' => 'ctr',
				118	'stream' => '',
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	119	'xts' => 'xts'
				120	)
				121	);
				122
				123	/**
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	124	* List of supported HMAC algorightms
				125	*
				126	* name => digest size pairs
				127	*
				128	* @var array
				129	*/
				130	protected $_digests = array(
				131	'sha224' => 28,
				132	'sha256' => 32,
				133	'sha384' => 48,
				134	'sha512' => 64
				135	);
				136
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	137	/**
				138	* mbstring.func_override flag
				139	*
				140	* @var bool
				141	*/
				142	protected static $func_override;
				143
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	144	// --------------------------------------------------------------------
				145
				146	/**
				147	* Class constructor
				148	*
				149	* @param array $params Configuration parameters
				150	* @return void
				151	*/
				152	public function __construct(array $params = array())
				153	{
				154	$this->_drivers = array(
Andrey Andreev	8e20216	2014-02-05 18:59:55 +0200	[diff] [blame]	155	'mcrypt' => defined('MCRYPT_DEV_URANDOM'),
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	156	// While OpenSSL is available for PHP 5.3.0, an IV parameter
				157	// for the encrypt/decrypt functions is only available since 5.3.3
				158	'openssl' => (is_php('5.3.3') && extension_loaded('openssl'))
				159	);
				160
				161	if ( ! $this->_drivers['mcrypt'] && ! $this->_drivers['openssl'])
				162	{
				163	return show_error('Encryption: Unable to find an available encryption driver.');
				164	}
				165
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	166	isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override'));
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	167	$this->initialize($params);
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	168
				169	if ( ! isset($this->_key) && self::strlen($key = config_item('encryption_key')) > 0)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	170	{
Andrey Andreev	81e1064	2014-02-07 01:43:36 +0200	[diff] [blame]	171	$this->_key = $key;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	172	}
				173
				174	log_message('debug', 'Encryption Class Initialized');
				175	}
				176
				177	// --------------------------------------------------------------------
				178
				179	/**
				180	* Initialize
				181	*
				182	* @param array $params Configuration parameters
				183	* @return CI_Encryption
				184	*/
				185	public function initialize(array $params)
				186	{
				187	if ( ! empty($params['driver']))
				188	{
				189	if (isset($this->_drivers[$params['driver']]))
				190	{
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	191	if ($this->_drivers[$params['driver']])
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	192	{
				193	$this->_driver = $params['driver'];
				194	}
				195	else
				196	{
				197	log_message('error', "Encryption: Driver '".$params['driver']."' is not available.");
				198	}
				199	}
				200	else
				201	{
				202	log_message('error', "Encryption: Unknown driver '".$params['driver']."' cannot be configured.");
				203	}
				204	}
				205
Andrey Andreev	912831f	2014-02-04 17:21:37 +0200	[diff] [blame]	206	if (empty($this->_driver))
				207	{
Andrey Andreev	8e20216	2014-02-05 18:59:55 +0200	[diff] [blame]	208	$this->_driver = ($this->_drivers['openssl'] === TRUE)
				209	? 'openssl'
				210	: 'mcrypt';
Andrey Andreev	912831f	2014-02-04 17:21:37 +0200	[diff] [blame]	211
				212	log_message('debug', "Encryption: Auto-configured driver '".$this->_driver."'.");
				213	}
				214
Andrey Andreev	50c9ea1	2014-11-07 16:57:41 +0200	[diff] [blame]	215	empty($params['cipher']) && $params['cipher'] = $this->_cipher;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	216	empty($params['key']) OR $this->_key = $params['key'];
				217	$this->{'_'.$this->_driver.'_initialize'}($params);
				218	return $this;
				219	}
				220
				221	// --------------------------------------------------------------------
				222
				223	/**
				224	* Initialize MCrypt
				225	*
				226	* @param array $params Configuration parameters
				227	* @return void
				228	*/
				229	protected function _mcrypt_initialize($params)
				230	{
				231	if ( ! empty($params['cipher']))
				232	{
				233	$params['cipher'] = strtolower($params['cipher']);
				234	$this->_cipher_alias($params['cipher']);
				235
				236	if ( ! in_array($params['cipher'], mcrypt_list_algorithms(), TRUE))
				237	{
				238	log_message('error', 'Encryption: MCrypt cipher '.strtoupper($params['cipher']).' is not available.');
				239	}
				240	else
				241	{
				242	$this->_cipher = $params['cipher'];
				243	}
				244	}
				245
				246	if ( ! empty($params['mode']))
				247	{
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	248	$params['mode'] = strtolower($params['mode']);
				249	if ( ! isset($this->_modes['mcrypt'][$params['mode']]))
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	250	{
				251	log_message('error', 'Encryption: MCrypt mode '.strtotupper($params['mode']).' is not available.');
				252	}
				253	else
				254	{
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	255	$this->_mode = $this->_modes['mcrypt'][$params['mode']];
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	256	}
				257	}
				258
				259	if (isset($this->_cipher, $this->_mode))
				260	{
				261	if (is_resource($this->_handle)
				262	&& (strtolower(mcrypt_enc_get_algorithms_name($this->_handle)) !== $this->_cipher
