/** * encrypt() * * crypt a string */ function encrypt($decrypted, $personalSalt = "") { if (!isset($_SESSION['settings']['cpassman_dir']) || empty($_SESSION['settings']['cpassman_dir'])) { require_once '../includes/libraries/Encryption/PBKDF2/PasswordHash.php'; } else { require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Encryption/PBKDF2/PasswordHash.php'; } if (!empty($personalSalt)) { $staticSalt = $personalSalt; } else { $staticSalt = SALT; } //set our salt to a variable // Get 64 random bits for the salt for pbkdf2 $pbkdf2Salt = getBits(64); // generate a pbkdf2 key to use for the encryption. //$key = strHashPbkdf2($staticSalt, $pbkdf2Salt, ITCOUNT, 16, 'sha256', 32); $key = substr(pbkdf2('sha256', $staticSalt, $pbkdf2Salt, ITCOUNT, 16 + 32, true), 32, 16); // Build $iv and $ivBase64. We use a block size of 256 bits (AES compliant) // and CTR mode. (Note: ECB mode is inadequate as IV is not used.) $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 'ctr'), MCRYPT_RAND); //base64 trim if (strlen($ivBase64 = rtrim(base64_encode($iv), '=')) != 43) { return false; } // Encrypt $decrypted $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $decrypted, 'ctr', $iv); // MAC the encrypted text $mac = hash_hmac('sha256', $encrypted, $staticSalt); // We're done! return base64_encode($ivBase64 . $encrypted . $mac . $pbkdf2Salt); }
/** * encrypt() * * crypt a string */ function encrypt($decrypted, $personalSalt = "") { if (!empty($personalSalt)) { $staticSalt = $personalSalt; } else { $staticSalt = SALT; } //set our salt to a variable // Get 64 random bits for the salt for pbkdf2 $pbkdf2Salt = getBits(64); // generate a pbkdf2 key to use for the encryption. $key = strHashPbkdf2($staticSalt, $pbkdf2Salt, ITCOUNT, 16, 'sha256', 32); // Build $iv and $ivBase64. We use a block size of 256 bits (AES compliant) // and CTR mode. (Note: ECB mode is inadequate as IV is not used.) $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 'ctr'), MCRYPT_RAND); //base64 trim if (strlen($ivBase64 = rtrim(base64_encode($iv), '=')) != 43) { return false; } // Encrypt $decrypted $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $decrypted, 'ctr', $iv); // MAC the encrypted text $mac = hash_hmac('sha256', $encrypted, $staticSalt); // We're done! return base64_encode($ivBase64 . $encrypted . $mac . $pbkdf2Salt); }