public function read()
{
if (empty($_COOKIE['auth'])) {
return false;
}
try {
$cookie = Crypto::Decrypt($_COOKIE['auth'], $this->key);
$data = json_decode($cookie);
} catch (\Exception $e) {
$this->log->error($e->getMessage());
return false;
}
return $data;
}
/**
*
* Encrypt a message with defuse/php-encryption, using an ephemeral key,
* then encrypt the key with RSA.
*
* @param string $ciphertext
* @param PrivateKey $rsaPrivateKey
*
* @return string
* @throws InvalidCiphertextException
* @throws InvalidChecksumException
*/
public static function decrypt($ciphertext, PrivateKey $rsaPrivateKey)
{
$split = explode(self::SEPARATOR, $ciphertext);
if (\count($split) !== 4) {
throw new InvalidCiphertextException('Invalid ciphertext message');
}
if (!\hash_equals($split[0], self::VERSION_TAG)) {
throw new InvalidCiphertextException('Invalid version tag');
}
$checksum = \substr(\hash('sha256', implode('$', array_slice($split, 0, 3))), 0, 16);
if (!\hash_equals($split[3], $checksum)) {
throw new InvalidChecksumException('Invalid checksum');
}
$key = Key::loadFromAsciiSafeString(self::rsaDecrypt(Base64::decode($split[1]), $rsaPrivateKey));
return Crypto::Decrypt(Base64::decode($split[2]), $key, true);
}
/**
* @param string $ciphertext
* @param null|Key $key
* @return string
* @throws CannotPerformOperationException
* @throws InvalidCiphertextException
*/
public function decrypt($ciphertext, $key = null)
{
$key = $this->getKey($key);
return Crypto::Decrypt($ciphertext, $key);
}
if ($fail_total >= 3) {
$item->event('log')->post(['action' => 'disabled']);
$errors = true;
response(VALIDATION_TOO_MANY_ATTEMPTS, $errors);
}
// If all of the above validation checks pass, continue on
if (!$errors) {
$salt = Crypto::hexToBin($item->salt);
$data_encrypted = Crypto::hexToBin($item->secret);
// Create decryption key
$length = 16;
$iterations = PASSWORD_ITERATIONS;
$key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length);
// Decrypt data, reference: https://github.com/defuse/php-encryption/
try {
$data_decrypted = Crypto::Decrypt($data_encrypted, $key);
} catch (Ex\InvalidCiphertextException $ex) {
// VERY IMPORTANT
// Log event
$item->event('log')->post(['action' => 'failed']);
response(DECRYPTION_PASSWORD_WRONG, true);
} catch (Ex\CryptoTestFailedException $ex) {
response(ENCRYPTION_UNSAFE, true);
} catch (Ex\CannotPerformOperationException $ex) {
response(DECRYPTION_UNSAFE, true);
}
// Delete message
$item->delete();
// Log event
if ($item->delete()) {
$item->event('log')->post(['action' => 'deleted']);
function defuse_crypto($message, $key, $type)
{
//echo $message." ;; ".$key." ;; ".$type;
// init
$err = '';
// manage key origin
if (empty($key) && $type == "encrypt") {
try {
$key = \Defuse\Crypto\Crypto::createNewRandomKey();
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely create a key';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely create a key';
}
//\Defuse\Crypto\Encoding::binToHex($key);
$tmp = \Defuse\Crypto\Key::saveToAsciiSafeString($key);
//echo $key_plain;
}
if ($type == "encrypt") {
try {
$ciphertext = \Defuse\Crypto\Crypto::Encrypt($message, $key);
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely perform encryption';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely perform encryption';
}
return array('string' => isset($ciphertext) ? $ciphertext : "", 'error' => $err);
} else {
if ($type == "decrypt") {
try {
$decrypted = \Defuse\Crypto\Crypto::Decrypt($message, $key);
} catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) {
$err = 'DANGER! DANGER! The ciphertext has been tampered with!';
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely perform decryption';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely perform decryption';
}
return array('string' => isset($decrypted) ? $decrypted : "", 'error' => $err);
}
}
}
