function encrypt_decrypt($action, $string)
{
/* =================================================
* ENCRYPTION-DECRYPTION
* =================================================
* ENCRYPTION: encrypt_decrypt('encrypt', $string);
* DECRYPTION: encrypt_decrypt('decrypt', $string) ;
*/
$output = false;
$encrypt_method = "AES-256-CBC";
$secret_key = 'WS-SERVICE-KEY';
$secret_iv = 'WS-SERVICE-VALUE';
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if ($action == 'encrypt') {
$output = base64_encode(openssl_encrypt($string, $encrypt_method, $key, 0, $iv));
} else {
if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
return $output;
}
public function verify($password, $hash)
{
$key = hash(self::HASH_PRIMITIVE, $password, true);
$hash = base64_decode($hash);
$header = substr($hash, 0, self::HEADER_SIZE);
$iv = substr($hash, self::HEADER_SIZE, self::IV_LENGTH);
$ciphertext = substr($hash, self::HEADER_SIZE + self::IV_LENGTH);
$decrypted = openssl_decrypt($ciphertext, self::CIPHER_PRIMITIVE, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);
list(, $version, $rounds, $pointerSize, $dataSize) = unpack('C*', $header);
$iterationCount = pow(2, $rounds);
$dataSizeDecoded = pow(2, $dataSize);
if ($version !== 1) {
throw new \RuntimeException("Unknown version encountered");
}
if (strlen($decrypted) !== self::HASH_LENGTH + $iterationCount * $pointerSize) {
throw new \RuntimeException("Invalid data payload, was it truncated?");
}
$h = hash_init(self::HASH_PRIMITIVE);
for ($i = 0; $i < $iterationCount; $i++) {
$pointer = substr($decrypted, $i * $pointerSize, $pointerSize);
hash_update($h, $this->read($pointer, $dataSizeDecoded));
}
$test = hash_final($h, true);
return hash_equals($test, substr($decrypted, $iterationCount * $pointerSize));
}
/**
* crack_keystore
*
* Makes a bruteforce to find the final hash contained in the KeyStore
* Returns the plaintext password used to encrypt de disk of the virtual machine
*/
function crack_keystore($keystore, $wordlist)
{
// Open wordlist file
$fp = fopen($wordlist, 'r');
// Continue if it is a valid resource
if (is_resource($fp)) {
// Get hash and method from keystore
$hash = get_hash_algorithm($keystore);
$method = get_openssl_method($keystore);
while (!feof($fp)) {
// Read each line of the file, it is the user password
$user_password = trim(fgets($fp));
// First call to PBKDF2
$EVP_password = hash_pbkdf2($hash, $user_password, $keystore['pbkdf2_1_salt'], $keystore['pbkdf2_1_iterations'], $keystore['generic_key_length'], true);
// Here, the password used for the second call to PBKDF2 is decrypted
$decrypted_password = openssl_decrypt(substr($keystore['pbkdf2_2_encrypted_password'], 0, $keystore['evp_decrypt_input_length']), $method, $EVP_password, OPENSSL_RAW_DATA, '');
if ($decrypted_password === false) {
continue;
}
// Final hash is computed
$final_hash = hash_pbkdf2($hash, $decrypted_password, $keystore['pbkdf2_2_salt'], $keystore['pbkdf2_2_iterations'], $keystore['pbkdf2_2_key_length'], true);
// If the computed hash is equal to the stored hash, then we have got the right user password
if ($final_hash === $keystore['final_hash']) {
return $user_password;
}
}
return false;
} else {
return false;
}
}
/**
* Decrypt a string.