				263	OR strtolower(mcrypt_enc_get_modes_name($this->_handle)) !== $this->_mode)
				264	)
				265	{
				266	mcrypt_module_close($this->_handle);
				267	}
				268
				269	if ($this->_handle = mcrypt_module_open($this->_cipher, '', $this->_mode, ''))
				270	{
				271	log_message('debug', 'Encryption: MCrypt cipher '.strtoupper($this->_cipher).' initialized in '.strtoupper($this->_mode).' mode.');
				272	}
				273	else
				274	{
				275	log_message('error', 'Encryption: Unable to initialize MCrypt with cipher '.strtoupper($this->_cipher).' in '.strtoupper($this->_mode).' mode.');
				276	}
				277	}
				278	}
				279
				280	// --------------------------------------------------------------------
				281
				282	/**
				283	* Initialize OpenSSL
				284	*
				285	* @param array $params Configuration parameters
				286	* @return void
				287	*/
				288	protected function _openssl_initialize($params)
				289	{
				290	if ( ! empty($params['cipher']))
				291	{
				292	$params['cipher'] = strtolower($params['cipher']);
				293	$this->_cipher_alias($params['cipher']);
				294	$this->_cipher = $params['cipher'];
				295	}
				296
				297	if ( ! empty($params['mode']))
				298	{
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	299	$params['mode'] = strtolower($params['mode']);
				300	if ( ! isset($this->_modes['openssl'][$params['mode']]))
				301	{
				302	log_message('error', 'Encryption: OpenSSL mode '.strtotupper($params['mode']).' is not available.');
				303	}
				304	else
				305	{
				306	$this->_mode = $this->_modes['openssl'][$params['mode']];
				307	}
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	308	}
				309
				310	if (isset($this->_cipher, $this->_mode))
				311	{
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	312	// This is mostly for the stream mode, which doesn't get suffixed in OpenSSL
				313	$handle = empty($this->_mode)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	314	? $this->_cipher
				315	: $this->_cipher.'-'.$this->_mode;
				316
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	317	if ( ! in_array($handle, openssl_get_cipher_methods(), TRUE))
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	318	{
				319	$this->_handle = NULL;
				320	log_message('error', 'Encryption: Unable to initialize OpenSSL with method '.strtoupper($handle).'.');
				321	}
				322	else
				323	{
				324	$this->_handle = $handle;
				325	log_message('debug', 'Encryption: OpenSSL initialized with method '.strtoupper($handle).'.');
				326	}
				327	}
				328	}
				329
				330	// --------------------------------------------------------------------
				331
				332	/**
Andrey Andreev	42183de	2014-06-22 00:09:36 +0300	[diff] [blame]	333	* Create a random key
				334	*
				335	* @param int $length Output length
				336	* @return string
				337	*/
				338	public function create_key($length)
				339	{
				340	return ($this->_driver === 'mcrypt')
				341	? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
				342	: openssl_random_pseudo_bytes($length);
				343	}
				344
				345	// --------------------------------------------------------------------
				346
				347	/**
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	348	* Encrypt
				349	*
				350	* @param string $data Input data
				351	* @param array $params Input parameters
				352	* @return string
				353	*/
				354	public function encrypt($data, array $params = NULL)
				355	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	356	if (($params = $this->_get_params($params)) === FALSE)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	357	{
				358	return FALSE;
				359	}
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	360
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	361	isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, self::strlen($this->_key), 'encryption');
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	362
				363	if (($data = $this->{'_'.$this->_driver.'_encrypt'}($data, $params)) === FALSE)
				364	{
				365	return FALSE;
				366	}
				367
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	368	$params['base64'] && $data = base64_encode($data);
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	369
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	370	if (isset($params['hmac_digest']))
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	371	{
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	372	isset($params['hmac_key']) OR $params['hmac_key'] = $this->hkdf($this->_key, 'sha512', NULL, NULL, 'authentication');
				373	return hash_hmac($params['hmac_digest'], $data, $params['hmac_key'], ! $params['base64']).$data;
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	374	}
				375
				376	return $data;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	377	}
				378
				379	// --------------------------------------------------------------------
				380
				381	/**
				382	* Encrypt via MCrypt
				383	*
				384	* @param string $data Input data
				385	* @param array $params Input parameters
				386	* @return string
				387	*/
				388	protected function _mcrypt_encrypt($data, $params)
				389	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	390	if ( ! is_resource($params['handle']))
				391	{
				392	return FALSE;
				393	}
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	394
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	395	// The greater-than-1 comparison is mostly a work-around for a bug,
				396	// where 1 is returned for ARCFour instead of 0.
