<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Encryption Class * * Provides two-way keyed encoding using Mcrypt * * @package CodeIgniter * @subpackage Libraries * @category Libraries * @author EllisLab Dev Team * @link https://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Encrypt { /** * Reference to the user's encryption key * * @var string */ public $encryption_key = ''; /** * Type of hash operation * * @var string */ protected $_hash_type = 'sha1'; /** * Flag for the existence of mcrypt * * @var bool */ protected $_mcrypt_exists = FALSE; /** * Current cipher to be used with mcrypt * * @var string */ protected $_mcrypt_cipher; /** * Method for encrypting/decrypting data * * @var int */ protected $_mcrypt_mode; /** * Initialize Encryption class * * @return void */ public function __construct() { if (($this->_mcrypt_exists = function_exists('mcrypt_encrypt')) === FALSE) { show_error('The Encrypt library requires the Mcrypt extension.'); } log_message('info', 'Encrypt Class Initialized'); } // -------------------------------------------------------------------- /** * Fetch the encryption key * * Returns it as MD5 in order to have an exact-length 128 bit key. * Mcrypt is sensitive to keys that are not the correct length * * @param string * @return string */ public function get_key($key = '') { if ($key === '') { if ($this->encryption_key !== '') { return $this->encryption_key; } $key = config_item('encryption_key'); if ( ! self::strlen($key)) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } } return md5($key); } // -------------------------------------------------------------------- /** * Set the encryption key * * @param string * @return CI_Encrypt */ public function set_key($key = '') { $this->encryption_key = $key; return $this; } // -------------------------------------------------------------------- /** * Encode * * Encodes the message string using bitwise XOR encoding. * The key is combined with a random hash, and then it * too gets converted using XOR. The whole thing is then run * through mcrypt using the randomized key. The end result * is a double-encrypted message string that is randomized * with each call to this function, even if the supplied * message and key are the same. * * @param string the string to encode * @param string the key * @return string */ public function encode($string, $key = '') { return base64_encode($this->mcrypt_encode($string, $this->get_key($key))); } // -------------------------------------------------------------------- /** * Decode * * Reverses the above process * * @param string * @param string * @return string */ public function decode($string, $key = '') { if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string) OR base64_encode(base64_decode($string)) !== $string) { return FALSE; } return $this->mcrypt_decode(base64_decode($string), $this->get_key($key)); } // -------------------------------------------------------------------- /** * Encode from Legacy * * Takes an encoded string from the original Encryption class algorithms and * returns a newly encoded string using the improved method added in 2.0.0 * This allows for backwards compatibility and a method to transition to the * new encryption algorithms. * * For more details, see https://codeigniter.com/user_guide/installation/upgrade_200.html#encryption * * @param string * @param int (mcrypt mode constant) * @param string * @return string */ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } // decode it first // set mode temporarily to what it was when string was encoded with the legacy // algorithm - typically MCRYPT_MODE_ECB $current_mode = $this->_get_mode(); $this->set_mode($legacy_mode); $key = $this->get_key($key); $dec = base64_decode($string); if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { $this->set_mode($current_mode); return FALSE; } $dec = $this->_xor_decode($dec, $key); // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC $this->set_mode($current_mode); // and re-encode return base64_encode($this->mcrypt_encode($dec, $key)); } // -------------------------------------------------------------------- /** * XOR Decode * * Takes an encoded string and key as input and generates the * plain-text original message * * @param string * @param string * @return string */ protected function _xor_decode($string, $key) { $string = $this->_xor_merge($string, $key); $dec = ''; for ($i = 0, $l = self::strlen($string); $i < $l; $i++) { $dec .= ($string[$i++] ^ $string[$i]); } return $dec; } // -------------------------------------------------------------------- /** * XOR key + string Combiner * * Takes a string and key as input and computes the difference using XOR * * @param string * @param string * @return string */ protected function _xor_merge($string, $key) { $hash = $this->hash($key); $str = ''; for ($i = 0, $ls = self::strlen($string), $lh = self::strlen($hash); $i < $ls; $i++) { $str .= $string[$i] ^ $hash[($i % $lh)]; } return $str; } // -------------------------------------------------------------------- /** * Encrypt using Mcrypt * * @param string * @param string * @return string */ public function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); $init_vect = mcrypt_create_iv($init_size, MCRYPT_DEV_URANDOM); return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key); } // -------------------------------------------------------------------- /** * Decrypt using Mcrypt * * @param string * @param string * @return string */ public function mcrypt_decode($data, $key) { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); if ($init_size > self::strlen($data)) { return FALSE; } $init_vect = self::substr($data, 0, $init_size); $data = self::substr($data, $init_size); return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0"); } // -------------------------------------------------------------------- /** * Adds permuted noise to the IV + encrypted data to protect * against Man-in-the-middle attacks on CBC mode ciphers * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV * * @param string * @param string * @return string */ protected function _add_cipher_noise($data, $key) { $key = $this->hash($key); $str = ''; for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j) { if ($j >= $lk) { $j = 0; } $str .= chr((ord($data[$i]) + ord($key[$j])) % 256); } return $str; } // -------------------------------------------------------------------- /** * Removes permuted noise from the IV + encrypted data, reversing * _add_cipher_noise() * * Function description * * @param string $data * @param string $key * @return string */ protected function _remove_cipher_noise($data, $key) { $key = $this->hash($key); $str = ''; for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j) { if ($j >= $lk) { $j = 0; } $temp = ord($data[$i]) - ord($key[$j]); if ($temp < 0) { $temp += 256; } $str .= chr($temp); } return $str; } // -------------------------------------------------------------------- /** * Set the Mcrypt Cipher * * @param int * @return CI_Encrypt */ public function set_cipher($cipher) { $this->_mcrypt_cipher = $cipher; return $this; } // -------------------------------------------------------------------- /** * Set the Mcrypt Mode * * @param int * @return CI_Encrypt */ public function set_mode($mode) { $this->_mcrypt_mode = $mode; return $this; } // -------------------------------------------------------------------- /** * Get Mcrypt cipher Value * * @return int */ protected function _get_cipher() { if ($this->_mcrypt_cipher === NULL) { return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256; } return $this->_mcrypt_cipher; } // -------------------------------------------------------------------- /** * Get Mcrypt Mode Value * * @return int */ protected function _get_mode() { if ($this->_mcrypt_mode === NULL) { return $this->_mcrypt_mode = MCRYPT_MODE_CBC; } return $this->_mcrypt_mode; } // -------------------------------------------------------------------- /** * Set the Hash type * * @param string * @return void */ public function set_hash($type = 'sha1') { $this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1'; } // -------------------------------------------------------------------- /** * Hash encode a string * * @param string * @return string */ public function hash($str) { return hash($this->_hash_type, $str); } // -------------------------------------------------------------------- /** * Byte-safe strlen() * * @param string $str * @return int */ protected static function strlen($str) { return defined('MB_OVERLOAD_STRING') ? mb_strlen($str, '8bit') : strlen($str); } // -------------------------------------------------------------------- /** * Byte-safe substr() * * @param string $str * @param int $start * @param int $length * @return string */ protected static function substr($str, $start, $length = NULL) { if (defined('MB_OVERLOAD_STRING')) { // mb_substr($str, $start, null, '8bit') returns an empty // string on PHP 5.3 isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start); return mb_substr($str, $start, $length, '8bit'); } return isset($length) ? substr($str, $start, $length) : substr($str, $start); } }