function encrypt_message($plaintext, $asym_key, $key_length = 150)
{
$rsa = new Crypt_RSA();
$rij = new Crypt_Rijndael();
// Generate Random Symmetric Key
$sym_key = crypt_random_string($key_length);
// Encrypt Message with new Symmetric Key
$rij->setKey($sym_key);
$ciphertext = $rij->encrypt($plaintext);
$ciphertext = base64_encode($ciphertext);
// Encrypted the Symmetric Key with the Asymmetric Key
$rsa->loadKey($asym_key);
$sym_key = $rsa->encrypt($sym_key);
// Base 64 encode the symmetric key for transport
$sym_key = base64_encode($sym_key);
$len = strlen($sym_key);
// Get the length
$len = dechex($len);
// The first 3 bytes of the message are the key length
$len = str_pad($len, 3, '0', STR_PAD_LEFT);
// Zero pad to be sure.
// Concatinate the length, the encrypted symmetric key, and the message
$message = $len . $sym_key . $ciphertext;
return $message;
}
public static function Crypto($text, $cipher, $key, $isEncrypt)
{
switch ($cipher) {
case 'DES':
$crypt = new Crypt_DES(CRYPT_DES_MODE_CBC);
$crypt->setKey($key);
$crypt->setIV($key);
if ($isEncrypt) {
return strtoupper(bin2hex($crypt->encrypt($text)));
} else {
return $crypt->decrypt(CryptoUtil::hex2bin($text));
}
break;
case 'AES-256':
$crypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_ECB);
$crypt->setKey($key);
if ($isEncrypt) {
return strtoupper(bin2hex($crypt->encrypt($text)));
} else {
return $crypt->decrypt(CryptoUtil::hex2bin($text));
}
break;
default:
break;
}
return "ERROR";
}
/**
* @param null|string $input
* @return string
*/
public function generateKey($input = NULL)
{
$text = $input === NULL ? $this->username . ';' . date('d/m/Y H:i:s') . ';' . $this->ip : $input;
$cipher = new \Crypt_Rijndael();
$cipher->setKeyLength(256);
$cipher->setBlockLength(128);
$cipher->setKey(base64_decode($this->key));
$cipher->setIV(base64_decode($this->iv));
return base64_encode($cipher->encrypt($text));
}
/**
* @group github451
*/
public function testKeyPaddingRijndael()
{
// this test case is from the following URL:
// https://web.archive.org/web/20070209120224/http://fp.gladman.plus.com/cryptography_technology/rijndael/aesdvec.zip
$aes = new Crypt_Rijndael();
$aes->disablePadding();
$aes->setKey(pack('H*', '2b7e151628aed2a6abf7158809cf4f3c762e7160'));
// 160-bit key. Valid in Rijndael.
$ciphertext = $aes->encrypt(pack('H*', '3243f6a8885a308d313198a2e0370734'));
$this->assertEquals($ciphertext, pack('H*', '231d844639b31b412211cfe93712b880'));
}
/**
* Encrypt the OAuth token
* @param \stdClass $token Serialized token object
* @return string
*/
public function encrypt($token)
{
// Encryption: we always use phpseclib for this
global $updraftplus;
$updraftplus->ensure_phpseclib('Crypt_AES', 'Crypt/AES');
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
if (!function_exists('crypt_random_string')) {
require_once UPDRAFTPLUS_DIR . '/includes/phpseclib/Crypt/Random.php';
}
$iv = crypt_random_string(self::IV_SIZE);
// Defaults to CBC mode
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($this->key);
$rijndael->setIV($iv);
$cipherText = $rijndael->encrypt($token);
return base64_encode($iv . $cipherText);
}
/**
* Encrypts a message.
*
* $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the
* same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
* URL:
*
* {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
*
* An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
* strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that
* length.
*
* @see Crypt_AES::decrypt()
* @access public
* @param String $plaintext
*/
function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$this->_mcryptSetup();
$plaintext = $this->_pad($plaintext);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, $this->mcrypt[0], $this->mode, $this->mcrypt[1]);
mcrypt_generic_init($td, $this->key, $this->encryptIV);
$ciphertext = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
if ($this->continuousBuffer) {
$this->encryptIV = substr($ciphertext, -16);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
/**
* Encrypts a message.
*
* $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the
* same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
* URL:
*
* {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
*
* An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
* strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that
* length.
