[civicrm-core.git] / Civi / Crypto / CryptoToken.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

namespace Civi\Crypto;

use Civi\Crypto\Exception\CryptoException;

/**
 * The "Crypto Token" service supports a token format suitable for
 * storing specific values in the database with encryption. Characteristics:
 *
 * - Primarily designed to defend confidentiality in case of data-leaks
 *   (SQL injections, lost backups, etc).
 * - NOT appropriate for securing data-transmission. Data-transmission
 *   requires more protections (eg mandatory TTLs + signatures). If you need
 *   that, consider adding a JWT/JWS/JWE implementation.
 * - Data-format allows phase-in/phase-out. If you have a datum that was written
 *   with an old key or with no key, it will still be readable.
 *
 * USAGE: The "encrypt()" and "decrypt()" methods are the primary interfaces.
 *
 *   $encrypted = Civi::service('crypto.token')->encrypt('my-mail-password, 'KEY_ID_OR_TAG');
 *   $decrypted = Civi::service('crypto.token')->decrypt($encrypted, '*');
 *
 * FORMAT: An encoded token may be in either of these formats:
 *
 *   - Plain text: Any string which does not begin with chr(2)
 *   - Encrypted text: A string in the format:
 *        TOKEN := DLM + FMT + QUERY
 *        DLM := ASCII char #2
 *        FMT := String, 4-digit, alphanumeric (as in "CTK?")
 *        QUERY := String, URL-encoded key-value pairs,
 *           "k", the key ID (alphanumeric and symbols "_-.,:;=+/\")
 *           "t", the text (base64-encoded ciphertext)
 *
 * @package Civi\Crypto
 */
class CryptoToken {

  /**
   * Format identification code
   */
  const FMT_QUERY = 'CTK?';

  /**
   * @var string
   */
  protected $delim;

  /**
   * CryptoToken constructor.
   */
  public function __construct() {
    $this->delim = chr(2);
  }

  /**
   * Determine if a string looks like plain-text.
   *
   * @param string $plainText
   * @return bool
   */
  public function isPlainText($plainText) {
    return is_string($plainText) && ($plainText === '' || $plainText{0} !== $this->delim);
  }

  /**
   * Create an encrypted token (given the plaintext).
   *
   * @param string $plainText
   *   The secret value to encode (e.g. plain-text password).
   * @param string|string[] $keyIdOrTag
   *   List of key IDs or key tags to check. First available match wins.
   * @return string
   *   A token
   * @throws \Civi\Crypto\Exception\CryptoException
   */
  public function encrypt($plainText, $keyIdOrTag) {
    /** @var CryptoRegistry $registry */
    $registry = \Civi::service('crypto.registry');

    $key = $registry->findKey($keyIdOrTag);
    if ($key['suite'] === 'plain') {
      if (!$this->isPlainText($plainText)) {
        throw new CryptoException("Cannot use plaintext encoding for data with reserved delimiter.");
      }
      return $plainText;
    }

    /** @var \Civi\Crypto\CipherSuiteInterface $cipherSuite */
    $cipherSuite = $registry->findSuite($key['suite']);
    $cipherText = $cipherSuite->encrypt($plainText, $key);

    return $this->delim . self::FMT_QUERY . \http_build_query([
      'k' => $key['id'],
      't' => \CRM_Utils_String::base64UrlEncode($cipherText),
    ]);
  }

  /**
   * Get the plaintext (given an encrypted token).
   *
   * @param string $token
   * @param string|string[] $keyIdOrTag
   *   Whitelist of acceptable keys. Wildcard '*' will allow it to use
   *   any/all available means to decode the token.
   * @return string
   * @throws \Civi\Crypto\Exception\CryptoException
   */
  public function decrypt($token, $keyIdOrTag = '*') {
    $keyIdOrTag = (array) $keyIdOrTag;

    if ($this->isPlainText($token)) {
      if (in_array('*', $keyIdOrTag) || in_array('plain', $keyIdOrTag)) {
        return $token;
      }
      else {
        throw new CryptoException("Cannot decrypt token. Unexpected key: plain");
      }
    }

    /** @var CryptoRegistry $registry */
    $registry = \Civi::service('crypto.registry');

