fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove code that uses defuse/php-encryption (from next branch)

Browse source
This commit is contained in:
Kijin Sung 2022-12-25 18:26:10 +09:00
parent 0ed1cfdef7
commit 35a93f3928
3 changed files with 43 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

47
common/framework/security.php
View file

@ -48,30 +48,16 @@ class Security
*
* @param string $plaintext
* @param string $key (optional)
* @param bool $force_compat (optional)
* @return string|false
*/
public static function encrypt($plaintext, $key = null, $force_compat = false)
public static function encrypt($plaintext, $key = null)
{
// Get the encryption key.
$key = $key ?: config('crypto.encryption_key');
$key = substr(hash('sha256', $key, true), 0, 16);
// Use defuse/php-encryption if possible.
if (!$force_compat && function_exists('openssl_encrypt'))
{
return base64_encode(\Crypto::Encrypt($plaintext, $key));
}
// Otherwise, use the CryptoCompat class.
if (function_exists('mcrypt_encrypt'))
{
return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
}
else
{
throw new Exception('msg_crypto_not_available');
}
// Encrypt in a format that is compatible with defuse/php-encryption 1.2.x.
return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
}
/**
@ -79,10 +65,9 @@ class Security
*
* @param string $plaintext
* @param string $key (optional)
* @param bool $force_compat (optional)
* @return string|false
*/
public static function decrypt($ciphertext, $key = null, $force_compat = false)
public static function decrypt($ciphertext, $key = null)
{
// Get the encryption key.
$key = $key ?: config('crypto.encryption_key');
@ -95,28 +80,8 @@ class Security
return false;
}
// Use defuse/php-encryption if possible.
if (!$force_compat && function_exists('openssl_decrypt'))
{
try
{
return \Crypto::Decrypt($ciphertext, $key);
}
catch (\InvalidCiphertextException $e)
{
return false;
}
}
// Otherwise, use the CryptoCompat class.
if (function_exists('mcrypt_decrypt'))
{
return \CryptoCompat::decrypt($ciphertext, $key);
}
else
{
throw new Exception('msg_crypto_not_available');
}
// Decrypt in a format that is compatible with defuse/php-encryption 1.2.x.
return \CryptoCompat::decrypt($ciphertext, $key);
}
/**

47
common/libraries/cryptocompat.php
View file

@ -1,8 +1,11 @@
<?php
/**
* This class uses mcrypt to perform encryption and decryption in a way
* that is fully compatible with https://github.com/defuse/php-encryption
* This class uses openssl to perform encryption and decryption in a format
* that is fully compatible with version 1.x of defuse/php-encryption
* which we must preserve for backward compatibility.
*
* This file is part of Rhymix and is licensed under GPLv2 or later.
*/
class CryptoCompat
{
@ -26,9 +29,21 @@ class CryptoCompat
$iv = self::_createIV();
// Encrypt the plaintext
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv);
if (function_exists('openssl_encrypt'))
{
$openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
$ciphertext = openssl_encrypt($plaintext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
}
elseif (function_exists('mcrypt_encrypt'))
{
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv);
}
else
{
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
}
// Generate MAC
$mac_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_MAC_INFO);
@ -58,13 +73,25 @@ class CryptoCompat
$enc_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_KEY_INFO);
// Decrypt the ciphertext
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$plaintext = @mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
if ($plaintext === false)
if (function_exists('openssl_decrypt'))
{
return false;
$openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
$plaintext = openssl_decrypt($ciphertext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
}
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
elseif (function_exists('mcrypt_decrypt'))
{
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$plaintext = mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
if ($plaintext !== false)
{
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
}
}
else
{
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
}
if ($plaintext === false)
{
return false;

18
tests/unit/framework/SecurityTest.php
View file

@ -35,24 +35,6 @@ class SecurityTest extends \Codeception\TestCase\Test
$decrypted = Rhymix\Framework\Security::decrypt($encrypted, $key);
$this->assertEquals($plaintext, $decrypted);
// Encryption with defuse/php-encryption and decryption with CryptoCompat.
if (function_exists('mcrypt_decrypt'))
{
$encrypted = Rhymix\Framework\Security::encrypt($plaintext);
$this->assertNotEquals(false, $encrypted);
$decrypted = Rhymix\Framework\Security::decrypt($encrypted, null, true);
$this->assertEquals($plaintext, $decrypted);
}
// Encryption with CryptoCompat and decryption with defuse/php-encryption.
if (function_exists('mcrypt_encrypt'))
{
$encrypted = Rhymix\Framework\Security::encrypt($plaintext, null, true);
$this->assertNotEquals(false, $encrypted);
$decrypted = Rhymix\Framework\Security::decrypt($encrypted);
$this->assertEquals($plaintext, $decrypted);
}
// Test invalid ciphertext.
$decrypted = Rhymix\Framework\Security::decrypt('1234' . substr($encrypted, 4));
$this->assertEquals(false, $decrypted);