				397	$iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
				398	? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
				399	: NULL;
				400
				401	if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	402	{
				403	if ($params['handle'] !== $this->_handle)
				404	{
				405	mcrypt_module_close($params['handle']);
				406	}
				407
				408	return FALSE;
				409	}
				410
				411	// Use PKCS#7 padding in order to ensure compatibility with OpenSSL
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	412	// and other implementations outside of PHP.
				413	if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE))
				414	{
				415	$block_size = mcrypt_enc_get_block_size($params['handle']);
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	416	$pad = $block_size - (self::strlen($data) % $block_size);
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	417	$data .= str_repeat(chr($pad), $pad);
				418	}
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	419
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	420	// Work-around for yet another strange behavior in MCrypt.
				421	//
				422	// When encrypting in ECB mode, the IV is ignored. Yet
				423	// mcrypt_enc_get_iv_size() returns a value larger than 0
				424	// even if ECB is used AND mcrypt_generic_init() complains
				425	// if you don't pass an IV with length equal to the said
				426	// return value.
				427	//
				428	// This probably would've been fine (even though still wasteful),
				429	// but OpenSSL isn't that dumb and we need to make the process
				430	// portable, so ...
				431	$data = (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB')
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	432	? $iv.mcrypt_generic($params['handle'], $data)
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	433	: mcrypt_generic($params['handle'], $data);
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	434
				435	mcrypt_generic_deinit($params['handle']);
				436	if ($params['handle'] !== $this->_handle)
				437	{
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	438	mcrypt_module_close($params['handle']);
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	439	}
				440
				441	return $data;
				442	}
				443
				444	// --------------------------------------------------------------------
				445
				446	/**
				447	* Encrypt via OpenSSL
				448	*
				449	* @param string $data Input data
				450	* @param array $params Input parameters
				451	* @return string
				452	*/
				453	protected function _openssl_encrypt($data, $params)
				454	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	455	if (empty($params['handle']))
				456	{
				457	return FALSE;
				458	}
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	459
				460	$iv = ($iv_size = openssl_cipher_iv_length($params['handle']))
				461	? openssl_random_pseudo_bytes($iv_size)
				462	: NULL;
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	463
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	464	$data = openssl_encrypt(
				465	$data,
				466	$params['handle'],
				467	$params['key'],
				468	1, // DO NOT TOUCH!
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	469	$iv
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	470	);
				471
				472	if ($data === FALSE)
				473	{
				474	return FALSE;
				475	}
				476
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	477	return $iv.$data;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	478	}
				479
				480	// --------------------------------------------------------------------
				481
				482	/**
				483	* Decrypt
				484	*
				485	* @param string $data Encrypted data
				486	* @param array $params Input parameters
				487	* @return string
				488	*/
				489	public function decrypt($data, array $params = NULL)
				490	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	491	if (($params = $this->_get_params($params)) === FALSE)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	492	{
				493	return FALSE;
				494	}
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	495
				496	if (isset($params['hmac_digest']))
				497	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	498	// This might look illogical, but it is done during encryption as well ...
