/**
* @param string $secretKey
* @throws CM_Exception_Invalid
*/
private function _validateKey($secretKey)
{
$keySize = strlen($secretKey);
$validKeySizes = mcrypt_module_get_supported_key_sizes(MCRYPT_RIJNDAEL_128);
if (!in_array($keySize, $validKeySizes, true)) {
throw new CM_Exception_Invalid('Invalid key size');
}
}
public function setKey($key)
{
if ($this->api === 0) {
$keysizes = mcrypt_module_get_supported_key_sizes($this->encoding, $this->mode);
sort($keysizes);
$keysize = end($keysizes);
foreach ($keysizes as $keysize) {
if ($keysize > strlen($key)) {
break;
}
}
$this->key = str_pad(substr($key, 0, $keysize), $keysize, "");
} else {
$this->key = $key;
}
}
/**
* Checks if a key is valid for {@link cryptAlgorithm}.
* @param string $key the key to check
* @return boolean the validation result
* @throws CException if the supported key lengths of the cipher are unknown
*/
protected function validateEncryptionKey($key)
{
if (is_string($key)) {
$supportedKeyLengths = mcrypt_module_get_supported_key_sizes($this->cryptAlgorithm);
if ($supportedKeyLengths) {
if (!in_array($this->strlen($key), $supportedKeyLengths)) {
throw new CException(Yii::t('yii', 'Encryption key length can be {keyLengths}.', array('{keyLengths}' => implode(',', $supportedKeyLengths))));
}
} elseif (isset(self::$encryptionKeyMinimumLengths[$this->cryptAlgorithm])) {
$minLength = self::$encryptionKeyMinimumLengths[$this->cryptAlgorithm];
$maxLength = mcrypt_module_get_algo_key_size($this->cryptAlgorithm);
if ($this->strlen($key) < $minLength || $this->strlen($key) > $maxLength) {
throw new CException(Yii::t('yii', 'Encryption key length must be between {minLength} and {maxLength}.', array('{minLength}' => $minLength, '{maxLength}' => $maxLength)));
}
} else {
throw new CException(Yii::t('yii', 'Failed to validate key. Supported key lengths of cipher not known.'));
}
} else {
throw new CException(Yii::t('yii', 'Encryption key should be a string.'));
}
}
/**
* Set the encryption key
* If the key is longer than maximum supported, it will be truncated by getKey().
*
* @param string $key
* @throws Exception\InvalidArgumentException
* @return Mcrypt
*/
public function setKey($key)
{
$keyLen = strlen($key);
if (!$keyLen) {
throw new Exception\InvalidArgumentException('The key cannot be empty');
}
$keySizes = mcrypt_module_get_supported_key_sizes($this->supportedAlgos[$this->algo]);
$maxKey = $this->getKeySize();
/*
* blowfish has $keySizes empty, meaning it can have arbitrary key length.
* the others are more picky.
*/
if (!empty($keySizes) && $keyLen < $maxKey) {
if (!in_array($keyLen, $keySizes)) {
throw new Exception\InvalidArgumentException("The size of the key must be one of " . implode(", ", $keySizes) . " bytes or longer");
}
}
$this->key = $key;
return $this;
}
/**
* @return array
*/
public function getSupportedKeySizes()
{
return mcrypt_module_get_supported_key_sizes($this->getAlgorithm());
}
<?php var_dump(mcrypt_module_get_supported_key_sizes(MCRYPT_RIJNDAEL_256)); var_dump(mcrypt_module_get_supported_key_sizes(MCRYPT_RC2));
/**
* Checks whether the given arguments are good to be used for encryption/decryption.
*
* @param string $cipher
* @param binary $key
* @param string $operationMode
* @param bool $strict Whether to true exceptions upon failure. Defaults to false.
* @throws Exception
* @return bool
*/
public static function isCipherable($cipher, $key, $operationMode, $strict = false)
{
// Check whether the cipher is supported.
