|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the PHP EcryptFS library. |
|
5
|
|
|
* (c) 2017 by Dennis Birkholz |
|
6
|
|
|
* All rights reserved. |
|
7
|
|
|
* For the license to use this library, see the provided LICENSE file. |
|
8
|
|
|
*/ |
|
9
|
|
|
|
|
10
|
|
|
namespace Iqb\Ecryptfs; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* Provides encryption and decryption primitives using PHP's OpenSSL extension. |
|
14
|
|
|
*/ |
|
15
|
|
|
final class OpenSslCryptoEngine implements CryptoEngineInterface |
|
16
|
|
|
{ |
|
17
|
|
|
const CIPHER_MAPPING = [ |
|
18
|
|
|
RFC2440_CIPHER_AES_128 => "AES-128-CBC", |
|
19
|
|
|
RFC2440_CIPHER_AES_192 => "AES-192-CBC", |
|
20
|
|
|
RFC2440_CIPHER_AES_256 => "AES-256-CBC", |
|
21
|
|
|
]; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Encrypt the supplied data using the specified cipher algorithm. |
|
25
|
|
|
* |
|
26
|
|
|
* @param string $data The plain text data to encrypt, length must be a multiple of the block size of the cipher |
|
27
|
|
|
* @param int $cipherCode One of the RFC2440_CIPHER_* constants specifying the cipher |
|
28
|
|
|
* @param string $key Raw binary key, must match the required key length of the cipher |
|
29
|
|
|
* @param string $iv Initialization vector |
|
30
|
|
|
* @return string |
|
31
|
|
|
*/ |
|
32
|
36 |
|
final public function encrypt(string $data, int $cipherCode, string $key, string $iv): string |
|
33
|
|
|
{ |
|
34
|
36 |
|
\assert(isset(self::CIPHER_MAPPING[$cipherCode]), "Cipher 0x" . \dechex($cipherCode) . " not implemented!"); |
|
35
|
36 |
|
\assert(\in_array(\strlen($key), CryptoEngineInterface::CIPHER_KEY_SIZES[$cipherCode], true), "Invalid key size specified."); |
|
36
|
|
|
|
|
37
|
36 |
|
$cipher = self::CIPHER_MAPPING[$cipherCode]; |
|
38
|
|
|
|
|
39
|
36 |
|
if (false === ($encrypted = \openssl_encrypt($data, $cipher, $key, \OPENSSL_RAW_DATA|\OPENSSL_NO_PADDING, $iv))) { |
|
|
|
|
|
|
40
|
|
|
throw new \RuntimeException("Encryption failed with error: " . \openssl_error_string()); |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
36 |
|
\assert(($openSslError = \openssl_error_string() !== ''), "OpenSSL error message: $openSslError"); |
|
44
|
|
|
|
|
45
|
36 |
|
return $encrypted; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
/** |
|
49
|
|
|
* @param string $data Encrypted data to decrypt, length must be a multiple of the block size of the cipher |
|
50
|
|
|
* @param int $cipherCode One of the RFC2440_CIPHER_* constants specifying the cipher |
|
51
|
|
|
* @param string $key Raw binary key, must match the required key length of the cipher |
|
52
|
|
|
* @param string $iv Initialization vector |
|
53
|
|
|
* @return string |
|
54
|
|
|
*/ |
|
55
|
36 |
|
final public function decrypt(string $data, int $cipherCode, string $key, string $iv): string |
|
56
|
|
|
{ |
|
57
|
36 |
|
\assert(isset(self::CIPHER_MAPPING[$cipherCode]), "Cipher 0x" . \dechex($cipherCode) . " not implemented!"); |
|
58
|
36 |
|
\assert(\in_array(\strlen($key), CryptoEngineInterface::CIPHER_KEY_SIZES[$cipherCode], true), "Invalid key size specified."); |
|
59
|
|
|
|
|
60
|
36 |
|
$cipher = self::CIPHER_MAPPING[$cipherCode]; |
|
61
|
|
|
|
|
62
|
36 |
|
if (false === ($decrypted = \openssl_decrypt($data, $cipher, $key, \OPENSSL_RAW_DATA|\OPENSSL_NO_PADDING, $iv))) { |
|
|
|
|
|
|
63
|
|
|
throw new \RuntimeException("Decryption failed with error: " . \openssl_error_string()); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
36 |
|
\assert(($openSslError = \openssl_error_string()) !== '', "OpenSSL error message: $openSslError"); |
|
67
|
|
|
|
|
68
|
36 |
|
return $decrypted; |
|
69
|
|
|
} |
|
70
|
|
|
} |
|
71
|
|
|
|
iqb /
ecryptfs
Loading history...