encrypt.php
4.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
/**
* @copyright Copyright (c)2018 Ryan Demmer
* @license GNU General Public License version 3, or later
*
* @since 2.7
*/
// Protection against direct access
defined('JPATH_PLATFORM') or die();
use Defuse\Crypto\Key;
use Defuse\Crypto\Encoding;
use Defuse\Crypto\Crypto;
/**
* Implements encrypted settings handling features.
*/
class JceEncryptHelper
{
protected static function generateKey()
{
$keyObject = Key::createNewRandomKey();
$keyAscii = $keyObject->saveToAsciiSafeString();
$keyData = Encoding::binToHex($keyAscii);
$filecontents = "<?php defined('WF_EDITOR') or die(); define('WF_SERVERKEY', '$keyData'); ?>";
$filename = JPATH_ADMINISTRATOR . '/components/com_jce/serverkey.php';
file_put_contents($filename, $filecontents);
return Key::loadFromAsciiSafeString($keyAscii);
}
/**
* Gets the configured server key, automatically loading the server key storage file
* if required.
*
* @return string
*/
public static function getKey($legacy = false)
{
if (!defined('WF_SERVERKEY')) {
$filename = JPATH_ADMINISTRATOR . '/components/com_jce/serverkey.php';
if (is_file($filename)) {
include_once($filename);
}
}
if (defined('WF_SERVERKEY')) {
// return key as string
if ($legacy) {
$key = base64_decode(WF_SERVERKEY);
return $key;
}
try {
$keyAscii = Encoding::hexToBin(WF_SERVERKEY);
$key = Key::loadFromAsciiSafeString($keyAscii);
} catch(Defuse\Crypto\Exception\BadFormatException $ex) {
return "";
}
return $key;
}
return self::generateKey();
}
/**
* Encrypts the settings using the automatically detected preferred algorithm.
*
* @param $settingsINI string The raw settings INI string
*
* @return string The encrypted data to store in the database
*/
public static function encrypt($data, $key = null)
{
// Do we have a non-empty key to begin with?
if (empty($key)) {
$key = self::getKey();
}
if (empty($key)) {
return $data;
}
$encrypted = Crypto::encrypt($data, $key);
// base64encode
$encoded = base64_encode($encrypted);
// add marker
$data = '###DEFUSE###' . $encoded;
return $data;
}
/**
* Decrypts the encrypted settings and returns the plaintext INI string.
*
* @param $encrypted string The encrypted data
*
* @return string The decrypted data
*/
public static function decrypt($encrypted, $key = null)
{
$mode = substr($encrypted, 0, 12);
if ($mode == '###AES128###' || $mode == '###CTR128###') {
require_once(__DIR__ . '/encrypt/aes.php');
$encrypted = substr($encrypted, 12);
$key = self::getKey(true);
switch ($mode) {
case '###AES128###':
$encrypted = base64_decode($encrypted);
$decrypted = @WFUtilEncrypt::AESDecryptCBC($encrypted, $key, 128);
break;
case '###CTR128###':
$decrypted = @WFUtilEncrypt::AESDecryptCtr($encrypted, $key, 128);
break;
}
return rtrim($decrypted, "\0");
}
if ($mode == '###DEFUSE###') {
$key = self::getKey();
if (empty($key)) {
return $encrypted;
}
//get encrypted string without marker
$encrypted = substr($encrypted, 12);
// base64decode
$decoded = base64_decode($encrypted);
try {
$decrypted = Crypto::decrypt($decoded, $key);
} catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) {
return $encrypted;
}
return rtrim($decrypted, "\0");
}
return $encrypted;
}
}