diff options
author | Derek Jones <derek.jones@ellislab.com> | 2010-08-31 20:17:10 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2010-08-31 20:17:10 +0200 |
commit | 09c7793b23ae77c54e25d12b63d8ca9c9232efeb (patch) | |
tree | 887f1887200491e8846693932ea0cd39ebdd4864 | |
parent | b1e973247b66e0f4dc576484add50c2ebe10125a (diff) |
Significant changes to the Encryption library
- Removed double-encoding with XOR scheme when Mcrypt is available. Additional obfuscation was not significantly aiding security, and came at a very high performance cost.
- Changed the default encryption mode from ECB to CBC for much improved security
- Added an encode_from_legacy() method to allow re-encoding of permanent data that was originally encoded with the older methods.
-rw-r--r-- | system/libraries/Encrypt.php | 75 | ||||
-rw-r--r-- | user_guide/changelog.html | 4 | ||||
-rw-r--r-- | user_guide/installation/upgrade_200.html | 15 | ||||
-rw-r--r-- | user_guide/libraries/encryption.html | 44 |
4 files changed, 126 insertions, 12 deletions
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 44fdce03b..8beff75d6 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -116,12 +116,16 @@ class CI_Encrypt { function encode($string, $key = '') { $key = $this->get_key($key); - $enc = $this->_xor_encode($string, $key); - + if ($this->_mcrypt_exists === TRUE) { - $enc = $this->mcrypt_encode($enc, $key); + $enc = $this->mcrypt_encode($string, $key); + } + else + { + $enc = $this->_xor_encode($string, $key); } + return base64_encode($enc); } @@ -155,12 +159,71 @@ class CI_Encrypt { return FALSE; } } - - return $this->_xor_decode($dec, $key); + else + { + $dec = $this->_xor_decode($dec, $key); + } + + return $dec; } // -------------------------------------------------------------------- + + /** + * Encode from Legacy + * + * Takes an encoded string from the original Encryption class algorithms and + * returns a newly encoded string using the improved method added in 2.0.0 + * This allows for backwards compatibility and a method to transition to the + * new encryption algorithms. + * + * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption + * + * @access public + * @param string + * @param int (mcrypt mode constant) + * @param string + * @return string + */ + function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') + { + if ($this->_mcrypt_exists === FALSE) + { + log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.'); + return FALSE; + } + + // decode it first + // set mode temporarily to what it was when string was encoded with the legacy + // algorithm - typically MCRYPT_MODE_ECB + $current_mode = $this->_get_mode(); + $this->set_mode($legacy_mode); + + $key = $this->get_key($key); + + if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) + { + return FALSE; + } + + $dec = base64_decode($string); + + if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) + { + return FALSE; + } + + $dec = $this->_xor_decode($dec, $key); + // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC + $this->set_mode(MCRYPT_MODE_CBC); + + // and re-encode + return base64_encode($this->mcrypt_encode($dec, $key)); + } + + // -------------------------------------------------------------------- + /** * XOR Encode * @@ -412,7 +475,7 @@ class CI_Encrypt { { if ($this->_mcrypt_mode == '') { - $this->_mcrypt_mode = MCRYPT_MODE_ECB; + $this->_mcrypt_mode = MCRYPT_MODE_CBC; } return $this->_mcrypt_mode; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index d9c17ab76..c42bde01e 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -100,6 +100,10 @@ Hg Tag: </p> <li>Added a second parameter (boolean) to <kbd>$this->zip->read_dir('/path/to/directory', FALSE)</kbd> to remove the preceding trail of empty folders when creating a Zip archive. This example would contain a zip with "directory" and all of its contents.</li> <li>Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.</li> <li>Modified the Session class to prevent use if no encryption key is set in the config file.</li> + <li>Improved performance of the Encryption library on servers where Mcrypt is available.</li> + <li>Changed the default encryption mode in the Encryption library to CBC.</li> + <li>Added an <kbd>encode_from_legacy()</kbd> method to provide a way to transition encrypted data from CodeIgniter 1.x to CodeIgniter 2.x. + Please see the <a href="./installation/upgrade_200.html">upgrade instructions</a> for details.</li> </ul> </li> <li>Database diff --git a/user_guide/installation/upgrade_200.html b/user_guide/installation/upgrade_200.html index f45875b3c..155df90d3 100644 --- a/user_guide/installation/upgrade_200.html +++ b/user_guide/installation/upgrade_200.html @@ -89,7 +89,20 @@ to </p> -<h2>Step 3: Update your user guide</h2> +<h2>Step 4: Update stored encrypted data</h2> + +<p class="important"><strong>Note:</strong> If your application does not use the Encryption library, does not store Encrypted data permanently, or is on an environment that does not support Mcrypt, you may skip this step.