From 1638357f75a7be455f50e8ddbb16db40fad8f51a Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Mon, 9 Dec 2019 09:31:04 +0000
Subject: [PATCH] Add encrypt/decrypt support

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5809 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 Tests/encryptTest.php | 42 +++++++++++++++++++
 encrypt.php           | 97 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 139 insertions(+)
 create mode 100644 Tests/encryptTest.php
 create mode 100644 encrypt.php

diff --git a/Tests/encryptTest.php b/Tests/encryptTest.php
new file mode 100644
index 0000000..8e660c3
--- /dev/null
+++ b/Tests/encryptTest.php
@@ -0,0 +1,42 @@
+<?php
+/** DomFramework - Tests
+  * @package domframework
+  * @author Dominique Fournier <dominique@fournier38.fr>
+  */
+
+/** Test the encrypt.php file */
+class encryptTest extends PHPUnit_Framework_TestCase
+{
+  /** Check the length of the otken with cipher
+    */
+  public function testEncrypt1 ()
+  {
+    $encrypt = new encrypt ();
+    $res = $encrypt->encrypt ("TextToEncode",
+      "123456789012345678901234");
+    $this->assertSame (strlen ($res), 24);
+  }
+
+  /** Check if the encrypt/decrypt process return the same result
+    */
+  public function testEncrypt2 ()
+  {
+    $encrypt = new encrypt ();
+    $payload = "TextToEncode";
+    $ckey = "123456789012345678901234";
+    $token = $encrypt->encrypt ($payload, $ckey);
+    $res = $encrypt->decrypt ($token, $ckey);
+    $this->assertSame ($res, $payload);
+  }
+
+  /** Check if the encrypted part is well unreadable
+    */
+  public function testEncrypt3 ()
+  {
+    $encrypt = new encrypt ();
+    $payload = "TextToEncode";
+    $token = $encrypt->encrypt ($payload, "123456789012345678901234");
+    $res = strpos ($token, "Text");
+    $this->assertSame ($res, false);
+  }
+}
diff --git a/encrypt.php b/encrypt.php
new file mode 100644
index 0000000..04456ee
--- /dev/null
+++ b/encrypt.php
@@ -0,0 +1,97 @@
+<?php
+/** DomFramework
+  * @package domframework
+  * @author Dominique Fournier <dominique@fournier38.fr>
+  */
+
+/** Allow to encrypt/decrypt data
+  */
+class encrypt
+{
+  /** Check if openssl library is enabled
+    */
+  public function __construct ()
+  // {{{
+  {
+    if (! function_exists ("openssl_random_pseudo_bytes"))
+      throw new \Exception ("No OpenSSL support in PHP. Please install it",
+      500);
+  }
+  // }}}
+
+  /** Encrypt the payload to not be readable by anybody
+    * @param string $payload The payload to encrypt
+    * @param string $ckey The 24 chars for the cipher key
+    * @param string|null $cipherMethod DES-EDE3-CBC by default
+    * @return encrypted payload
+    */
+  public function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc")
+  // {{{
+  {
+    if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipher provided to encrypt method : ".
+      "doesn't exists in OpenSSL"), 500);
+    if (! is_string ($payload))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid payload provided to encrypt method : ".
+      "Not a string"), 500);
+    if (strlen ($ckey) !== 24)
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipherKey provided to encrypt method :" .
+      " length different of 24 chars"), 500);
+    // Must be the same as decrypt
+    $options = true;
+    $ivlen = openssl_cipher_iv_length ($cipherMethod);
+    $iv = openssl_random_pseudo_bytes ($ivlen);
+    $ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options,
+      $iv);
+    if ($ciphertext === false)
+      throw new \Exception (dgettext ("domframework",
+      "Can not encrypt the payload"), 500);
+    $ciphertext = $iv . $ciphertext;
+    return $ciphertext;
+  }
+  // }}}
+
+  /** Decrypt the ciphertext
+    * @param string $ciphertext The payload to decrypt
+    * @param string $ckey The 24 chars for the cipher key
+    * @param string|null $cipherMethod DES-EDE3-CBC by default
+    * @return decrypted text
+    */
+  public function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc")
+  // {{{
+  {
+    if (! is_string ($ciphertext))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid ciphertext provided to decrypt method : not a string"), 500);
+    if (! is_string ($ckey))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipherkey provided to decrypt method : not a string"), 500);
+    if (! is_string ($cipherMethod))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipherMethod provided to decrypt method : not a string"), 500);
+    if (trim ($ciphertext) === "")
+      throw new \Exception (dgettext ("domframework",
+      "Invalid ciphertext provided to decrypt method : empty string"), 500);
+    if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipher provided to decrypt method : ".
+      "doesn't exists in OpenSSL"), 500);
+    if (strlen ($ckey) !== 24)
+      throw new \Exception (dgettext ("domframework",
+      "Invalid cipherKey provided to decrypt method :" .
+      " length different of 24 chars"), 500);
+    $ivlen = openssl_cipher_iv_length ($cipherMethod);
+    $iv = substr ($ciphertext, 0, $ivlen);
+    if (strlen ($iv) != $ivlen)
+      throw new \Exception (dgettext ("domframework",
+      "Can not decrypt the payload : invalid salt"), 500);
+    // Must be the same as encrypt
+    $options = true;
+    $ciphertext = substr ($ciphertext, $ivlen);
+    return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv);
+  }
+  // }}}
+}