*
* @param string $value Encrypted string
*
* @throws Exception
*
* @return string
*/
public function decrypt($value)
{
$decoded = $this->url_decode($value);
$iv = substr($decoded, 0, 16);
$encryptedValue = str_replace($iv, '', $decoded);
return trim(openssl_decrypt($encryptedValue, $this->encoding, $this->password, null, $iv));
}
/**
* @param string $base64 encrypted data in base64 OpenSSL format
* @param string $passphrase
* @return string
*/
public static function decrypt($base64, $passphrase)
{
list($ct, $salt) = self::decode($base64);
list($key, $iv) = self::evpkdf($passphrase, $salt);
$data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
return $data;
}
/**
* Gera um novo arquivo descriptografado
* @param string $from Arquivo original
* @param string $to Novo arquivo
* @return Array Retorna a classe \SplFileInfo com as informações do novo arquivo
*/
public function decrypt($from, $to)
{
$iv_size = $this->getCipherIvLength();
$data = openssl_decrypt(substr(file_get_contents($from), $iv_size + strlen($this->password)), $this->cipher_method, substr(file_get_contents($from), $iv_size, strlen($this->password)), OPENSSL_RAW_DATA, substr(file_get_contents($from), 0, $iv_size));
file_put_contents($to, $data);
return new \SplFileInfo($to);
}
function encrypt_decrypt($action, $string, $key)
{
$output = false;
global $encryption_method;
// Pull the hashing method that will be used
// Hash the password
$key = hash('sha256', $key);
if ($action == 'encrypt') {
// Generate a random string, hash it and get the first 16 character of the hashed string which will be ised as the IV
$str = "qwertyuiopasdfghjklzxcvbnm,./;'\\[]-=`!@#\$%^&*()_+{}|\":?><0123456789QWERTYUIOPASDFGHJKLZXCVBNM";
$shuffled = str_shuffle($str);
$iv = substr(hash('sha256', $shuffled), 0, 16);
$output = openssl_encrypt($string, $encryption_method, $key, 0, $iv);
$output = base64_encode($output);
// Tidy up the string so that it survives the transport 100%
$ivoutput = $iv . $output;
// Concat the IV with the encrypted message
return $ivoutput;
} else {
if ($action == 'decrypt') {
$iv = substr($string, 0, 16);
// Extract the IV from the encrypted string
$string = substr($string, 16);
// The rest of the encrypted string is the message
$output = openssl_decrypt(base64_decode($string), $encryption_method, $key, 0, $iv);
return $output;
}
}
}
/**
* Decrypt AES (256, 192, 128)
* @param $string base64 encoded cipher
* @param $key string algorithm encryption
* @return dencrypted string
*/
function decrypt($string, $key)
{
// Lengths in bytes:
$key_length = (int) ($this->_nKeySize / 8);
$block_length = 16;
$data = base64_decode($string);
$salt = substr($data, 8, 8);
$encrypted = substr($data, 16);
/**
* From https://github.com/mdp/gibberish-aes
*
* Number of rounds depends on the size of the AES in use
* 3 rounds for 256
* 2 rounds for the key, 1 for the IV
* 2 rounds for 128
* 1 round for the key, 1 round for the IV
* 3 rounds for 192 since it's not evenly divided by 128 bits
*/
$rounds = 3;
if (128 === $this->_nKeySize) {
$rounds = 2;
}
$data00 = $key . $salt;
$md5_hash = array();
$md5_hash[0] = md5($data00, true);
$result = $md5_hash[0];
for ($i = 1; $i < $rounds; $i++) {
$md5_hash[$i] = md5($md5_hash[$i - 1] . $data00, true);
$result .= $md5_hash[$i];
}
$key = substr($result, 0, $key_length);
$iv = substr($result, $key_length, $block_length);
return openssl_decrypt($encrypted, "aes-" . $this->_nKeySize . "-cbc", $key, true, $iv);
}
/**
* Decrypt data from a CryptoJS json encoding string
*
* @param mixed $passphrase
* @param mixed $jsonString
* @return mixed
*/
public static function decrypt($passphrase, $jsonString)
{
$jsondata = json_decode($jsonString, true);
if (!isset($jsondata['s']) || !isset($jsondata['iv']) || !isset($jsondata['ct'])) {
return false;
}
try {
$salt = hex2bin($jsondata['s']);
$iv = hex2bin($jsondata['iv']);
} catch (Exception $e) {
return null;
}
$ct = base64_decode($jsondata['ct']);
$concatedPassphrase = $passphrase . $salt;
$md5 = [];
$md5[0] = md5($concatedPassphrase, true);
$result = $md5[0];
for ($i = 1; $i < 3; $i++) {
$md5[$i] = md5($md5[$i - 1] . $concatedPassphrase, true);
$result .= $md5[$i];
}
$key = substr($result, 0, 32);
$data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
return json_decode($data, true);
}
function encrypt_decrypt($action, $string)
{
if (!function_exists("openssl_encrypt")) {
die("openssl function openssl_encrypt does not exist");
}
if (!function_exists("hash")) {
die("function hash does not exist");
}
global $encryption_key;
$output = false;
$encrypt_method = "AES-256-CBC";
//echo "$encryption_key\n";
$secret_iv = 'RgX54.Ju7h';
// hash
$key = hash('sha256', $encryption_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if ($action == 'encrypt') {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else {
if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
return $output;
}
/**
* Decrypt a string.