Andrey Andreev	177144f	2014-02-04 18:07:34 +0200	[diff] [blame]	499	// The 'base64' value is effectively an inverted "raw data" parameter
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	500	$digest_size = ($params['base64'])
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	501	? $this->_digests[$params['hmac_digest']] * 2
				502	: $this->_digests[$params['hmac_digest']];
Andrey Andreev	7c55448	2014-02-06 02:38:27 +0200	[diff] [blame]	503
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	504	if (self::strlen($data) <= $digest_size)
Andrey Andreev	7c55448	2014-02-06 02:38:27 +0200	[diff] [blame]	505	{
				506	return FALSE;
				507	}
				508
Andrey Andreev	9fa275e	2014-07-07 14:43:51 +0300	[diff] [blame]	509	$hmac_input = self::substr($data, 0, $digest_size);
				510	$data = self::substr($data, $digest_size);
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	511
Andrey Andreev	7c55448	2014-02-06 02:38:27 +0200	[diff] [blame]	512	isset($params['hmac_key']) OR $params['hmac_key'] = $this->hkdf($this->_key, 'sha512', NULL, NULL, 'authentication');
				513	$hmac_check = hash_hmac($params['hmac_digest'], $data, $params['hmac_key'], ! $params['base64']);
				514
				515	// Time-attack-safe comparison
				516	$diff = 0;
				517	for ($i = 0; $i < $digest_size; $i++)
				518	{
				519	$diff \|= ord($hmac_input[$i]) ^ ord($hmac_check[$i]);
				520	}
				521
				522	if ($diff !== 0)
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	523	{
				524	return FALSE;
				525	}
				526	}
				527
				528	if ($params['base64'])
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	529	{
				530	$data = base64_decode($data);
				531	}
				532
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	533	isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, self::strlen($this->_key), 'encryption');
Andrey Andreev	81e1064	2014-02-07 01:43:36 +0200	[diff] [blame]	534
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	535	return $this->{'_'.$this->_driver.'_decrypt'}($data, $params);
				536	}
				537
				538	// --------------------------------------------------------------------
				539
				540	/**
				541	* Decrypt via MCrypt
				542	*
				543	* @param string $data Encrypted data
				544	* @param array $params Input parameters
				545	* @return string
				546	*/
				547	protected function _mcrypt_decrypt($data, $params)
				548	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	549	if ( ! is_resource($params['handle']))
				550	{
				551	return FALSE;
				552	}
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	553
				554	// The greater-than-1 comparison is mostly a work-around for a bug,
				555	// where 1 is returned for ARCFour instead of 0.
				556	if (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	557	{
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	558	if (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB')
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	559	{
Andrey Andreev	9fa275e	2014-07-07 14:43:51 +0300	[diff] [blame]	560	$iv = self::substr($data, 0, $iv_size);
				561	$data = self::substr($data, $iv_size);
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	562	}
				563	else
				564	{
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	565	// MCrypt is dumb and this is ignored, only size matters
				566	$iv = str_repeat("\x0", $iv_size);
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	567	}
				568	}
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	569	else
				570	{
				571	$iv = NULL;
				572	}
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	573
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	574	if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	575	{
				576	if ($params['handle'] !== $this->_handle)
				577	{
				578	mcrypt_module_close($params['handle']);
				579	}
				580
				581	return FALSE;
				582	}
				583
				584	$data = mdecrypt_generic($params['handle'], $data);
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	585	// Remove PKCS#7 padding, if necessary
				586	if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE))
				587	{
Andrey Andreev	9fa275e	2014-07-07 14:43:51 +0300	[diff] [blame]	588	$data = self::substr($data, 0, -ord($data[self::strlen($data)-1]));
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	589	}
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	590
				591	mcrypt_generic_deinit($params['handle']);
				592	if ($params['handle'] !== $this->_handle)
				593	{
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	594	mcrypt_module_close($params['handle']);
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	595	}
				596
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	597	return $data;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	598	}
				599
				600	// --------------------------------------------------------------------
				601
				602	/**
				603	* Decrypt via OpenSSL
				604	*
				605	* @param string $data Encrypted data
				606	* @param array $params Input parameters
				607	* @return string
				608	*/
				609	protected function _openssl_decrypt($data, $params)
				610	{
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	611	if ($iv_size = openssl_cipher_iv_length($params['handle']))
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	612	{
Andrey Andreev	9fa275e	2014-07-07 14:43:51 +0300	[diff] [blame]	613	$iv = self::substr($data, 0, $iv_size);
				614	$data = self::substr($data, $iv_size);
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	615	}
				616	else
				617	{
				618	$iv = NULL;
Andrey Andreev	e7516b0	2014-02-05 13:45:31 +0200	[diff] [blame]	619	}
				620
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	621	return empty($params['handle'])
				622	? FALSE
				623	: openssl_decrypt(
				624	$data,
				625	$params['handle'],
				626	$params['key'],
				627	1, // DO NOT TOUCH!
