/** * @param string $secretKey * @throws CM_Exception_Invalid */ private function _validateKey($secretKey) { $keySize = strlen($secretKey); $validKeySizes = mcrypt_module_get_supported_key_sizes(MCRYPT_RIJNDAEL_128); if (!in_array($keySize, $validKeySizes, true)) { throw new CM_Exception_Invalid('Invalid key size'); } }
public function setKey($key) { if ($this->api === 0) { $keysizes = mcrypt_module_get_supported_key_sizes($this->encoding, $this->mode); sort($keysizes); $keysize = end($keysizes); foreach ($keysizes as $keysize) { if ($keysize > strlen($key)) { break; } } $this->key = str_pad(substr($key, 0, $keysize), $keysize, ""); } else { $this->key = $key; } }
/** * Checks if a key is valid for {@link cryptAlgorithm}. * @param string $key the key to check * @return boolean the validation result * @throws CException if the supported key lengths of the cipher are unknown */ protected function validateEncryptionKey($key) { if (is_string($key)) { $supportedKeyLengths = mcrypt_module_get_supported_key_sizes($this->cryptAlgorithm); if ($supportedKeyLengths) { if (!in_array($this->strlen($key), $supportedKeyLengths)) { throw new CException(Yii::t('yii', 'Encryption key length can be {keyLengths}.', array('{keyLengths}' => implode(',', $supportedKeyLengths)))); } } elseif (isset(self::$encryptionKeyMinimumLengths[$this->cryptAlgorithm])) { $minLength = self::$encryptionKeyMinimumLengths[$this->cryptAlgorithm]; $maxLength = mcrypt_module_get_algo_key_size($this->cryptAlgorithm); if ($this->strlen($key) < $minLength || $this->strlen($key) > $maxLength) { throw new CException(Yii::t('yii', 'Encryption key length must be between {minLength} and {maxLength}.', array('{minLength}' => $minLength, '{maxLength}' => $maxLength))); } } else { throw new CException(Yii::t('yii', 'Failed to validate key. Supported key lengths of cipher not known.')); } } else { throw new CException(Yii::t('yii', 'Encryption key should be a string.')); } }
/** * Set the encryption key * If the key is longer than maximum supported, it will be truncated by getKey(). * * @param string $key * @throws Exception\InvalidArgumentException * @return Mcrypt */ public function setKey($key) { $keyLen = strlen($key); if (!$keyLen) { throw new Exception\InvalidArgumentException('The key cannot be empty'); } $keySizes = mcrypt_module_get_supported_key_sizes($this->supportedAlgos[$this->algo]); $maxKey = $this->getKeySize(); /* * blowfish has $keySizes empty, meaning it can have arbitrary key length. * the others are more picky. */ if (!empty($keySizes) && $keyLen < $maxKey) { if (!in_array($keyLen, $keySizes)) { throw new Exception\InvalidArgumentException("The size of the key must be one of " . implode(", ", $keySizes) . " bytes or longer"); } } $this->key = $key; return $this; }
/** * @return array */ public function getSupportedKeySizes() { return mcrypt_module_get_supported_key_sizes($this->getAlgorithm()); }
<?php var_dump(mcrypt_module_get_supported_key_sizes(MCRYPT_RIJNDAEL_256)); var_dump(mcrypt_module_get_supported_key_sizes(MCRYPT_RC2));
/** * Checks whether the given arguments are good to be used for encryption/decryption. * * @param string $cipher * @param binary $key * @param string $operationMode * @param bool $strict Whether to true exceptions upon failure. Defaults to false. * @throws Exception * @return bool */ public static function isCipherable($cipher, $key, $operationMode, $strict = false) { // Check whether the cipher is supported. $supportedCiphers = self::getSupportedCiphers(); if (in_array($cipher, $supportedCiphers) === false) { if ($strict === true) { throw new Exception("The cipher '{$cipher}' is not supported on this system. The following is a list of supported ciphers: " . implode(', ', $supportedCiphers)); } return false; } // Check whether the block mode is supported. $supportedModes = self::getSupportedModes(); if (in_array($operationMode, $supportedModes) === false) { if ($strict === true) { throw new Exception("The block mode '{$operationMode}' is not supported on this system. The following is a list of supported operation modes: " . implode(', ', $supportedModes)); } return false; } // We discourage ECB. if ($operationMode === 'ecb') { trigger_error("You should not use 'ecb' as your block mode due to its low strength.", E_USER_WARNING); } // Make sure the key size is okay. $supportedKeySizes = mcrypt_module_get_supported_key_sizes($cipher); $keySize = strlen((string) $key); if (in_array($keySize, $supportedKeySizes) === false) { if ($strict === true) { throw new Exception("The cipher '{$cipher}' does not support a key size of '{$keySize}'. The following is a list of supported key sizes for '{$cipher}': " . implode(', ', $supportedKeySizes)); } return false; } // Make sure the person is not mixing non-block cipher modes with block ciphers and vice versa. if (mcrypt_module_is_block_algorithm($cipher) === true) { // He must be using also a block algorithm mode. if (mcrypt_module_is_block_algorithm_mode($operationMode) === false) { if ($strict === true) { throw new Exception("You cannot encrypt with a block algorithm like '{$cipher}' using a non-block algorithm mode '{$operationMode}'."); } return false; } } else { // He must be using a non-block algorithm mode. if (mcrypt_module_is_block_algorithm_mode($operationMode) === true) { if ($strict === true) { throw new Exception("You cannot encrypt with a non-block algorithm like '{$cipher}' using a block algorithm mode '{$operationMode}'."); } return false; } } }
/** * Return all supported key sizes for current cipher * * @return array */ public function supportedKeySizes() { return mcrypt_module_get_supported_key_sizes($this->cipher_algorithm); }
$key = substr(md5("very secret key"), 0, $ks); mcrypt_generic_init($td, $key, $iv); $encrypted = mcrypt_generic($td, "This is very important data"); VERIFY($encrypted !== "This is very important data"); mcrypt_generic_deinit($td); mcrypt_generic_init($td, $key, $iv); $decrypted = mdecrypt_generic($td, $encrypted); mcrypt_generic_end($td); mcrypt_module_close($td); VS($decrypted, "This is very important data"); VERIFY(in_array("blowfish", mcrypt_list_algorithms())); VERIFY(in_array("cbc", mcrypt_list_modes())); VS(mcrypt_module_get_algo_block_size("blowfish"), 8); VS(mcrypt_module_get_algo_key_size("blowfish"), 56); VS(mcrypt_module_get_supported_key_sizes("blowfish"), array()); VS(mcrypt_module_get_supported_key_sizes("twofish"), array(16, 24, 32)); VS(mcrypt_module_is_block_algorithm_mode("cbc"), true); VS(mcrypt_module_is_block_algorithm("blowfish"), true); VS(mcrypt_module_is_block_mode("cbc"), true); VS(mcrypt_module_self_test(MCRYPT_RIJNDAEL_128), true); VS(mcrypt_module_self_test("bogus"), false); $text = "boggles the inivisble monkey will rule the world"; $key = "very secret key"; $iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $enc = mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv); VS(bin2hex($enc), "f522c62002fa16129c8576bcddc6dd0f7ea81991103ba42962d94c8bfff3ee660d53b187d7e989540abf5a729c2f7baf"); $crypttext = mcrypt_decrypt(MCRYPT_XTEA, $key, $enc, MCRYPT_MODE_ECB, $iv); VS($crypttext, $text); ////////////////////////////////////////////////////////////////////// $key = "123456789012345678901234567890123456789012345678901234567890";