*
* @access public
* @static static method
* @param string $ciphertext
* @return string
* @throws Exception If $ciphertext is empty, or If functions don't exists
*/
public static function decrypt($ciphertext)
{
if (empty($ciphertext)) {
throw new Exception("the string to decrypt can't be empty");
}
if (!function_exists('openssl_cipher_iv_length') || !function_exists('openssl_decrypt')) {
throw new Exception("Encryption function don't exists");
}
// generate key used for authentication using ENCRYPTION_KEY & HMAC_SALT
$key = mb_substr(hash(self::HASH_FUNCTION, Config::get('ENCRYPTION_KEY') . Config::get('HMAC_SALT')), 0, 32, '8bit');
// split cipher into: hmac, cipher & iv
$macSize = 64;
$hmac = mb_substr($ciphertext, 0, $macSize, '8bit');
$iv_cipher = mb_substr($ciphertext, $macSize, null, '8bit');
// generate original hmac & compare it with the one in $ciphertext
$originalHmac = hash_hmac('sha256', $iv_cipher, $key);
if (!function_exists("hash_equals")) {
throw new Exception("Function hash_equals() doesn't exist!");
}
if (!hash_equals($hmac, $originalHmac)) {
return false;
}
// split out the initialization vector and cipher
$iv_size = openssl_cipher_iv_length(self::CIPHER);
$iv = mb_substr($iv_cipher, 0, $iv_size, '8bit');
$cipher = mb_substr($iv_cipher, $iv_size, null, '8bit');
return openssl_decrypt($cipher, self::CIPHER, $key, OPENSSL_RAW_DATA, $iv);
}
/**
* @param string $encrypted
* @return string
*/
public function decrypt($encrypted)
{
$encrypted = base64_decode($encrypted);
$iv = substr($encrypted, 0, $this->ivSize);
$encryptedMessage = substr($encrypted, $this->ivSize);
return openssl_decrypt($encryptedMessage, $this->cipher, $this->key, true, $iv);
}
/**
* Two way encryption: decrypt.
*
* @param string $data String to be encrypted.
* @param string $password Value phrase.
* @param string $type Cipher method name.
*
* @return string
*/
public static function decrypt($data, $password, $type)
{
if ($data) {
return openssl_decrypt($data, $type, $password, 0, Core\Config()->DB['crypt_vector']);
}
return '';
}
/**
* decrypt AES 256
*
* @param string $password
* @param data $edata
*
* @return dencrypted data
*/
public static function decrypt($password, $edata)
{
$data = base64_decode($edata);
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
/**
* From https://github.com/mdp/gibberish-aes
*
* Number of rounds depends on the size of the AES in use
* 3 rounds for 256
* 2 rounds for the key, 1 for the IV
* 2 rounds for 128
* 1 round for the key, 1 round for the IV
* 3 rounds for 192 since it's not evenly divided by 128 bits
*/
$rounds = 3;
$data00 = $password . $salt;
$md5_hash = array();
$md5_hash[0] = md5($data00, true);
$result = $md5_hash[0];
for ($i = 1; $i < $rounds; $i++) {
$md5_hash[$i] = md5($md5_hash[$i - 1] . $data00, true);
$result .= $md5_hash[$i];
}
$key = substr($result, 0, 32);
$iv = substr($result, 32, 16);
return openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
}
public function decode($data)
{
$ivLength = openssl_cipher_iv_length($this->cipher);
$iv = substr($data, 0, $ivLength);
$data = substr($data, $ivLength);
return openssl_decrypt($data, $this->cipher, $this->password, OPENSSL_RAW_DATA, $iv);
}
/**
* Encrypt/decrypt value
* @param string $action - Options: encrypt/decrypt
* @param string $string - Value to be processed
* @param array $arr_params
* @return string
*/
public function sha1EncryptDecryptValue($action, $string, array $arr_params)
{
$output = false;
$encrypt_method = "AES-256-CBC";
//are keys set?
