-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsimple_encrypt.module.php
128 lines (105 loc) · 4.15 KB
/
simple_encrypt.module.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
if(!function_exists('hash_equals')) {
function hash_equals($str1, $str2) {
if(strlen($str1) != strlen($str2)) {
return false;
} else {
$res = $str1 ^ $str2;
$ret = 0;
for($i = strlen($res) - 1; $i >= 0; $i--) {
$ret |= ord($res[$i]);
}
return !$ret;
}
}
}
class SimpleEncrypt {
public static function isEncryptSupported() {
$functions = array('openssl_cipher_iv_length');
foreach($functions as $eachFunction) {
if(!function_exists($eachFunction)) {
return false;
}
}
return true;
}
public static function getEncryptDetail($plaintext, $key, $iv = null) {
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
if(!$iv) {
$iv = openssl_random_pseudo_bytes($ivlen);
}
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$data = new stdClass;
$data->iv = $iv;
$data->cipher = $ciphertext_raw;
$data->raw = base64_encode( $iv.$hmac.$ciphertext_raw);
return $data;
}
public static function getEncrypt($plaintext, $key, $encode_base64 = true) {
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = $encode_base64 ? base64_encode( $iv.$hmac.$ciphertext_raw ) : $iv.$hmac.$ciphertext_raw;
return $ciphertext;
}
public static function getDecrypt($ciphertext, $key) {
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
//PHP 5.6+ timing attack safe comparison
if (hash_equals($hmac, $calcmac)) {
return $original_plaintext;
}
return null;
}
private static function savePassword($password) {
file_put_contents(self::getPathname().'__password.php', '<?php exit(); /*'.$password.'*/');
}
public static function getRandomStr($len = 8) {
$chrs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$chrsLen = strlen($chrs);
$randomString = '';
for ($i = 0; $i < $len; $i++) {
$randomString .= $chrs[rand(0, $chrsLen - 1)];
}
return $randomString;
}
private static function getPathname() {
$file_server_path = realpath(__FILE__);
return str_replace(basename(__FILE__), "", $file_server_path);
}
public static function buildNewPassword() {
$password = self::getRandomStr();
self::savePassword($password);
if(self::getPassword() !== null) {
return $password;
}
return null;
}
public static function getPassword() {
$filepath = self::getPathname().'__password.php';
$regex = '/\<\?php\sexit\(\)\;\s\/\*(.*)\*\//';
if(file_exists($filepath)) {
$password = file_get_contents($filepath);
if($password) {
preg_match_all($regex, $password, $result);
if($result && isset($result[1]) && $result[1]) {
return $result[1][0];
}
}
}
return null;
}
public static function getBufferEncryptionKey($password, $handshake, $timestamp, $document_srl, $file_srl, $ip) {
return md5($handshake.$timestamp.$document_srl.$file_srl.$ip.$password, true);
}
public static function getBufferPublicKey($password, $handshake) {
return sha1($handshake.$password, true);
}
}