Andrey Andreev	1e83d69	2014-06-19 20:08:59 +0300	[diff] [blame]	628	$iv
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	629	);
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	630	}
				631
				632	// --------------------------------------------------------------------
				633
				634	/**
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	635	* Get params
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	636	*
				637	* @param array $params Input parameters
				638	* @return array
				639	*/
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	640	protected function _get_params($params)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	641	{
				642	if (empty($params))
				643	{
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	644	return isset($this->_cipher, $this->_mode, $this->_key, $this->_handle)
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	645	? array(
				646	'handle' => $this->_handle,
				647	'cipher' => $this->_cipher,
				648	'mode' => $this->_mode,
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	649	'key' => NULL,
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	650	'base64' => TRUE,
Andrey Andreev	ab9971f	2014-07-02 19:09:08 +0300	[diff] [blame]	651	'hmac_digest' => 'sha512',
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	652	'hmac_key' => NULL
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	653	)
				654	: FALSE;
				655	}
				656	elseif ( ! isset($params['cipher'], $params['mode'], $params['key']))
				657	{
				658	return FALSE;
				659	}
				660
Andrey Andreev	f401767	2014-02-05 18:51:15 +0200	[diff] [blame]	661	if (isset($params['mode']))
				662	{
				663	$params['mode'] = strtolower($params['mode']);
				664	if ( ! isset($this->_modes[$this->_driver][$params['mode']]))
				665	{
				666	return FALSE;
				667	}
				668	else
				669	{
				670	$params['mode'] = $this->_modes[$this->_driver][$params['mode']];
				671	}
				672	}
				673
Andrey Andreev	ab9971f	2014-07-02 19:09:08 +0300	[diff] [blame]	674	if (isset($params['hmac']) && $params['hmac'] === FALSE)
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	675	{
				676	$params['hmac_digest'] = $params['hmac_key'] = NULL;
				677	}
				678	else
				679	{
				680	if ( ! isset($params['hmac_key']))
				681	{
				682	return FALSE;
				683	}
				684	elseif (isset($params['hmac_digest']))
				685	{
				686	$params['hmac_digest'] = strtolower($params['hmac_digest']);
				687	if ( ! isset($this->_digests[$params['hmac_digest']]))
				688	{
				689	return FALSE;
				690	}
				691	}
				692	else
				693	{
				694	$params['hmac_digest'] = 'sha512';
				695	}
				696	}
				697
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	698	$params = array(
				699	'handle' => NULL,
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	700	'cipher' => $params['cipher'],
				701	'mode' => $params['mode'],
				702	'key' => $params['key'],
Andrey Andreev	4b45065	2014-02-10 06:59:54 +0200	[diff] [blame]	703	'base64' => isset($params['raw_data']) ? ! $params['raw_data'] : FALSE,
Andrey Andreev	8d33a9a	2014-02-05 23:11:23 +0200	[diff] [blame]	704	'hmac_digest' => $params['hmac_digest'],
				705	'hmac_key' => $params['hmac_key']
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	706	);
				707
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	708	$this->_cipher_alias($params['cipher']);
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	709	$params['handle'] = ($params['cipher'] !== $this->_cipher OR $params['mode'] !== $this->_mode)
				710	? $this->{'_'.$this->_driver.'_get_handle'}($params['cipher'], $params['mode'])
				711	: $this->_handle;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	712
				713	return $params;
				714	}
				715
				716	// --------------------------------------------------------------------
				717
				718	/**
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	719	* Get MCrypt handle
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	720	*
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	721	* @param string $cipher Cipher name
				722	* @param string $mode Encryption mode
				723	* @return resource
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	724	*/
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	725	protected function _mcrypt_get_handle($cipher, $mode)
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	726	{
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	727	return mcrypt_module_open($cipher, '', $mode, '');
				728	}
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	729
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	730	// --------------------------------------------------------------------
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	731
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	732	/**
				733	* Get OpenSSL handle
				734	*
				735	* @param string $cipher Cipher name
				736	* @param string $mode Encryption mode
				737	* @return string
				738	*/
				739	protected function _openssl_get_handle($cipher, $mode)
				740	{
				741	// OpenSSL methods aren't suffixed with '-stream' for this mode
				742	return ($mode === 'stream')
				743	? $cipher
				744	: $cipher.'-'.$mode;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	745	}
				746
				747	// --------------------------------------------------------------------
				748
				749	/**
				750	* Cipher alias
				751	*
				752	* Tries to translate cipher names between MCrypt and OpenSSL's "dialects".