*
* @see Crypt_AES::decrypt()
* @access public
* @param String $plaintext
*/
function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$this->_mcryptSetup();
/*
if ($this->mode == CRYPT_AES_MODE_CTR) {
$iv = $this->encryptIV;
$xor = mcrypt_generic($this->enmcrypt, $this->_generate_xor(strlen($plaintext), $iv));
$ciphertext = $plaintext ^ $xor;
if ($this->continuousBuffer) {
$this->encryptIV = $iv;
}
return $ciphertext;
}
*/
if ($this->mode != 'ctr') {
$plaintext = $this->_pad($plaintext);
}
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
if (!$this->continuousBuffer) {
mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
public function encrypt_message($plaintext, $use_key = false, $key_length = 150)
{
if (!$use_key && !$this->key_local) {
throw new Exception('No encryption key has been set');
}
if (!$use_key) {
$use_key = $this->key_local;
}
$this->ensure_crypto_loaded();
$rsa = new Crypt_RSA();
$rij = new Crypt_Rijndael();
// Generate Random Symmetric Key
$sym_key = crypt_random_string($key_length);
// Encrypt Message with new Symmetric Key
$rij->setKey($sym_key);
$ciphertext = $rij->encrypt($plaintext);
$ciphertext = base64_encode($ciphertext);
// Encrypted the Symmetric Key with the Asymmetric Key
$rsa->loadKey($use_key);
$sym_key = $rsa->encrypt($sym_key);
// Base 64 encode the symmetric key for transport
$sym_key = base64_encode($sym_key);
$len = str_pad(dechex(strlen($sym_key)), 3, '0', STR_PAD_LEFT);
// Zero pad to be sure.
// 16 characters of hex is enough for the payload to be to 16 exabytes (giga < tera < peta < exa) of data
$cipherlen = str_pad(dechex(strlen($ciphertext)), 16, '0', STR_PAD_LEFT);
// Concatenate the length, the encrypted symmetric key, and the message
return $len . $sym_key . $cipherlen . $ciphertext;
}
/**
* Encrypts a message.
*
* $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the
* same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
* URL:
*
* {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
*
* An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
* strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that
* length.
*
* @see Crypt_AES::decrypt()
* @access public
* @param String $plaintext
*/
function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$changed = $this->changed;
$this->_mcryptSetup();
/*
if ($this->mode == CRYPT_AES_MODE_CTR) {
$iv = $this->encryptIV;
$xor = mcrypt_generic($this->enmcrypt, $this->_generate_xor(strlen($plaintext), $iv));
$ciphertext = $plaintext ^ $xor;
if ($this->continuousBuffer) {
$this->encryptIV = $iv;
}
return $ciphertext;
}
*/
// re: http://phpseclib.sourceforge.net/cfb-demo.phps
// using mcrypt's default handing of CFB the above would output two different things. using phpseclib's
// rewritten CFB implementation the above outputs the same thing twice.
if ($this->mode == 'ncfb') {
if ($changed) {
$this->ecb = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($this->ecb, $this->key, "");
}
if (strlen($this->enbuffer)) {
$ciphertext = $plaintext ^ substr($this->encryptIV, strlen($this->enbuffer));
$this->enbuffer .= $ciphertext;
if (strlen($this->enbuffer) == 16) {
$this->encryptIV = $this->enbuffer;
$this->enbuffer = '';
mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
}
$plaintext = substr($plaintext, strlen($ciphertext));
} else {
$ciphertext = '';
}
$last_pos = strlen($plaintext) & 0xfffffff0;
$ciphertext .= $last_pos ? mcrypt_generic($this->enmcrypt, substr($plaintext, 0, $last_pos)) : '';
if (strlen($plaintext) & 0xf) {
if (strlen($ciphertext)) {
$this->encryptIV = substr($ciphertext, -16);
}
$this->encryptIV = mcrypt_generic($this->ecb, $this->encryptIV);
$this->enbuffer = substr($plaintext, $last_pos) ^ $this->encryptIV;
$ciphertext .= $this->enbuffer;
}
return $ciphertext;
}
if ($this->paddable) {
$plaintext = $this->_pad($plaintext);
}
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
if (!$this->continuousBuffer) {
mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
public function encrypt_message($plaintext, $use_key = false, $key_length = 32)
{
if (!$use_key) {
if ($this->format == 1) {
if (!$this->key_local) {
throw new Exception('No encryption key has been set');
}
$use_key = $this->key_local;
} else {
if (!$this->key_remote) {
throw new Exception('No encryption key has been set');
}
$use_key = $this->key_remote;
}
}
$this->ensure_crypto_loaded();
$rsa = new Crypt_RSA();
if (defined('UDRPC_PHPSECLIB_ENCRYPTION_MODE')) {
$rsa->setEncryptionMode(UDRPC_PHPSECLIB_ENCRYPTION_MODE);
}
$rij = new Crypt_Rijndael();
// Generate Random Symmetric Key
$sym_key = crypt_random_string($key_length);
if ($this->debug) {
$this->log('Unencrypted symmetric key (hex): ' . bin2hex($sym_key));
}
// Encrypt Message with new Symmetric Key
$rij->setKey($sym_key);
$ciphertext = $rij->encrypt($plaintext);
if ($this->debug) {
$this->log('Encrypted ciphertext (hex): ' . bin2hex($ciphertext));
}
$ciphertext = base64_encode($ciphertext);
// Encrypt the Symmetric Key with the Asymmetric Key
$rsa->loadKey($use_key);
$sym_key = $rsa->encrypt($sym_key);
if ($this->debug) {
$this->log('Encrypted symmetric key (hex): ' . bin2hex($sym_key));
}
// Base 64 encode the symmetric key for transport
$sym_key = base64_encode($sym_key);
if ($this->debug) {
$this->log('Encrypted symmetric key (b64): ' . $sym_key);
}
$len = str_pad(dechex(strlen($sym_key)), 3, '0', STR_PAD_LEFT);
// Zero pad to be sure.
