Skip to content
This repository has been archived by the owner on Jan 8, 2020. It is now read-only.

Fix for the issue #3541 - salt size for Encrypt/Decrypt Filter #3550

Closed
wants to merge 6 commits into from
Closed

Fix for the issue #3541 - salt size for Encrypt/Decrypt Filter #3550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9c0d287
Fix for the issue 3541
ezimuel Jan 24, 2013
713c51c
Changed the get/setSalt in Mcrypt and BlockCipher + added the setKey …
ezimuel Jan 25, 2013
79d9977
Moved the setSalt outside the loop in testEncryptDecrypt
ezimuel Jan 25, 2013
bc8dc1d
Added the getOriginalSalt() in Mcrypt and BlockCipher
ezimuel Jan 25, 2013
65938e8
Fixed CS issue
ezimuel Jan 25, 2013
b5ebe8b
Removed check in getKey of Zend\Cryp\Symmetric\Mcrypt
ezimuel Jan 25, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 54 additions & 33 deletions library/Zend/Crypt/BlockCipher.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ class BlockCipher
protected $hash = 'sha256';

/**
* Salt (IV)
* Check if the salt has been set
*
* @var string
* @var boolean
*/
protected $salt;
protected $saltSetted = false;

/**
* The output is binary?
Expand All @@ -62,18 +62,18 @@ class BlockCipher
protected $binaryOutput = false;

/**
* User's key
* Number of iterations for Pbkdf2
*
* @var string
*/
protected $key;
protected $keyIteration = 5000;

/**
* Number of iterations for Pbkdf2
* Key
*
* @var string
*/
protected $keyIteration = 5000;
protected $key;

/**
* Constructor
Expand All @@ -88,14 +88,15 @@ public function __construct(SymmetricInterface $cipher)
/**
* Factory.
*
* @param string $adapter
* @param array $options
* @param string $adapter
* @param array $options
* @return BlockCipher
*/
public static function factory($adapter, $options = array())
{
$plugins = static::getSymmetricPluginManager();
$adapter = $plugins->get($adapter, (array) $options);

return new static($adapter);
}

Expand All @@ -116,7 +117,7 @@ public static function getSymmetricPluginManager()
/**
* Set the symmetric cipher plugin manager
*
* @param string|SymmetricPluginManager $plugins
* @param string|SymmetricPluginManager $plugins
* @throws Exception\InvalidArgumentException
*/
public static function setSymmetricPluginManager($plugins)
Expand Down Expand Up @@ -165,12 +166,13 @@ public function getCipher()
/**
* Set the number of iterations for Pbkdf2
*
* @param integer $num
* @param integer $num
* @return BlockCipher
*/
public function setKeyIteration($num)
{
$this->keyIteration = (integer)$num;
$this->keyIteration = (integer) $num;

return $this;
}

Expand All @@ -187,38 +189,52 @@ public function getKeyIteration()
/**
* Set the salt (IV)
*
* @param string $salt
* @param string $salt
* @return BlockCipher
* @throws Exception\InvalidArgumentException
*/
public function setSalt($salt)
{
if (empty($salt)) {
throw new Exception\InvalidArgumentException("The salt (IV) cannot be empty");
try {
$this->cipher->setSalt($salt);
} catch (Symmetric\Exception\InvalidArgumentException $e) {
throw new Exception\InvalidArgumentException("The salt is not valid: " . $e->getMessage());
}
$this->salt = $salt;
$this->saltSetted = true;

return $this;
}

/**
* Get the salt (IV)
* Get the salt (IV) according to the size requested by the algorithm
*
* @return string
*/
public function getSalt()
{
return $this->salt;
return $this->cipher->getSalt();
}

/**
* Get the original salt value
*
* @return type
*/
public function getOriginalSalt()
{
return $this->cipher->getOriginalSalt();
}

/**
* Enable/disable the binary output
*
* @param bool $value
* @param bool $value
* @return BlockCipher
*/
public function setBinaryOutput($value)
{
$this->binaryOutput = (bool) $value;

return $this;
}

Expand All @@ -235,7 +251,7 @@ public function getBinaryOutput()
/**
* Set the encryption/decryption key
*
* @param string $key
* @param string $key
* @return BlockCipher
* @throws Exception\InvalidArgumentException
*/
Expand All @@ -245,6 +261,7 @@ public function setKey($key)
throw new Exception\InvalidArgumentException('The key cannot be empty');
}
$this->key = $key;

return $this;
}

Expand All @@ -261,7 +278,7 @@ public function getKey()
/**
* Set algorithm of the symmetric cipher
*
* @param string $algo
* @param string $algo
* @return BlockCipher
* @throws Exception\InvalidArgumentException
*/
Expand All @@ -275,6 +292,7 @@ public function setCipherAlgorithm($algo)
} catch (Symmetric\Exception\InvalidArgumentException $e) {
throw new Exception\InvalidArgumentException($e->getMessage());
}

return $this;
}

Expand All @@ -288,6 +306,7 @@ public function getCipherAlgorithm()
if (!empty($this->cipher)) {
return $this->cipher->getAlgorithm();
}

return false;
}

Expand All @@ -301,13 +320,14 @@ public function getCipherSupportedAlgorithms()
if (!empty($this->cipher)) {
return $this->cipher->getSupportedAlgorithms();
}

return array();
}

/**
* Set the hash algorithm for HMAC authentication
*
* @param string $hash
* @param string $hash
* @return BlockCipher
* @throws Exception\InvalidArgumentException
*/
Expand All @@ -319,6 +339,7 @@ public function setHashAlgorithm($hash)
);
}
$this->hash = $hash;

return $this;
}

Expand All @@ -335,7 +356,7 @@ public function getHashAlgorithm()
/**
* Encrypt then authenticate using HMAC
*
* @param string $data
* @param string $data
* @return string
* @throws Exception\InvalidArgumentException
*/
Expand All @@ -344,23 +365,21 @@ public function encrypt($data)
if (empty($data)) {
throw new Exception\InvalidArgumentException('The data to encrypt cannot be empty');
}
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for the encryption');
}
if (empty($this->cipher)) {
throw new Exception\InvalidArgumentException('No symmetric cipher specified');
}
if (empty($this->key)) {
throw new Exception\InvalidArgumentException('No key specified for the encryption');
}
$keySize = $this->cipher->getKeySize();
$salt = $this->getSalt();
// generate a random salt (IV) if empty
if (empty($salt)) {
$salt = Rand::getBytes($this->cipher->getSaltSize(), true);
// generate a random salt (IV) if the salt has not been set
if (!$this->saltSetted) {
$this->cipher->setSalt(Rand::getBytes($this->cipher->getSaltSize(), true));
}
$this->cipher->setSalt($salt);
// generate the encryption key and the HMAC key for the authentication
$hash = Pbkdf2::calc(self::KEY_DERIV_HMAC,
$this->getKey(),
$this->cipher->getSalt(),
$this->getSalt(),
$this->keyIteration,
$keySize * 2);
// set the encryption key
Expand All @@ -376,13 +395,14 @@ public function encrypt($data)
if (!$this->binaryOutput) {
$ciphertext = base64_encode($ciphertext);
}

return $hmac . $ciphertext;
}

/**
* Decrypt
*
* @param string $data
* @param string $data
* @return string|bool
* @throws Exception\InvalidArgumentException
*/
Expand Down Expand Up @@ -424,6 +444,7 @@ public function decrypt($data)
if (!Utils::compareStrings($hmacNew, $hmac)) {
return false;
}

return $this->cipher->decrypt($ciphertext);
}
}
Loading