mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-05 09:41:40 +09:00
Remove code that uses defuse/php-encryption (from next branch)
This commit is contained in:
Kijin Sung
parent
0ed1cfdef7
commit
35a93f3928
3 changed files with 43 additions and 69 deletions
|
|
@ -48,30 +48,16 @@ class Security
|
|||
*
|
||||
* @param string $plaintext
|
||||
* @param string $key (optional)
|
||||
* @param bool $force_compat (optional)
|
||||
* @return string|false
|
||||
*/
|
||||
public static function encrypt($plaintext, $key = null, $force_compat = false)
|
||||
public static function encrypt($plaintext, $key = null)
|
||||
{
|
||||
// Get the encryption key.
|
||||
$key = $key ?: config('crypto.encryption_key');
|
||||
$key = substr(hash('sha256', $key, true), 0, 16);
|
||||
|
||||
// Use defuse/php-encryption if possible.
|
||||
if (!$force_compat && function_exists('openssl_encrypt'))
|
||||
{
|
||||
return base64_encode(\Crypto::Encrypt($plaintext, $key));
|
||||
}
|
||||
|
||||
// Otherwise, use the CryptoCompat class.
|
||||
if (function_exists('mcrypt_encrypt'))
|
||||
{
|
||||
return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception('msg_crypto_not_available');
|
||||
}
|
||||
// Encrypt in a format that is compatible with defuse/php-encryption 1.2.x.
|
||||
return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -79,10 +65,9 @@ class Security
|
|||
*
|
||||
* @param string $plaintext
|
||||
* @param string $key (optional)
|
||||
* @param bool $force_compat (optional)
|
||||
* @return string|false
|
||||
*/
|
||||
public static function decrypt($ciphertext, $key = null, $force_compat = false)
|
||||
public static function decrypt($ciphertext, $key = null)
|
||||
{
|
||||
// Get the encryption key.
|
||||
$key = $key ?: config('crypto.encryption_key');
|
||||
|
|
@ -95,28 +80,8 @@ class Security
|
|||
return false;
|
||||
}
|
||||
|
||||
// Use defuse/php-encryption if possible.
|
||||
if (!$force_compat && function_exists('openssl_decrypt'))
|
||||
{
|
||||
try
|
||||
{
|
||||
return \Crypto::Decrypt($ciphertext, $key);
|
||||
}
|
||||
catch (\InvalidCiphertextException $e)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Otherwise, use the CryptoCompat class.
|
||||
if (function_exists('mcrypt_decrypt'))
|
||||
{
|
||||
return \CryptoCompat::decrypt($ciphertext, $key);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception('msg_crypto_not_available');
|
||||
}
|
||||
// Decrypt in a format that is compatible with defuse/php-encryption 1.2.x.
|
||||
return \CryptoCompat::decrypt($ciphertext, $key);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This class uses mcrypt to perform encryption and decryption in a way
|
||||
* that is fully compatible with https://github.com/defuse/php-encryption
|
||||
* This class uses openssl to perform encryption and decryption in a format
|
||||
* that is fully compatible with version 1.x of defuse/php-encryption
|
||||
* which we must preserve for backward compatibility.
|
||||
*
|
||||
* This file is part of Rhymix and is licensed under GPLv2 or later.
|
||||
*/
|
||||
class CryptoCompat
|
||||
{
|
||||
|
|
@ -26,9 +29,21 @@ class CryptoCompat
|
|||
$iv = self::_createIV();
|
||||
|
||||
// Encrypt the plaintext
|
||||
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
|
||||
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
|
||||
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv);
|
||||
if (function_exists('openssl_encrypt'))
|
||||
{
|
||||
$openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
|
||||
$ciphertext = openssl_encrypt($plaintext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
|
||||
}
|
||||
elseif (function_exists('mcrypt_encrypt'))
|
||||
{
|
||||
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
|
||||
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
|
||||
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
|
||||
}
|
||||
|
||||
// Generate MAC
|
||||
$mac_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_MAC_INFO);
|
||||
|
|
@ -58,13 +73,25 @@ class CryptoCompat
|
|||
$enc_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_KEY_INFO);
|
||||
|
||||
// Decrypt the ciphertext
|
||||
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
|
||||
$plaintext = @mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
|
||||
if ($plaintext === false)
|
||||
if (function_exists('openssl_decrypt'))
|
||||
{
|
||||
return false;
|
||||
$openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
|
||||
$plaintext = openssl_decrypt($ciphertext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
|
||||
}
|
||||
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
|
||||
elseif (function_exists('mcrypt_decrypt'))
|
||||
{
|
||||
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
|
||||
$plaintext = mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
|
||||
if ($plaintext !== false)
|
||||
{
|
||||
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
|
||||
}
|
||||
|
||||
if ($plaintext === false)
|
||||
{
|
||||
return false;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue