diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2008-01-17 20:21:03 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2008-01-17 20:21:03 +0100 |
| commit | d32d45c350ac692db6397648d77b8b0d69ef7923 (patch) | |
| tree | cbfdcdba46082985b57e57a1f0c04ffd7689e321 /system/libraries/Encrypt.php | |
| parent | 57211eb60cb5bcb844695746e8cba9aa6c1f9924 (diff) | |
fixed bug #3003 preventing encryption from working with modes other than MCRYPT_MODE_ECB. Also added some noise to the cipher so the IV can safely be transported along with the encrypted data.
Diffstat (limited to 'system/libraries/Encrypt.php')
| -rw-r--r-- | system/libraries/Encrypt.php | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index e5ad78c11..5b2b7c017 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -249,7 +249,7 @@ class CI_Encrypt { {
$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
$init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND);
- return mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect);
+ return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);
}
// --------------------------------------------------------------------
@@ -264,14 +264,87 @@ class CI_Encrypt { */
function mcrypt_decode($data, $key)
{
+ $data = $this->_remove_cipher_noise($data, $key);
$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
- $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND);
+ $init_vect = substr($data, 0, $init_size);
+ $data = substr($data, $init_size);
return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");
}
// --------------------------------------------------------------------
/**
+ * Adds permuted noise to the IV + encrypted data to protect
+ * against Man-in-the-middle attacks on CBC mode ciphers
+ * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
+ *
+ * Function description
+ *
+ * @access private
+ * @param string
+ * @param string
+ * @return string
+ */
+ function _add_cipher_noise($data, $key)
+ {
+ $keyhash = $this->hash($key);
+ $keylen = strlen($keyhash);
+ $str = '';
+
+ for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+ {
+ if ($j >= $keylen)
+ {
+ $j = 0;
+ }
+
+ $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Removes permuted noise from the IV + encrypted data, reversing
+ * _add_cipher_noise()
+ *
+ * Function description
+ *
+ * @access public
+ * @param type
+ * @return type
+ */
+ function _remove_cipher_noise($data, $key)
+ {
+ $keyhash = $this->hash($key);
+ $keylen = strlen($keyhash);
+ $str = '';
+
+ for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+ {
+ if ($j >= $keylen)
+ {
+ $j = 0;
+ }
+
+ $temp = ord($data[$i]) - ord($keyhash[$j]);
+
+ if ($temp < 0)
+ {
+ $temp = $temp + 256;
+ }
+
+ $str .= chr($temp);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Set the Mcrypt Cipher
*
* @access public
|