				753	*
				754	* @param string $cipher Cipher name
				755	* @return void
				756	*/
				757	protected function _cipher_alias(&$cipher)
				758	{
				759	static $dictionary;
				760
				761	if (empty($dictionary))
				762	{
				763	$dictionary = array(
				764	'mcrypt' => array(
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	765	'aes-128' => 'rijndael-128',
				766	'aes-192' => 'rijndael-128',
				767	'aes-256' => 'rijndael-128',
Andrey Andreev	d9a48da	2014-02-05 14:10:28 +0200	[diff] [blame]	768	'des3-ede3' => 'tripledes',
				769	'bf' => 'blowfish',
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	770	'cast5' => 'cast-128',
				771	'rc4' => 'arcfour',
				772	'rc4-40' => 'arcfour'
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	773	),
				774	'openssl' => array(
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	775	'rijndael-128' => 'aes-128',
Andrey Andreev	d9a48da	2014-02-05 14:10:28 +0200	[diff] [blame]	776	'tripledes' => 'des-ede3',
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	777	'blowfish' => 'bf',
				778	'cast-128' => 'cast5',
				779	'arcfour' => 'rc4-40',
				780	'rc4' => 'rc4-40'
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	781	)
				782	);
				783
Andrey Andreev	d9a48da	2014-02-05 14:10:28 +0200	[diff] [blame]	784	// Notes:
				785	//
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	786	// - Rijndael-128 is, at the same time all three of AES-128,
				787	// AES-192 and AES-256. The only difference between them is
				788	// the key size. Rijndael-192, Rijndael-256 on the other hand
				789	// also have different block sizes and are NOT AES-compatible.
				790	//
Andrey Andreev	d9a48da	2014-02-05 14:10:28 +0200	[diff] [blame]	791	// - Blowfish is said to be supporting key sizes between
				792	// 4 and 56 bytes, but it appears that between MCrypt and
				793	// OpenSSL, only those of 16 and more bytes are compatible.
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	794	// Also, don't know what MCrypt's 'blowfish-compat' is.
				795	//
				796	// - CAST-128/CAST5 produces a longer cipher when encrypted via
				797	// OpenSSL, but (strangely enough) can be decrypted by either
				798	// extension anyway.
Andrey Andreev	18767e3	2014-03-04 22:21:35 +0200	[diff] [blame]	799	// Also, it appears that OpenSSL uses 16 rounds regardless of
				800	// the key size, while RFC2144 says that for key sizes lower
				801	// than 11 bytes, only 12 rounds should be used. This makes
				802	// it portable only with keys of between 11 and 16 bytes.
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	803	//
				804	// - RC4 (ARCFour) has a strange implementation under OpenSSL.
				805	// Its 'rc4-40' cipher method seems to work flawlessly, yet
				806	// there's another one, 'rc4' that only works with a 16-byte key.
				807	//
				808	// - DES is compatible, but doesn't need an alias.
Andrey Andreev	d9a48da	2014-02-05 14:10:28 +0200	[diff] [blame]	809	//
				810	// Other seemingly matching ciphers between MCrypt, OpenSSL:
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	811	//
Andrey Andreev	e8088d6	2014-02-06 05:01:48 +0200	[diff] [blame]	812	// - RC2 is NOT compatible and only an obscure forum post
				813	// confirms that it is MCrypt's fault.
