-
Notifications
You must be signed in to change notification settings - Fork 3.4k
/
Security.php
397 lines (360 loc) · 13 KB
/
Security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
<?php
/**
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
* @link https://cakephp.org CakePHP(tm) Project
* @since 0.10.0
* @license https://opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Utility;
use Cake\Utility\Crypto\Mcrypt;
use Cake\Utility\Crypto\OpenSsl;
use InvalidArgumentException;
use RuntimeException;
/**
* Security Library contains utility methods related to security
*/
class Security
{
/**
* Default hash method. If `$type` param for `Security::hash()` is not specified
* this value is used. Defaults to 'sha1'.
*
* @var string
*/
public static $hashType = 'sha1';
/**
* The HMAC salt to use for encryption and decryption routines
*
* @var string|null
*/
protected static $_salt;
/**
* The crypto implementation to use.
*
* @var object
*/
protected static $_instance;
/**
* Create a hash from string using given method.
*
* @param string $string String to hash
* @param string|null $algorithm Hashing algo to use (i.e. sha1, sha256 etc.).
* Can be any valid algo included in list returned by hash_algos().
* If no value is passed the type specified by `Security::$hashType` is used.
* @param mixed $salt If true, automatically prepends the application's salt
* value to $string (Security.salt).
* @return string Hash
* @throws \RuntimeException
* @link https://book.cakephp.org/3/en/core-libraries/security.html#hashing-data
*/
public static function hash($string, $algorithm = null, $salt = false)
{
if (empty($algorithm)) {
$algorithm = static::$hashType;
}
$algorithm = strtolower($algorithm);
$availableAlgorithms = hash_algos();
if (!in_array($algorithm, $availableAlgorithms, true)) {
throw new RuntimeException(sprintf(
'The hash type `%s` was not found. Available algorithms are: %s',
$algorithm,
implode(', ', $availableAlgorithms)
));
}
if ($salt) {
if (!is_string($salt)) {
$salt = static::$_salt;
}
$string = $salt . $string;
}
return hash($algorithm, $string);
}
/**
* Sets the default hash method for the Security object. This affects all objects
* using Security::hash().
*
* @param string $hash Method to use (sha1/sha256/md5 etc.)
* @return void
* @see \Cake\Utility\Security::hash()
*/
public static function setHash($hash)
{
static::$hashType = $hash;
}
/**
* Get random bytes from a secure source.
*
* This method will fall back to an insecure source an trigger a warning
* if it cannot find a secure source of random data.
*
* @param int $length The number of bytes you want.
* @return string Random bytes in binary.
*/
public static function randomBytes($length)
{
if (function_exists('random_bytes')) {
return random_bytes($length);
}
if (!function_exists('openssl_random_pseudo_bytes')) {
throw new RuntimeException(
'You do not have a safe source of random data available. ' .
'Install either the openssl extension, or paragonie/random_compat. ' .
'Or use Security::insecureRandomBytes() alternatively.'
);
}
$bytes = openssl_random_pseudo_bytes($length, $strongSource);
if (!$strongSource) {
trigger_error(
'openssl was unable to use a strong source of entropy. ' .
'Consider updating your system libraries, or ensuring ' .
'you have more available entropy.',
E_USER_WARNING
);
}
return $bytes;
}
/**
* Creates a secure random string.
*
* @param int $length String length. Default 64.
* @return string
* @since 3.6.0
*/
public static function randomString($length = 64)
{
return substr(
bin2hex(Security::randomBytes(ceil($length / 2))),
0,
$length
);
}
/**
* Like randomBytes() above, but not cryptographically secure.
*
* @param int $length The number of bytes you want.
* @return string Random bytes in binary.
* @see \Cake\Utility\Security::randomBytes()
*/
public static function insecureRandomBytes($length)
{
$length *= 2;
$bytes = '';
$byteLength = 0;
while ($byteLength < $length) {
$bytes .= static::hash(Text::uuid() . uniqid(mt_rand(), true), 'sha512', true);
$byteLength = strlen($bytes);
}
$bytes = substr($bytes, 0, $length);
return pack('H*', $bytes);
}
/**
* Get the crypto implementation based on the loaded extensions.
*
* You can use this method to forcibly decide between mcrypt/openssl/custom implementations.
*
* @param \Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt|null $instance The crypto instance to use.
* @return \Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt Crypto instance.
* @throws \InvalidArgumentException When no compatible crypto extension is available.
*/
public static function engine($instance = null)
{
if ($instance === null && static::$_instance === null) {
if (extension_loaded('openssl')) {
$instance = new OpenSsl();
} elseif (extension_loaded('mcrypt')) {
$instance = new Mcrypt();
}
}
if ($instance) {
static::$_instance = $instance;
}
if (isset(static::$_instance)) {
return static::$_instance;
}
throw new InvalidArgumentException(
'No compatible crypto engine available. ' .
'Load either the openssl or mcrypt extensions'
);
}
/**
* Encrypts/Decrypts a text using the given key using rijndael method.
*
* @param string $text Encrypted string to decrypt, normal string to encrypt
* @param string $key Key to use as the encryption key for encrypted data.
* @param string $operation Operation to perform, encrypt or decrypt
* @throws \InvalidArgumentException When there are errors.
* @return string Encrypted/Decrypted string.
