Skip to content

Commit

Permalink
OpenSSL/Mcrypt Support
Browse files Browse the repository at this point in the history
  • Loading branch information
Florent Morselli committed Mar 3, 2016
1 parent d044a7f commit 7ba68af
Show file tree
Hide file tree
Showing 6 changed files with 169 additions and 13 deletions.
36 changes: 29 additions & 7 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,36 @@
language: php

php:
- 5.4
- 5.5
- 5.6
- 7.0
- nightly
- hhvm
matrix:
fast_finish: true
include:
- php: 5.4
env: WITH_OPENSSL=true
- php: 5.4
env: WITH_MCRYPT=true
- php: 5.5
env: WITH_OPENSSL=true
- php: 5.5
env: WITH_MCRYPT=true
- php: 5.6
env: WITH_OPENSSL=true
- php: 5.6
env: WITH_MCRYPT=true
- php: 7.0
env: WITH_OPENSSL=true
- php: 7.0
env: WITH_MCRYPT=true
- php: hhvm
env: WITH_OPENSSL=true
- php: hhvm
env: WITH_MCRYPT=true
- php: nightly
env: WITH_OPENSSL=true
- php: nightly
env: WITH_MCRYPT=true

before_script:
- sh -c 'if [ "$WITH_OPENSSL" != "" ]; then phpenv config-rm mcrypt.ini || true; fi;'
- sh -c 'if [ "$WITH_MCRYPT" != "" ]; then phpenv config-rm openssl.ini || true; fi;'
- composer install
- mkdir -p build/logs

Expand Down
7 changes: 5 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,11 @@
},
"require": {
"php": ">=5.4",
"beberlei/assert": "^2.0",
"ext-mcrypt": "*"
"beberlei/assert": "^2.0"
},
"suggest": {
"lib-openssl": "Install OpenSSL extension if you want to use OpenSSL instead of MCrypt",
"ext-mcrypt": "Install MCrypt extension. If OpenSSL is installed, MCrypt is ignored. OpenSSL or MCrypt extension is required."
},
"require-dev": {
"phpunit/phpunit": "^4.5.0|^5.0.0",
Expand Down
32 changes: 28 additions & 4 deletions src/AESKW.php
Original file line number Diff line number Diff line change
Expand Up @@ -109,15 +109,19 @@ public static function wrap($kek, $key, $padding_enabled = false)
$P = str_split($key, 8);
$N = count($P);
$C = [];

$encryptor = self::getEncryptor($kek);
if (1 === $N) {
$B = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $kek, $A.$P[0], MCRYPT_MODE_ECB);
//$B = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $kek, $A.$P[0], MCRYPT_MODE_ECB);
$B = $encryptor->encrypt($A.$P[0]);
$C[0] = self::getMSB($B);
$C[1] = self::getLSB($B);
} elseif (1 < $N) {
$R = $P;
for ($j = 0; $j <= 5; ++$j) {
for ($i = 1; $i <= $N; ++$i) {
$B = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $kek, $A.$R[$i - 1], MCRYPT_MODE_ECB);
//$B = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $kek, $A.$R[$i - 1], MCRYPT_MODE_ECB);
$B = $encryptor->encrypt($A.$R[$i - 1]);
$t = $i + $j * $N;
$A = self::toXBits(64, $t) ^ self::getMSB($B);
$R[$i - 1] = self::getLSB($B);
Expand All @@ -144,16 +148,20 @@ public static function unwrap($kek, $key, $padding_enabled = false)
$N = count($P);

Assertion::greaterThan($N, 1, 'Bad data');
$encryptor = self::getEncryptor($kek);

if (2 === $N) {
$B = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $kek, $P[0].$P[1], MCRYPT_MODE_ECB);
//$B = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $kek, $P[0].$P[1], MCRYPT_MODE_ECB);
$B = $encryptor->decrypt($P[0].$P[1]);
$unwrapped = self::getLSB($B);
$A = self::getMSB($B);
} else {
$R = $P;
for ($j = 5; $j >= 0; --$j) {
for ($i = $N - 1; $i >= 1; --$i) {
$t = $i + $j * ($N - 1);
$B = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $kek, (self::toXBits(64, $t) ^ $A).$R[$i], MCRYPT_MODE_ECB);
//$B = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $kek, (self::toXBits(64, $t) ^ $A).$R[$i], MCRYPT_MODE_ECB);
$B = $encryptor->decrypt((self::toXBits(64, $t) ^ $A).$R[$i]);
$A = self::getMSB($B);
$R[$i] = self::getLSB($B);
}
Expand Down Expand Up @@ -197,4 +205,20 @@ private static function getLSB($value)
{
return substr($value, strlen($value) / 2);
}

/**
* @param string $kek
*
* @return \AESKW\EncryptorInterface
*/
private static function getEncryptor($kek)
{
if (extension_loaded('openssl')) {
return new OpenSSLEncryptor($kek);
} elseif (extension_loaded('mcrypt')) {
return new MCryptEncryptor($kek);
}

throw new \RuntimeException('Please install OpenSSL or MCrypt extension.');
}
}
29 changes: 29 additions & 0 deletions src/EncryptorInterface.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<?php

/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2016 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/

namespace AESKW;

interface EncryptorInterface
{
/**
* @param string $data
*
* @return string
*/
public function encrypt($data);

/**
* @param string $data
*
* @return string
*/
public function decrypt( $data);
}
38 changes: 38 additions & 0 deletions src/MCryptEncryptor.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
<?php

/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2016 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/

namespace AESKW;

final class MCryptEncryptor implements EncryptorInterface
{
private $kek;

public function __construct($kek)
{
$this->kek = $kek;
}

/**
* {@inheritdoc}
*/
public function encrypt($data)
{
return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->kek, $data, MCRYPT_MODE_ECB);
}

/**
* {@inheritdoc}
*/
public function decrypt($data)
{
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->kek, $data, MCRYPT_MODE_ECB);
}
}
40 changes: 40 additions & 0 deletions src/OpenSSLEncryptor.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
<?php

/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2016 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/

namespace AESKW;

final class OpenSSLEncryptor implements EncryptorInterface
{
private $kek;
private $method;

public function __construct($kek)
{
$this->kek = $kek;
$this->method = 'aes-'.(strlen($kek)*8).'-ecb';
}

/**
* {@inheritdoc}
*/
public function encrypt($data)
{
return openssl_encrypt($data, $this->method, $this->kek, OPENSSL_ZERO_PADDING|OPENSSL_RAW_DATA);
}

/**
* {@inheritdoc}
*/
public function decrypt($data)
{
return openssl_decrypt($data, $this->method, $this->kek, OPENSSL_ZERO_PADDING|OPENSSL_RAW_DATA);
}
}

0 comments on commit 7ba68af

Please sign in to comment.