Revision 2242 | Zur aktuellen Revision | Blame | Vergleich mit vorheriger | Letzte Ă„nderung | Log anzeigen | RSS feed
<?php/*** CodeIgniter** An open source application development framework for PHP** This content is released under the MIT License (MIT)** Copyright (c) 2014 - 2017, British Columbia Institute of Technology** Permission is hereby granted, free of charge, to any person obtaining a copy* of this software and associated documentation files (the "Software"), to deal* in the Software without restriction, including without limitation the rights* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell* copies of the Software, and to permit persons to whom the Software is* furnished to do so, subject to the following conditions:** The above copyright notice and this permission notice shall be included in* all copies or substantial portions of the Software.** THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN* THE SOFTWARE.** @package CodeIgniter* @author EllisLab Dev Team* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)* @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)* @license http://opensource.org/licenses/MIT MIT License* @link https://codeigniter.com* @since Version 1.0.0* @filesource*/defined('BASEPATH') OR exit('No direct script access allowed');/*** CodeIgniter Encryption Class** Provides two-way keyed encoding using Mcrypt** @package CodeIgniter* @subpackage Libraries* @category Libraries* @author EllisLab Dev Team* @link https://codeigniter.com/user_guide/libraries/encryption.html*/class CI_Encrypt {/*** Reference to the user's encryption key** @var string*/public $encryption_key = '';/*** Type of hash operation** @var string*/protected $_hash_type = 'sha1';/*** Flag for the existence of mcrypt** @var bool*/protected $_mcrypt_exists = FALSE;/*** Current cipher to be used with mcrypt** @var string*/protected $_mcrypt_cipher;/*** Method for encrypting/decrypting data** @var int*/protected $_mcrypt_mode;/*** Initialize Encryption class** @return void*/public function __construct(){if (($this->_mcrypt_exists = function_exists('mcrypt_encrypt')) === FALSE){show_error('The Encrypt library requires the Mcrypt extension.');}log_message('info', 'Encrypt Class Initialized');}// --------------------------------------------------------------------/*** Fetch the encryption key** Returns it as MD5 in order to have an exact-length 128 bit key.* Mcrypt is sensitive to keys that are not the correct length** @param string* @return string*/public function get_key($key = ''){if ($key === ''){if ($this->encryption_key !== ''){return $this->encryption_key;}$key = config_item('encryption_key');if ( ! self::strlen($key)){show_error('In order to use the encryption class requires that you set an encryption key in your config file.');}}return md5($key);}// --------------------------------------------------------------------/*** Set the encryption key** @param string* @return CI_Encrypt*/public function set_key($key = ''){$this->encryption_key = $key;return $this;}// --------------------------------------------------------------------/*** Encode** Encodes the message string using bitwise XOR encoding.* The key is combined with a random hash, and then it* too gets converted using XOR. The whole thing is then run* through mcrypt using the randomized key. The end result* is a double-encrypted message string that is randomized* with each call to this function, even if the supplied* message and key are the same.** @param string the string to encode* @param string the key* @return string*/public function encode($string, $key = ''){return base64_encode($this->mcrypt_encode($string, $this->get_key($key)));}// --------------------------------------------------------------------/*** Decode** Reverses the above process** @param string* @param string* @return string*/public function decode($string, $key = ''){if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string) OR base64_encode(base64_decode($string)) !== $string){return FALSE;}return $this->mcrypt_decode(base64_decode($string), $this->get_key($key));}// --------------------------------------------------------------------/*** Encode from Legacy** Takes an encoded string from the original Encryption class algorithms and* returns a newly encoded string using the improved method added in 2.0.0* This allows for backwards compatibility and a method to transition to the* new encryption algorithms.** For more details, see https://codeigniter.com/user_guide/installation/upgrade_200.html#encryption** @param string* @param int (mcrypt mode constant)* @param string* @return string*/public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = ''){if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)){return FALSE;}// decode it first// set mode temporarily to what it was when string was encoded with the legacy// algorithm - typically MCRYPT_MODE_ECB$current_mode = $this->_get_mode();$this->set_mode($legacy_mode);$key = $this->get_key($key);$dec = base64_decode($string);if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE){$this->set_mode($current_mode);return FALSE;}$dec = $this->_xor_decode($dec, $key);// set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC$this->set_mode($current_mode);// and re-encodereturn base64_encode($this->mcrypt_encode($dec, $key));}// --------------------------------------------------------------------/*** XOR Decode** Takes an encoded string and key as input and generates the* plain-text original message** @param string* @param string* @return string*/protected function _xor_decode($string, $key){$string = $this->_xor_merge($string, $key);$dec = '';for ($i = 0, $l = self::strlen($string); $i < $l; $i++){$dec .