fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-11 04:52:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove code that uses defuse/php-encryption (from next branch)

Browse source
This commit is contained in:
Kijin Sung 2022-12-25 18:26:10 +09:00
parent 0ed1cfdef7
commit 35a93f3928
3 changed files with 43 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

47
common/framework/security.php
View file

@ -48,30 +48,16 @@ class Security
* *
* @param string $plaintext * @param string $plaintext
* @param string $key (optional) * @param string $key (optional)
* @param bool $force_compat (optional)
* @return string|false * @return string|false
*/ */
public static function encrypt($plaintext, $key = null, $force_compat = false) public static function encrypt($plaintext, $key = null)
{ {
// Get the encryption key. // Get the encryption key.
$key = $key ?: config('crypto.encryption_key'); $key = $key ?: config('crypto.encryption_key');
$key = substr(hash('sha256', $key, true), 0, 16); $key = substr(hash('sha256', $key, true), 0, 16);
// Use defuse/php-encryption if possible. // Encrypt in a format that is compatible with defuse/php-encryption 1.2.x.
if (!$force_compat && function_exists('openssl_encrypt')) return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
{
return base64_encode(\Crypto::Encrypt($plaintext, $key));
}
// Otherwise, use the CryptoCompat class.
if (function_exists('mcrypt_encrypt'))
{
return base64_encode(\CryptoCompat::encrypt($plaintext, $key));
}
else
{
throw new Exception('msg_crypto_not_available');
}
} }
/** /**
@ -79,10 +65,9 @@ class Security
* *
* @param string $plaintext * @param string $plaintext
* @param string $key (optional) * @param string $key (optional)
* @param bool $force_compat (optional)
* @return string|false * @return string|false
*/ */
public static function decrypt($ciphertext, $key = null, $force_compat = false) public static function decrypt($ciphertext, $key = null)
{ {
// Get the encryption key. // Get the encryption key.
$key = $key ?: config('crypto.encryption_key'); $key = $key ?: config('crypto.encryption_key');
@ -95,28 +80,8 @@ class Security
return false; return false;
} }
// Use defuse/php-encryption if possible. // Decrypt in a format that is compatible with defuse/php-encryption 1.2.x.
if (!$force_compat && function_exists('openssl_decrypt')) return \CryptoCompat::decrypt($ciphertext, $key);
{
try
{
return \Crypto::Decrypt($ciphertext, $key);
}
catch (\InvalidCiphertextException $e)
{
return false;
}
}
// Otherwise, use the CryptoCompat class.
if (function_exists('mcrypt_decrypt'))
{
return \CryptoCompat::decrypt($ciphertext, $key);
}
else
{
throw new Exception('msg_crypto_not_available');
}
} }
/** /**

47
common/libraries/cryptocompat.php
View file

@ -1,8 +1,11 @@
<?php <?php
/** /**
* This class uses mcrypt to perform encryption and decryption in a way * This class uses openssl to perform encryption and decryption in a format
* that is fully compatible with https://github.com/defuse/php-encryption * that is fully compatible with version 1.x of defuse/php-encryption
* which we must preserve for backward compatibility.
*
* This file is part of Rhymix and is licensed under GPLv2 or later.
*/ */
class CryptoCompat class CryptoCompat
{ {
@ -26,9 +29,21 @@ class CryptoCompat
$iv = self::_createIV(); $iv = self::_createIV();
// Encrypt the plaintext // Encrypt the plaintext
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO); if (function_exists('openssl_encrypt'))
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE); {
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv); $openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
$ciphertext = openssl_encrypt($plaintext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
}
elseif (function_exists('mcrypt_encrypt'))
{
$plaintext = self::_applyPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$ciphertext = mcrypt_encrypt($mcrypt_method, $enc_key, $plaintext, self::ENCRYPTION_MODE, $iv);
}
else
{
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
}
// Generate MAC // Generate MAC
$mac_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_MAC_INFO); $mac_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_MAC_INFO);
@ -58,13 +73,25 @@ class CryptoCompat
$enc_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_KEY_INFO); $enc_key = self::_defuseCompatibleHKDF($key, self::ENCRYPTION_KEY_INFO);
// Decrypt the ciphertext // Decrypt the ciphertext
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO); if (function_exists('openssl_decrypt'))
$plaintext = @mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
if ($plaintext === false)
{ {
return false; $openssl_method = strtoupper(self::ENCRYPTION_ALGO . '-' . self::ENCRYPTION_MODE);
$plaintext = openssl_decrypt($ciphertext, $openssl_method, $enc_key, OPENSSL_RAW_DATA, $iv);
} }
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE); elseif (function_exists('mcrypt_decrypt'))
{
$mcrypt_method = str_replace('aes', 'rijndael', self::ENCRYPTION_ALGO);
$plaintext = mcrypt_decrypt($mcrypt_method, $enc_key, $ciphertext, self::ENCRYPTION_MODE, $iv);
if ($plaintext !== false)
{
$plaintext = self::_stripPKCS7Padding($plaintext, self::ENCRYPTION_BLOCK_SIZE);
}
}
else
{
throw new Rhymix\Framework\Exception('msg_crypto_not_available');
}
if ($plaintext === false) if ($plaintext === false)
{ {
return false; return false;

18
tests/unit/framework/SecurityTest.php
View file

@ -35,24 +35,6 @@ class SecurityTest extends \Codeception\TestCase\Test
$decrypted = Rhymix\Framework\Security::decrypt($encrypted, $key); $decrypted = Rhymix\Framework\Security::decrypt($encrypted, $key);
$this->assertEquals($plaintext, $decrypted); $this->assertEquals($plaintext, $decrypted);
// Encryption with defuse/php-encryption and decryption with CryptoCompat.
if (function_exists('mcrypt_decrypt'))
{
$encrypted = Rhymix\Framework\Security::encrypt($plaintext);
$this->assertNotEquals(false, $encrypted);
$decrypted = Rhymix\Framework\Security::decrypt($encrypted, null, true);
$this->assertEquals($plaintext, $decrypted);
}
// Encryption with CryptoCompat and decryption with defuse/php-encryption.
if (function_exists('mcrypt_encrypt'))
{
$encrypted = Rhymix\Framework\Security::encrypt($plaintext, null, true);
$this->assertNotEquals(false, $encrypted);
$decrypted = Rhymix\Framework\Security::decrypt($encrypted);
$this->assertEquals($plaintext, $decrypted);
}
// Test invalid ciphertext. // Test invalid ciphertext.
$decrypted = Rhymix\Framework\Security::decrypt('1234' . substr($encrypted, 4)); $decrypted = Rhymix\Framework\Security::decrypt('1234' . substr($encrypted, 4));
$this->assertEquals(false, $decrypted); $this->assertEquals(false, $decrypted);