/mod/turningtech/lib/helpers/EncryptionHelper.php

https://github.com/jarednipper/HSU-common-code · PHP · 271 lines · 149 code · 31 blank · 91 comment · 53 complexity · c8b796f383f6d0304f645c55a9c3f417 MD5 · raw file 

    

  1. <?php
    2. 

  2. /*******
    3. 

  3.  * Helper for support of encrypt/decryption-related functionality.
    4. 

  4.  * @author jacob
    5. 

  5.  * 
    6. 

  6.  * NOTE: callers which include/require this class MUST also include/require the following:
    7. 

  7.  * - [moodle root]/config.php
    8. 

  8.  * - mod/turningtech/lib.php
    9. 

  9.  **/
    10. 

  10. 

  11. /**
    12. 

  12.  * decrypt a single string for ResponseWare
    13. 

  13.  * @param $str the string to decrypt
    14. 

  14.  * @return string
    15. 

  15.  */
    16. 

  16. function decryptResponseWareString($str) {
    17. 

  17.   if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $str;
    18. 

  18.   $crunch = new TurningTechEncryptionHelper();
    19. 

  19.   $crunch->key = base64_decode( 'iZRKTcYfw9G2DGrdymD23w==' );
    20. 

  20.   $crunch->iv = base64_decode( 'DvNdhsQOmHhMn6ZESNTTlw==' );
    21. 

  21.   $crunch->mode = MCRYPT_MODE_CBC;
    22. 

  22.   $crunch->dobase64 = false;
    23. 

  23.   $crunch->doPKCS5 = true;
    24. 

  24.   return $crunch->decryptString( $str );
    25. 

  25. }
    26. 

  26. 

  27. /**
    28. 

  28.  * decrypt a list of strings for ResponseWare
    29. 

  29.  * @param $strings array
    30. 

  30.  * @return string array
    31. 

  31.  */
    32. 

  32. function decryptResponseWareStrings($strings) {
    33. 

  33.   if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $strings;
    34. 

  34.   for($i= 0; $i<count($strings); $i++) {
    35. 

  35.     $strings[$i] = decryptResponseWareString($strings[$i]);
    36. 

  36.   }
    37. 

  37.   return $strings;
    38. 

  38. }
    39. 

  39. 

  40. /**
    41. 

  41.  * encrypt a single string for ResponseWare
    42. 

  42.  * @param $str the string to encrypt
    43. 

  43.  * @return string
    44. 

  44.  */
    45. 

  45. function encryptResponseWareString($str) {
    46. 

  46.   if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $str;
    47. 

  47.   $crunch = new TurningTechEncryptionHelper();
    48. 

  48.   $crunch->key = base64_decode( 'iZRKTcYfw9G2DGrdymD23w==' );
    49. 

  49.   $crunch->iv = base64_decode( 'DvNdhsQOmHhMn6ZESNTTlw==' );
    50. 

  50.   $crunch->mode = MCRYPT_MODE_CBC;
    51. 

  51.   $crunch->dobase64 = false;
    52. 

  52.   $crunch->doPKCS5 = true;
    53. 

  53.   return $crunch->encryptString( $str );
    54. 

  54. }
    55. 

  55. 

  56. /**
    57. 

  57.  * encrypt a list of strings for ResponseWare
    58. 

  58.  * @param $strings array
    59. 

  59.  * @return string array
    60. 

  60.  */
    61. 

  61. function encryptResponseWareStrings($strings) {
    62. 

  62.   if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $strings;
    63. 

  63.   for($i= 0; $i<count($strings); $i++) {
    64. 

  64.     $strings[$i] = encryptResponseWareString($strings[$i]);
    65. 

  65.   }
    66. 

  66.   return $strings;
    67. 

  67. }
    68. 

  68. 

  69. 

  70. /**
    71. 

  71.  * decrypt a single string for Web Services
    72. 

  72.  * @param $str the string to decrypt
    73. 

  73.  * @return string
    74. 

  74.  */
    75. 

  75. function decryptWebServicesString($str) {
    76. 

  76.   if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $str;
    77. 

  77.   $crunch = new TurningTechEncryptionHelper();
    78. 

  78.   $crunch->key = base64_decode( 'Uepfjci/SJ7t+10kCtn2qA==' );
    79. 

  79.   $crunch->iv = $crunch->key;
    80. 

  80.   $crunch->mode = MCRYPT_MODE_ECB;
    81. 

  81.   return $crunch->decryptString( $str );
    82. 

  82. }
    83. 

  83. 

  84. /**
    85. 

  85.  * decrypt a list of strings for Web Services
    86. 

  86.  * @param $strings array
    87. 

  87.  * @return string array
    88. 

  88.  */
    89. 

  89. function decryptWebServicesStrings($strings) {
    90. 

  90.   if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $strings;
    91. 

  91.   for($i= 0; $i<count($strings); $i++) {
    92. 

  92.     $strings[$i] = decryptWebServicesString($strings[$i]);
    93. 

  93.   }
    94. 

  94.   return $strings;
    95. 

  95. }
    96. 

