diff options
| author | Greg Aker <greg@gregaker.net> | 2011-12-26 04:59:30 +0100 |
|---|---|---|
| committer | Greg Aker <greg@gregaker.net> | 2011-12-26 04:59:30 +0100 |
| commit | d1af1854e3444d58907225f46f473723cdf97628 (patch) | |
| tree | f25c9977e160e01de68d098ab44394b4a3c0d092 | |
| parent | a96ade374f28cdae97036fc253fd8b2a0e8dc81a (diff) | |
Removing previously deprecated SHA1 library and removed SHA1 method in the Encryption Library
| -rw-r--r-- | system/libraries/Encrypt.php | 105 | ||||
| -rw-r--r-- | system/libraries/Sha1.php | 263 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/encryption.rst | 15 |
4 files changed, 29 insertions, 356 deletions
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c2cb808dd..92b0b3c4a 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -40,22 +40,19 @@ */ class CI_Encrypt { - var $CI; - var $encryption_key = ''; - var $_hash_type = 'sha1'; - var $_mcrypt_exists = FALSE; - var $_mcrypt_cipher; - var $_mcrypt_mode; + public $encryption_key = ''; + protected $_hash_type = 'sha1'; + protected $_mcrypt_exists = FALSE; + protected $_mcrypt_cipher; + protected $_mcrypt_mode; /** * Constructor * * Simply determines whether the mcrypt library exists. - * */ public function __construct() { - $this->CI =& get_instance(); $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; log_message('debug', "Encrypt Class Initialized"); } @@ -68,11 +65,10 @@ class CI_Encrypt { * Returns it as MD5 in order to have an exact-length 128 bit key. * Mcrypt is sensitive to keys that are not the correct length * - * @access public * @param string * @return string */ - function get_key($key = '') + public function get_key($key = '') { if ($key == '') { @@ -84,7 +80,7 @@ class CI_Encrypt { $CI =& get_instance(); $key = $CI->config->item('encryption_key'); - if ($key == FALSE) + if ($key === FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } @@ -98,13 +94,13 @@ class CI_Encrypt { /** * Set the encryption key * - * @access public * @param string * @return void */ - function set_key($key = '') + public function set_key($key = '') { $this->encryption_key = $key; + return $this; } // -------------------------------------------------------------------- @@ -120,12 +116,11 @@ class CI_Encrypt { * that is randomized with each call to this function, * even if the supplied message and key are the same. * - * @access public * @param string the string to encode * @param string the key * @return string */ - function encode($string, $key = '') + public function encode($string, $key = '') { $key = $this->get_key($key); @@ -148,12 +143,11 @@ class CI_Encrypt { * * Reverses the above process * - * @access public * @param string * @param string * @return string */ - function decode($string, $key = '') + public function decode($string, $key = '') { $key = $this->get_key($key); @@ -191,13 +185,12 @@ class CI_Encrypt { * * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption * - * @access public * @param string * @param int (mcrypt mode constant) * @param string * @return string */ - function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') + public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { if ($this->_mcrypt_exists === FALSE) { @@ -242,12 +235,11 @@ class CI_Encrypt { * Takes a plain-text string and key as input and generates an * encoded bit-string using XOR * - * @access private * @param string * @param string * @return string */ - function _xor_encode($string, $key) + protected function _xor_encode($string, $key) { $rand = ''; while (strlen($rand) < 32) @@ -274,12 +266,11 @@ class CI_Encrypt { * Takes an encoded string and key as input and generates the * plain-text original message * - * @access private * @param string * @param string * @return string */ - function _xor_decode($string, $key) + protected function _xor_decode($string, $key) { $string = $this->_xor_merge($string, $key); @@ -299,12 +290,11 @@ class CI_Encrypt { * * Takes a string and key as input and computes the difference using XOR * - * @access private * @param string * @param string * @return string */ - function _xor_merge($string, $key) + protected function _xor_merge($string, $key) { $hash = $this->hash($key); $str = ''; @@ -321,12 +311,11 @@ class CI_Encrypt { /** * Encrypt using Mcrypt * - * @access public * @param string * @param string * @return string */ - function mcrypt_encode($data, $key) + public function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); @@ -338,12 +327,11 @@ class CI_Encrypt { /** * Decrypt using Mcrypt * - * @access public * @param string * @param string * @return string */ - function mcrypt_decode($data, $key) + public function mcrypt_decode($data, $key) { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); @@ -365,14 +353,11 @@ class CI_Encrypt { * against Man-in-the-middle attacks on CBC mode ciphers * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV * - * Function description - * - * @access private * @param string * @param string * @return string */ - function _add_cipher_noise($data, $key) + protected function _add_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); @@ -399,11 +384,10 @@ class CI_Encrypt { * * Function description * - * @access public * @param type * @return type */ - function _remove_cipher_noise($data, $key) + protected function _remove_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); @@ -434,13 +418,13 @@ class CI_Encrypt { /** * Set the Mcrypt Cipher * - * @access public * @param constant * @return string */ - function set_cipher($cipher) + public function set_cipher($cipher) { $this->_mcrypt_cipher = $cipher; + return $this; } // -------------------------------------------------------------------- @@ -448,13 +432,13 @@ class CI_Encrypt { /** * Set the Mcrypt Mode * - * @access public * @param constant * @return string */ function set_mode($mode) { $this->_mcrypt_mode = $mode; + return $this; } // -------------------------------------------------------------------- @@ -462,10 +446,9 @@ class CI_Encrypt { /** * Get Mcrypt cipher Value * - * @access private * @return string */ - function _get_cipher() + protected function _get_cipher() { if ($this->_mcrypt_cipher == '') { @@ -480,10 +463,9 @@ class CI_Encrypt { /** * Get Mcrypt Mode Value * - * @access private * @return string */ - function _get_mode() + protected function _get_mode() { if ($this->_mcrypt_mode == '') { @@ -498,11 +480,10 @@ class CI_Encrypt { /** * Set the Hash type * - * @access public * @param string * @return string */ - function set_hash($type = 'sha1') + public function set_hash($type = 'sha1') { $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type; } @@ -512,45 +493,13 @@ class CI_Encrypt { /** * Hash encode a string * - * @access public * @param string * @return string */ - function hash($str) + public function hash($str) { - return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str); + return ($this->_hash_type == 'sha1') ? sha1($str) : md5($str); } - - // -------------------------------------------------------------------- - - /** - * Generate an SHA1 Hash - * - * @access public - * @param string - * @return string - */ - function sha1($str) - { - if ( ! function_exists('sha1')) - { - if ( ! function_exists('mhash')) - { - require_once(BASEPATH.'libraries/Sha1.php'); - $SH = new CI_SHA; - return $SH->generate($str); - } - else - { - return bin2hex(mhash(MHASH_SHA1, $str)); - } - } - else - { - return sha1($str); - } - } - } // END CI_Encrypt class diff --git a/system/libraries/Sha1.php b/system/libraries/Sha1.php deleted file mode 100644 index 477b92bcb..000000000 --- a/system/libraries/Sha1.php +++ /dev/null @@ -1,263 +0,0 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); -/** - * CodeIgniter - * - * An open source application development framework for PHP 5.1.6 or newer - * - * NOTICE OF LICENSE - * - * Licensed under the Open Software License version 3.0 - * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. - * - * @package CodeIgniter - * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 1.0 - * @filesource - */ - -// ------------------------------------------------------------------------ - -/** - * SHA1 Encoding Class - * - * Purpose: Provides 160 bit hashing using The Secure Hash Algorithm - * developed at the National Institute of Standards and Technology. The 40 - * character SHA1 message hash is computationally infeasible to crack. - * - * This class is a fallback for servers that are not running PHP greater than - * 4.3, or do not have the MHASH library. - * - * This class is based on two scripts: - * - * Marcus Campbell's PHP implementation (GNU license) - * http://www.tecknik.net/sha-1/ - * - * ...which is based on Paul Johnston's JavaScript version - * (BSD license). http://pajhome.org.uk/ - * - * I encapsulated the functions and wrote one additional method to fix - * a hex conversion bug. - Rick Ellis - * - * @package CodeIgniter - * @subpackage Libraries - * @category Encryption - * @author EllisLab Dev Team - * @link http://codeigniter.com/user_guide/libraries/encryption.html - */ -class CI_SHA1 { - - public function __construct() - { - log_message('debug', "SHA1 Class Initialized"); - } - - /** - * Generate the Hash - * - * @access public - * @param string - * @return string - */ - function generate($str) - { - $n = ((strlen($str) + 8) >> 6) + 1; - - for ($i = 0; $i < $n * 16; $i++) - { - $x[$i] = 0; - } - - for ($i = 0; $i < strlen($str); $i++) - { - $x[$i >> 2] |= ord(substr($str, $i, 1)) << (24 - ($i % 4) * 8); - } - - $x[$i >> 2] |= 0x80 << (24 - ($i % 4) * 8); - - $x[$n * 16 - 1] = strlen($str) * 8; - - $a = 1732584193; - $b = -271733879; - $c = -1732584194; - $d = 271733878; - $e = -1009589776; - - for ($i = 0; $i < count($x); $i += 16) - { - $olda = $a; - $oldb = $b; - $oldc = $c; - $oldd = $d; - $olde = $e; - - for ($j = 0; $j < 80; $j++) - { - if ($j < 16) - { - $w[$j] = $x[$i + $j]; - } - else - { - $w[$j] = $this->_rol($w[$j - 3] ^ $w[$j - 8] ^ $w[$j - 14] ^ $w[$j - 16], 1); - } - - $t = $this->_safe_add($this->_safe_add($this->_rol($a, 5), $this->_ft($j, $b, $c, $d)), $this->_safe_add($this->_safe_add($e, $w[$j]), $this->_kt($j))); - - $e = $d; - $d = $c; - $c = $this->_rol($b, 30); - $b = $a; - $a = $t; - } - - $a = $this->_safe_add($a, $olda); - $b = $this->_safe_add($b, $oldb); - $c = $this->_safe_add($c, $oldc); - $d = $this->_safe_add($d, $oldd); - $e = $this->_safe_add($e, $olde); - } - - return $this->_hex($a).$this->_hex($b).$this->_hex($c).$this->_hex($d).$this->_hex($e); - } - - // -------------------------------------------------------------------- - - /** - * Convert a decimal to hex - * - * @access private - * @param string - * @return string - */ - function _hex($str) - { - $str = dechex($str); - - if (strlen($str) == 7) - { - $str = '0'.$str; - } - - return $str; - } - - // -------------------------------------------------------------------- - - /** - * Return result based on iteration - * - * @access private - * @return string - */ - function _ft($t, $b, $c, $d) - { - if ($t < 20) - return ($b & $c) | ((~$b) & $d); - if ($t < 40) - return $b ^ $c ^ $d; - if ($t < 60) - return ($b & $c) | ($b & $d) | ($c & $d); - - return $b ^ $c ^ $d; - } - - // -------------------------------------------------------------------- - - /** - * Determine the additive constant - * - * @access private - * @return string - */ - function _kt($t) - { - if ($t < 20) - { - return 1518500249; - } - else if ($t < 40) - { - return 1859775393; - } - else if ($t < 60) - { - return -1894007588; - } - else - { - return -899497514; - } - } - - // -------------------------------------------------------------------- - - /** - * Add integers, wrapping at 2^32 - * - * @access private - * @return string - */ - function _safe_add($x, $y) - { - $lsw = ($x & 0xFFFF) + ($y & 0xFFFF); - $msw = ($x >> 16) + ($y >> 16) + ($lsw >> 16); - - return ($msw << 16) | ($lsw & 0xFFFF); - } - - // -------------------------------------------------------------------- - - /** - * Bitwise rotate a 32-bit number - * - * @access private - * @return integer - */ - function _rol($num, $cnt) - { - return ($num << $cnt) | $this->_zero_fill($num, 32 - $cnt); - } - - // -------------------------------------------------------------------- - - /** - * Pad string with zero - * - * @access private - * @return string - */ - function _zero_fill($a, $b) - { - $bin = decbin($a); - - if (strlen($bin) < $b) - { - $bin = 0; - } - else - { - $bin = substr($bin, 0, strlen($bin) - $b); - } - - for ($i=0; $i < $b; $i++) - { - $bin = "0".$bin; - } - - return bindec($bin); - } -} -// END CI_SHA - -/* End of file Sha1.php */ -/* Location: ./system/libraries/Sha1.php */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 54237e3c7..60425a436 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -28,6 +28,7 @@ Release Date: Not Released - Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php. - Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php. - Changed logger to only chmod when file is first created. + - Removed previously deprecated SHA1 Library. - Helpers @@ -54,6 +55,7 @@ Release Date: Not Released - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" - Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability - Minor speed optimizations and method & property visibility declarations in the Calendar Library. + - Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`. - Core diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 80b45e4d7..28bdca203 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -126,21 +126,6 @@ Example:: Please visit php.net for a list of `available modes <http://php.net/mcrypt>`_. -$this->encrypt->sha1(); -======================= - -SHA1 encoding function. Provide a string and it will return a 160 bit -one way hash. Note: SHA1, just like MD5 is non-decodable. Example:: - - $hash = $this->encrypt->sha1('Some string'); - -Many PHP installations have SHA1 support by default so if all you need -is to encode a hash it's simpler to use the native function:: - - $hash = sha1('Some string'); - -If your server does not support SHA1 you can use the provided function. - $this->encrypt->encode_from_legacy($orig_data, $legacy_mode = MCRYPT_MODE_ECB, $key = ''); ========================================================================================== |