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	814	}
				815
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	816	if (isset($dictionary[$this->_driver][$cipher]))
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	817	{
Andrey Andreev	50ccc38	2014-02-04 23:30:06 +0200	[diff] [blame]	818	$cipher = $dictionary[$this->_driver][$cipher];
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	819	}
				820	}
				821
				822	// --------------------------------------------------------------------
				823
				824	/**
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	825	* HKDF
				826	*
				827	* @link https://tools.ietf.org/rfc/rfc5869.txt
				828	* @param $key Input key
				829	* @param $digest A SHA-2 hashing algorithm
				830	* @param $salt Optional salt
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	831	* @param $length Output length (defaults to the selected digest size)
Andrey Andreev	4b45065	2014-02-10 06:59:54 +0200	[diff] [blame]	832	* @param $info Optional context/application-specific info
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	833	* @return string A pseudo-random key
				834	*/
				835	public function hkdf($key, $digest = 'sha512', $salt = NULL, $length = NULL, $info = '')
				836	{
				837	if ( ! isset($this->_digests[$digest]))
				838	{
				839	return FALSE;
				840	}
				841
				842	if (empty($length) OR ! is_int($length))
				843	{
				844	$length = $this->_digests[$digest];
				845	}
				846	elseif ($length > (255 * $this->_digests[$digest]))
				847	{
				848	return FALSE;
				849	}
				850
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	851	self::strlen($salt) OR $salt = str_repeat("\0", $this->_digests[$digest]);
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	852
				853	$prk = hash_hmac($digest, $key, $salt, TRUE);
				854	$key = '';
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	855	for ($key_block = '', $block_index = 1; self::strlen($key) < $length; $block_index++)
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	856	{
				857	$key_block = hash_hmac($digest, $key_block.$info.chr($block_index), $prk, TRUE);
				858	$key .= $key_block;
				859	}
				860
Andrey Andreev	9fa275e	2014-07-07 14:43:51 +0300	[diff] [blame]	861	return self::substr($key, 0, $length);
Andrey Andreev	29cade4	2014-02-04 14:05:58 +0200	[diff] [blame]	862	}
				863
				864	// --------------------------------------------------------------------
				865
				866	/**
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	867	* __get() magic
				868	*
				869	* @param string $key Property name
				870	* @return mixed
				871	*/
				872	public function __get($key)
				873	{
Andrey Andreev	81e1064	2014-02-07 01:43:36 +0200	[diff] [blame]	874	// Because aliases
				875	if ($key === 'mode')
				876	{
				877	return array_search($this->_mode, $this->_modes[$this->_driver], TRUE);
				878	}
				879	elseif (in_array($key, array('cipher', 'driver', 'drivers', 'digests'), TRUE))
				880	{
				881	return $this->{'_'.$key};
				882	}
				883
				884	return NULL;
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	885	}
				886
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	887	// --------------------------------------------------------------------
				888
				889	/**
				890	* Byte-safe strlen()
				891	*
				892	* @param string $str
				893	* @return integer
				894	*/
				895	protected static function strlen($str)
				896	{
				897	return (self::$func_override)
				898	? mb_strlen($str, '8bit')
				899	: strlen($str);
				900	}
				901
				902	// --------------------------------------------------------------------
				903
				904	/**
				905	* Byte-safe substr()
				906	*
				907	* @param string $str
				908	* @param int $start
				909	* @param int $length
				910	* @return string
				911	*/
Andrey Andreev	35a7b44	2014-07-12 21:46:26 +0300	[diff] [blame]	912	protected static function substr($str, $start, $length = NULL)
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	913	{
				914	if (self::$func_override)
				915	{
Andrey Andreev	35a7b44	2014-07-12 21:46:26 +0300	[diff] [blame]	916	// mb_substr($str, $start, null, '8bit') returns an empty
				917	// string on PHP 5.3
				918	isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
Andrey Andreev	11beac2	2014-07-12 18:28:38 +0300	[diff] [blame]	919	return mb_substr($str, $start, $length, '8bit');
Andrey Andreev	2da3550	2014-07-07 14:41:57 +0300	[diff] [blame]	920	}
				921
				922	return isset($length)
				923	? substr($str, $start, $length)
				924	: substr($str, $start);
				925	}
Andrey Andreev	818aedb	2014-02-03 11:30:25 +0200	[diff] [blame]	926	}
				927
				928	/* End of file Encryption.php */
				929	/* Location: ./system/libraries/Encryption.php */