</p> + +<p>The Encryption library has had a number of improvements, some for encryption strength and some for performance, that has an unavoidable consequence of + making it no longer possible to decode encrypted data produced by the original version of this library. To help with the transition, a new method has + been added, <kbd>encode_from_legacy()</kbd> that will decode the data with the original algorithm and return a re-encoded string using the improved methods. + This will enable you to easily replace stale encrypted data with fresh in your applications, either on the fly or en masse.</p> + +<p>Please read <a href="../libraries/encryption.html#legacy">how to use this method</a> in the Encryption library documentation.</p> + +</p> + +<h2>Step 5: Update your user guide</h2> <p>Please replace your local copy of the user guide with the new version, including the image files.</p> </div> diff --git a/user_guide/libraries/encryption.html b/user_guide/libraries/encryption.html index dac1db911..fbffd63c6 100644 --- a/user_guide/libraries/encryption.html +++ b/user_guide/libraries/encryption.html @@ -58,12 +58,11 @@ Encryption Class <h1>Encryption Class</h1> -<p>The Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles -the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using +<p>The Encryption Class provides two-way data encryption. It uses a scheme that either compiles +the message using a randomly hashed bitwise XOR encoding scheme, or is encrypted using the Mcrypt library. If Mcrypt is not available on your server the encoded message will still provide a reasonable degree of security for encrypted sessions or other such "light" purposes. -If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should -provide a very high degree of security.</p> +If Mcrypt is available, you'll be provided with a high degree of security appropriate for storage.</p> <h2>Setting your Key</h2> @@ -153,7 +152,7 @@ $encrypted_string = $this->encrypt->decode($msg, $key);</code> <h2>$this->encrypt->set_mode();</h2> -<p>Permits you to set an Mcrypt mode. By default it uses <samp>MCRYPT_MODE_ECB</samp>. Example:</p> +<p>Permits you to set an Mcrypt mode. By default it uses <samp>MCRYPT_MODE_CBC</samp>. Example:</p> <code>$this->encrypt->set_mode(MCRYPT_MODE_CFB);</code> <p>Please visit php.net for a list of <a href="http://php.net/mcrypt">available modes</a>.</p> @@ -169,7 +168,42 @@ function:</p> <p>If your server does not support SHA1 you can use the provided function.</p> +<h2 id="legacy">$this->encrypt->encode_from_legacy(<kbd>$orig_data</kbd>, <kbd>$legacy_mode</kbd> = MCRYPT_MODE_ECB, <kbd>$key</kbd> = '');</h2> +<p>Enables you to re-encode data that was originally encrypted with CodeIgniter 1.x to be compatible with the Encryption library in CodeIgniter 2.x. It is only + necessary to use this method if you have encrypted data stored permanently such as in a file or database and are on a server that supports Mcrypt. "Light" use encryption + such as encrypted session data or transitory encrypted flashdata require no intervention on your part. However, existing encrypted Sessions will be + destroyed since data encrypted prior to 2.x will not be decoded.</p> +<p class="important"><strong>Why only a method to re-encode the data instead of maintaining legacy methods for both encoding and decoding?</strong> The algorithms in + the Encryption library have improved in CodeIgniter 2.x both for performance and security, and we do not wish to encourage continued use of the older methods. + You can of course extend the Encryption library if you wish and replace the new methods with the old and retain seamless compatibility with CodeIgniter 1.x + encrypted data, but this a decision that a developer should make cautiously and deliberately, if at all.</p> + +<code>$new_data = $this->encrypt->encode_from_legacy(<kbd>$old_encrypted_string</kbd>);</code> + +<table cellpadding="0" cellspacing="1" border="0" style="width:100%" class="tableborder"> +<tr> + <th>Parameter</th> + <th>Default</th> + <th>Description</th> +</tr> +<tr> + <td class="td"><strong>$orig_data</strong></td> + <td class="td">n/a</td> + <td class="td">The original encrypted data from CodeIgniter 1.x's Encryption library</td> +</tr> +<tr> + <td class="td"><strong>$legacy_mode</strong></td> + <td class="td">MCRYPT_MODE_ECB</td> + <td class="td">The Mcrypt mode that was used to generate the original encrypted data. CodeIgniter 1.x's default was MCRYPT_MODE_ECB, and it will + assume that to be the case unless overridden by this parameter.</td> +</tr> +<tr> + <td class="td"><strong>$key</strong></td> + <td class="td">n/a</td> + <td class="td">The encryption key. This it typically specified in your config file as outlined above.</td> +</tr> +</table> </div> <!-- END CONTENT --> |