// 16 characters of hex is enough for the payload to be to 16 exabytes (giga < tera < peta < exa) of data
$cipherlen = str_pad(dechex(strlen($ciphertext)), 16, '0', STR_PAD_LEFT);
// Concatenate the length, the encrypted symmetric key, and the message
return $len . $sym_key . $cipherlen . $ciphertext;
}
/**
* Encrypts a message.
*
* $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the
* same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following
* URL:
*
* {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html}
*
* An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does.
* strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that
* length.
*
* @see Crypt_AES::decrypt()
* @access public
* @param String $plaintext
*/
function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$this->_mcryptSetup();
// re: http://phpseclib.sourceforge.net/cfb-demo.phps
// using mcrypt's default handing of CFB the above would output two different things. using phpseclib's
// rewritten CFB implementation the above outputs the same thing twice.
if ($this->mode == 'ncfb' && $this->continuousBuffer) {
$iv =& $this->encryptIV;
$pos =& $this->enbuffer['pos'];
$len = strlen($plaintext);
$ciphertext = '';
$i = 0;
if ($pos) {
$orig_pos = $pos;
$max = 16 - $pos;
if ($len >= $max) {
$i = $max;
$len -= $max;
$pos = 0;
} else {
$i = $len;
$pos += $len;
$len = 0;
}
$ciphertext = substr($iv, $orig_pos) ^ $plaintext;
$iv = substr_replace($iv, $ciphertext, $orig_pos, $i);
$this->enbuffer['enmcrypt_init'] = true;
}
if ($len >= 16) {
if ($this->enbuffer['enmcrypt_init'] === false || $len > 280) {
if ($this->enbuffer['enmcrypt_init'] === true) {
mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
$this->enbuffer['enmcrypt_init'] = false;
}
$ciphertext .= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % 16));
$iv = substr($ciphertext, -16);
$len %= 16;
} else {
while ($len >= 16) {
$iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, 16);
$ciphertext .= $iv;
$len -= 16;
$i += 16;
}
}
}
if ($len) {
$iv = mcrypt_generic($this->ecb, $iv);
$block = $iv ^ substr($plaintext, -$len);
$iv = substr_replace($iv, $block, 0, $len);
$ciphertext .= $block;
$pos = $len;
}
return $ciphertext;
}
if ($this->paddable) {
$plaintext = $this->_pad($plaintext);
}
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
if (!$this->continuousBuffer) {
mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
public function encrypt($plaintext)
{
if (CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT) {
$this->_mcryptSetup();
if ($this->mode == 'ncfb' && $this->continuousBuffer) {
$iv =& $this->encryptIV;
$pos =& $this->enbuffer['pos'];
$len = strlen($plaintext);
$ciphertext = '';
$i = 0;
if ($pos) {
$orig_pos = $pos;
$max = 16 - $pos;
if ($max <= $len) {
$i = $max;
$len -= $max;
$pos = 0;
} else {
$i = $len;
$pos += $len;
$len = 0;
}
$ciphertext = substr($iv, $orig_pos) ^ $plaintext;
$iv = substr_replace($iv, $ciphertext, $orig_pos, $i);
$this->enbuffer['enmcrypt_init'] = true;
}
if (16 <= $len) {
if ($this->enbuffer['enmcrypt_init'] === false || 280 < $len) {
if ($this->enbuffer['enmcrypt_init'] === true) {
mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
$this->enbuffer['enmcrypt_init'] = false;
}
$ciphertext .= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % 16));
$iv = substr($ciphertext, -16);
$len %= 16;
} else {
while (16 <= $len) {
$iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, 16);
$ciphertext .= $iv;
$len -= 16;
$i += 16;
}
}
}
if ($len) {
$iv = mcrypt_generic($this->ecb, $iv);
$block = $iv ^ substr($plaintext, 0 - $len);
$iv = substr_replace($iv, $block, 0, $len);
$ciphertext .= $block;
$pos = $len;
}
return $ciphertext;
}
if ($this->paddable) {
$plaintext = $this->_pad($plaintext);
}
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
if (!$this->continuousBuffer) {
mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv);
}
return $ciphertext;
}
return parent::encrypt($plaintext);
}
private function encrypt($fullpath, $key, $rformat = 'inline')
