Helix SwarmHelix Swarm
Loading...

BlockCipher.php

  • //
  • guest/
  • thomas_gray/
  • jambox/
  • main/
  • swarm/
  • library/
  • Zend/
  • Crypt/
  • BlockCipher.php #1
  • View
  • Commits
  • Open Download .zip Download (12 KB) 
  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Crypt;
  11.  
  12. use Zend\Crypt\Key\Derivation\Pbkdf2;
  13. use Zend\Crypt\Symmetric\SymmetricInterface;
  14. use Zend\Math\Rand;
  15.  
  16. /**
  17.  * Encrypt using a symmetric cipher then authenticate using HMAC (SHA-256)
  18.  */
  19. class BlockCipher
  20. {
  21.     const KEY_DERIV_HMAC = 'sha256';
  22.  
  23.     /**
  24.      * Symmetric cipher
  25.      *
  26.      * @var SymmetricInterface
  27.      */
  28.     protected $cipher;
  29.  
  30.     /**
  31.      * Symmetric cipher plugin manager
  32.      *
  33.      * @var SymmetricPluginManager
  34.      */
  35.     protected static $symmetricPlugins = null;
  36.  
  37.     /**
  38.      * Hash algorithm fot HMAC
  39.      *
  40.      * @var string
  41.      */
  42.     protected $hash = 'sha256';
  43.  
  44.     /**
  45.      * Check if the salt has been set
  46.      *
  47.      * @var bool
  48.      */
  49.     protected $saltSetted = false;
  50.  
  51.     /**
  52.      * The output is binary?
  53.      *
  54.      * @var bool
  55.      */
  56.     protected $binaryOutput = false;
  57.  
  58.     /**
  59.      * Number of iterations for Pbkdf2
  60.      *
  61.      * @var string
  62.      */
  63.     protected $keyIteration = 5000;
  64.  
  65.     /**
  66.      * Key
  67.      *
  68.      * @var string
  69.      */
  70.     protected $key;
  71.  
  72.     /**
  73.      * Constructor
  74.      *
  75.      * @param SymmetricInterface $cipher
  76.      */
  77.     public function __construct(SymmetricInterface $cipher)
  78.     {
  79.         $this->cipher = $cipher;
  80.     }
  81.  
  82.     /**
  83.      * Factory.
  84.      *
  85.      * @param  string      $adapter
  86.      * @param  array       $options
  87.      * @return BlockCipher
  88.      */
  89.     public static function factory($adapter, $options = array())
  90.     {
  91.         $plugins = static::getSymmetricPluginManager();
  92.         $adapter = $plugins->get($adapter, (array) $options);
  93.  
  94.         return new static($adapter);
  95.     }
  96.  
  97.     /**
  98.      * Returns the symmetric cipher plugin manager.  If it doesn't exist it's created.
  99.      *
  100.      * @return SymmetricPluginManager
  101.      */
  102.     public static function getSymmetricPluginManager()
  103.     {
  104.         if (static::$symmetricPlugins === null) {
  105.             static::setSymmetricPluginManager(new SymmetricPluginManager());
  106.         }
  107.  
  108.         return static::$symmetricPlugins;
  109.     }
  110.  
  111.     /**
  112.      * Set the symmetric cipher plugin manager
  113.      *
  114.      * @param  string|SymmetricPluginManager      $plugins
  115.      * @throws Exception\InvalidArgumentException
  116.      */
  117.     public static function setSymmetricPluginManager($plugins)
  118.     {
  119.         if (is_string($plugins)) {
  120.             if (!class_exists($plugins)) {
  121.                 throw new Exception\InvalidArgumentException(sprintf(
  122.                     'Unable to locate symmetric cipher plugins using class "%s"; class does not exist',
  123.                     $plugins
  124.                 ));
  125.             }
  126.             $plugins = new $plugins();
  127.         }
  128.         if (!$plugins instanceof SymmetricPluginManager) {
  129.             throw new Exception\InvalidArgumentException(sprintf(
  130.                 'Expected an instance or extension of %s\SymmetricPluginManager; received "%s"',
  131.                 __NAMESPACE__,
  132.                 (is_object($plugins) ? get_class($plugins) : gettype($plugins))
  133.             ));
  134.         }
  135.         static::$symmetricPlugins = $plugins;
  136.     }
  137.  
  138.     /**
  139.      * Set the symmetric cipher
  140.      *
  141.      * @param  SymmetricInterface $cipher
  142.      * @return BlockCipher
  143.      */
  144.     public function setCipher(SymmetricInterface $cipher)
  145.     {
  146.         $this->cipher = $cipher;
  147.         return $this;
  148.     }
  149.  
  150.     /**
  151.      * Get symmetric cipher
  152.      *
  153.      * @return SymmetricInterface
  154.      */
  155.     public function getCipher()
  156.     {
  157.         return $this->cipher;
  158.     }
  159.  
