Home Explore Help
Register Sign In
RNCryptor
/
RNCryptor-php
mirror of https://github.com/RNCryptor/RNCryptor-php.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: ab365ef558
Branches Tags
RNCryptor-php
/
lib
/
RNCryptor
/
Cryptor.php

Cryptor.php 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. <?php
    2. 

  2. namespace RNCryptor\RNCryptor;
    3. 

  3. 

  4. use stdClass;
    5. 

  5. 

  6. class Cryptor
    7. 

  7. {
    8. 

  8.     const DEFAULT_SCHEMA_VERSION = 3;
    9. 

  9. 

  10.     protected $config;
    11. 

  11. 

  12.     public function generateKey($salt, $password, $version = self::DEFAULT_SCHEMA_VERSION)
    13. 

  13.     {
    14. 

  14.         $this->configure($version);
    15. 

  15. 

  16.         return $this->makeKey($salt, $password);
    17. 

  17.     }
    18. 

  18. 

  19.     protected function aesCtrLittleEndianCrypt($payload, $key, $iv)
    20. 

  20.     {
    21. 

  21.         $numOfBlocks = ceil(strlen($payload) / strlen($iv));
    22. 

  22.         $counter = '';
    23. 

  23.         for ($i = 0; $i < $numOfBlocks; ++$i) {
    24. 

  24.             $counter .= $iv;
    25. 

  25. 

  26.             // Yes, the next line only ever increments the first character
    27. 

  27.             // of the counter string, ignoring overflow conditions.  This
    28. 

  28.             // matches CommonCrypto's behavior!
    29. 

  29.             $iv[0] = chr(ord($iv[0]) + 1);
    30. 

  30.         }
    31. 

  31. 

  32.         return $payload ^ $this->encryptInternal($key, $counter, 'ecb');
    33. 

  33.     }
    34. 

  34. 

  35.     protected function encryptInternal($key, $payload, $mode, $iv = null)
    36. 

  36.     {
    37. 

  37.         return openssl_encrypt($payload, $this->config->algorithm . $mode, $key, OPENSSL_RAW_DATA, (string)$iv);
    38. 

  38.     }
    39. 

  39. 

  40.     protected function makeHmac(stdClass $components, $hmacKey)
    41. 

  41.     {
    42. 

  42.         $hmacMessage = '';
    43. 

  43.         if ($this->config->hmac->includesHeader) {
    44. 

  44.             $hmacMessage .= ''
    45. 

  45.                 . $components->headers->version
    46. 

  46.                 . $components->headers->options
    47. 

  47.                 . (isset($components->headers->encSalt) ? $components->headers->encSalt : '')
    48. 

  48.                 . (isset($components->headers->hmacSalt) ? $components->headers->hmacSalt : '')
    49. 

  49.                 . $components->headers->iv;
    50. 

  50.         }
    51. 

  51. 

  52.         $hmacMessage .= $components->ciphertext;
    53. 

  53. 

  54.         $hmac = hash_hmac($this->config->hmac->algorithm, $hmacMessage, $hmacKey, true);
    55. 

  55. 

  56.         if ($this->config->hmac->includesPadding) {
    57. 

  57.             $hmac = str_pad($hmac, $this->config->hmac->length, chr(0));
    58. 

  58.         }
    59. 

  59.     
    60. 

  60.         return $hmac;
    61. 

  61.     }
    62. 

  62. 

  63.     protected function makeKey($salt, $password)
    64. 

  64.     {
    65. 

  65.         if ($this->config->truncatesMultibytePasswords) {
    66. 

  66.             $utf8Length = mb_strlen($password, 'utf-8');
    67. 

  67.             $password = substr($password, 0, $utf8Length);
    68. 

  68.         }
    69. 

  69. 

  70.         $algo = $this->config->pbkdf2->prf;
    71. 

  71.         $iterations = $this->config->pbkdf2->iterations;
    72. 

  72.         $length = $this->config->pbkdf2->keyLength;
    73. 

  73. 

  74.         return hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
    75. 

  75.     }
    76. 

  76. 

  77.     protected function configure($version)
    78. 

  78.     {
    79. 

  79.         $config = new stdClass;
    80. 

  80. 

  81.         $config->algorithm = 'aes-256-';
    82. 

  82.         $config->saltLength = 8;
    83. 

  83.         $config->ivLength = 16;
    84. 

  84. 

  85.         $config->pbkdf2 = new stdClass;
    86. 

  86.         $config->pbkdf2->prf = 'sha1';
    87. 

  87.         $config->pbkdf2->iterations = 10000;
    88. 

  88.         $config->pbkdf2->keyLength = 32;
    89. 

  89. 

  90.         $config->hmac = new stdClass();
    91. 

  91.         $config->hmac->length = 32;
    92. 

  92. 

  93.         if (!$version) {
    94. 

  94.             $this->configureVersionZero($config);
    95. 

  95.         } elseif ($version <= 3) {
    96. 

  96.             $config->mode = 'cbc';
    97. 

  97.             $config->options = 1;
    98. 

  98.             $config->hmac->algorithm = 'sha256';
    99. 

  99.             $config->hmac->includesPadding = false;
    100. 

  100. 

  101.             switch ($version) {
    102. 

  102.                 case 1:
    103. 

  103.                     $config->hmac->includesHeader = false;
    104. 

  104.                     $config->truncatesMultibytePasswords = true;
    105. 

  105.                     break;
    106. 

  106. 

  107.                 case 2:
    108. 

  108.                     $config->hmac->includesHeader = true;
    109. 

  109.                     $config->truncatesMultibytePasswords = true;
    110. 

  110.                     break;
    111. 

  111. 

  112.                 case 3:
    113. 

  113.                     $config->hmac->includesHeader = true;
    114. 

  114.                     $config->truncatesMultibytePasswords = false;
    115. 

  115.                     break;
    116. 

  116.             }
    117. 

  117.         } else {
    118. 

  118.             throw new \RuntimeException('Unsupported schema version ' . $version);
    119. 

  119.         }
    120. 

  120. 

  121.         $this->config = $config;
    122. 

  122.     }
    123. 

  123. 

  124.     private function configureVersionZero(stdClass $config)
    125. 

  125.     {
    126. 

  126.         $config->mode = 'ctr';
    127. 

  127.         $config->options = 0;
    128. 

  128.         $config->hmac->includesHeader = false;
    129. 

  129.         $config->hmac->algorithm = 'sha1';
    130. 

  130.         $config->hmac->includesPadding = true;
    131. 

  131.         $config->truncatesMultibytePasswords = true;
    132. 

  132.     }
    133. 

  133. }
    134.