OpensslBridge::checksum() - Code Metrics - Inspection of "9.0 release (#15)" - mmeyer2k/dcrypt - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( fe42e4...e8f634 )

by Michael

created 2019-04-23 20:51 UTC

OpensslBridge::checksum() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	12
c	0
b	0
f	0
rs	9.8666
cc	1
nc	1
nop	3

<?php

/**
 * OpensslBridge.php
 *
 * PHP version 7
 *
 * @category Dcrypt
 * @package  Dcrypt
 * @author   Michael Meyer (mmeyer2k) <[email protected]>
 * @license  http://opensource.org/licenses/MIT The MIT License (MIT)
 * @link     https://github.com/mmeyer2k/dcrypt
 */

namespace Dcrypt;

/**
 * Provides functionality common to the dcrypt AES block ciphers. Extend this class to customize your cipher suite.
 *
 * @category Dcrypt
 * @package  Dcrypt
 * @author   Michael Meyer (mmeyer2k) <[email protected]>
 * @license  http://opensource.org/licenses/MIT The MIT License (MIT)
 * @link     https://github.com/mmeyer2k/dcrypt
 * @link     https://apigen.ci/github/mmeyer2k/dcrypt/namespace-Dcrypt.html
 */
class OpensslBridge
{
    /**
     * Decrypt cyphertext
     *
     * @param string $data Cyphertext to decrypt
     * @param string $pass Password that should be used to decrypt input data
     * @return string
     */
    public static function decrypt(string $data, string $pass): string
    {
        // Calculate the hash checksum size in bytes for the specified algo
        $hsz = Str::hashSize(static::CHKSUM);

        // Ask openssl for the IV size needed for specified cipher
        $isz = OpensslWrapper::ivsize(static::CIPHER);

        // Find the IV at the beginning of the cypher text
        $ivr = Str::substr($data, 0, $isz);

        // Gather the checksum portion of the ciphertext
        $sum = Str::substr($data, $isz, $hsz);

        // Gather the iterations portion of the cipher text as packed/encrytped unsigned long
        $itr = Str::substr($data, $isz + $hsz, 4);

        // Gather message portion of ciphertext after iv and checksum
        $msg = Str::substr($data, $isz + $hsz + 4);

        // Calculate verification checksum
        $chk = \hash_hmac(static::CHKSUM, ($msg . $itr . $ivr), $pass, true);

        // Verify HMAC before decrypting
        if (!Str::equal($chk, $sum)) {
            throw new \InvalidArgumentException('Decryption can not proceed due to invalid cyphertext checksum.');
        }

        // Decrypt and unpack the cost parameter to match what was used during encryption
        $cost = \unpack('N', $itr ^ \hash_hmac(static::CHKSUM, $ivr, $pass, true))[1];

        // Derive key from password
        $key = \hash_pbkdf2(static::CHKSUM, ($pass . static::CIPHER), $ivr, $cost, 0, true);

        // Decrypt message and return
        return OpensslWrapper::decrypt($msg, static::CIPHER, $key, $ivr);
    }

    /**
     * Encrypt plaintext
     *
     * @param string $data Plaintext string to encrypt.
     * @param string $pass Password used to encrypt data.
     * @param int    $cost Number of extra HMAC iterations to perform on key
     * @return string
     */
    public static function encrypt(string $data, string $pass, int $cost = 1): string
    {
        // Generate IV of appropriate size.
        $ivr = \random_bytes(OpensslWrapper::ivsize(static::CIPHER));

        // Derive key from password with hash_pbkdf2 function.
        // Append CIPHER to password beforehand so that cross-method decryptions will fail at checksum step
        $key = \hash_pbkdf2(static::CHKSUM, ($pass . static::CIPHER), $ivr, $cost, 0, true);

        // Encrypt the plaintext data
        $msg = OpensslWrapper::encrypt($data, static::CIPHER, $key, $ivr);

        // Convert cost integer into 4 byte string and XOR it with a newly derived key
        $itr = \pack('N', $cost) ^ \hash_hmac(static::CHKSUM, $ivr, $pass, true);

        // Generate the ciphertext checksum to prevent bit tampering
        $chk = \hash_hmac(static::CHKSUM, ($msg . $itr . $ivr), $pass, true);

        // Return iv + checksum + iterations + cyphertext
        return $ivr . $chk . $itr . $msg;
    }
}