if (!isset($arr_params["secret_key"])) {
$arr_config = $this->getServiceLocator()->get("config");
$arr_params = $arr_config["security"];
}
//end if
$secret_key = $arr_params["secret_key"];
$secret_iv = $arr_params["secret_iv"];
// hash
$key = hash('sha256', $secret_key);
//iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if ($action == 'encrypt') {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else {
if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
//end if
return $output;
}
public function decrypt($data, $password)
{
$iv = hex2bin(substr($data, 0, 16 * 2));
$data = hex2bin(substr($data, 16 * 2));
$plain_data = openssl_decrypt($data, 'aes-256-cbc', $password, true, $iv);
return $plain_data;
}
public function runSSO()
{
// visit is recorded automatically when going through SSO
if (isset($_GET['UserDataSP'])) {
$userData = $_GET['UserDataSP'];
$userData = openssl_decrypt(base64_decode($userData), "AES-256-CBC", hash('sha256', SSO_ENCRYPTION_KEY), 0, substr(hash('sha256', SSO_ENCRYPTION_IV), 0, 16));
$userData = unserialize($userData);
//At this point, we should verify the check_response matches, to ensure the data is from a valid source
if (isset($userData['check_response']) && $userData['check_response'] == SSO_CHECK_RESPONSE) {
//The user data is valid, and from a trusted source, let's do something with it
$_SESSION['uid'] = $userData['oracle_guid'];
header('Location: ' . $_SESSION['request_url']);
} else {
//The check_response didn't match, data can't be trusted
echo 'Non-trusted user data response';
}
} else {
$return_url = URL;
//This is the URL we send users back to once they have completed the Oracle register/login process. Normally matches current URL.
$signed_url = md5(SSO_SECURE_PREFIX . $return_url);
$request_url = SSO_SERVER . '/get-user?application_id=' . SSO_APPLICATION . '&return_url=' . urlencode($return_url) . '&signed_url=' . $signed_url;
if (SSO_STAGING) {
$request_url = $request_url . '&environment=staging';
}
header("Refresh:0;url=" . $request_url);
}
return;
}
public function download()
{
$fileHash = $this->fileHash;
$key = hex2bin(substr($fileHash, 0, 64));
$fileName = substr($fileHash, 64);
$this->fileData = str_ireplace('name/', '', $this->fileData);
$fileData = explode('-', $this->fileData);
$name = base64_decode($fileData[0]);
$type = base64_decode($fileData[1]);
if ($file = FileWorks::readFile($fileName)) {
try {
$data = $file;
$iv = hex2bin(substr($data, 0, 32));
$encrypted = substr($data, 32);
$encryptionMethod = "aes-256-cbc";
$g = openssl_decrypt($encrypted, $encryptionMethod, $key, 0, $iv);
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . $name);
header("Content-Type: " . $type);
header("Content-Transfer-Encoding: binary");
echo base64_decode($g);
} catch (Exception $e) {
echo '{"file":"file not found1"}';
}
} else {
echo 'File you requested is no longer available.';
}
}
public static function dechiffrer($str)
{
$ciphertext_dec = base64_decode($str);
$iv_dec = substr($ciphertext_dec, 0, self::$iv_size);
$ciphertext_dec = substr($ciphertext_dec, self::$iv_size);
return openssl_decrypt($ciphertext_dec, _ALGO_CHIFFREMENT_, self::genererCle(), OPENSSL_RAW_DATA, $iv_dec);
}
/**
* Decrypt a value using AES-256.
