diff --git a/.gitignore b/.gitignore index 57872d0..1063051 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ /vendor/ +/build/ +/.idea/ +composer.lock +composer.phar \ No newline at end of file diff --git a/README.md b/README.md index c10bf8e..5f65921 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ php-openssl-cryptor =================== -Description ------------ -Simple to use class for encrypting/decrypting using the PHP Openssl library. +Simple to use class for encrypting/decrypting using the PHP Openssl library. + +## Description The Cryptor class supports arbitrary encryption and key hashing algorithms, along with raw, base64 and hex encoding of the encrypted data. Static convenience methods @@ -12,3 +12,29 @@ flexibility. The default uses aes-256-ctr to avoid the need for padding and the issues. Unfortunately GCM cannot be used as the PHP openssl module does not provide a way to retrieve the GCM tag. This is proposed to be remedied in PHP 7.1 when associated data can be retrieved. + +## Install + +Require this library through composer: + +``` +composer require ioncube/php-openssl-cryptor +``` + + +## Example + +```php +use OpensslCryptor\Cryptor; + +$data = 'Good things come in small packages.'; +$key = '9901:io=[<>602vV03&Whb>9J&M~Oq'; + +$encrypted = Cryptor::Encrypt($data, $key); + +echo "'$data' (" . strlen($data) . ") => '$encrypted'\n\n"; + +$decrypted = Cryptor::Decrypt($encrypted, $key); + +echo "'$encrypted' => '$decrypted' (" . strlen($decrypted) . ")\n"; +``` \ No newline at end of file diff --git a/composer.json b/composer.json index 3a299e8..45cfdee 100644 --- a/composer.json +++ b/composer.json @@ -4,11 +4,12 @@ "type": "library", "license": "MIT", "require": { + "php": ">=5.6", "ext-openssl": "*" }, "autoload": { "psr-4": { - "ioncube\\phpOpensslCryptor\\": "src/" + "OpensslCryptor\\": "src/" } } } diff --git a/examples/example.php b/examples/example.php index 1561c26..2839155 100755 --- a/examples/example.php +++ b/examples/example.php @@ -1,6 +1,8 @@ 602vV03&Whb>9J&M~Oq'; diff --git a/src/Cryptor.php b/src/Cryptor.php index 97d4af8..51baf14 100755 --- a/src/Cryptor.php +++ b/src/Cryptor.php @@ -23,7 +23,11 @@ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -namespace ioncube\phpOpensslCryptor; +namespace OpensslCryptor; + +use OpensslCryptor\Exception\ProcessException; +use OpensslCryptor\Exception\UnexpectedResultException; +use OpensslCryptor\Exception\UnknownAlgoException; class Cryptor { @@ -38,9 +42,12 @@ class Cryptor /** * Construct a Cryptor, using aes256 encryption, sha256 key hashing and base64 encoding. + * * @param string $cipher_algo The cipher algorithm. * @param string $hash_algo Key hashing algorithm. - * @param [type] $fmt Format of the encrypted data. + * @param int $fmt Format of the encrypted data. + * + * @throws \Exception */ public function __construct($cipher_algo = 'aes-256-ctr', $hash_algo = 'sha256', $fmt = Cryptor::FORMAT_B64) { @@ -48,14 +55,14 @@ public function __construct($cipher_algo = 'aes-256-ctr', $hash_algo = 'sha256', $this->hash_algo = $hash_algo; $this->format = $fmt; - if (!in_array($cipher_algo, openssl_get_cipher_methods(true))) + if (!in_array($cipher_algo, openssl_get_cipher_methods(true), false)) { - throw new \Exception("Cryptor:: - unknown cipher algo {$cipher_algo}"); + throw new UnknownAlgoException('Unknown cipher algo ' . $cipher_algo); } - if (!in_array($hash_algo, openssl_get_md_methods(true))) + if (!in_array($hash_algo, openssl_get_md_methods(true), false)) { - throw new \Exception("Cryptor:: - unknown hash algo {$hash_algo}"); + throw new UnknownAlgoException('Unknown hash algo ' . $hash_algo); } $this->iv_num_bytes = openssl_cipher_iv_length($cipher_algo); @@ -63,10 +70,13 @@ public function __construct($cipher_algo = 'aes-256-ctr', $hash_algo = 'sha256', /** * Encrypt a string. + * * @param string $in String to encrypt. * @param string $key Encryption key. - * @param int $fmt Optional override for the output encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * @param int $fmt Optional override for the output encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * * @return string The encrypted string. + * @throws \Exception */ public function encryptString($in, $key, $fmt = null) { @@ -77,8 +87,15 @@ public function encryptString($in, $key, $fmt = null) // Build an initialisation vector $iv = openssl_random_pseudo_bytes($this->iv_num_bytes, $isStrongCrypto); - if (!