1 <?php
  2 /**
  3  * @package    FrameworkOnFramework
  4  * @subpackage encrypt
  5  * @copyright   Copyright (C) 2010-2016 Nicholas K. Dionysopoulos / Akeeba Ltd. All rights reserved.
  6  * @license    GNU General Public License version 2 or later; see LICENSE.txt
  7  */
  8 // Protect from unauthorized access
  9 defined('FOF_INCLUDED') or die;
 10 
 11 /**
 12  * A simple implementation of AES-128, AES-192 and AES-256 encryption using the
 13  * high performance mcrypt library.
 14  *
 15  * @package  FrameworkOnFramework
 16  * @since    1.0
 17  */
 18 class FOFEncryptAes
 19 {
 20     /**
 21      * The cipher key.
 22      *
 23      * @var   string
 24      */
 25     protected $key = '';
 26 
 27     /**
 28      * The AES encryption adapter in use.
 29      *
 30      * @var  FOFEncryptAesInterface
 31      */
 32     protected $adapter;
 33     
 34     /**
 35      * Initialise the AES encryption object.
 36      *
 37      * Note: If the key is not 16 bytes this class will do a stupid key expansion for legacy reasons (produce the
 38      * SHA-256 of the key string and throw away half of it).
 39      *
 40      * @param   string          $key      The encryption key (password). It can be a raw key (16 bytes) or a passphrase.
 41      * @param   int             $strength Bit strength (128, 192 or 256) – ALWAYS USE 128 BITS. THIS PARAMETER IS DEPRECATED.
 42      * @param   string          $mode     Encryption mode. Can be ebc or cbc. We recommend using cbc.
 43      * @param   FOFUtilsPhpfunc $phpfunc  For testing
 44      * @param   string          $priority Priority which adapter we should try first
 45      */
 46     public function __construct($key, $strength = 128, $mode = 'cbc', FOFUtilsPhpfunc $phpfunc = null, $priority = 'openssl')
 47     {
 48         if ($priority == 'openssl')
 49         {
 50             $this->adapter = new FOFEncryptAesOpenssl();
 51             
 52             if (!$this->adapter->isSupported($phpfunc))
 53             {
 54                 $this->adapter = new FOFEncryptAesMcrypt();
 55             }
 56         }
 57         else
 58         {
 59             $this->adapter = new FOFEncryptAesMcrypt();
 60             
 61             if (!$this->adapter->isSupported($phpfunc))
 62             {
 63                 $this->adapter = new FOFEncryptAesOpenssl();
 64             }
 65         }
 66 
 67         $this->adapter->setEncryptionMode($mode, $strength);
 68         $this->setPassword($key, true);
 69     }
 70 
 71     /**
 72      * Sets the password for this instance.
 73      *
 74      * WARNING: Do not use the legacy mode, it's insecure
 75      *
 76      * @param   string $password   The password (either user-provided password or binary encryption key) to use
 77      * @param   bool   $legacyMode True to use the legacy key expansion. We recommend against using it.
 78      */
 79     public function setPassword($password, $legacyMode = false)
 80     {
 81         $this->key = $password;
 82 
 83         $passLength = strlen($password);
 84 
 85         if (function_exists('mb_strlen'))
 86         {
 87             $passLength = mb_strlen($password, 'ASCII');
 88         }
 89 
 90         // Legacy mode was doing something stupid, requiring a key of 32 bytes. DO NOT USE LEGACY MODE!
 91         if ($legacyMode && ($passLength != 32))
 92         {
 93             // Legacy mode: use the sha256 of the password
 94             $this->key = hash('sha256', $password, true);
 95             // We have to trim or zero pad the password (we end up throwing half of it away in Rijndael-128 / AES...)
 96             $this->key = $this->adapter->resizeKey($this->key, $this->adapter->getBlockSize());
 97         }
 98     }
 99 
100     /**
101      * Encrypts a string using AES
102      *
103      * @param   string $stringToEncrypt The plaintext to encrypt
104      * @param   bool   $base64encoded   Should I Base64-encode the result?
105      *
106      * @return   string  The cryptotext. Please note that the first 16 bytes of
107      *                   the raw string is the IV (initialisation vector) which
108      *                   is necessary for decoding the string.
109      */
110     public function encryptString($stringToEncrypt, $base64encoded = true)
111     {
112         $blockSize = $this->adapter->getBlockSize();
113         $randVal   = new FOFEncryptRandval();
114         $iv        = $randVal->generate($blockSize);
115 
116         $key        = $this->getExpandedKey($blockSize, $iv);
117         $cipherText = $this->adapter->encrypt($stringToEncrypt, $key, $iv);
118 
119         // Optionally pass the result through Base64 encoding
120         if ($base64encoded)
121         {
122             $cipherText = base64_encode($cipherText);
123         }
124 
125         // Return the result
126         return $cipherText;
127     }
128 
129     /**
130      * Decrypts a ciphertext into a plaintext string using AES
131      *
132      * @param   string $stringToDecrypt The ciphertext to decrypt. The first 16 bytes of the raw string must contain
133      *                                  the IV (initialisation vector).