*
* @param string $cipher The ciphertext to decrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @return string Decrypted data. Any trailing null bytes will be removed.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function decrypt($cipher, $key)
{
$method = 'AES-256-CBC';
$ivSize = openssl_cipher_iv_length($method);
$iv = substr($cipher, 0, $ivSize);
$cipher = substr($cipher, $ivSize);
return openssl_decrypt($cipher, $method, $key, true, $iv);
}
private function decrypted(string $hash) : string
{
$binary = hex2bin($hash);
$ivSize = openssl_cipher_iv_length(self::CIPHER);
$iv = substr($binary, self::BEGIN, $ivSize);
$cipherText = substr(substr($binary, $ivSize), self::BEGIN, self::MAC_LENGTH);
return openssl_decrypt($cipherText, self::CIPHER, $this->key(), OPENSSL_RAW_DATA, $iv);
}
static function decrypt($encrypted)
{
list($iv, $value) = $encrypted;
if (empty($value)) {
return false;
}
return openssl_decrypt($value, self::METHOD, md5(WPEO_KEY), false, $iv);
}
private static function decrypt($key, $data)
{
$iv = base64_decode($data["iv"]);
$encrypted = base64_decode($data["encrypted"]);
$key = base64_decode($key);
$decrypted = openssl_decrypt($encrypted, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
return $decrypted;
}
/**
* 解密某一个对象(从字符串)
* @param string $data 要解密的字符串
* @param string $hashcode 加密密码
* @param string $method 加密算法
* @return array|bool 返回解密后的数组,若失败则返回false
*/
public static function decrypt($data, $hashcode, $method = 'DES-CBC')
{
$data2 = openssl_decrypt($data, $method, $hashcode);
if ($data2 === false) {
return false;
}
return json_decode($data2, true);
}
/**
* Decrypts payload and returns original data.
* @return string|false Original data as string or string containing binary data, false if unsuccessful.
*/
public static function decrypt($payload, $cipherParams)
{
$raw = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
$ivLength = openssl_cipher_iv_length($cipherParams->getAlgorithmString());
$iv = substr($payload, 0, $ivLength);
$ciphertext = substr($payload, $ivLength);
return openssl_decrypt($ciphertext, $cipherParams->getAlgorithmString(), $cipherParams->key, $raw, $iv);
}
/**
* Decrypt a value using AES-256.
*
* @param string $cipher The ciphertext to decrypt.
* @param string $key The 256 bit/32 byte key to use as a cipher key.
* @return string Decrypted data. Any trailing null bytes will be removed.
* @throws \InvalidArgumentException On invalid data or key.
*/
public static function decrypt($cipher, $key)
{
$method = 'AES-256-CBC';
$ivSize = openssl_cipher_iv_length($method);
$iv = mb_substr($cipher, 0, $ivSize, '8bit');
$cipher = mb_substr($cipher, $ivSize, null, '8bit');
return openssl_decrypt($cipher, $method, $key, OPENSSL_RAW_DATA, $iv);
}
/**
* @param string $data
* @return string
* @throws \Exception
*/
private function dataDecrypt($data)
{
$decrypted = openssl_decrypt($data, self::METHOD, $this->password, self::OPENSSL_RAW_DATA, self::IV);
if ($decrypted === false) {
throw new \Exception('[ERROR] In EncryptedFilesystemStorage::dataDecrypt(): Could not decrypt data "' . $data . '". OpenSSL error(s) are: "' . $this->getOpenSslErrors() . '".');
}
return $decrypted;
}
/**
* ### Decrypts the given value with the application key
*
* @param $value
* @return string
*/
public static function decrypt($value)
{
$key = getenv('APP_KEY');
$value = base64_decode($value);
$explode = explode('|', $value);
$dec = openssl_decrypt($explode[1], 'aes128', $key, 0, $explode[0]);
return $dec;
}
function encrypt_decrypt($action, $string)
{
////Codigo tomado de https://naveensnayak.wordpress.com/2013/03/12/simple-php-encrypt-and-decrypt///////
$output = false;
//variable que guarda el resultado de la encriptacion
$encrypt_method = "AES-256-CBC";
//se define el tipo de encriptacion a utilizar
$secret_key = '23187SJAE382EJQW!2DSA';
$secret_iv = '9IEJWQDJE3-123.DASW1';
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
//se verifica que tipo de accion se va a realizar
if ($action == 'encrypt') {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else {
if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
return $output;
//devuelve el resultado de la operacion
}
