Current File : /home/pacjaorg/wpt.pacja.org/km/libraries/src/Encrypt/AES/OpenSSL.php
<?php

/**
 * Joomla! Content Management System
 *
 * @copyright  (C) 2016 Open Source Matters, Inc. <https://www.joomla.org>
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

namespace Joomla\CMS\Encrypt\AES;

use Joomla\CMS\Encrypt\Randval;

// phpcs:disable PSR1.Files.SideEffects
\defined('JPATH_PLATFORM') or die;
// phpcs:enable PSR1.Files.SideEffects

/**
 * OpenSSL encryption class
 *
 * @since   4.0.0
 */
class OpenSSL extends AbstractAES implements AesInterface
{
    /**
     * The OpenSSL options for encryption / decryption
     *
     * @var  integer
     */
    protected $openSSLOptions = 0;

    /**
     * The encryption method to use
     *
     * @var  string
     */
    protected $method = 'aes-128-cbc';

    /**
     * Constructor for this class
     */
    public function __construct()
    {
        $this->openSSLOptions = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;
    }

    /**
     * Sets the AES encryption mode.
     *
     * WARNING: The strength is deprecated as it has a different effect in MCrypt and OpenSSL. MCrypt was abandoned in
     * 2003 before the Rijndael-128 algorithm was officially the Advanced Encryption Standard (AES). MCrypt also offered
     * Rijndael-192 and Rijndael-256 algorithms with different block sizes. These are NOT used in AES. OpenSSL, however,
     * implements AES correctly. It always uses a 128-bit (16 byte) block. The 192 and 256 bit strengths refer to the
     * key size, not the block size. Therefore using different strengths in MCrypt and OpenSSL will result in different
     * and incompatible ciphertexts.
     *
     * TL;DR: Always use $strength = 128!
     *
     * @param   string  $mode      Choose between CBC (recommended) or ECB
     * @param   int     $strength  Bit strength of the key (128, 192 or 256 bits). DEPRECATED. READ NOTES ABOVE.
     *
     * @return  void
     */
    public function setEncryptionMode($mode = 'cbc', $strength = 128)
    {
        static $availableAlgorithms = null;
        static $defaultAlgo         = 'aes-128-cbc';

        if (!\is_array($availableAlgorithms)) {
            $availableAlgorithms = openssl_get_cipher_methods();

            foreach (
                ['aes-256-cbc', 'aes-256-ecb', 'aes-192-cbc',
                'aes-192-ecb', 'aes-128-cbc', 'aes-128-ecb', ] as $algo
            ) {
                if (\in_array($algo, $availableAlgorithms)) {
                    $defaultAlgo = $algo;
                    break;
                }
            }
        }

        $strength = (int) $strength;
        $mode     = strtolower($mode);

        if (!\in_array($strength, [128, 192, 256])) {
            $strength = 256;
        }

        if (!\in_array($mode, ['cbc', 'ebc'])) {
            $mode = 'cbc';
        }

        $algo = 'aes-' . $strength . '-' . $mode;

        if (!\in_array($algo, $availableAlgorithms)) {
            $algo = $defaultAlgo;
        }

        $this->method = $algo;
    }

    /**
     * Encrypts a string. Returns the raw binary ciphertext.
     *
     * WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the
     * plaintext and trim the string to that length upon decryption.
     *
     * @param   string       $plainText  The plaintext to encrypt
     * @param   string       $key        The raw binary key (will be zero-padded or chopped if its size is different than the block size)
     * @param   null|string  $iv         The initialization vector (for CBC mode algorithms)
     *
     * @return  string  The raw encrypted binary string.
     */
    public function encrypt($plainText, $key, $iv = null)
    {
        $iv_size = $this->getBlockSize();
        $key     = $this->resizeKey($key, $iv_size);
        $iv      = $this->resizeKey($iv, $iv_size);

        if (empty($iv)) {
            $randVal   = new Randval();
            $iv        = $randVal->generate($iv_size);
        }

        $plainText .= $this->getZeroPadding($plainText, $iv_size);
        $cipherText = openssl_encrypt($plainText, $this->method, $key, $this->openSSLOptions, $iv);
        $cipherText = $iv . $cipherText;

        return $cipherText;
    }

    /**
     * Decrypts a string. Returns the raw binary plaintext.
     *
     * $ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is
     * dropped in EBC mode since there is no concept of IV in EBC).
     *
     * WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised
     * to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds
     * appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not
     * just padding!).
     *
     * @param   string  $cipherText  The ciphertext to encrypt
     * @param   string  $key         The raw binary key (will be zero-padded or chopped if its size is different than the block size)
     *
     * @return  string  The raw unencrypted binary string.
     */
    public function decrypt($cipherText, $key)
    {
        $iv_size    = $this->getBlockSize();
        $key        = $this->resizeKey($key, $iv_size);
        $iv         = substr($cipherText, 0, $iv_size);
        $cipherText = substr($cipherText, $iv_size);
        $plainText  = openssl_decrypt($cipherText, $this->method, $key, $this->openSSLOptions, $iv);

        // Remove the zero padding
        return rtrim($plainText, "\0");
    }

    /**
     * Is this adapter supported?
     *
     * @return  boolean
     */
    public function isSupported()
    {
        if (!\function_exists('openssl_get_cipher_methods')) {
            return false;
        }

        if (!\function_exists('openssl_random_pseudo_bytes')) {
            return false;
        }

        if (!\function_exists('openssl_cipher_iv_length')) {
            return false;
        }

        if (!\function_exists('openssl_encrypt')) {
            return false;
        }

        if (!\function_exists('openssl_decrypt')) {
            return false;
        }

        if (!\function_exists('hash')) {
            return false;
        }

        if (!\function_exists('hash_algos')) {
            return false;
        }

        $algorithms = openssl_get_cipher_methods();

        if (!\in_array('aes-128-cbc', $algorithms)) {
            return false;
        }

        $algorithms = hash_algos();

        if (!\in_array('sha256', $algorithms)) {
            return false;
        }

        return true;
    }

    /**
     * Returns the encryption block size in bytes
     *
     * @return  integer
     */
    public function getBlockSize()
    {
        return openssl_cipher_iv_length($this->method);
    }
}
Site is undergoing maintenance

PACJA Events

Maintenance mode is on

Site will be available soon. Thank you for your patience!