  96. 

  97. /**
    98. 

  98.  * encrypt a single string for Web Services
    99. 

  99.  * @param $str the string to encrypt
    100. 

  100.  * @return string
    101. 

  101.  */
    102. 

  102. function encryptWebServicesString($str) {
    103. 

  103.   if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $str;
    104. 

  104.   $crunch = new TurningTechEncryptionHelper();
    105. 

  105.   $crunch->key = base64_decode( 'Uepfjci/SJ7t+10kCtn2qA==' );
    106. 

  106.   $crunch->iv = $crunch->key;
    107. 

  107.   $crunch->mode = MCRYPT_MODE_ECB;
    108. 

  108.   return $crunch->encryptString( $str );
    109. 

  109. }
    110. 

  110. 

  111. /**
    112. 

  112.  * encrypt a list of strings for Web Services
    113. 

  113.  * @param $strings array
    114. 

  114.  * @return string array
    115. 

  115.  */
    116. 

  116. function encryptWebServicesStrings($strings) {
    117. 

  117.   if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $strings;
    118. 

  118.   for($i= 0; $i<count($strings); $i++) {
    119. 

  119.     $strings[$i] = encryptWebServicesString($strings[$i]);
    120. 

  120.   }
    121. 

  121.   return $strings;
    122. 

  122. }
    123. 

  123. 

  124. 

  125. /***
    126. 

  126.  * utility class that handles AES encryption/encoding
    127. 

  127.  */
    128. 

  128. class TurningTechEncryptionHelper {
    129. 

  129.   
    130. 

  130.   public $algorithm = MCRYPT_RIJNDAEL_128; // use MCRYPT_RIJNDAEL_128 for AES
    131. 

  131.   public $algorithm_directory = '';
    132. 

  132.   public $mode = MCRYPT_MODE_ECB;
    133. 

  133.   public $mode_directory = '';
    134. 

  134.   public $dobase64 = true;
    135. 

  135.   public $doPKCS5 = true;
    136. 

  136.   public $key = '';
    137. 

  137.   public $iv = ''; // NOTE: must be the same value for encrypt/decrypt
    138. 

  138.   
    139. 

  139.   const ENCRYPT = 1;
    140. 

  140.   const DECRYPT = 2;
    141. 

  141.   
    142. 

  142.   /**
    143. 

  143.    * decrypt a single string
    144. 

  144.    * @param $str the string to decrypt
    145. 

  145.    * @return string
    146. 

  146.    */
    147. 

  147.   public function decryptString($str) {
    148. 

  148.     if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $str;
    149. 

  149.     return $this->processData( self::DECRYPT, $str );
    150. 

  150.   }
    151. 

  151.   
    152. 

  152.   /**
    153. 

  153.    * decrypt a list of strings
    154. 

  154.    * @param $strings array
    155. 

  155.    * @return string array
    156. 

  156.    */
    157. 

  157.   public function decryptStrings($strings) {
    158. 

  158.     if( ! TURNINGTECH_ENABLE_DECRYPTION ) return $strings;
    159. 

  159.     for($i= 0; $i<count($strings); $i++) {
    160. 

  160.       $strings[$i] = $this->decryptString($strings[$i]);
    161. 

  161.     }
    162. 

  162.     return $strings;
    163. 

  163.   }
    164. 

  164.   
    165. 

  165.   /**
    166. 

  166.    * encrypt a single string
    167. 

  167.    * @param $str the string to encrypt
    168. 

  168.    * @return string
    169. 

  169.    */
    170. 

  170.   public function encryptString($str) {
    171. 

  171.     if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $str;
    172. 

  172.     return $this->processData( self::ENCRYPT, $str );
    173. 

  173.   }
    174. 

  174.   
    175. 

  175.   /**
    176. 

  176.    * encrypt a list of strings
    177. 

  177.    * @param $strings array
    178. 

  178.    * @return string array
    179. 

  179.    */
    180. 

  180.   public function encryptStrings($strings) {
    181. 

  181.     if( ! TURNINGTECH_ENABLE_ENCRYPTION ) return $strings;
    182. 

  182.     for($i= 0; $i<count($strings); $i++) {
    183. 

  183.       $strings[$i] = $this->encryptString($strings[$i]);
    184. 

  184.     }
    185. 

  185.     return $strings;
    186. 

  186.   }
    187. 

  187.   
    188. 

  188.   /**
    189. 

  189.    * generic encrypt/decrypt logic
    190. 

  190.    * @param $direction pass in either self::ENCRYPT or self::DECRYPT
    191. 

  191.    * @param $str the data to encrypt/decrypt
    192. 

  192.    * @return string
    193. 

  193.    */
    194. 

  194.   protected function processData($direction, $str) {
    195. 

  195.     if( $direction != self::ENCRYPT && $direction != self::DECRYPT ) throw new TurningTechEncryptionHelperException( 'Unknown encryption request ' . $direction );
    196. 

  196.     $td = mcrypt_module_open( $this->algorithm, $this->algorithm_directory, $this->mode, $this->mode_directory );
    197. 

