/**
* @param string $value
* @return string
*/
public function transform($value)
{
$this->updateSalt();
$value = $this->crypt->encrypt($value);
if (!$this->getBinary()) {
$value = bin2hex($value);
}
return $value;
}
/**
* Encrypt then authenticate using HMAC
*
* @param string $data
* @return string
* @throws Exception\InvalidArgumentException
*/
public function encrypt($data)
{
if (empty($data)) {
throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty');
}
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for the encryption');
}
if (empty($this->cipher)) {
throw new Exception\InvalidArgumentException('No symmetric cipher specified');
}
$keySize = $this->cipher->getKeySize();
$salt = $this->getSalt();
// generate a random salt (IV) if empty
if (empty($salt)) {
$salt = Rand::getBytes($this->cipher->getSaltSize(), true);
}
$this->cipher->setSalt($salt);
// generate the encryption key and the HMAC key for the authentication
$hash = Pbkdf2::calc(self::KEY_DERIV_HMAC, $this->getKey(), $this->cipher->getSalt(), $this->keyIteration, $keySize * 2);
// set the encryption key
$this->cipher->setKey(substr($hash, 0, $keySize));
// set the key for HMAC
$keyHmac = substr($hash, $keySize);
// encryption
$ciphertext = $this->cipher->encrypt($data);
// HMAC
$hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext);
if (!$this->binaryOutput) {
$ciphertext = base64_encode($ciphertext);
}
return $hmac . $ciphertext;
}
/**
* Encrypt then authenticate using HMAC
*
* @param string $data
* @return string
* @throws Exception\InvalidArgumentException
*/
public function encrypt($data)
{
// 0 (as integer), 0.0 (as float) & '0' (as string) will return false, though these should be allowed
if (!is_string($data) || $data === '') {
throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty');
}
if (empty($this->cipher)) {
throw new Exception\InvalidArgumentException('No symmetric cipher specified');
}
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for the encryption');
}
$keySize = $this->cipher->getKeySize();
// generate a random salt (IV) if the salt has not been set
if (!$this->saltSetted) {
$this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize(), true));
}
// generate the encryption key and the HMAC key for the authentication
$hash = Pbkdf2::calc(self::KEY_DERIV_HMAC, $this->getKey(), $this->getSalt(), $this->keyIteration, $keySize * 2);
// set the encryption key
$this->cipher->setKey(substr($hash, 0, $keySize));
// set the key for HMAC
$keyHmac = substr($hash, $keySize);
// encryption
$ciphertext = $this->cipher->encrypt($data);
// HMAC
$hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext);
if (!$this->binaryOutput) {
$ciphertext = base64_encode($ciphertext);
}
return $hmac . $ciphertext;
}
/**
* Encrypt then authenticate a file using HMAC
*
* @param string $fileIn
* @param string $fileOut
* @return bool
* @throws Exception\InvalidArgumentException
*/
public function encrypt($fileIn, $fileOut)
{
$this->checkFileInOut($fileIn, $fileOut);
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for encryption');
}
$read = fopen($fileIn, "r");
$write = fopen($fileOut, "w");
$iv = Rand::getBytes($this->cipher->getSaltSize(), true);
$keys = Pbkdf2::calc($this->getPbkdf2HashAlgorithm(), $this->getKey(), $iv, $this->getKeyIteration(), $this->cipher->getKeySize() * 2);
$hmac = '';
$size = 0;
$tot = filesize($fileIn);
$padding = $this->cipher->getPadding();
$this->cipher->setKey(substr($keys, 0, $this->cipher->getKeySize()));
$this->cipher->setPadding(new Symmetric\Padding\NoPadding());
$this->cipher->setSalt($iv);
$this->cipher->setMode('cbc');
$hashAlgo = $this->getHashAlgorithm();
$saltSize = $this->cipher->getSaltSize();
$algorithm = $this->cipher->getAlgorithm();
$keyHmac = substr($keys, $this->cipher->getKeySize());
while ($data = fread($read, self::BUFFER_SIZE)) {
$size += strlen($data);
// Padding if last block
if ($size == $tot) {
$this->cipher->setPadding($padding);
}
$result = $this->cipher->encrypt($data);
if ($size <= self::BUFFER_SIZE) {
// Write a placeholder for the HMAC and write the IV
fwrite($write, str_repeat(0, Hmac::getOutputSize($hashAlgo)));
} else {
$result = substr($result, $saltSize);
}
$hmac = Hmac::compute($keyHmac, $hashAlgo, $algorithm . $hmac . $result);
$this->cipher->setSalt(substr($result, -1 * $saltSize));
if (fwrite($write, $result) !== strlen($result)) {
return false;
}
}
$result = true;
// write the HMAC at the beginning of the file
fseek($write, 0);
if (fwrite($write, $hmac) !== strlen($hmac)) {
$result = false;
}
fclose($write);
fclose($read);
return $result;
}
/**
* Encrypt then authenticate using HMAC
*
* @param string $data
* @return string
* @throws Exception\InvalidArgumentException
*/
public function encrypt($data)
{
// 0 (as integer), 0.0 (as float) & '0' (as string) will return false, though these should be allowed
// Must be a string, integer, or float in order to encrypt
if (is_string($data) && $data === '' || is_array($data) || is_object($data)) {
throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty');
}
// Cast to string prior to encrypting
if (!is_string($data)) {
$data = (string) $data;
}
if (empty($this->cipher)) {
throw new Exception\InvalidArgumentException('No symmetric cipher specified');
}
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for the encryption');
}
$keySize = $this->cipher->getKeySize();
// generate a random salt (IV) if the salt has not been set
if (!$this->saltSetted) {
$this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize()));
}
// generate the encryption key and the HMAC key for the authentication
$hash = Pbkdf2::calc($this->getPbkdf2HashAlgorithm(), $this->getKey(), $this->getSalt(), $this->keyIteration, $keySize * 2);
// set the encryption key
$this->cipher->setKey(mb_substr($hash, 0, $keySize, '8bit'));
// set the key for HMAC
$keyHmac = mb_substr($hash, $keySize, null, '8bit');
// encryption
$ciphertext = $this->cipher->encrypt($data);
// HMAC
$hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext);
if (!$this->binaryOutput) {
$ciphertext = base64_encode($ciphertext);
}
return $hmac . $ciphertext;
}
/**
* {@inheritdoc}
*/
public function verify($plain, $hashed)
{
return hash_equals($this->symmetric->encrypt($plain), $hashed);
}