= ($string[$i++] ^ $string[$i]);}return $dec;}// --------------------------------------------------------------------/*** XOR key + string Combiner** Takes a string and key as input and computes the difference using XOR** @param string* @param string* @return string*/protected function _xor_merge($string, $key){$hash = $this->hash($key);$str = '';for ($i = 0, $ls = self::strlen($string), $lh = self::strlen($hash); $i < $ls; $i++){$str .= $string[$i] ^ $hash[($i % $lh)];}return $str;}// --------------------------------------------------------------------/*** Encrypt using Mcrypt** @param string* @param string* @return string*/public function mcrypt_encode($data, $key){$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());$init_vect = mcrypt_create_iv($init_size, MCRYPT_DEV_URANDOM);return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);}// --------------------------------------------------------------------/*** Decrypt using Mcrypt** @param string* @param string* @return string*/public function mcrypt_decode($data, $key){$data = $this->_remove_cipher_noise($data, $key);$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());if ($init_size > self::strlen($data)){return FALSE;}$init_vect = self::substr($data, 0, $init_size);$data = self::substr($data, $init_size);return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");}// --------------------------------------------------------------------/*** Adds permuted noise to the IV + encrypted data to protect* against Man-in-the-middle attacks on CBC mode ciphers* http://www.ciphersbyritter.com/GLOSSARY.HTM#IV** @param string* @param string* @return string*/protected function _add_cipher_noise($data, $key){$key = $this->hash($key);$str = '';for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j){if ($j >= $lk){$j = 0;}$str .= chr((ord($data[$i]) + ord($key[$j])) % 256);}return $str;}// --------------------------------------------------------------------/*** Removes permuted noise from the IV + encrypted data, reversing* _add_cipher_noise()** Function description** @param string $data* @param string $key* @return string*/protected function _remove_cipher_noise($data, $key){$key = $this->hash($key);$str = '';for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j){if ($j >= $lk){$j = 0;}$temp = ord($data[$i]) - ord($key[$j]);if ($temp < 0){$temp += 256;}$str .= chr($temp);}return $str;}// --------------------------------------------------------------------/*** Set the Mcrypt Cipher** @param int* @return CI_Encrypt*/public function set_cipher($cipher){$this->_mcrypt_cipher = $cipher;return $this;}// --------------------------------------------------------------------/*** Set the Mcrypt Mode** @param int* @return CI_Encrypt*/public function set_mode($mode){$this->_mcrypt_mode = $mode;return $this;}// --------------------------------------------------------------------/*** Get Mcrypt cipher Value** @return int*/protected function _get_cipher(){if ($this->_mcrypt_cipher === NULL){return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;}return $this->_mcrypt_cipher;}// --------------------------------------------------------------------/*** Get Mcrypt Mode Value** @return int*/protected function _get_mode(){if ($this->_mcrypt_mode === NULL){return $this->_mcrypt_mode = MCRYPT_MODE_CBC;}return $this->_mcrypt_mode;}// --------------------------------------------------------------------/*** Set the Hash type** @param string* @return void*/public function set_hash($type = 'sha1'){$this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1';}// --------------------------------------------------------------------/*** Hash encode a string** @param string* @return string*/public function hash($str){return hash($this->_hash_type, $str);}// --------------------------------------------------------------------/*** Byte-safe strlen()** @param string $str* @return int*/protected static function strlen($str){return defined('MB_OVERLOAD_STRING')? mb_strlen($str, '8bit'): strlen($str);}// --------------------------------------------------------------------/*** Byte-safe substr()** @param string $str* @param int $start* @param int $length* @return string*/protected static function substr($str, $start, $length = NULL){if (defined('MB_OVERLOAD_STRING')){// mb_substr($str, $start, null, '8bit') returns an empty// string on PHP 5.3isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);return mb_substr($str, $start, $length, '8bit');}return isset($length)? substr($str, $start, $length): substr($str, $start);}}