/
Security.php
297 lines (274 loc) · 9.99 KB
/
Security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since 0.10.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Utility;
use Cake\Utility\Crypto\Mcrypt;
use Cake\Utility\Crypto\OpenSsl;
use InvalidArgumentException;
/**
* Security Library contains utility methods related to security
*
*/
class Security
{
/**
* Default hash method. If `$type` param for `Security::hash()` is not specified
* this value is used. Defaults to 'sha1'.
*
* @var string
*/
public static $hashType = 'sha1';
/**
* The HMAC salt to use for encryption and decryption routines
*
* @var string
*/
protected static $_salt;
/**
* The crypto implementation to use.
*
* @var object
*/
protected static $_instance;
/**
* Create a hash from string using given method.
*
* @param string $string String to hash
* @param string|null $type Hashing algo to use (i.e. sha1, sha256 etc.).
* Can be any valid algo included in list returned by hash_algos().
* If no value is passed the type specified by `Security::$hashType` is used.
* @param mixed $salt If true, automatically prepends the application's salt
* value to $string (Security.salt).
* @return string Hash
* @link http://book.cakephp.org/3.0/en/core-libraries/security.html#hashing-data
*/
public static function hash($string, $type = null, $salt = false)
{
if (empty($type)) {
$type = static::$hashType;
}
$type = strtolower($type);
if ($salt) {
if (!is_string($salt)) {
$salt = static::$_salt;
}
$string = $salt . $string;
}
return hash($type, $string);
}
/**
* Sets the default hash method for the Security object. This affects all objects
* using Security::hash().
*
* @param string $hash Method to use (sha1/sha256/md5 etc.)
* @return void
* @see \Cake\Utility\Security::hash()
*/
public static function setHash($hash)
{
static::$hashType = $hash;
}
/**
* Get random bytes from a secure source.
*
* This method will fall back to an insecure source an trigger a warning
* if it cannot find a secure source of random data.
*
* @param int $length The number of bytes you want.
* @return string Random bytes in binary.
*/
public static function randomBytes($length)
{
if (function_exists('random_bytes')) {
return random_bytes($length);
}
if (function_exists('openssl_random_pseudo_bytes')) {
return openssl_random_pseudo_bytes($length);
}
trigger_error(
'You do not have a safe source of random data available. ' .
'Install either the openssl extension, or paragonie/random_compat. ' .
'Falling back to an insecure random source.',
E_USER_WARNING
);
$bytes = '';
while ($bytes < $length) {
$bytes .= static::hash(Text::uuid() . uniqid(mt_rand(), true), 'sha512', true);
}
return substr($bytes, 0, $length);
}
/**
* Get the crypto implementation based on the loaded extensions.
*
* You can use this method to forcibly decide between mcrypt/openssl/custom implementations.
*
* @param object $instance The crypto instance to use.
* @return object Crypto instance.
* @throws \InvalidArgumentException When no compatible crypto extension is available.
*/
public static function engine($instance = null)
{
if ($instance === null && static::$_instance === null) {
if (extension_loaded('openssl')) {
$instance = new OpenSsl();
} elseif (extension_loaded('mcrypt')) {
$instance = new Mcrypt();
}
}
if ($instance) {
static::$_instance = $instance;
}
if (isset(static::$_instance)) {
return static::$_instance;
}
throw new InvalidArgumentException(
'No compatible crypto engine available. ' .
'Load either the openssl or mcrypt extensions'
);
}
/**
* Encrypts/Decrypts a text using the given key using rijndael method.
*
* @param string $text Encrypted string to decrypt, normal string to encrypt
* @param string $key Key to use as the encryption key for encrypted data.
* @param string $operation Operation to perform, encrypt or decrypt
* @throws \InvalidArgumentException When there are errors.