$isStrongCrypto) { - throw new \Exception("Cryptor::encryptString() - Not a strong key"); + + // key is not strong enough + if ($isStrongCrypto === false) { + throw new UnexpectedResultException('Not a strong key'); + } + + // failure during initialisation + if ($iv === false) { + throw new UnexpectedResultException('Failure while initializing the pseudo-random string of bytes'); } // Hash the key @@ -90,18 +107,18 @@ public function encryptString($in, $key, $fmt = null) if ($encrypted === false) { - throw new \Exception('Cryptor::encryptString() - Encryption failed: ' . openssl_error_string()); + throw new ProcessException('Encryption failed: ' . openssl_error_string()); } // The result comprises the IV and encrypted data $res = $iv . $encrypted; // and format the result if required. - if ($fmt == Cryptor::FORMAT_B64) + if ($fmt === self::FORMAT_B64) { $res = base64_encode($res); } - else if ($fmt == Cryptor::FORMAT_HEX) + else if ($fmt === self::FORMAT_HEX) { $res = unpack('H*', $res)[1]; } @@ -111,10 +128,13 @@ public function encryptString($in, $key, $fmt = null) /** * Decrypt a string. + * * @param string $in String to decrypt. * @param string $key Decryption key. - * @param int $fmt Optional override for the input encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * @param int $fmt Optional override for the input encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * * @return string The decrypted string. + * @throws \Exception */ public function decryptString($in, $key, $fmt = null) { @@ -126,11 +146,11 @@ public function decryptString($in, $key, $fmt = null) $raw = $in; // Restore the encrypted data if encoded - if ($fmt == Cryptor::FORMAT_B64) + if ($fmt === self::FORMAT_B64) { $raw = base64_decode($in); } - else if ($fmt == Cryptor::FORMAT_HEX) + else if ($fmt === self::FORMAT_HEX) { $raw = pack('H*', $in); } @@ -138,8 +158,7 @@ public function decryptString($in, $key, $fmt = null) // and do an integrity check on the size. if (strlen($raw) < $this->iv_num_bytes) { - throw new \Exception('Cryptor::decryptString() - ' . - 'data length ' . strlen($raw) . " is less than iv length {$this->iv_num_bytes}"); + throw new UnexpectedResultException('Data length ' . strlen($raw) . ' is less than iv length ' . $this->iv_num_bytes); } // Extract the initialisation vector and encrypted data @@ -155,7 +174,7 @@ public function decryptString($in, $key, $fmt = null) if ($res === false) { - throw new \Exception('Cryptor::decryptString - decryption failed: ' . openssl_error_string()); + throw new ProcessException('Decryption failed: ' . openssl_error_string()); } return $res; @@ -163,10 +182,13 @@ public function decryptString($in, $key, $fmt = null) /** * Static convenience method for encrypting. + * * @param string $in String to encrypt. * @param string $key Encryption key. - * @param int $fmt Optional override for the output encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * @param int $fmt Optional override for the output encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * * @return string The encrypted string. + * @throws \Exception */ public static function Encrypt($in, $key, $fmt = null) { @@ -176,10 +198,13 @@ public static function Encrypt($in, $key, $fmt = null) /** * Static convenience method for decrypting. + * * @param string $in String to decrypt. * @param string $key Decryption key. - * @param int $fmt Optional override for the input encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * @param int $fmt Optional override for the input encoding. One of FORMAT_RAW, FORMAT_B64 or FORMAT_HEX. + * * @return string The decrypted string. + * @throws \Exception */ public static function Decrypt($in, $key, $fmt = null) { diff --git a/src/Exception/ProcessException.php b/src/Exception/ProcessException.php new file mode 100644 index 0000000..70c168a --- /dev/null +++ b/src/Exception/ProcessException.php @@ -0,0 +1,8 @@ +602vV03&Whb>9J&M~Oq';