/** * Encrypts a message. * * $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the * same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following * URL: * * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} * * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. * strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that * length. * * @see Crypt_AES::decrypt() * @access public * @param String $plaintext */ function encrypt($plaintext) { if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) { $this->_mcryptSetup(); // re: http://phpseclib.sourceforge.net/cfb-demo.phps // using mcrypt's default handing of CFB the above would output two different things. using phpseclib's // rewritten CFB implementation the above outputs the same thing twice. if ($this->mode == 'ncfb' && $this->continuousBuffer) { $iv =& $this->encryptIV; $pos =& $this->enbuffer['pos']; $len = strlen($plaintext); $ciphertext = ''; $i = 0; if ($pos) { $orig_pos = $pos; $max = 16 - $pos; if ($len >= $max) { $i = $max; $len -= $max; $pos = 0; } else { $i = $len; $pos += $len; $len = 0; } $ciphertext = substr($iv, $orig_pos) ^ $plaintext; $iv = substr_replace($iv, $ciphertext, $orig_pos, $i); $this->enbuffer['enmcrypt_init'] = true; } if ($len >= 16) { if ($this->enbuffer['enmcrypt_init'] === false || $len > 280) { if ($this->enbuffer['enmcrypt_init'] === true) { mcrypt_generic_init($this->enmcrypt, $this->key, $iv); $this->enbuffer['enmcrypt_init'] = false; } $ciphertext .= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % 16)); $iv = substr($ciphertext, -16); $len %= 16; } else { while ($len >= 16) { $iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, 16); $ciphertext .= $iv; $len -= 16; $i += 16; } } } if ($len) { $iv = mcrypt_generic($this->ecb, $iv); $block = $iv ^ substr($plaintext, -$len); $iv = substr_replace($iv, $block, 0, $len); $ciphertext .= $block; $pos = $len; } return $ciphertext; } if ($this->paddable) { $plaintext = $this->_pad($plaintext); } $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext); if (!$this->continuousBuffer) { mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv); } return $ciphertext; } return parent::encrypt($plaintext); }
/** * Retrieve the authentication proof for a particular widget for the user * currently logged on the system. It returns an associative array in JSON * or php Array with the following keys : * * - identifier: the username of the user currently logged on the system. * - signature: the username encrypted using the generated key for this widget installation. * * @param string $widgetId The widget identifier. * @param string $format The format of the output data. Accepted data are 'json' or 'raw'. * @return array|json The identification proof for the relevant widget. */ public static function retrieveAuthenticationProof($widgetId, $format = 'json') { $format = strtolower($format); if ($format != 'json' && $format != 'raw') { throw new BadArgumentException(MwwException::MODEL, 'The retrieveAuthenticationProof model method accepts only json or raw as output format'); } $db = DbUtil::accessFactory(); $widgetId = $db->escape($widgetId); $rs = $db->select("SELECT authkey FROM widgets WHERE widgetid = '{$widgetId}'"); if ($rs->count()) { if ($rs->authkey != null) { $key = $rs->authkey; $username = Auth::getUserName(); $crypto = new Rijndael(); $signature = $crypto->encrypt($username, $key); $proof = array('identifier' => $username, 'signature' => $signature); if ($format == 'json') { return json_encode($proof); } else { return $proof; } } else { throw new WidgetAuthenticationException(MwwException::MODEL, "The widget with id '{$widgetId}' is not authentication ready"); } } else { throw new WidgetAuthenticationException(MwwException::MODEL, "The widget with id '{$widgetId}' does not exist"); } }