-
Notifications
You must be signed in to change notification settings - Fork 3.4k
/
Mcrypt.php
110 lines (99 loc) · 4.06 KB
/
Mcrypt.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since 3.0.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Utility\Crypto;
/**
* Mcrypt implementation of crypto features for Cake\Utility\Security
*
* This class is not intended to be used directly and should only
* be used in the context of Cake\Utility\Security.
*
* @internal
*/
class Mcrypt
{
/**
* Encrypts/Decrypts a text using the given key using rijndael method.
*
* @param string $text Encrypted string to decrypt, normal string to encrypt
* @param string $key Key to use as the encryption key for encrypted data.
* @param string $operation Operation to perform, encrypt or decrypt
* @throws \LogicException When there are errors.
* @return string Encrytped binary string data, or decrypted data depending on operation.
*/
public static function rijndael($text, $key, $operation)
{
$algorithm = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_CBC;
$ivSize = mcrypt_get_iv_size($algorithm, $mode);
$cryptKey = mb_substr($key, 0, 32, '8bit');
if ($operation === 'encrypt') {
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
return $iv . '$$' . mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
}
$iv = mb_substr($text, 0, $ivSize, '8bit');
$text = mb_substr($text, $ivSize + 2, null, '8bit');
return rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
}
/**
* Encrypt a value using AES-256.
*
* *Caveat* You cannot properly encrypt/decrypt data with trailing null bytes.
* Any trailing null bytes will be removed on decryption due to how PHP pads messages
* with nulls prior to encryption.
*
* @param string $plain The value to encrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @return string Encrypted data.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function encrypt($plain, $key)
{
$algorithm = MCRYPT_RIJNDAEL_128;
$mode = MCRYPT_MODE_CBC;
$ivSize = mcrypt_get_iv_size($algorithm, $mode);
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
// Pad out plain to make it AES compatible.
$pad = ($ivSize - (mb_strlen($plain, '8bit') % $ivSize));
$plain .= str_repeat(chr($pad), $pad);
return $iv . mcrypt_encrypt($algorithm, $key, $plain, $mode, $iv);
}
/**
* Decrypt a value using AES-256.
*
* @param string $cipher The ciphertext to decrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @return string Decrypted data. Any trailing null bytes will be removed.
* @throws InvalidArgumentException On invalid data or key.
*/
public static function decrypt($cipher, $key)
{
$algorithm = MCRYPT_RIJNDAEL_128;
$mode = MCRYPT_MODE_CBC;
$ivSize = mcrypt_get_iv_size($algorithm, $mode);
$iv = mb_substr($cipher, 0, $ivSize, '8bit');
$cipher = mb_substr($cipher, $ivSize, null, '8bit');
$plain = mcrypt_decrypt($algorithm, $key, $cipher, $mode, $iv);
// Remove PKCS#7 padding or Null bytes
// Newer values will be PKCS#7 padded, while old
// mcrypt values will be null byte padded.
$padChar = mb_substr($plain, -1, null, '8bit');
if ($padChar === "\0") {
return trim($plain, "\0");
}
$padLen = ord($padChar);
$result = mb_substr($plain, 0, -$padLen, '8bit');
return $result === '' ? false : $result;
}
}