* @deprecated 3.6.3 This method relies on functions provided by mcrypt
* extension which has been deprecated in PHP 7.1 and removed in PHP 7.2.
* There's no 1:1 replacement for this method.
* Upgrade your code to use Security::encrypt()/Security::decrypt() with
* OpenSsl engine instead.
*/
public static function rijndael($text, $key, $operation)
{
if (empty($key)) {
throw new InvalidArgumentException('You cannot use an empty key for Security::rijndael()');
}
if (empty($operation) || !in_array($operation, ['encrypt', 'decrypt'])) {
throw new InvalidArgumentException('You must specify the operation for Security::rijndael(), either encrypt or decrypt');
}
if (mb_strlen($key, '8bit') < 32) {
throw new InvalidArgumentException('You must use a key larger than 32 bytes for Security::rijndael()');
}
$crypto = static::engine();
return $crypto->rijndael($text, $key, $operation);
}
/**
* Encrypt a value using AES-256.
*
* *Caveat* You cannot properly encrypt/decrypt data with trailing null bytes.
* Any trailing null bytes will be removed on decryption due to how PHP pads messages
* with nulls prior to encryption.
*
* @param string $plain The value to encrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @param string|null $hmacSalt The salt to use for the HMAC process. Leave null to use Security.salt.
* @return string Encrypted data.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function encrypt($plain, $key, $hmacSalt = null)
{
self::_checkKey($key, 'encrypt()');
if ($hmacSalt === null) {
$hmacSalt = static::$_salt;
}
// Generate the encryption and hmac key.
$key = mb_substr(hash('sha256', $key . $hmacSalt), 0, 32, '8bit');
$crypto = static::engine();
$ciphertext = $crypto->encrypt($plain, $key);
$hmac = hash_hmac('sha256', $ciphertext, $key);
return $hmac . $ciphertext;
}
/**
* Check the encryption key for proper length.
*
* @param string $key Key to check.
* @param string $method The method the key is being checked for.
* @return void
* @throws \InvalidArgumentException When key length is not 256 bit/32 bytes
*/
protected static function _checkKey($key, $method)
{
if (mb_strlen($key, '8bit') < 32) {
throw new InvalidArgumentException(
sprintf('Invalid key for %s, key must be at least 256 bits (32 bytes) long.', $method)
);
}
}
/**
* Decrypt a value using AES-256.
*
* @param string $cipher The ciphertext to decrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @param string|null $hmacSalt The salt to use for the HMAC process. Leave null to use Security.salt.
* @return string|false Decrypted data. Any trailing null bytes will be removed.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function decrypt($cipher, $key, $hmacSalt = null)
{
self::_checkKey($key, 'decrypt()');
if (empty($cipher)) {
throw new InvalidArgumentException('The data to decrypt cannot be empty.');
}
if ($hmacSalt === null) {
$hmacSalt = static::$_salt;
}
// Generate the encryption and hmac key.
$key = mb_substr(hash('sha256', $key . $hmacSalt), 0, 32, '8bit');
// Split out hmac for comparison
$macSize = 64;
$hmac = mb_substr($cipher, 0, $macSize, '8bit');
$cipher = mb_substr($cipher, $macSize, null, '8bit');
$compareHmac = hash_hmac('sha256', $cipher, $key);
if (!static::constantEquals($hmac, $compareHmac)) {
return false;
}
$crypto = static::engine();
return $crypto->decrypt($cipher, $key);
}
/**
* A timing attack resistant comparison that prefers native PHP implementations.
*
* @param string $original The original value.
* @param string $compare The comparison value.
* @return bool
* @see https://github.com/resonantcore/php-future/
* @since 3.6.2
*/
public static function constantEquals($original, $compare)
{
if (!is_string($original) || !is_string($compare)) {
return false;
}
if (function_exists('hash_equals')) {
return hash_equals($original, $compare);
}
$originalLength = mb_strlen($original, '8bit');
$compareLength = mb_strlen($compare, '8bit');
if ($originalLength !== $compareLength) {
return false;
}
$result = 0;
for ($i = 0; $i < $originalLength; $i++) {
$result |= (ord($original[$i]) ^ ord($compare[$i]));
}
return $result === 0;
}
/**
* Gets the HMAC salt to be used for encryption/decryption
* routines.
*
* @return string The currently configured salt
*/
public static function getSalt()
{
if (static::$_salt === null) {
throw new RuntimeException(
'Salt not set. Use Security::setSalt() to set one, ideally in `config/bootstrap.php`.'
);
}
return static::$_salt;
}
/**
* Sets the HMAC salt to be used for encryption/decryption
* routines.
*
* @param string $salt The salt to use for encryption routines.
* @return void
*/
public static function setSalt($salt)
{
static::$_salt = (string)$salt;
}
/**
* Gets or sets the HMAC salt to be used for encryption/decryption
* routines.
*
* @deprecated 3.5.0 Use getSalt()/setSalt() instead.
* @param string|null $salt The salt to use for encryption routines. If null returns current salt.
* @return string The currently configured salt
*/
public static function salt($salt = null)
{
deprecationWarning(
'Security::salt() is deprecated. ' .
'Use Security::getSalt()/setSalt() instead.'
);
if ($salt === null) {
return static::$_salt;
}
return static::$_salt = (string)$salt;
}
}