Пример #1
0
 /**
  * @return BlockCipher
  */
 private function getBlockCipher()
 {
     if ($this->block_cipher) {
         return $this->block_cipher;
     }
     $this->block_cipher = BlockCipher::factory('mcrypt', ['padding' => Mcrypt::DEFAULT_PADDING]);
     $this->block_cipher->setKey($this->crypto_key);
     return $this->block_cipher;
 }
Пример #2
0
 public function testDecryptAuthFail()
 {
     $this->blockCipher->setKey('test');
     $this->blockCipher->setKeyIteration(1000);
     $encrypted = $this->blockCipher->encrypt($this->plaintext);
     $this->assertTrue(!empty($encrypted));
     // tamper the encrypted data
     $encrypted = substr($encrypted, -1);
     $decrypted = $this->blockCipher->decrypt($encrypted);
     $this->assertTrue($decrypted === false);
 }
 /**
  * Decrypt using a private key
  *
  * @param string $msg
  * @param string $privateKey
  * @param string $passPhrase
  * @param string $id
  * @return string
  * @throws RuntimeException
  */
 public function decrypt($msg, $privateKey = null, $passPhrase = null, $id = null)
 {
     // get the session key
     list($encKeys, $ciphertext) = explode(';', $msg, 2);
     $keys = explode(':', $encKeys);
     $pos = array_search(base64_encode($id), $keys);
     if (false === $pos) {
         throw new Exception\RuntimeException("This private key cannot be used for decryption");
     }
     if (!$privateKey instanceof PrivateKey && !is_string($privateKey)) {
         throw new Exception\RuntimeException(sprintf("The private key must be a string in PEM format or an instance of %s", PrivateKey::class));
     }
     $privateKey = is_string($privateKey) ? new PrivateKey($privateKey, $passPhrase) : $privateKey;
     // decrypt the session key with privateKey
     $sessionKey = $this->rsa->decrypt(base64_decode($keys[$pos + 1]), $privateKey);
     // decrypt the plaintext with the blockcipher algorithm
     $this->bCipher->setKey($sessionKey);
     return $this->bCipher->decrypt($ciphertext, $sessionKey);
 }
Пример #4
0
 /**
  * This is a central function for encrypting and decrypting so that
  * logic is all in one location
  *
  * @param string $text    The text to be encrypted or decrypted
  * @param bool   $encrypt True if we wish to encrypt text, False if we wish to
  * decrypt text.
  *
  * @return string|bool    The encrypted/decrypted string
  * @throws \VuFind\Exception\PasswordSecurity
  */
 protected function encryptOrDecrypt($text, $encrypt = true)
 {
     // Ignore empty text:
     if (empty($text)) {
         return $text;
     }
     // Load encryption key from configuration if not already present:
     if (null === $this->encryptionKey) {
         if (!isset($this->config->Authentication->ils_encryption_key) || empty($this->config->Authentication->ils_encryption_key)) {
             throw new \VuFind\Exception\PasswordSecurity('ILS password encryption on, but no key set.');
         }
         $this->encryptionKey = $this->config->Authentication->ils_encryption_key;
     }
     // Perform encryption:
     $cipher = new BlockCipher(new Mcrypt(['algorithm' => 'blowfish']));
     $cipher->setKey($this->encryptionKey);
     return $encrypt ? $cipher->encrypt($text) : $cipher->decrypt($text);
 }
Пример #5
0
 public function __construct($key)
 {
     $this->cipher = BlockCipher::factory('mcrypt');
     $this->cipher->setKey($key);
 }
Пример #6
0
 /**
  * Convert hash algorithms
  * Expected parameters: oldmethod:oldkey (or none) newmethod:newkey
  *
  * @return \Zend\Console\Response
  */
 public function switchdbhashAction()
 {
     // Validate command line arguments:
     $argv = $this->consoleOpts->getRemainingArgs();
     if (count($argv) < 1) {
         Console::writeLine('Expected parameters: newmethod [newkey]');
         return $this->getFailureResponse();
     }
     // Pull existing encryption settings from the configuration:
     $config = $this->getConfig();
     if (!isset($config->Authentication->encrypt_ils_password) || !isset($config->Authentication->ils_encryption_key) || !$config->Authentication->encrypt_ils_password) {
         $oldhash = 'none';
         $oldkey = null;
     } else {
         $oldhash = isset($config->Authentication->ils_encryption_algo) ? $config->Authentication->ils_encryption_algo : 'blowfish';
         $oldkey = $config->Authentication->ils_encryption_key;
     }
     // Pull new encryption settings from arguments:
     $newhash = $argv[0];
     $newkey = isset($argv[1]) ? $argv[1] : $oldkey;
     // No key specified AND no key on file = fatal error:
     if ($newkey === null) {
         Console::writeLine('Please specify a key as the second parameter.');
         return $this->getFailureResponse();
     }
     // If no changes were requested, abort early:
     if ($oldkey == $newkey && $oldhash == $newhash) {
         Console::writeLine('No changes requested -- no action needed.');
         return $this->getSuccessResponse();
     }
     // Initialize Mcrypt first, so we can catch any illegal algorithms before
     // making any changes:
     try {
         if ($oldhash != 'none') {
             $oldCrypt = new Mcrypt(['algorithm' => $oldhash]);
         }
         $newCrypt = new Mcrypt(['algorithm' => $newhash]);
     } catch (\Exception $e) {
         Console::writeLine($e->getMessage());
         return $this->getFailureResponse();
     }
     // Next update the config file, so if we are unable to write the file,
     // we don't go ahead and make unwanted changes to the database:
     $configPath = ConfigLocator::getLocalConfigPath('config.ini', null, true);
     Console::writeLine("\tUpdating {$configPath}...");
     $writer = new ConfigWriter($configPath);
     $writer->set('Authentication', 'encrypt_ils_password', true);
     $writer->set('Authentication', 'ils_encryption_algo', $newhash);
     $writer->set('Authentication', 'ils_encryption_key', $newkey);
     if (!$writer->save()) {
         Console::writeLine("\tWrite failed!");
         return $this->getFailureResponse();
     }
     // Now do the database rewrite:
     $userTable = $this->getServiceLocator()->get('VuFind\\DbTablePluginManager')->get('User');
     $users = $userTable->select(function ($select) {
         $select->where->isNotNull('cat_username');
     });
     Console::writeLine("\tConverting hashes for " . count($users) . ' user(s).');
     foreach ($users as $row) {
         $pass = null;
         if ($oldhash != 'none' && isset($row['cat_pass_enc'])) {
             $oldcipher = new BlockCipher($oldCrypt);
             $oldcipher->setKey($oldkey);
             $pass = $oldcipher->decrypt($row['cat_pass_enc']);
         } else {
             $pass = $row['cat_password'];
         }
         $newcipher = new BlockCipher($newCrypt);
         $newcipher->setKey($newkey);
         $row['cat_password'] = null;
         $row['cat_pass_enc'] = $newcipher->encrypt($pass);
         $row->save();
     }
     // If we got this far, all went well!
     Console::writeLine("\tFinished.");
     return $this->getSuccessResponse();
 }
 /**
  * @param string $encryptionKey
  */
 public function __construct($encryptionKey)
 {
     $this->blockCipher = BlockCipher::factory('mcrypt', array('algo' => 'aes'));
     $this->blockCipher->setKey($encryptionKey);
 }
Пример #8
0
 /**
  * @param mixed $data data to be decrypted
  * @param mixed $key encryption key
  *
  * @return mixed|false
  */
 public function decrypt($data, $key)
 {
     return $this->zendCrypt->setKey($key)->decrypt($data);
 }