$supportedCiphers = self::getSupportedCiphers();
if (in_array($cipher, $supportedCiphers) === false) {
if ($strict === true) {
throw new Exception("The cipher '{$cipher}' is not supported on this system. The following is a list of supported ciphers: " . implode(', ', $supportedCiphers));
}
return false;
}
// Check whether the block mode is supported.
$supportedModes = self::getSupportedModes();
if (in_array($operationMode, $supportedModes) === false) {
if ($strict === true) {
throw new Exception("The block mode '{$operationMode}' is not supported on this system. The following is a list of supported operation modes: " . implode(', ', $supportedModes));
}
return false;
}
// We discourage ECB.
if ($operationMode === 'ecb') {
trigger_error("You should not use 'ecb' as your block mode due to its low strength.", E_USER_WARNING);
}
// Make sure the key size is okay.
$supportedKeySizes = mcrypt_module_get_supported_key_sizes($cipher);
$keySize = strlen((string) $key);
if (in_array($keySize, $supportedKeySizes) === false) {
if ($strict === true) {
throw new Exception("The cipher '{$cipher}' does not support a key size of '{$keySize}'. The following is a list of supported key sizes for '{$cipher}': " . implode(', ', $supportedKeySizes));
}
return false;
}
// Make sure the person is not mixing non-block cipher modes with block ciphers and vice versa.
if (mcrypt_module_is_block_algorithm($cipher) === true) {
// He must be using also a block algorithm mode.
if (mcrypt_module_is_block_algorithm_mode($operationMode) === false) {
if ($strict === true) {
throw new Exception("You cannot encrypt with a block algorithm like '{$cipher}' using a non-block algorithm mode '{$operationMode}'.");
}
return false;
}
} else {
// He must be using a non-block algorithm mode.
if (mcrypt_module_is_block_algorithm_mode($operationMode) === true) {
if ($strict === true) {
throw new Exception("You cannot encrypt with a non-block algorithm like '{$cipher}' using a block algorithm mode '{$operationMode}'.");
}
return false;
}
}
}
/**
* Return all supported key sizes for current cipher
*
* @return array
*/
public function supportedKeySizes()
{
return mcrypt_module_get_supported_key_sizes($this->cipher_algorithm);
}
$key = substr(md5("very secret key"), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$encrypted = mcrypt_generic($td, "This is very important data");
VERIFY($encrypted !== "This is very important data");
mcrypt_generic_deinit($td);
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $encrypted);
mcrypt_generic_end($td);
mcrypt_module_close($td);
VS($decrypted, "This is very important data");
VERIFY(in_array("blowfish", mcrypt_list_algorithms()));
VERIFY(in_array("cbc", mcrypt_list_modes()));
VS(mcrypt_module_get_algo_block_size("blowfish"), 8);
VS(mcrypt_module_get_algo_key_size("blowfish"), 56);
VS(mcrypt_module_get_supported_key_sizes("blowfish"), array());
VS(mcrypt_module_get_supported_key_sizes("twofish"), array(16, 24, 32));
VS(mcrypt_module_is_block_algorithm_mode("cbc"), true);
VS(mcrypt_module_is_block_algorithm("blowfish"), true);
VS(mcrypt_module_is_block_mode("cbc"), true);
VS(mcrypt_module_self_test(MCRYPT_RIJNDAEL_128), true);
VS(mcrypt_module_self_test("bogus"), false);
$text = "boggles the inivisble monkey will rule the world";
$key = "very secret key";
$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$enc = mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv);
VS(bin2hex($enc), "f522c62002fa16129c8576bcddc6dd0f7ea81991103ba42962d94c8bfff3ee660d53b187d7e989540abf5a729c2f7baf");
$crypttext = mcrypt_decrypt(MCRYPT_XTEA, $key, $enc, MCRYPT_MODE_ECB, $iv);
VS($crypttext, $text);
//////////////////////////////////////////////////////////////////////
$key = "123456789012345678901234567890123456789012345678901234567890";
