/** * @param string $value * @return string */ public function transform($value) { $this->updateSalt(); $value = $this->crypt->encrypt($value); if (!$this->getBinary()) { $value = bin2hex($value); } return $value; }
/** * Encrypt then authenticate using HMAC * * @param string $data * @return string * @throws Exception\InvalidArgumentException */ public function encrypt($data) { if (empty($data)) { throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty'); } if (empty($this->key)) { throw new Exception\InvalidArgumentException('No key specified for the encryption'); } if (empty($this->cipher)) { throw new Exception\InvalidArgumentException('No symmetric cipher specified'); } $keySize = $this->cipher->getKeySize(); $salt = $this->getSalt(); // generate a random salt (IV) if empty if (empty($salt)) { $salt = Rand::getBytes($this->cipher->getSaltSize(), true); } $this->cipher->setSalt($salt); // generate the encryption key and the HMAC key for the authentication $hash = Pbkdf2::calc(self::KEY_DERIV_HMAC, $this->getKey(), $this->cipher->getSalt(), $this->keyIteration, $keySize * 2); // set the encryption key $this->cipher->setKey(substr($hash, 0, $keySize)); // set the key for HMAC $keyHmac = substr($hash, $keySize); // encryption $ciphertext = $this->cipher->encrypt($data); // HMAC $hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext); if (!$this->binaryOutput) { $ciphertext = base64_encode($ciphertext); } return $hmac . $ciphertext; }
/** * Encrypt then authenticate using HMAC * * @param string $data * @return string * @throws Exception\InvalidArgumentException */ public function encrypt($data) { // 0 (as integer), 0.0 (as float) & '0' (as string) will return false, though these should be allowed if (!is_string($data) || $data === '') { throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty'); } if (empty($this->cipher)) { throw new Exception\InvalidArgumentException('No symmetric cipher specified'); } if (empty($this->key)) { throw new Exception\InvalidArgumentException('No key specified for the encryption'); } $keySize = $this->cipher->getKeySize(); // generate a random salt (IV) if the salt has not been set if (!$this->saltSetted) { $this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize(), true)); } // generate the encryption key and the HMAC key for the authentication $hash = Pbkdf2::calc(self::KEY_DERIV_HMAC, $this->getKey(), $this->getSalt(), $this->keyIteration, $keySize * 2); // set the encryption key $this->cipher->setKey(substr($hash, 0, $keySize)); // set the key for HMAC $keyHmac = substr($hash, $keySize); // encryption $ciphertext = $this->cipher->encrypt($data); // HMAC $hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext); if (!$this->binaryOutput) { $ciphertext = base64_encode($ciphertext); } return $hmac . $ciphertext; }
/** * Encrypt then authenticate a file using HMAC * * @param string $fileIn * @param string $fileOut * @return bool * @throws Exception\InvalidArgumentException */ public function encrypt($fileIn, $fileOut) { $this->checkFileInOut($fileIn, $fileOut); if (empty($this->key)) { throw new Exception\InvalidArgumentException('No key specified for encryption'); } $read = fopen($fileIn, "r"); $write = fopen($fileOut, "w"); $iv = Rand::getBytes($this->cipher->getSaltSize(), true); $keys = Pbkdf2::calc($this->getPbkdf2HashAlgorithm(), $this->getKey(), $iv, $this->getKeyIteration(), $this->cipher->getKeySize() * 2); $hmac = ''; $size = 0; $tot = filesize($fileIn); $padding = $this->cipher->getPadding(); $this->cipher->setKey(substr($keys, 0, $this->cipher->getKeySize())); $this->cipher->setPadding(new Symmetric\Padding\NoPadding()); $this->cipher->setSalt($iv); $this->cipher->setMode('cbc'); $hashAlgo = $this->getHashAlgorithm(); $saltSize = $this->cipher->getSaltSize(); $algorithm = $this->cipher->getAlgorithm(); $keyHmac = substr($keys, $this->cipher->getKeySize()); while ($data = fread($read, self::BUFFER_SIZE)) { $size += strlen($data); // Padding if last block if ($size == $tot) { $this->cipher->setPadding($padding); } $result = $this->cipher->encrypt($data); if ($size <= self::BUFFER_SIZE) { // Write a placeholder for the HMAC and write the IV fwrite($write, str_repeat(0, Hmac::getOutputSize($hashAlgo))); } else { $result = substr($result, $saltSize); } $hmac = Hmac::compute($keyHmac, $hashAlgo, $algorithm . $hmac . $result); $this->cipher->setSalt(substr($result, -1 * $saltSize)); if (fwrite($write, $result) !== strlen($result)) { return false; } } $result = true; // write the HMAC at the beginning of the file fseek($write, 0); if (fwrite($write, $hmac) !== strlen($hmac)) { $result = false; } fclose($write); fclose($read); return $result; }
/** * Encrypt then authenticate using HMAC * * @param string $data * @return string * @throws Exception\InvalidArgumentException */ public function encrypt($data) { // 0 (as integer), 0.0 (as float) & '0' (as string) will return false, though these should be allowed // Must be a string, integer, or float in order to encrypt if (is_string($data) && $data === '' || is_array($data) || is_object($data)) { throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty'); } // Cast to string prior to encrypting if (!is_string($data)) { $data = (string) $data; } if (empty($this->cipher)) { throw new Exception\InvalidArgumentException('No symmetric cipher specified'); } if (empty($this->key)) { throw new Exception\InvalidArgumentException('No key specified for the encryption'); } $keySize = $this->cipher->getKeySize(); // generate a random salt (IV) if the salt has not been set if (!$this->saltSetted) { $this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize())); } // generate the encryption key and the HMAC key for the authentication $hash = Pbkdf2::calc($this->getPbkdf2HashAlgorithm(), $this->getKey(), $this->getSalt(), $this->keyIteration, $keySize * 2); // set the encryption key $this->cipher->setKey(mb_substr($hash, 0, $keySize, '8bit')); // set the key for HMAC $keyHmac = mb_substr($hash, $keySize, null, '8bit'); // encryption $ciphertext = $this->cipher->encrypt($data); // HMAC $hmac = Hmac::compute($keyHmac, $this->hash, $this->cipher->getAlgorithm() . $ciphertext); if (!$this->binaryOutput) { $ciphertext = base64_encode($ciphertext); } return $hmac . $ciphertext; }
/** * {@inheritdoc} */ public function verify($plain, $hashed) { return hash_equals($this->symmetric->encrypt($plain), $hashed); }