/**
* Encrypts a message.
*
* $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the
* same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
* URL:
*
* {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
*
* An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
* strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that
* length.
*
* @see Crypt_AES::decrypt()
* @access public
* @param String $plaintext
*/
function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$this->_mcryptSetup();
// re: http://phpseclib.sourceforge.net/cfb-demo.phps
// using mcrypt's default handing of CFB the above would output two different things. using phpseclib's
// rewritten CFB implementation the above outputs the same thing twice.
if ($this->mode == 'ncfb' && $this->continuousBuffer) {
$iv =& $this->encryptIV;
$pos =& $this->enbuffer['pos'];
$len = strlen($plaintext);
$ciphertext = '';
$i = 0;
if ($pos) {
$orig_pos = $pos;
$max = 16 - $pos;
if ($len >= $max) {
$i = $max;
$len -= $max;
$pos = 0;
} else {
$i = $len;
$pos += $len;
$len = 0;
}
$ciphertext = substr($iv, $orig_pos) ^ $plaintext;
$iv = substr_replace($iv, $ciphertext, $orig_pos, $i);
$this->enbuffer['enmcrypt_init'] = true;
}
if ($len >= 16) {
if ($this->enbuffer['enmcrypt_init'] === false || $len > 280) {
if ($this->enbuffer['enmcrypt_init'] === true) {
mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
$this->enbuffer['enmcrypt_init'] = false;
}
$ciphertext .= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % 16));
$iv = substr($ciphertext, -16);
$len %= 16;
} else {
while ($len >= 16) {
$iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, 16);
$ciphertext .= $iv;
$len -= 16;
$i += 16;
}
}
}
if ($len) {
$iv = mcrypt_generic($this->ecb, $iv);
$block = $iv ^ substr($plaintext, -$len);
$iv = substr_replace($iv, $block, 0, $len);
$ciphertext .= $block;
$pos = $len;
}
return $ciphertext;
}
if ($this->paddable) {
$plaintext = $this->_pad($plaintext);
}
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
if (!$this->continuousBuffer) {
mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
/**
* Retrieve the authentication proof for a particular widget for the user
* currently logged on the system. It returns an associative array in JSON
* or php Array with the following keys :
*
* - identifier: the username of the user currently logged on the system.
* - signature: the username encrypted using the generated key for this widget installation.
*
* @param string $widgetId The widget identifier.
* @param string $format The format of the output data. Accepted data are 'json' or 'raw'.
* @return array|json The identification proof for the relevant widget.
*/
public static function retrieveAuthenticationProof($widgetId, $format = 'json')
{
$format = strtolower($format);
if ($format != 'json' && $format != 'raw') {
throw new BadArgumentException(MwwException::MODEL, 'The retrieveAuthenticationProof model method accepts only json or raw as output format');
}
$db = DbUtil::accessFactory();
$widgetId = $db->escape($widgetId);
$rs = $db->select("SELECT authkey FROM widgets WHERE widgetid = '{$widgetId}'");
if ($rs->count()) {
if ($rs->authkey != null) {
$key = $rs->authkey;
$username = Auth::getUserName();
$crypto = new Rijndael();
$signature = $crypto->encrypt($username, $key);
$proof = array('identifier' => $username, 'signature' => $signature);
if ($format == 'json') {
return json_encode($proof);
} else {
return $proof;
}
} else {
throw new WidgetAuthenticationException(MwwException::MODEL, "The widget with id '{$widgetId}' is not authentication ready");
}
} else {
throw new WidgetAuthenticationException(MwwException::MODEL, "The widget with id '{$widgetId}' does not exist");
}
}