1			<?php
2
3			/**
4			* OpensslBridge.php
5			*
6			* PHP version 7
7			*
8			* @category Dcrypt
9			* @package Dcrypt
10			* @author Michael Meyer (mmeyer2k) <[email protected]>
11			* @license http://opensource.org/licenses/MIT The MIT License (MIT)
12			* @link https://github.com/mmeyer2k/dcrypt
13			*/
14
15			namespace Dcrypt;
16
17			/**
18			* Provides functionality common to the dcrypt AES block ciphers. Extend this class to customize your cipher suite.
19			*
20			* @category Dcrypt
21			* @package Dcrypt
22			* @author Michael Meyer (mmeyer2k) <[email protected]>
23			* @license http://opensource.org/licenses/MIT The MIT License (MIT)
24			* @link https://github.com/mmeyer2k/dcrypt
25			* @link https://apigen.ci/github/mmeyer2k/dcrypt/namespace-Dcrypt.html
26			*/
27			class OpensslBridge
28			{
29			/**
30			* Decrypt cyphertext
31			*
32			* @param string $data Cyphertext to decrypt
33			* @param string $pass Password that should be used to decrypt input data
34			* @return string
35			*/
36			public static function decrypt(string $data, string $pass): string
37			{
38			// Calculate the hash checksum size in bytes for the specified algo
39			$hsz = Str::hashSize(static::CHKSUM);
40
41			// Ask openssl for the IV size needed for specified cipher
42			$isz = OpensslWrapper::ivsize(static::CIPHER);
43
44			// Find the IV at the beginning of the cypher text
45			$ivr = Str::substr($data, 0, $isz);
46
47			// Gather the checksum portion of the ciphertext
48			$sum = Str::substr($data, $isz, $hsz);
49
50			// Gather the iterations portion of the cipher text as packed/encrytped unsigned long
51			$itr = Str::substr($data, $isz + $hsz, 4);
52
53			// Gather message portion of ciphertext after iv and checksum
54			$msg = Str::substr($data, $isz + $hsz + 4);
55
56			// Calculate verification checksum
57			$chk = \hash_hmac(static::CHKSUM, ($msg . $itr . $ivr), $pass, true);
58
59			// Verify HMAC before decrypting
60			if (!Str::equal($chk, $sum)) {
61			throw new \InvalidArgumentException('Decryption can not proceed due to invalid cyphertext checksum.');
62			}
63
64			// Decrypt and unpack the cost parameter to match what was used during encryption
65			$cost = \unpack('N', $itr ^ \hash_hmac(static::CHKSUM, $ivr, $pass, true))[1];
66
67			// Derive key from password
68			$key = \hash_pbkdf2(static::CHKSUM, ($pass . static::CIPHER), $ivr, $cost, 0, true);
69
70			// Decrypt message and return
71			return OpensslWrapper::decrypt($msg, static::CIPHER, $key, $ivr);
72			}
73
74			/**
75			* Encrypt plaintext
76			*
77			* @param string $data Plaintext string to encrypt.
78			* @param string $pass Password used to encrypt data.
79			* @param int $cost Number of extra HMAC iterations to perform on key
80			* @return string
81			*/
82			public static function encrypt(string $data, string $pass, int $cost = 1): string
83			{
84			// Generate IV of appropriate size.
85			$ivr = \random_bytes(OpensslWrapper::ivsize(static::CIPHER));
86
87			// Derive key from password with hash_pbkdf2 function.
88			// Append CIPHER to password beforehand so that cross-method decryptions will fail at checksum step
89			$key = \hash_pbkdf2(static::CHKSUM, ($pass . static::CIPHER), $ivr, $cost, 0, true);
90
91			// Encrypt the plaintext data
92			$msg = OpensslWrapper::encrypt($data, static::CIPHER, $key, $ivr);
93
94			// Convert cost integer into 4 byte string and XOR it with a newly derived key
95			$itr = \pack('N', $cost) ^ \hash_hmac(static::CHKSUM, $ivr, $pass, true);
96
97			// Generate the ciphertext checksum to prevent bit tampering
98			$chk = \hash_hmac(static::CHKSUM, ($msg . $itr . $ivr), $pass, true);
99
100			// Return iv + checksum + iterations + cyphertext
101			return $ivr . $chk . $itr . $msg;
102			}
103			}
104

mmeyer2k / dcrypt

Push — master ( fe42e4...e8f634 )

OpensslBridge::checksum() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like