|
1
|
|
|
<?php namespace Limoncello\Crypt\Package; |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2015-2017 [email protected] |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
use Limoncello\Contracts\Settings\SettingsInterface; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* @package Limoncello\Crypt |
|
23
|
|
|
*/ |
|
24
|
|
|
class SymmetricCryptSettings implements SettingsInterface |
|
25
|
|
|
{ |
|
26
|
|
|
/** Default crypt method */ |
|
27
|
|
|
const DEFAULT_METHOD = 'aes-256-ctr'; |
|
28
|
|
|
|
|
29
|
|
|
/** Default Initialization Vector (IV) */ |
|
30
|
|
|
const DEFAULT_IV = ''; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* Encryption method to be used. For a list of available methods on your machine see openssl_get_cipher_methods(). |
|
34
|
|
|
* |
|
35
|
|
|
* @see http://php.net/manual/en/function.openssl-get-cipher-methods.php |
|
36
|
|
|
*/ |
|
37
|
|
|
const KEY_METHOD = 0; |
|
38
|
|
|
|
|
39
|
|
|
/** Settings key */ |
|
40
|
|
|
const KEY_PASSWORD = self::KEY_METHOD + 1; |
|
41
|
|
|
|
|
42
|
|
|
/** Settings key */ |
|
43
|
|
|
const KEY_IV = self::KEY_PASSWORD + 1; |
|
44
|
|
|
|
|
45
|
|
|
/** |
|
46
|
|
|
* @see http://php.net/manual/en/function.openssl-encrypt.php OPENSSL_ZERO_PADDING |
|
47
|
|
|
* |
|
48
|
|
|
* From @link http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf |
|
49
|
|
|
* Appendix A: Padding |
|
50
|
|
|
* ~~~~~~~~~~~~~~~~~~~ |
|
51
|
|
|
* For the ECB, CBC, and CFB modes, the plaintext must be a sequence of one or more complete |
|
52
|
|
|
* data blocks (or, for CFB mode, data segments). In other words, for these three modes, the total |
|
53
|
|
|
* number of bits in the plaintext must be a positive multiple of the block (or segment) size. |
|
54
|
|
|
* If the data string to be encrypted does not initially satisfy this property, then the formatting of the |
|
55
|
|
|
* plaintext must entail an increase in the number of bits. A common way to achieve the necessary |
|
56
|
|
|
* increase is to append some extra bits, called padding, to the trailing end of the data string as the |
|
57
|
|
|
* last step in the formatting of the plaintext. An example of a padding method is to append a |
|
58
|
|
|
* single ‘1’ bit to the data string and then to pad the resulting string by as few ‘0’ bits, possibly |
|
59
|
|
|
* none, as are necessary to complete the final block (segment). Other methods may be used; in |
|
60
|
|
|
* general, the formatting of the plaintext is outside the scope of this recommendation. |
|
61
|
|
|
* For the above padding method, the padding bits can be removed unambiguously, provided the |
|
62
|
|
|
* receiver can determine that the message is indeed padded. One way to ensure that the receiver |
|
63
|
|
|
* does not mistakenly remove bits from an unpadded message is to require the sender to pad every |
|
64
|
|
|
* message, including messages in which the final block (segment) is already complete. For such |
|
65
|
|
|
* messages, an entire block (segment) of padding is appended. Alternatively, such messages can |
|
66
|
|
|
* be sent without padding if, for every message, the existence of padding can be reliably inferred, |
|
67
|
|
|
* e.g., from a message length indicator. |
|
68
|
|
|
*/ |
|
69
|
|
|
const KEY_USE_ZERO_PADDING = self::KEY_IV + 1; |
|
70
|
|
|
|
|
71
|
|
|
// Authenticated Encryption with Associated Data specific keys (since PHP 7.1) |
|
72
|
|
|
// @link http://php.net/manual/en/function.openssl-encrypt.php |
|
73
|
|
|
|
|
74
|
|
|
/** Settings key */ |
|
75
|
|
|
const KEY_USE_AUTHENTICATION = self::KEY_USE_ZERO_PADDING + 1; |
|
76
|
|
|
|
|
77
|
|
|
/** Settings key */ |
|
78
|
|
|
const KEY_TAG_LENGTH = self::KEY_USE_AUTHENTICATION + 1; |
|
79
|
|
|
|
|
80
|
|
|
/** Settings key */ |
|
81
|
|
|
const KEY_LAST = self::KEY_TAG_LENGTH; |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* @inheritdoc |
|
85
|
|
|
*/ |
|
86
|
1 |
|
final public function get(): array |
|
87
|
|
|
{ |
|
88
|
1 |
|
$defaults = $this->getSettings(); |
|
89
|
|
|
|
|
90
|
1 |
|
$password = $defaults[static::KEY_PASSWORD] ?? null; |
|
91
|
1 |
|
assert(empty($password) === false, "Password cannot be empty."); |
|
92
|
|
|
|
|
93
|
1 |
|
return $defaults; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* @return array |
|
98
|
|
|
*/ |
|
99
|
1 |
|
protected function getSettings(): array |
|
100
|
|
|
{ |
|
101
|
|
|
return [ |
|
102
|
1 |
|
static::KEY_METHOD => static::DEFAULT_METHOD, |
|
103
|
1 |
|
static::KEY_IV => static::DEFAULT_IV, |
|
104
|
1 |
|
static::KEY_USE_ZERO_PADDING => false, |
|
105
|
1 |
|
static::KEY_USE_AUTHENTICATION => false, |
|
106
|
1 |
|
static::KEY_TAG_LENGTH => 16, |
|
107
|
|
|
]; |
|
108
|
|
|
} |
|
109
|
|
|
} |
|
110
|
|
|
|
limoncello-php-dist /
crypt
