<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 * @filesource */ // ------------------------------------------------------------------------ /** * CodeIgniter Encryption Class * * Provides two-way keyed encoding using XOR Hashing and Mcrypt * * @package CodeIgniter * @subpackage Libraries * @category Libraries * @author ExpressionEngine Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Encrypt { var $CI; var $encryption_key = ''; var $_hash_type = 'sha1'; var $_mcrypt_exists = FALSE; var $_mcrypt_cipher; var $_mcrypt_mode; /** * Constructor * * Simply determines whether the mcrypt library exists. * */ public function __construct() { $this->CI =& get_instance(); $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; log_message('debug', "Encrypt Class Initialized"); } // -------------------------------------------------------------------- /** * Fetch the encryption key * * Returns it as MD5 in order to have an exact-length 128 bit key. * Mcrypt is sensitive to keys that are not the correct length * * @access public * @param string * @return string */ function get_key($key = '') { if ($key == '') { if ($this->encryption_key != '') { return $this->encryption_key; } $CI =& get_instance(); $key = $CI->config->item('encryption_key'); if ($key == FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } } return md5($key); } // -------------------------------------------------------------------- /** * Set the encryption key * * @access public * @param string * @return void */ function set_key($key = '') { $this->encryption_key = $key; } // -------------------------------------------------------------------- /** * Encode * * Encodes the message string using bitwise XOR encoding. * The key is combined with a random hash, and then it * too gets converted using XOR. The whole thing is then run * through mcrypt (if supported) using the randomized key. * The end result is a double-encrypted message string * that is randomized with each call to this function, * even if the supplied message and key are the same. * * @access public * @param string the string to encode * @param string the key * @return string */ function encode($string, $key = '') { $key = $this->get_key($key); if ($this->_mcrypt_exists === TRUE) { $enc = $this->mcrypt_encode($string, $key); } else { $enc = $this->_xor_encode($string, $key); } return base64_encode($enc); } // -------------------------------------------------------------------- /** * Decode * * Reverses the above process * * @access public * @param string * @param string * @return string */ function decode($string, $key = '') { $key = $this->get_key($key); if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } $dec = base64_decode($string); if ($this->_mcrypt_exists === TRUE) { if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { return FALSE; } } else { $dec = $this->_xor_decode($dec, $key); } return $dec; } // -------------------------------------------------------------------- /** * Encode from Legacy * * Takes an encoded string from the original Encryption class algorithms and * returns a newly encoded string using the improved method added in 2.0.0 * This allows for backwards compatibility and a method to transition to the * new encryption algorithms. * * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption * * @access public * @param string * @param int (mcrypt mode constant) * @param string * @return string */ function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { if ($this->_mcrypt_exists === FALSE) { log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.'); return FALSE; } // decode it first // set mode temporarily to what it was when string was encoded with the legacy // algorithm - typically MCRYPT_MODE_ECB $current_mode = $this->_get_mode(); $this->set_mode($legacy_mode); $key = $this->get_key($key); if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } $dec = base64_decode($string); if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { return FALSE; } $dec = $this->_xor_decode($dec, $key); // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC $this->set_mode($current_mode); // and re-encode return base64_encode($this->mcrypt_encode($dec, $key)); } // -------------------------------------------------------------------- /** * XOR Encode * * Takes a plain-text string and key as input and generates an * encoded bit-string using XOR * * @access private * @param string * @param string * @return string */ function _xor_encode($string, $key) { $rand = ''; while (strlen($rand) < 32) { $rand .= mt_rand(0, mt_getrandmax()); } $rand = $this->hash($rand); $enc = ''; for ($i = 0; $i < strlen($string); $i++) { $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1)); } return $this->_xor_merge($enc, $key); } // -------------------------------------------------------------------- /** * XOR Decode * * Takes an encoded string and key as input and generates the * plain-text original message * * @access private * @param string * @param string * @return string */ function _xor_decode($string, $key) { $string = $this->_xor_merge($string, $key); $dec = ''; for ($i = 0; $i < strlen($string); $i++) { $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1)); } return $dec; } // -------------------------------------------------------------------- /** * XOR key + string Combiner * * Takes a string and key as input and computes the difference using XOR * * @access private * @param string * @param string * @return string */ function _xor_merge($string, $key) { $hash = $this->hash($key); $str = ''; for ($i = 0; $i < strlen($string); $i++) { $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1); } return $str; } // -------------------------------------------------------------------- /** * Encrypt using Mcrypt * * @access public * @param string * @param string * @return string */ function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key); } // -------------------------------------------------------------------- /** * Decrypt using Mcrypt * * @access public * @param string * @param string * @return string */ function mcrypt_decode($data, $key) { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); if ($init_size > strlen($data)) { return FALSE; } $init_vect = substr($data, 0, $init_size); $data = substr($data, $init_size); return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0"); } // -------------------------------------------------------------------- /** * Adds permuted noise to the IV + encrypted data to protect * against Man-in-the-middle attacks on CBC mode ciphers * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV * * Function description * * @access private * @param string * @param string * @return string */ function _add_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); $str = ''; for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) { if ($j >= $keylen) { $j = 0; } $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256); } return $str; } // -------------------------------------------------------------------- /** * Removes permuted noise from the IV + encrypted data, reversing * _add_cipher_noise() * * Function description * * @access public * @param type * @return type */ function _remove_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); $str = ''; for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) { if ($j >= $keylen) { $j = 0; } $temp = ord($data[$i]) - ord($keyhash[$j]); if ($temp < 0) { $temp = $temp + 256; } $str .= chr($temp); } return $str; } // -------------------------------------------------------------------- /** * Set the Mcrypt Cipher * * @access public * @param constant * @return string */ function set_cipher($cipher) { $this->_mcrypt_cipher = $cipher; } // -------------------------------------------------------------------- /** * Set the Mcrypt Mode * * @access public * @param constant * @return string */ function set_mode($mode) { $this->_mcrypt_mode = $mode; } // -------------------------------------------------------------------- /** * Get Mcrypt cipher Value * * @access private * @return string */ function _get_cipher() { if ($this->_mcrypt_cipher == '') { $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256; } return $this->_mcrypt_cipher; } // -------------------------------------------------------------------- /** * Get Mcrypt Mode Value * * @access private * @return string */ function _get_mode() { if ($this->_mcrypt_mode == '') { $this->_mcrypt_mode = MCRYPT_MODE_CBC; } return $this->_mcrypt_mode; } // -------------------------------------------------------------------- /** * Set the Hash type * * @access public * @param string * @return string */ function set_hash($type = 'sha1') { $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type; } // -------------------------------------------------------------------- /** * Hash encode a string * * @access public * @param string * @return string */ function hash($str) { return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str); } // -------------------------------------------------------------------- /** * Generate an SHA1 Hash * * @access public * @param string * @return string */ function sha1($str) { if ( ! function_exists('sha1')) { if ( ! function_exists('mhash')) { require_once(BASEPATH.'libraries/Sha1.php'); $SH = new CI_SHA; return $SH->generate($str); } else { return bin2hex(mhash(MHASH_SHA1, $str)); } } else { return sha1($str); } } } // END CI_Encrypt class /* End of file Encrypt.php */ /* Location: ./system/libraries/Encrypt.php */