134      * @param   bool   $base64encoded   Should I Base64-decode the data before decryption?
135      *
136      * @return   string  The plain text string
137      */
138     public function decryptString($stringToDecrypt, $base64encoded = true)
139     {
140         if ($base64encoded)
141         {
142             $stringToDecrypt = base64_decode($stringToDecrypt);
143         }
144 
145         // Extract IV
146         $iv_size = $this->adapter->getBlockSize();
147         $iv      = substr($stringToDecrypt, 0, $iv_size);
148         $key     = $this->getExpandedKey($iv_size, $iv);
149 
150         // Decrypt the data
151         $plainText = $this->adapter->decrypt($stringToDecrypt, $key);
152 
153         return $plainText;
154     }
155 
156     /**
157      * Is AES encryption supported by this PHP installation?
158      *
159      * @param   FOFUtilsPhpfunc  $phpfunc
160      *
161      * @return boolean
162      */
163     public static function isSupported(FOFUtilsPhpfunc $phpfunc = null)
164     {
165         if (!is_object($phpfunc) || !($phpfunc instanceof $phpfunc))
166         {
167             $phpfunc = new FOFUtilsPhpfunc();
168         }
169 
170         $adapter = new FOFEncryptAesMcrypt();
171 
172         if (!$adapter->isSupported($phpfunc))
173         {
174             $adapter = new FOFEncryptAesOpenssl();
175         }
176 
177         if (!$adapter->isSupported($phpfunc))
178         {
179             return false;
180         }
181 
182         if (!$phpfunc->function_exists('base64_encode'))
183         {
184             return false;
185         }
186 
187         if (!$phpfunc->function_exists('base64_decode'))
188         {
189             return false;
190         }
191 
192         if (!$phpfunc->function_exists('hash_algos'))
193         {
194             return false;
195         }
196 
197         $algorightms = $phpfunc->hash_algos();
198 
199         if (!in_array('sha256', $algorightms))
200         {
201             return false;
202         }
203 
204         return true;
205     }
206 
207     /**
208      * @param $blockSize
209      * @param $iv
210      *
211      * @return string
212      */
213     public function getExpandedKey($blockSize, $iv)
214     {
215         $key        = $this->key;
216         $passLength = strlen($key);
217 
218         if (function_exists('mb_strlen'))
219         {
220             $passLength = mb_strlen($key, 'ASCII');
221         }
222 
223         if ($passLength != $blockSize)
224         {
225             $iterations = 1000;
226             $salt       = $this->adapter->resizeKey($iv, 16);
227             $key        = hash_pbkdf2('sha256', $this->key, $salt, $iterations, $blockSize, true);
228         }
229 
230         return $key;
231     }
232 }
233 
234 if (!function_exists('hash_pbkdf2'))
235 {
236     function hash_pbkdf2($algo, $password, $salt, $count, $length = 0, $raw_output = false)
237     {
238         if (!in_array(strtolower($algo), hash_algos()))
239         {
240             trigger_error(__FUNCTION__ . '(): Unknown hashing algorithm: ' . $algo, E_USER_WARNING);
241         }
242 
243         if (!is_numeric($count))
244         {
245             trigger_error(__FUNCTION__ . '(): expects parameter 4 to be long, ' . gettype($count) . ' given', E_USER_WARNING);
246         }
247 
248         if (!is_numeric($length))
249         {
250             trigger_error(__FUNCTION__ . '(): expects parameter 5 to be long, ' . gettype($length) . ' given', E_USER_WARNING);
251         }
252 
253         if ($count <= 0)
254         {
255             trigger_error(__FUNCTION__ . '(): Iterations must be a positive integer: ' . $count, E_USER_WARNING);
256         }
257 
258         if ($length < 0)
259         {
260             trigger_error(__FUNCTION__ . '(): Length must be greater than or equal to 0: ' . $length, E_USER_WARNING);
261         }
262 
263         $output      = '';
264         $block_count = $length ? ceil($length / strlen(hash($algo, '', $raw_output))) : 1;
265 
266         for ($i = 1; $i <= $block_count; $i++)
267         {
268             $last = $xorsum = hash_hmac($algo, $salt . pack('N', $i), $password, true);
269 
270             for ($j = 1; $j < $count; $j++)
271             {
272                 $xorsum ^= ($last = hash_hmac($algo, $last, $password, true));
273             }
274 
275             $output .= $xorsum;
276         }
277 
278         if (!$raw_output)
279         {
280             $output = bin2hex($output);
281         }
282 
283         return $length ? substr($output, 0, $length) : $output;
284     }
285 }
286 

Joomla! Framework TM API documentation generated by ApiGen 2.8.0
Joomla!® and Joomla! Framework™ are trademarks of Open Source Matters, Inc. in the United States and other countries.