forked from aberan/php-ncrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
class.ncrypt.php
141 lines (114 loc) · 3.91 KB
/
class.ncrypt.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
namespace nxnw;
/* inspired and borrows very heavily from this implementation http://www.itnewb.com/tutorial/PHP-Encryption-Decryption-Using-the-MCrypt-Library-libmcrypt/ */
/* uses PBKDF2 implementation at https://defuse.ca/php-pbkdf2.htm */
class ncrypt {
static private $pw = 'lo7uj3$chUYFgkjds*&%ga'; //change this per implementation : TODO: set this on a session basis somehow?
static private $iterations = 1000;
static private $key_len = 32;
static private $algorithm = 'sha256';
static function ec($msg, $key, $urlencode=false, $base64=false){
try {
if(!$td = mcrypt_module_open('rijndael-256', '', 'ctr', '')){
return false;
}
$msg = serialize($msg);
//create iv
$iv = self::gen_iv();
if(mcrypt_generic_init($td, $key, $iv) !== 0){
return false;
}
$msg = mcrypt_generic($td, $msg);
$msg = $iv.$msg;
$mac = self::pbkdf2(true);
$msg .= $mac;
// clear buffers and close module
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
//encode as needed..
if($base64){
$msg = base64_encode($msg);
}
if($urlencode){
$msg = rawurlencode($msg);
}
return $msg;
}
catch (Exception $e) {
return false;
}
} /* \ec */
static function dc($msg, $key, $urlencode=false, $base64=false){
try{
if($urlencode){
$msg = rawurldecode($msg);
}
if($base64){
$msg = base64_decode($msg);
}
if (!$td = mcrypt_module_open('rijndael-256', '', 'ctr', '')){
return false;
}
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = substr($msg, 0, self::$key_len);
$mac_offset = strlen($msg) - self::$key_len;
$extracted_mac = substr($msg, $mac_offset);
$msg = substr($msg, self::$key_len, strlen($msg)-self::$key_len*2);
$mac = self::pbkdf2(true);
if($extracted_mac !== $mac){ # authenticate mac
return false;
}
if(mcrypt_generic_init($td, $key, $iv) !== 0){ # initialize buffers
return false;
}
$msg = mdecrypt_generic($td, $msg); # decrypt
$msg = unserialize($msg); # unserialize
mcrypt_generic_deinit($td); # clear buffers
mcrypt_module_close($td); # close cipher module
return $msg;
}
catch(Exception $e){
return false;
}
} /* \dc */
static function gen_iv(){
try{
return is_readable('/dev/urandom') ? mcrypt_create_iv(self::$key_len, MCRYPT_DEV_URANDOM) : mcrypt_create_iv(self::$key_len, MCRYPT_RAND);
}
catch(Exception $e){
return false;
}
} /* \gen_iv */
static function gen_pw() {
if(@is_readable('/dev/urandom')) {
$fp = fopen('/dev/urandom', 'r');
$csrf = md5(fread($fp, 128));
fclose($fp);
}
else{
$csrf = md5(mt_rand() . mt_rand() . mt_rand() . mt_rand());
}
return $csrf;
} /* \gen_pw */
static function pbkdf2() {
$salt = self::gen_iv();
$hl = strlen(hash(self::$algorithm, null, true)); # Hash length
$kb = ceil(self::$key_len / $hl); # Key blocks to compute
$dk = ''; # Derived key
$pw = self::gen_pw();
# Create key
for ( $block = 1; $block <= $kb; $block ++ ) {
# Initial hash for this block
$ib = $b = hash_hmac(self::$algorithm, $salt . pack('N', $block), $pw, true);
# Perform block iterations
for ( $i = 1; $i < self::$iterations; $i ++ )
# XOR each iterate
$ib ^= ($b = hash_hmac(self::$algorithm, $b, $pw, true));
$dk .= $ib; # Append iterated block
}
# Return derived key of correct length
//return $mac ? substr($dk, 0, self::$key_len): $base_64 ? base64_encode($dk) : $dk;
return substr($dk, 0, self::$key_len);
} /* \pbkdf2 */
}
?>