101 lines
3.6 KiB
PHP
101 lines
3.6 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
namespace Domframework;
|
|
|
|
/** Allow to encrypt/decrypt data
|
|
*/
|
|
class Encrypt
|
|
{
|
|
/** Check if openssl library is enabled
|
|
*/
|
|
public function __construct ()
|
|
// {{{
|
|
{
|
|
if (! function_exists ("openssl_random_pseudo_bytes"))
|
|
throw new \Exception ("No OpenSSL support in PHP. Please install it",
|
|
500);
|
|
}
|
|
// }}}
|
|
|
|
/** Encrypt the payload to not be readable by anybody
|
|
* @param string $payload The payload to encrypt
|
|
* @param string $ckey The 24 chars for the cipher key
|
|
* @param string|null $cipherMethod DES-EDE3-CBC by default
|
|
* @return encrypted payload
|
|
*/
|
|
public function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc")
|
|
// {{{
|
|
{
|
|
if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipher provided to encrypt method : ".
|
|
"doesn't exists in OpenSSL"), 500);
|
|
if (! is_string ($payload))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid payload provided to encrypt method : ".
|
|
"Not a string"), 500);
|
|
if (strlen ($ckey) !== 24)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipherKey provided to encrypt method :" .
|
|
" length different of 24 chars"), 500);
|
|
// Must be the same as decrypt
|
|
$options = true;
|
|
$ivlen = openssl_cipher_iv_length ($cipherMethod);
|
|
$iv = openssl_random_pseudo_bytes ($ivlen);
|
|
$ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options,
|
|
$iv);
|
|
if ($ciphertext === false)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Can not encrypt the payload"), 500);
|
|
$ciphertext = $iv . $ciphertext;
|
|
return $ciphertext;
|
|
}
|
|
// }}}
|
|
|
|
/** Decrypt the ciphertext
|
|
* @param string $ciphertext The payload to decrypt
|
|
* @param string $ckey The 24 chars for the cipher key
|
|
* @param string|null $cipherMethod DES-EDE3-CBC by default
|
|
* @return decrypted text
|
|
*/
|
|
public function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc")
|
|
// {{{
|
|
{
|
|
if (! is_string ($ciphertext))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid ciphertext provided to decrypt method : not a string"), 500);
|
|
if (! is_string ($ckey))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipherkey provided to decrypt method : not a string"), 500);
|
|
if (! is_string ($cipherMethod))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipherMethod provided to decrypt method : not a string"), 500);
|
|
if (trim ($ciphertext) === "")
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid ciphertext provided to decrypt method : empty string"), 500);
|
|
if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipherMethod provided to decrypt method : ".
|
|
"doesn't exists in OpenSSL"), 500);
|
|
if (strlen ($ckey) !== 24)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid cipherKey provided to decrypt method :" .
|
|
" length different of 24 chars"), 500);
|
|
$ivlen = openssl_cipher_iv_length ($cipherMethod);
|
|
$iv = substr ($ciphertext, 0, $ivlen);
|
|
if (strlen ($iv) != $ivlen)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Can not decrypt the payload : invalid salt"), 500);
|
|
// Must be the same as encrypt
|
|
$options = true;
|
|
$ciphertext = substr ($ciphertext, $ivlen);
|
|
return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv);
|
|
}
|
|
// }}}
|
|
}
|