  160.     /**
  161.      * Set the number of iterations for Pbkdf2
  162.      *
  163.      * @param  int     $num
  164.      * @return BlockCipher
  165.      */
  166.     public function setKeyIteration($num)
  167.     {
  168.         $this->keyIteration = (int) $num;
  169.  
  170.         return $this;
  171.     }
  172.  
  173.     /**
  174.      * Get the number of iterations for Pbkdf2
  175.      *
  176.      * @return int
  177.      */
  178.     public function getKeyIteration()
  179.     {
  180.         return $this->keyIteration;
  181.     }
  182.  
  183.     /**
  184.      * Set the salt (IV)
  185.      *
  186.      * @param  string                             $salt
  187.      * @return BlockCipher
  188.      * @throws Exception\InvalidArgumentException
  189.      */
  190.     public function setSalt($salt)
  191.     {
  192.         try {
  193.             $this->cipher->setSalt($salt);
  194.         } catch (Symmetric\Exception\InvalidArgumentException $e) {
  195.             throw new Exception\InvalidArgumentException("The salt is not valid: " . $e->getMessage());
  196.         }
  197.         $this->saltSetted = true;
  198.  
  199.         return $this;
  200.     }
  201.  
  202.     /**
  203.      * Get the salt (IV) according to the size requested by the algorithm
  204.      *
  205.      * @return string
  206.      */
  207.     public function getSalt()
  208.     {
  209.         return $this->cipher->getSalt();
  210.     }
  211.  
  212.     /**
  213.      * Get the original salt value
  214.      *
  215.      * @return string
  216.      */
  217.     public function getOriginalSalt()
  218.     {
  219.         return $this->cipher->getOriginalSalt();
  220.     }
  221.  
  222.     /**
  223.      * Enable/disable the binary output
  224.      *
  225.      * @param  bool        $value
  226.      * @return BlockCipher
  227.      */
  228.     public function setBinaryOutput($value)
  229.     {
  230.         $this->binaryOutput = (bool) $value;
  231.  
  232.         return $this;
  233.     }
  234.  
  235.     /**
  236.      * Get the value of binary output
  237.      *
  238.      * @return bool
  239.      */
  240.     public function getBinaryOutput()
  241.     {
  242.         return $this->binaryOutput;
  243.     }
  244.  
  245.     /**
  246.      * Set the encryption/decryption key
  247.      *
  248.      * @param  string                             $key
  249.      * @return BlockCipher
  250.      * @throws Exception\InvalidArgumentException
  251.      */
  252.     public function setKey($key)
  253.     {
  254.         if (empty($key)) {
  255.             throw new Exception\InvalidArgumentException('The key cannot be empty');
  256.         }
  257.         $this->key = $key;
  258.  
  259.         return $this;
  260.     }
  261.  
  262.     /**
  263.      * Get the key
  264.      *
  265.      * @return string
  266.      */
  267.     public function getKey()
  268.     {
  269.         return $this->key;
  270.     }
  271.  
  272.     /**
  273.      * Set algorithm of the symmetric cipher
  274.      *
  275.      * @param  string                             $algo
  276.      * @return BlockCipher
  277.      * @throws Exception\InvalidArgumentException
  278.      */
  279.     public function setCipherAlgorithm($algo)
  280.     {
  281.         if (empty($this->cipher)) {
  282.             throw new Exception\InvalidArgumentException('No symmetric cipher specified');
  283.         }
  284.         try {
  285.             $this->cipher->setAlgorithm($algo);
  286.         } catch (Symmetric\Exception\InvalidArgumentException $e) {
  287.             throw new Exception\InvalidArgumentException($e->getMessage());
  288.         }
  289.  
  290.         return $this;
  291.     }
  292.  
  293.     /**
  294.      * Get the cipher algorithm
  295.      *
  296.      * @return string|bool
  297.      */
  298.     public function getCipherAlgorithm()
  299.     {
  300.         if (!empty($this->cipher)) {
  301.             return $this->cipher->getAlgorithm();
  302.         }
  303.  
  304.         return false;
  305.     }
  306.  
  307.     /**
  308.      * Get the supported algorithms of the symmetric cipher
  309.      *
  310.      * @return array
  311.      */
  312.     public function getCipherSupportedAlgorithms()
  313.     {
  314.         if (!empty($this->cipher)) {
  315.             return $this->cipher->getSupportedAlgorithms();
  316.         }
  317.  
  318.         return array();
  319.     }
  320.  
