Home Explore Help
Register Sign In
zhangbj
/
web
Watch 1
Star 0
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
2 Commits
1 Branches
Tree: 97d25c38f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '97d25c38f3'
${ noResults }
web/vendor/illuminate/encryption/Encrypter.php

Encrypter.php 6.7KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252 
  1. <?php

  2. 

  3. namespace Illuminate\Encryption;

  4. 

  5. use RuntimeException;

  6. use Illuminate\Contracts\Encryption\DecryptException;

  7. use Illuminate\Contracts\Encryption\EncryptException;

  8. use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;

  9. 

  10. class Encrypter implements EncrypterContract

  11. {

  12.     /**

  13.      * The encryption key.

  14.      *

  15.      * @var string

  16.      */

  17.     protected $key;

  18. 

  19.     /**

  20.      * The algorithm used for encryption.

  21.      *

  22.      * @var string

  23.      */

  24.     protected $cipher;

  25. 

  26.     /**

  27.      * Create a new encrypter instance.

  28.      *

  29.      * @param  string  $key

  30.      * @param  string  $cipher

  31.      * @return void

  32.      *

  33.      * @throws \RuntimeException

  34.      */

  35.     public function __construct($key, $cipher = 'AES-128-CBC')

  36.     {

  37.         $key = (string) $key;

  38. 

  39.         if (static::supported($key, $cipher)) {

  40.             $this->key = $key;

  41.             $this->cipher = $cipher;

  42.         } else {

  43.             throw new RuntimeException('The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.');

  44.         }

  45.     }

  46. 

  47.     /**

  48.      * Determine if the given key and cipher combination is valid.

  49.      *

  50.      * @param  string  $key

  51.      * @param  string  $cipher

  52.      * @return bool

  53.      */

  54.     public static function supported($key, $cipher)

  55.     {

  56.         $length = mb_strlen($key, '8bit');

  57. 

  58.         return ($cipher === 'AES-128-CBC' && $length === 16) ||

  59.                ($cipher === 'AES-256-CBC' && $length === 32);

  60.     }

  61. 

  62.     /**

  63.      * Create a new encryption key for the given cipher.

  64.      *

  65.      * @param  string  $cipher

  66.      * @return string

  67.      */

  68.     public static function generateKey($cipher)

  69.     {

  70.         return random_bytes($cipher == 'AES-128-CBC' ? 16 : 32);

  71.     }

  72. 

  73.     /**

  74.      * Encrypt the given value.

  75.      *

  76.      * @param  mixed  $value

  77.      * @param  bool  $serialize

  78.      * @return string

  79.      *

  80.      * @throws \Illuminate\Contracts\Encryption\EncryptException

  81.      */

  82.     public function encrypt($value, $serialize = true)

  83.     {

  84.         $iv = random_bytes(openssl_cipher_iv_length($this->cipher));

  85. 

  86.         // First we will encrypt the value using OpenSSL. After this is encrypted we

  87.         // will proceed to calculating a MAC for the encrypted value so that this

  88.         // value can be verified later as not having been changed by the users.

  89.         $value = \openssl_encrypt(

  90.             $serialize ? serialize($value) : $value,

  91.             $this->cipher, $this->key, 0, $iv

  92.         );

  93. 

  94.         if ($value === false) {

  95.             throw new EncryptException('Could not encrypt the data.');

  96.         }

  97. 

  98.         // Once we get the encrypted value we'll go ahead and base64_encode the input

  99.         // vector and create the MAC for the encrypted value so we can then verify

  100.         // its authenticity. Then, we'll JSON the data into the "payload" array.

  101.         $mac = $this->hash($iv = base64_encode($iv), $value);

  102. 

  103.         $json = json_encode(compact('iv', 'value', 'mac'));

  104. 

  105.         if (json_last_error() !== JSON_ERROR_NONE) {

  106.             throw new EncryptException('Could not encrypt the data.');

  107.         }

  108. 

  109.         return base64_encode($json);

  110.     }

  111. 

  112.     /**

  113.      * Encrypt a string without serialization.

  114.      *

  115.      * @param  string  $value

  116.      * @return string

  117.      */

  118.     public function encryptString($value)

  119.     {

  120.         return $this->encrypt($value, false);

  121.     }

  122. 

  123.     /**

  124.      * Decrypt the given value.

  125.      *

  126.      * @param  mixed  $payload

  127.      * @param  bool  $unserialize

  128.      * @return string

  129.      *

  130.      * @throws \Illuminate\Contracts\Encryption\DecryptException

  131.      */

  132.     public function decrypt($payload, $unserialize = true)

  133.     {

  134.         $payload = $this->getJsonPayload($payload);

  135. 

  136.         $iv = base64_decode($payload['iv']);

  137. 

  138.         // Here we will decrypt the value. If we are able to successfully decrypt it

  139.         // we will then unserialize it and return it out to the caller. If we are

  140.         // unable to decrypt this value we will throw out an exception message.

  141.         $decrypted = \openssl_decrypt(

  142.             $payload['value'], $this->cipher, $this->key, 0, $iv

  143.         );

  144. 

  145.         if ($decrypted === false) {

  146.             throw new DecryptException('Could not decrypt the data.');

  147.         }

  148. 

  149.         return $unserialize ? unserialize($decrypted) : $decrypted;

  150.     }

  151. 

  152.     /**

  153.      * Decrypt the given string without unserialization.

  154.      *

  155.      * @param  string  $payload

  156.      * @return string

  157.      */

  158.     public function decryptString($payload)

  159.     {

  160.         return $this->decrypt($payload, false);

  161.     }

  162. 

  163.     /**

  164.      * Create a MAC for the given value.

  165.      *

  166.      * @param  string  $iv

  167.      * @param  mixed  $value

  168.      * @return string

  169.      */

  170.     protected function hash($iv, $value)

  171.     {

  172.         return hash_hmac('sha256', $iv.$value, $this->key);

  173.     }

  174. 

  175.     /**

  176.      * Get the JSON array from the given payload.

  177.      *

  178.      * @param  string  $payload

  179.      * @return array

  180.      *

  181.      * @throws \Illuminate\Contracts\Encryption\DecryptException

  182.      */

  183.     protected function getJsonPayload($payload)

  184.     {

  185.         $payload = json_decode(base64_decode($payload), true);

  186. 

  187.         // If the payload is not valid JSON or does not have the proper keys set we will

  188.         // assume it is invalid and bail out of the routine since we will not be able

  189.         // to decrypt the given value. We'll also check the MAC for this encryption.

  190.         if (! $this->validPayload($payload)) {

  191.             throw new DecryptException('The payload is invalid.');

  192.         }

  193. 

  194.         if (! $this->validMac($payload)) {

  195.             throw new DecryptException('The MAC is invalid.');

  196.         }

  197. 

  198.         return $payload;

  199.     }

  200. 

  201.     /**

  202.      * Verify that the encryption payload is valid.

  203.      *

  204.      * @param  mixed  $payload

  205.      * @return bool

  206.      */

  207.     protected function validPayload($payload)

  208.     {

  209.         return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&

  210.                strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);

  211.     }

  212. 

  213.     /**

  214.      * Determine if the MAC for the given payload is valid.

  215.      *

  216.      * @param  array  $payload

  217.      * @return bool

  218.      */

  219.     protected function validMac(array $payload)

  220.     {

  221.         $calculated = $this->calculateMac($payload, $bytes = random_bytes(16));

  222. 

  223.         return hash_equals(

  224.             hash_hmac('sha256', $payload['mac'], $bytes, true), $calculated

  225.         );

  226.     }

  227. 

  228.     /**

  229.      * Calculate the hash of the given payload.

  230.      *

  231.      * @param  array  $payload

  232.      * @param  string  $bytes

  233.      * @return string

  234.      */

  235.     protected function calculateMac($payload, $bytes)

  236.     {

  237.         return hash_hmac(

  238.             'sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true

  239.         );

  240.     }

  241. 

  242.     /**

  243.      * Get the encryption key.

  244.      *

  245.      * @return string

  246.      */

  247.     public function getKey()

  248.     {

  249.         return $this->key;

  250.     }

  251. }