* @return string Encrypted/Decrypted string
*/
public static function rijndael($text, $key, $operation)
{
if (empty($key)) {
throw new InvalidArgumentException('You cannot use an empty key for Security::rijndael()');
}
if (empty($operation) || !in_array($operation, ['encrypt', 'decrypt'])) {
throw new InvalidArgumentException('You must specify the operation for Security::rijndael(), either encrypt or decrypt');
}
if (mb_strlen($key, '8bit') < 32) {
throw new InvalidArgumentException('You must use a key larger than 32 bytes for Security::rijndael()');
}
$crypto = static::engine();
return $crypto->rijndael($text, $key, $operation);
}
/**
* Encrypt a value using AES-256.
*
* *Caveat* You cannot properly encrypt/decrypt data with trailing null bytes.
* Any trailing null bytes will be removed on decryption due to how PHP pads messages
* with nulls prior to encryption.
*
* @param string $plain The value to encrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @param string|null $hmacSalt The salt to use for the HMAC process. Leave null to use Security.salt.
* @return string Encrypted data.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function encrypt($plain, $key, $hmacSalt = null)
{
self::_checkKey($key, 'encrypt()');
if ($hmacSalt === null) {
$hmacSalt = static::$_salt;
}
// Generate the encryption and hmac key.
$key = mb_substr(hash('sha256', $key . $hmacSalt), 0, 32, '8bit');
$crypto = static::engine();
$ciphertext = $crypto->encrypt($plain, $key);
$hmac = hash_hmac('sha256', $ciphertext, $key);
return $hmac . $ciphertext;
}
/**
* Check the encryption key for proper length.
*
* @param string $key Key to check.
* @param string $method The method the key is being checked for.
* @return void
* @throws \InvalidArgumentException When key length is not 256 bit/32 bytes
*/
protected static function _checkKey($key, $method)
{
if (mb_strlen($key, '8bit') < 32) {
throw new InvalidArgumentException(
sprintf('Invalid key for %s, key must be at least 256 bits (32 bytes) long.', $method)
);
}
}
/**
* Decrypt a value using AES-256.
*
* @param string $cipher The ciphertext to decrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @param string|null $hmacSalt The salt to use for the HMAC process. Leave null to use Security.salt.
* @return string Decrypted data. Any trailing null bytes will be removed.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function decrypt($cipher, $key, $hmacSalt = null)
{
self::_checkKey($key, 'decrypt()');
if (empty($cipher)) {
throw new InvalidArgumentException('The data to decrypt cannot be empty.');
}
if ($hmacSalt === null) {
$hmacSalt = static::$_salt;
}
// Generate the encryption and hmac key.
$key = mb_substr(hash('sha256', $key . $hmacSalt), 0, 32, '8bit');
// Split out hmac for comparison
$macSize = 64;
$hmac = mb_substr($cipher, 0, $macSize, '8bit');
$cipher = mb_substr($cipher, $macSize, null, '8bit');
$compareHmac = hash_hmac('sha256', $cipher, $key);
if (!static::_constantEquals($hmac, $compareHmac)) {
return false;
}
$crypto = static::engine();
return $crypto->decrypt($cipher, $key);
}
/**
* A timing attack resistant comparison that prefers native PHP implementations.
*
* @param string $hmac The hmac from the ciphertext being decrypted.
* @param string $compare The comparison hmac.
* @return bool
* @see https://github.com/resonantcore/php-future/
*/
protected static function _constantEquals($hmac, $compare)
{
if (function_exists('hash_equals')) {
return hash_equals($hmac, $compare);
}
$hashLength = mb_strlen($hmac, '8bit');
$compareLength = mb_strlen($compare, '8bit');
if ($hashLength !== $compareLength) {
return false;
}
$result = 0;
for ($i = 0; $i < $hashLength; $i++) {
$result |= (ord($hmac[$i]) ^ ord($compare[$i]));
}
return $result === 0;
}
/**
* Gets or sets the HMAC salt to be used for encryption/decryption
* routines.
*
* @param string|null $salt The salt to use for encryption routines. If null returns current salt.
* @return string The currently configured salt
*/
public static function salt($salt = null)
{
if ($salt === null) {
return static::$_salt;
}
return static::$_salt = (string)$salt;
}
}