  321.     /**
  322.      * Set the hash algorithm for HMAC authentication
  323.      *
  324.      * @param  string                             $hash
  325.      * @return BlockCipher
  326.      * @throws Exception\InvalidArgumentException
  327.      */
  328.     public function setHashAlgorithm($hash)
  329.     {
  330.         if (!Hash::isSupported($hash)) {
  331.             throw new Exception\InvalidArgumentException(
  332.                 "The specified hash algorithm '{$hash}' is not supported by Zend\Crypt\Hash"
  333.             );
  334.         }
  335.         $this->hash = $hash;
  336.  
  337.         return $this;
  338.     }
  339.  
  340.     /**
  341.      * Get the hash algorithm for HMAC authentication
  342.      *
  343.      * @return string
  344.      */
  345.     public function getHashAlgorithm()
  346.     {
  347.         return $this->hash;
  348.     }
  349.  
  350.     /**
  351.      * Encrypt then authenticate using HMAC
  352.      *
  353.      * @param  string                             $data
  354.      * @return string
  355.      * @throws Exception\InvalidArgumentException
  356.      */
  357.     public function encrypt($data)
  358.     {
  359.         // 0 (as integer), 0.0 (as float) & '0' (as string) will return false, though these should be allowed
  360.         if (!is_string($data) || $data === '') {
  361.             throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty');
  362.         }
  363.         if (empty($this->cipher)) {
  364.             throw new Exception\InvalidArgumentException('No symmetric cipher specified');
  365.         }
  366.         if (empty($this->key)) {
  367.             throw new Exception\InvalidArgumentException('No key specified for the encryption');
  368.         }
  369.         $keySize = $this->cipher->getKeySize();
  370.         // generate a random salt (IV) if the salt has not been set
  371.         if (!$this->saltSetted) {
  372.             $this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize(), true));
  373.         }
  374.         // generate the encryption key and the HMAC key for the authentication
  375.         $hash = Pbkdf2::calc(self::KEY_DERIV_HMAC,
  376.                              $this->getKey(),
  377.                              $this->getSalt(),
  378.                              $this->keyIteration,
  379.                              $keySize * 2);
  380.         // set the encryption key
  381.         $this->cipher->setKey(substr($hash, 0, $keySize));
  382.         // set the key for HMAC
  383.         $keyHmac = substr($hash, $keySize);
  384.         // encryption
  385.         $ciphertext = $this->cipher->encrypt($data);
  386.         // HMAC
  387.         $hmac = Hmac::compute($keyHmac,
  388.                               $this->hash,
  389.                               $this->cipher->getAlgorithm() . $ciphertext);
  390.         if (!$this->binaryOutput) {
  391.             $ciphertext = base64_encode($ciphertext);
  392.         }
  393.  
  394.         return $hmac . $ciphertext;
  395.     }
  396.  
  397.     /**
  398.      * Decrypt
  399.      *
  400.      * @param  string                             $data
  401.      * @return string|bool
  402.      * @throws Exception\InvalidArgumentException
  403.      */
  404.     public function decrypt($data)
  405.     {
  406.         if (!is_string($data)) {
  407.             throw new Exception\InvalidArgumentException('The data to decrypt must be a string');
  408.         }
  409.         if ('' === $data) {
  410.             throw new Exception\InvalidArgumentException('The data to decrypt cannot be empty');
  411.         }
  412.         if (empty($this->key)) {
  413.             throw new Exception\InvalidArgumentException('No key specified for the decryption');
  414.         }
  415.         if (empty($this->cipher)) {
  416.             throw new Exception\InvalidArgumentException('No symmetric cipher specified');
  417.         }
  418.         $hmacSize   = Hmac::getOutputSize($this->hash);
  419.         $hmac       = substr($data, 0, $hmacSize);
  420.         $ciphertext = substr($data, $hmacSize);
  421.         if (!$this->binaryOutput) {
  422.             $ciphertext = base64_decode($ciphertext);
  423.         }
  424.         $iv      = substr($ciphertext, 0, $this->cipher->getSaltSize());
  425.         $keySize = $this->cipher->getKeySize();
  426.         // generate the encryption key and the HMAC key for the authentication
  427.         $hash = Pbkdf2::calc(self::KEY_DERIV_HMAC,
  428.                              $this->getKey(),
  429.                              $iv,
  430.                              $this->keyIteration,
  431.                              $keySize * 2);
  432.         // set the decryption key
  433.         $this->cipher->setKey(substr($hash, 0, $keySize));
  434.         // set the key for HMAC
  435.         $keyHmac = substr($hash, $keySize);
  436.         $hmacNew = Hmac::compute($keyHmac,
  437.                                  $this->hash,
  438.                                  $this->cipher->getAlgorithm() . $ciphertext);
  439.         if (!Utils::compareStrings($hmacNew, $hmac)) {
  440.             return false;
  441.         }
  442.  
  443.         return $this->cipher->decrypt($ciphertext);
  444.     }
  445. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago