[civicrm-core.git] / CRM / Utils / Crypt.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.7                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2015                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2015
 */
class CRM_Utils_Crypt {

  /**
   * Encrypts a string using AES256 in ECB mode, if encryption is enabled.
   *
   * After encrypting the string, it is base64 encoded.
   *
   * If encryption is not enabled, either due to CIVICRM_SITE_KEY being
   * undefined or due to unavailability of the mcrypt module, the string is
   * merely base64 encoded and is not encrypted at all.
   *
   * @param string $string
   *   Plaintext to be encrypted.
   * @return string
   *   Base64-encoded ciphertext, or base64-encoded plaintext if encryption is
   *   disabled or unavailable.
   */
  public static function encrypt($string) {
    if (empty($string)) {
      return $string;
    }

    if (function_exists('mcrypt_module_open') &&
      defined('CIVICRM_SITE_KEY')
    ) {
      $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
      // ECB mode - iv not needed - CRM-8198
      $iv = '00000000000000000000000000000000';
      $ks = mcrypt_enc_get_key_size($td);
      $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);

      mcrypt_generic_init($td, $key, $iv);
      $string = mcrypt_generic($td, $string);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    return base64_encode($string);
  }

  /**
   * Decrypts ciphertext encrypted with AES256 in ECB mode, if possible.
   *
   * If the mcrypt module is not available or if CIVICRM_SITE_KEY is not set,
   * the provided ciphertext is only base64-decoded, not decrypted.
   *
   * @param string $string
   *   Ciphertext to be decrypted.
   * @return string
   *   Plaintext, or base64-decoded ciphertext if encryption is disabled or
   *   unavailable.
   */
  public static function decrypt($string) {
    if (empty($string)) {
      return $string;
    }

    $string = base64_decode($string);
    if (empty($string)) {
      return $string;
    }

    if (function_exists('mcrypt_module_open') &&
      defined('CIVICRM_SITE_KEY')
    ) {
      $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
      // ECB mode - iv not needed - CRM-8198
      $iv = '00000000000000000000000000000000';
      $ks = mcrypt_enc_get_key_size($td);
      $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);

      mcrypt_generic_init($td, $key, $iv);
      $string = rtrim(mdecrypt_generic($td, $string));
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }

    return $string;
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
7e9e8871	4	\| CiviCRM version 4.7 \|
6a488035	5	+--------------------------------------------------------------------+
e7112fa7	6	\| Copyright CiviCRM LLC (c) 2004-2015 \|
6a488035 TO	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
d25dd0ee	26	*/
6a488035 TO	27
	28	/**
	29	*
	30	* @package CRM
e7112fa7	31	* @copyright CiviCRM LLC (c) 2004-2015
6a488035 TO	32	*/
	33	class CRM_Utils_Crypt {
	34
d65b5830 RS	35	/**
	36	* Encrypts a string using AES256 in ECB mode, if encryption is enabled.
	37	*
	38	* After encrypting the string, it is base64 encoded.
	39	*
	40	* If encryption is not enabled, either due to CIVICRM_SITE_KEY being
	41	* undefined or due to unavailability of the mcrypt module, the string is
	42	* merely base64 encoded and is not encrypted at all.
	43	*
	44	* @param string $string
	45	* Plaintext to be encrypted.
	46	* @return string
	47	* Base64-encoded ciphertext, or base64-encoded plaintext if encryption is
	48	* disabled or unavailable.
	49	*/
00be9182	50	public static function encrypt($string) {
6a488035 TO	51	if (empty($string)) {
	52	return $string;
	53	}
	54
	55	if (function_exists('mcrypt_module_open') &&
	56	defined('CIVICRM_SITE_KEY')
	57	) {
	58	$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
	59	// ECB mode - iv not needed - CRM-8198
353ffa53 TO	60	$iv = '00000000000000000000000000000000';
353ffa53 TO	61	$ks = mcrypt_enc_get_key_size($td);
6a488035 TO	62	$key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
	63
	64	mcrypt_generic_init($td, $key, $iv);
	65	$string = mcrypt_generic($td, $string);
	66	mcrypt_generic_deinit($td);
	67	mcrypt_module_close($td);
	68	}
	69	return base64_encode($string);
	70	}
	71
d65b5830 RS	72	/**
	73	* Decrypts ciphertext encrypted with AES256 in ECB mode, if possible.
	74	*
	75	* If the mcrypt module is not available or if CIVICRM_SITE_KEY is not set,
	76	* the provided ciphertext is only base64-decoded, not decrypted.
	77	*
	78	* @param string $string
	79	* Ciphertext to be decrypted.
	80	* @return string
	81	* Plaintext, or base64-decoded ciphertext if encryption is disabled or
	82	* unavailable.
	83	*/
00be9182	84	public static function decrypt($string) {
6a488035 TO	85	if (empty($string)) {
	86	return $string;
	87	}
	88
	89	$string = base64_decode($string);
	90	if (empty($string)) {
	91	return $string;
	92	}
	93
	94	if (function_exists('mcrypt_module_open') &&
	95	defined('CIVICRM_SITE_KEY')
	96	) {
	97	$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
	98	// ECB mode - iv not needed - CRM-8198
353ffa53 TO	99	$iv = '00000000000000000000000000000000';
353ffa53 TO	100	$ks = mcrypt_enc_get_key_size($td);
6a488035 TO	101	$key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
	102
	103	mcrypt_generic_init($td, $key, $iv);
	104	$string = rtrim(mdecrypt_generic($td, $string));
	105	mcrypt_generic_deinit($td);
	106	mcrypt_module_close($td);
	107	}
	108
	109	return $string;
	110	}
96025800	111
6a488035	112	}