-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCipher.php
195 lines (169 loc) · 5.23 KB
/
Cipher.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
<?php
use \ReflectionFunction;
/**
* A simple abstraction for PHP's mcrypt extension.
* Limited but easy-to-use OOP-style functionality.
* This class is not entirely idiot-proof, however.
* Defaults to AES-256-CBC w/ SHA-256 hashed key.
* Note: Key and data padding is not necessary, PHP does this internally.
* @author Andrew Zammit <zammit.andrew@gmail.com>
* @license BSD 3-Clause, see included "LICENSE"
*/
class Cipher {
/**
* One of MCRYPT_RAND, MCRYPT_DEV_RANDOM, MCRYPT_DEV_URANDOM, depending on preferences/system.
* @var int
*/
public static $RAND_SOURCE = MCRYPT_RAND;
/**
* The default cipher algorithm to use.
* @see Cipher::ciphers()
* @var string
*/
public static $DEFAULT_CIPHER = 'rijndael-256';
/**
* The default mode to use.
* @see Cipher::modes()
* @var string
*/
public static $DEFAULT_MODE = 'cbc';
/**
* The default hash algorithm to use.
* @see Cipher::algos()
* @var string
*/
public static $DEFAULT_ALGO = 'sha256';
/**
* @var int
*/
private static $KEY_SIZE_ARGS = 0;
/**
* @var string
*/
private $key;
/**
* @var string
*/
private $cipher;
/**
* @var string
*/
private $mode;
/**
* @param string $key The super secret passphrase.
* @param string $cipher The cipher algorithm to use, one of Cipher::ciphers(), defaults to Cipher::$DEFAULT_CIPHER.
* @param string $mode The mode to use, one of Cipher::modes(), defaults to Cipher::$DEFAULT_MODE.
* @param string $algo The hash algorithm to use when hashing the key, one of Cipher::algos(), defaults to Cipher::$DEFAULT_ALGO.
*/
public function __construct($key,$cipher=null,$mode=null,$algo=null) {
static::determineKeySizeArguments();
$this->cipher = $cipher?$cipher:static::$DEFAULT_CIPHER;
$this->mode = $mode?$mode:static::$DEFAULT_MODE;
$algo = $algo?$algo:static::$DEFAULT_ALGO;
$this->key = $this->truncateKeyToMax(hash($algo,$key,true));
}
/**
* @return string The hashed version of the supplied key.
*/
public function getRawKey() {
return $this->key;
}
/**
* @return string The cipher being used for encryption and decryption.
*/
public function getCipher() {
return $this->cipher;
}
/**
* @return string The mode being used for encryption and decryption.
*/
public function getMode() {
return $this->mode;
}
/**
* Encrypt anything (string, integer, object, array) that can be serialized.
* This outputs raw data, so depending on the application, the output of this
* method may need to be base64 encoded.
* @param mixed $input The object that should be encrypted.
* @return string Raw/binary encrypted input (prefixed with the IV, if applicable).
*/
public function encrypt($input) {
$iv = $this->ivCreate();
$encrypted = mcrypt_encrypt($this->cipher,$this->key,serialize($input),$this->mode,$iv?$iv:null);
return $iv.$encrypted;
}
/**
* Decrypt something returned by Cipher::encrypt. Attempts to return unserialized data.
* @param string $input Raw/binary encrypted data (prefixed with the IV, if applicable).
* @return mixed|NULL The original object (used with Cipher::encrypt) or null on failure.
*/
public function decrypt($input) {
$ivSize = $this->ivGetSize();
$iv = substr($input,0,$ivSize);
$encrypted = substr($input,$ivSize);
$decrypted = mcrypt_decrypt($this->cipher,$this->key,$encrypted,$this->mode,$iv?$iv:null);
if ( $decrypted ) {
return unserialize($decrypted);
}
return null;
}
private function ivIsModeValid() {
return $this->mode !== MCRYPT_MODE_ECB;
}
private function ivGetSize() {
if ( $this->ivIsModeValid() ) {
return mcrypt_get_iv_size($this->cipher,$this->mode);
}
return 0;
}
private function ivCreate() {
$ivSize = $this->ivGetSize();
if ( $this->ivIsModeValid() ) {
return mcrypt_create_iv($ivSize,static::$RAND_SOURCE);
}
return '';
}
private function truncateKeyToMax($key) {
$keySize = 8;
if ( static::$KEY_SIZE_ARGS === 2 ) {
$keySize = mcrypt_get_key_size($this->cipher,$this->mode);
} else if ( static::$KEY_SIZE_ARGS === 1 ) {
$keySize = mcrypt_get_key_size($this->cipher);
}
return substr($key,0,$keySize);
}
/**
* @return array[string] A list of mcrypt modes available on the system.
*/
public static function modes() {
return mcrypt_list_modes();
}
/**
* @return array[string] A list of mcrypt cipher algorithms available on the system.
*/
public static function ciphers() {
return mcrypt_list_algorithms();
}
/**
* @return array[string] A list of hash algorithms available on the system.
*/
public static function algos() {
return hash_algos();
}
/**
* Uses Cipher::DEFAULT_ALGO to generate a string with a given length.
* There is no consideration of an algorithm's max key size.
* This is really just a testing/utility method at the end of the day.
* @param number $length Defaults to 16.
* @return string A random string confined by the given length.
*/
public static function generateKey($length=16) {
return substr(hash(static::$DEFAULT_ALGO,mt_rand(),false),0,$length);
}
private static function determineKeySizeArguments() {
if ( !static::$KEY_SIZE_ARGS ) {
$reflFunc = new ReflectionFunction('mcrypt_get_key_size');
static::$KEY_SIZE_ARGS = $reflFunc->getNumberOfRequiredParameters();
}
}
}