-
Notifications
You must be signed in to change notification settings - Fork 0
/
Crypto.php
126 lines (113 loc) · 4.26 KB
/
Crypto.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?PHP
/*-
* Copyright (c) 2018 Etienne Bagnoud <etienne@artisan-numerique.ch>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
Namespace artnum;
/* Mainly to initialize and abstract algo while using algo available in Stanford Javascript Crypto Library https://bitwiseshiftleft.github.io/sjcl/ */
class Crypto {
private $HAlgo;
private $CAlgo;
function __construct($halgo = NULL, $calgo = NULL, $sjcl = false) {
if ($sjcl) {
$this->HAlgo = 'sha256';
} else {
if (is_null($halgo)) {
$this->HAlgo = 'sha1';
$algos = hash_algos();
/* select strongest hash function */
foreach (array('sha512', 'sha256') as $hash) {
if (in_array($hash, $algos)) {
$this->HAlgo = $hash;
break;
}
}
} else {
$this->HAlgo = $halgo;
}
}
if (is_null($calgo)) {
$this->CAlgo = 'aes-128-cbc';
$algos = openssl_get_cipher_methods();
foreach (array('aes-256-cbc', 'aes-192-cbc') as $cipher) {
if (in_array($cipher, $algos)) {
$this->CAlgo = $cipher;
break;
}
}
} else {
$this->CAlgo = $calgo;
}
}
function gethalgo() {
return $this->HAlgo;
}
function getcalgo() {
return $this->CAlgo;
}
/* Encoding/Decoding base64 YUI Library
* It uses specific variant as this is for opaque token that should just be
* passed around (in http url, in http body, in json body, ...). Don't use
* it if the other side must encode/decode.
*/
function y64encode ($value) {
return strtr(base64_encode($value), array('+' => '.', '/' => '_', '=' => '-'));
}
function y64decode($value) {
return base64_decode(strtr($value, array('-' => '=', '_' => '/', '.' => '+')));
}
/* hmac */
function hmac($value, $key, $raw = false) {
$signed = hash_hmac($this->HAlgo, $value, $key, true);
return array($raw ? $signed : base64_encode($signed), $this->HAlgo);
}
function hash($value, $raw = false) {
$hashed = hash($this->HAlgo, $value, true);
return array($raw ? $hashed : base64_encode($hashed), $this->HAlgo);
}
function compare($value1, $value2) {
if (function_exists('hash_equals')) {
return hash_equals($value1, $value2);
} else {
return strcmp($value1, $value2) == 0;
}
}
function random($size) {
return openssl_random_pseudo_bytes($size);
}
/* Symmetric encryption/decryption */
function sencrypt($value, $key) {
$iv = '';
if (openssl_cipher_iv_length($this->CAlgo)) {
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->CAlgo));
}
$crypted = openssl_encrypt($value, $this->CAlgo, $key, OPENSSL_RAW_DATA, $iv);
return array($crypted, $iv, $this->CAlgo);
}
function sdecrypt($crypted, $key, $iv = '') {
$value = openssl_decrypt($crypted, $this->CAlgo, $key, OPENSSL_RAW_DATA, $iv);
return $value;
}
}
?>