{
global $updraftplus;
if (!function_exists('mcrypt_encrypt')) {
$updraftplus->log(sprintf(__('Your web-server does not have the %s module installed.', 'updraftplus'), 'PHP/mcrypt') . ' ' . __('Without it, encryption will be a lot slower.', 'updraftplus'), 'warning', 'nomcrypt');
}
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
if ('inline' === $rformat) {
return $rijndael->encrypt(file_get_contents($fullpath));
}
return false;
}
function osc_encrypt_alert($alert) {
$string = osc_genRandomPassword(32) . $alert;
osc_set_alert_private_key(); // renew private key and
osc_set_alert_public_key(); // public key
$key = hash("sha256", osc_get_alert_private_key(), true);
if(function_exists('mcrypt_module_open')) {
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$cipherText = '';
if (mcrypt_generic_init($cipher, $key, $key) != -1) {
$cipherText = mcrypt_generic($cipher, $string);
mcrypt_generic_deinit($cipher);
}
return $cipherText;
};
while (strlen($string) % 32 != 0) {
$string .= "\0";
}
require_once LIB_PATH . 'phpseclib/Crypt/Rijndael.php';
$cipher = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CBC);
$cipher->disablePadding();
$cipher->setBlockLength(256);
$cipher->setKey($key);
$cipher->setIV($key);
return $cipher->encrypt($string);
}
function encrypt_file($file)
{
$encryption = UpdraftPlus_Options::get_updraft_option('updraft_encryptionphrase');
if (strlen($encryption) > 0) {
$this->log("{$file}: applying encryption");
$encryption_error = 0;
$microstart = microtime(true);
require_once UPDRAFTPLUS_DIR . '/includes/phpseclib/Crypt/Rijndael.php';
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($encryption);
$updraft_dir = $this->backups_dir_location();
$file_size = @filesize($updraft_dir . '/' . $file) / 1024;
if (false === file_put_contents($updraft_dir . '/' . $file . '.crypt', $rijndael->encrypt(file_get_contents($updraft_dir . '/' . $file)))) {
$encryption_error = 1;
}
if (0 == $encryption_error) {
$time_taken = max(1.0E-6, microtime(true) - $microstart);
$this->log("{$file}: encryption successful: " . round($file_size, 1) . "Kb in " . round($time_taken, 1) . "s (" . round($file_size / $time_taken, 1) . "Kb/s)");
# Delete unencrypted file
@unlink($updraft_dir . '/' . $file);
return basename($file . '.crypt');
} else {
$this->log("Encryption error occurred when encrypting database. Encryption aborted.");
$this->log(__("Encryption error occurred when encrypting database. Encryption aborted.", 'updraftplus'), 'error');
return basename($file);
}
} else {
return basename($file);
}
}
function encrypt($fullpath, $key, $rformat = 'inline')
{
if (!function_exists('mcrypt_encrypt')) {
$this->log(sprintf(__('Your web-server does not have the %s module installed.', 'updraftplus'), 'mcrypt') . ' ' . __('Without it, encryption will be a lot slower.', 'updraftplus'), 'warning', 'nomcrypt');
}
if ($this->have_addons < 10) {
$this->log(__("A future release of UpdraftPlus will move the encryption feature into an add-on (and add more features to it).", 'updraftplus') . ' ' . sprintf(__('See: %s', 'updraftplus'), 'http://updraftplus.com/next-updraftplus-release-ready-testing/'), 'warning', 'needpremiumforcrypt');
}
$this->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
if ('inline' === $rformat) {
return $rijndael->encrypt(file_get_contents($fullpath));
}
}
/**
*
* Encrypts given value, with given key, and hex encodes it before
* returning.
*
* Compatible with mysql: "hex(aes_encrypt($val, $key))
*
* @param string $val - value to encrypt
* @param string $ky - key
* @return string encrypted value
*/
public function encrypt($val, $key)
{
if (empty($val)) {
return $val;
}
$mysqlKey = "";
for ($a = 0; $a < strlen($key); $a++) {
$mysqlKey[$a % 16] = chr(ord($mysqlKey[$a % 16]) ^ ord($key[$a]));
}
$aes = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_ECB);
$aes->setKeyLength(128);
$aes->setBlockLength(128);
$aes->setKey($mysqlKey);
$encrypt = $aes->encrypt($val);
$encrypt = strtoupper(bin2hex($encrypt));
return $encrypt;
}