  197.     if( $td != false ) {
    198. 

  198.       if( $direction == self::ENCRYPT && $this->doPKCS5 ) $str = $this->padWithPKCS5( $str );
    199. 

  199.       if( $direction == self::DECRYPT && $this->dobase64 ) $str = base64_decode( $str );
    200. 

  200.       
    201. 

  201.       $ivsize = mcrypt_enc_get_iv_size( $td );
    202. 

  202.       if( $this->iv == '' ) $this->iv = mcrypt_create_iv( $ivsize ); // NOTE: must be the same value for encrypt/decrypt
    203. 

  203.       if( $ivsize != strlen( $this->iv ) ) throw new TurningTechEncryptionHelperException( 'size of given IV ' . strlen( $this->iv ) . ' does not match required size ' . $ivsize );
    204. 

  204.       
    205. 

  205.       $keysize = mcrypt_enc_get_key_size( $td );
    206. 

  206.       if( strlen( $this->key ) > $keysize ) throw new TurningTechEncryptionHelperException( 'size of key ' . strlen( $this->key ) . ' is greater than the maximum allowed size ' . $keysize );
    207. 

  207.       if( strlen( $this->key ) <= 0 ) throw new TurningTechEncryptionHelperException( 'size of key ' . strlen( $this->key ) . ' is too small' );
    208. 

  208.       
    209. 

  209.       $initstatus = mcrypt_generic_init( $td, $this->key, $this->iv );
    210. 

  210.       if( $initstatus === false || $initstatus < 0 ) throw new TurningTechEncryptionHelperException( 'mcrypt_generic_init() returned error code ' . $initstatus );
    211. 

  211. 

  212.       if( $direction == self::ENCRYPT ) {
    213. 

  213.         $str = mcrypt_generic( $td, $str );
    214. 

  214.       } elseif( $direction == self::DECRYPT ) {
    215. 

  215.         $str = mdecrypt_generic( $td, $str );
    216. 

  216.       }
    217. 

  217. 

  218.       if( ! mcrypt_generic_deinit( $td ) ) throw new TurningTechEncryptionHelperException( 'mcrypt_generic_deinit() returned FALSE' );
    219. 

  219.       //if( mcrypt_module_close( $td ) )  throw new EncryptionHelperException( 'mcrypt_module_close() returned FALSE' );
    220. 

  220.       mcrypt_module_close( $td ); // it returns false locally, for some unknown reason
    221. 

  221.       $td = false; // a pointer handling habit :)
    222. 

  222.       
    223. 

  223.       if( $direction == self::ENCRYPT && $this->dobase64 ) $str = base64_encode( $str );
    224. 

  224.       if( $direction == self::DECRYPT && $this->doPKCS5 ) $str = $this->unpadWithPKCS5( $str );
    225. 

  225.     } else {
    226. 

  226.       throw new TurningTechEncryptionHelperException( 'mcrypt_module_open() returned FALSE ' );
    227. 

  227.     }
    228. 

  228.     return $str;
    229. 

  229.   }
    230. 

  230.   
    231. 

  231.   /**
    232. 

  232.    * apply PKCS #5 padding to string
    233. 

  233.    * @param $s the string to pad
    234. 

  234.    * @return string
    235. 

  235.    */
    236. 

  236.   protected function padWithPKCS5( $s ) {
    237. 

  237.     $blocksize = mcrypt_get_block_size( $this->algorithm, $this->mode );
    238. 

  238.     $padsize = $blocksize - (strlen( $s ) % $blocksize);
    239. 

  239.     $s .= str_repeat( chr( $padsize ), $padsize );
    240. 

  240.     return $s;
    241. 

  241.   }
    242. 

  242. 

  243.   /**
    244. 

  244.    * remove PKCS #5 padding from string
    245. 

  245.    * @param $s the string to de-pad
    246. 

  246.    * @return string
    247. 

  247.    */
    248. 

  248.   protected function unpadWithPKCS5( $s ) {
    249. 

  249.     $ssize = strlen( $s );
    250. 

  250.     $padsize = ord( $s[$ssize - 1] );
    251. 

  251.     if( $padsize <= $ssize && strspn( $s, chr( $padsize ), $ssize - $padsize ) == $padsize ) {
    252. 

  252.       $s = substr( $s, 0, -$padsize );
    253. 

  253.     }
    254. 

  254.     return $s;
    255. 

  255.   }
    256. 

  256.   
    257. 

  257.   
    258. 

  258. }
    259. 

  259. 

  260. 

  261. /**
    262. 

  262.  * Establish an exception namespace, add output to error_log()
    263. 

  263. */
    264. 

  264. class TurningTechEncryptionHelperException extends Exception {
    265. 

  265.   public function __tostring() {
    266. 

  266.     if( TURNINGTECH_ENABLE_ENCRYPTION_EXCEPTIONS_IN_ERROR_LOG ) error_log( $this->getMessage() );
    267. 

  267.     return parent::__tostring();
    268. 

  268.   }
    269. 

  269. }
    270. 

  270. 

  271. ?>
    272.