Blame view

administrator/components/com_jce/helpers/encrypt.php 4.13 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
<?php

/**
 * @copyright Copyright (c)2018 Ryan Demmer
 * @license GNU General Public License version 3, or later
 *
 * @since 2.7
 */
// Protection against direct access
defined('JPATH_PLATFORM') or die();

use Defuse\Crypto\Key;
use Defuse\Crypto\Encoding;
use Defuse\Crypto\Crypto;

/**
 * Implements encrypted settings handling features.
 */
class JceEncryptHelper
{
    protected static function generateKey()
    {        
        $keyObject = Key::createNewRandomKey();
        $keyAscii = $keyObject->saveToAsciiSafeString();

        $keyData = Encoding::binToHex($keyAscii);

        $filecontents = "<?php defined('WF_EDITOR') or die(); define('WF_SERVERKEY', '$keyData'); ?>";
        $filename     = JPATH_ADMINISTRATOR . '/components/com_jce/serverkey.php';

        file_put_contents($filename, $filecontents);

        return Key::loadFromAsciiSafeString($keyAscii);
    }

    /**
     * Gets the configured server key, automatically loading the server key storage file
     * if required.
     *
     * @return string
     */
    public static function getKey($legacy = false)
    {
        if (!defined('WF_SERVERKEY')) {
            $filename = JPATH_ADMINISTRATOR . '/components/com_jce/serverkey.php';

            if (is_file($filename)) {
                include_once($filename);
            }
        }

        if (defined('WF_SERVERKEY')) {
            // return key as string
            if ($legacy) {
                $key = base64_decode(WF_SERVERKEY);
                return $key;
            }

            try {
                $keyAscii = Encoding::hexToBin(WF_SERVERKEY);
                $key = Key::loadFromAsciiSafeString($keyAscii);
            } catch(Defuse\Crypto\Exception\BadFormatException $ex) {
                return "";
            }

            return $key;
        }

        return self::generateKey();
    }

    /**
     * Encrypts the settings using the automatically detected preferred algorithm.
     *
     * @param $settingsINI string The raw settings INI string
     *
     * @return string The encrypted data to store in the database
     */
    public static function encrypt($data, $key = null)
    {
        // Do we have a non-empty key to begin with?
        if (empty($key)) {
            $key = self::getKey();
        }

        if (empty($key)) {
            return $data;
        }

        $encrypted = Crypto::encrypt($data, $key);

        // base64encode
        $encoded = base64_encode($encrypted);

        // add marker
        $data = '###DEFUSE###' . $encoded;

        return $data;
    }

    /**
     * Decrypts the encrypted settings and returns the plaintext INI string.
     *
     * @param $encrypted string The encrypted data
     *
     * @return string The decrypted data
     */
    public static function decrypt($encrypted, $key = null)
    {
        $mode = substr($encrypted, 0, 12);

        if ($mode == '###AES128###' || $mode == '###CTR128###') {
            require_once(__DIR__ . '/encrypt/aes.php');
            
            $encrypted = substr($encrypted, 12);

            $key = self::getKey(true);

            switch ($mode) {
                case '###AES128###':
                    $encrypted = base64_decode($encrypted);
                    $decrypted = @WFUtilEncrypt::AESDecryptCBC($encrypted, $key, 128);
                    break;
    
                case '###CTR128###':
                    $decrypted = @WFUtilEncrypt::AESDecryptCtr($encrypted, $key, 128);
                    break;
            }

            return rtrim($decrypted, "\0");
        }

        if ($mode == '###DEFUSE###') {
            $key = self::getKey();

            if (empty($key)) {
                return $encrypted;
            }

            //get encrypted string without marker
            $encrypted = substr($encrypted, 12);
            
            // base64decode
            $decoded = base64_decode($encrypted);

            try {
                $decrypted = Crypto::decrypt($decoded, $key);
            } catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) {
                return $encrypted;
            }

            return rtrim($decrypted, "\0");
        }

        return $encrypted;
    }
}