Permalink
Browse files

Add phpseclib for pure-php implementation of legacy mcrypt-ed data. W…

…e have to switch to another block size for future.
  • Loading branch information...
1 parent 9aa6534 commit 89053cb1d2eb1a7ac15e55fd14be8a5d48c7f7ec @cdujeu cdujeu committed Sep 26, 2016
@@ -19,7 +19,8 @@
"sabre/dav":"1.8.10",
"aws/aws-sdk-php": "^3.19.4",
"meenie/javascript-packer":"1.1",
- "dapphp/securimage":"3.6.4"
+ "dapphp/securimage":"3.6.4",
+ "phpseclib/phpseclib":"2.0.3"
}
}
@@ -20,7 +20,11 @@
*/
namespace Pydio\Core\Utils;
+use phpseclib\Crypt\Rijndael;
use Pydio\Core\Services\ConfService;
+use Pydio\Core\Utils\Crypto\ZeroPaddingRijndael;
+use Pydio\Core\Utils\Vars\StringHelper;
+
defined('AJXP_EXEC') or die('Access not allowed');
@@ -59,7 +63,13 @@ public static function getCliSecret(){
* @return string
*/
public static function getRandomSalt($base64encode = true){
- $salt = mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM);
+ if(function_exists('openssl_random_pseudo_bytes')){
+ $salt = openssl_random_pseudo_bytes(32);
+ }else if (function_exists('mcrypt_create_iv')){
+ $salt = mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM);
+ }else{
+ $salt = StringHelper::generateRandomString(32, true);
+ }
return ($base64encode ? base64_encode($salt) : $salt);
}
@@ -70,7 +80,10 @@ public static function getRandomSalt($base64encode = true){
* @return mixed
*/
public static function encrypt($data, $key, $base64encode = true){
- $encoded = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB);
+ $r = new ZeroPaddingRijndael(Rijndael::MODE_ECB);
+ $r->setKey($key);
+ $r->setBlockLength(256);
+ $encoded = $r->encrypt($data);
if($base64encode) {
return base64_encode($encoded);
} else {
@@ -88,7 +101,10 @@ public static function decrypt($data, $key, $base64encoded = true){
if($base64encoded){
$data = base64_decode($data);
}
- return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB), "\0");
+ $r = new ZeroPaddingRijndael(Rijndael::MODE_ECB);
+ $r->setKey($key);
+ $r->setBlockLength(256);
+ return $r->decrypt($data);
}
}
@@ -0,0 +1,83 @@
+<?php
+/*
+ * Copyright 2007-2016 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <https://pydio.com/>.
+ */
+
+namespace Pydio\Core\Utils\Crypto;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+use \phpseclib\Crypt\Rijndael;
+
+/**
+ * Class ZeroPaddingRijndael
+ * @package Pydio\Core\Utils\Crypto
+ */
+class ZeroPaddingRijndael extends Rijndael {
+ /**
+ * Pads a string
+ *
+ * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize.
+ * $this->block_size - (strlen($text) % $this->block_size) bytes are added, each of which is equal to
+ * chr($this->block_size - (strlen($text) % $this->block_size)
+ *
+ * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless
+ * and padding will, hence forth, be enabled.
+ *
+ * @see self::_unpad()
+ * @param string $text
+ * @throws \LengthException if padding is disabled and the plaintext's length is not a multiple of the block size
+ * @access private
+ * @return string
+ */
+ function _pad($text)
+ {
+ $length = strlen($text);
+
+ if (!$this->padding) {
+ if ($length % $this->block_size == 0) {
+ return $text;
+ } else {
+ throw new \LengthException("The plaintext's length ($length) is not a multiple of the block size ({$this->block_size}). Try enabling padding.");
+ }
+ }
+
+ $pad = $this->block_size - ($length % $this->block_size);
+ return str_pad($text, $length + $pad, "\0");
+ }
+ /**
+ * Unpads a string.
+ *
+ * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong
+ * and false will be returned.
+ *
+ * @see self::_pad()
+ * @param string $text
+ * @throws \LengthException if the ciphertext's length is not a multiple of the block size
+ * @access private
+ * @return string
+ */
+ function _unpad($text) {
+ $trimed = trim($text, "\0");
+ while($text === $trimed){
+ $trimed = trim($text, "\0");
+ }
+ return $trimed;
+ }
+}

0 comments on commit 89053cb

Please sign in to comment.