    $fmt = substr($token, 1, 4);
    switch ($fmt) {
      case self::FMT_QUERY:
        parse_str(substr($token, 5), $tokenData);
        $keyId = $tokenData['k'];
        $cipherText = \CRM_Utils_String::base64UrlDecode($tokenData['t']);
        break;

      default:
        throw new CryptoException("Cannot decrypt token. Invalid format.");
    }

    $key = $registry->findKey($keyId);
    if (!in_array('*', $keyIdOrTag) && !in_array($keyId, $keyIdOrTag) && empty(array_intersect($keyIdOrTag, $key['tags']))) {
      throw new CryptoException("Cannot decrypt token. Unexpected key: {$keyId}");
    }

    /** @var \Civi\Crypto\CipherSuiteInterface $cipherSuite */
    $cipherSuite = $registry->findSuite($key['suite']);
    $plainText = $cipherSuite->decrypt($cipherText, $key);
    return $plainText;
  }

}
Commit	Line	Data
8d3452c4 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
	4	\| Copyright CiviCRM LLC. All rights reserved. \|
	5	\| \|
	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	namespace Civi\Crypto;
	13
	14	use Civi\Crypto\Exception\CryptoException;
	15
	16	/**
	17	* The "Crypto Token" service supports a token format suitable for
	18	* storing specific values in the database with encryption. Characteristics:
	19	*
	20	* - Primarily designed to defend confidentiality in case of data-leaks
	21	* (SQL injections, lost backups, etc).
	22	* - NOT appropriate for securing data-transmission. Data-transmission
	23	* requires more protections (eg mandatory TTLs + signatures). If you need
	24	* that, consider adding a JWT/JWS/JWE implementation.
	25	* - Data-format allows phase-in/phase-out. If you have a datum that was written
	26	* with an old key or with no key, it will still be readable.
	27	*
	28	* USAGE: The "encrypt()" and "decrypt()" methods are the primary interfaces.
	29	*
	30	* $encrypted = Civi::service('crypto.token')->encrypt('my-mail-password, 'KEY_ID_OR_TAG');
	31	* $decrypted = Civi::service('crypto.token')->decrypt($encrypted, '*');
	32	*
	33	* FORMAT: An encoded token may be in either of these formats:
	34	*
	35	* - Plain text: Any string which does not begin with chr(2)
	36	* - Encrypted text: A string in the format:
5b394c8f TO	37	* TOKEN := DLM + FMT + QUERY
	38	* DLM := ASCII char #2
	39	* FMT := String, 4-digit, alphanumeric (as in "CTK?")
	40	* QUERY := String, URL-encoded key-value pairs,
	41	* "k", the key ID (alphanumeric and symbols "_-.,:;=+/\")
	42	* "t", the text (base64-encoded ciphertext)
8d3452c4 TO	43	*
	44	* @package Civi\Crypto
	45	*/
	46	class CryptoToken {
	47
5b394c8f TO	48	/**
	49	* Format identification code
	50	*/
	51	const FMT_QUERY = 'CTK?';
8d3452c4	52
5b394c8f TO	53	/**
	54	* @var string
	55	*/
8d3452c4 TO	56	protected $delim;
	57
	58	/**
	59	* CryptoToken constructor.
8d3452c4	60	*/
7c5110c3	61	public function __construct() {
8d3452c4	62	$this->delim = chr(2);
8d3452c4 TO	63	}
	64
	65	/**
	66	* Determine if a string looks like plain-text.
	67	*
	68	* @param string $plainText
	69	* @return bool
	70	*/
	71	public function isPlainText($plainText) {
	72	return is_string($plainText) && ($plainText === '' \|\| $plainText{0} !== $this->delim);
	73	}
	74
	75	/**
	76	* Create an encrypted token (given the plaintext).
	77	*
	78	* @param string $plainText
	79	* The secret value to encode (e.g. plain-text password).
	80	* @param string\|string[] $keyIdOrTag
	81	* List of key IDs or key tags to check. First available match wins.
	82	* @return string
	83	* A token
	84	* @throws \Civi\Crypto\Exception\CryptoException
	85	*/
	86	public function encrypt($plainText, $keyIdOrTag) {
7c5110c3 TO	87	/** @var CryptoRegistry $registry */
	88	$registry = \Civi::service('crypto.registry');
	89
	90	$key = $registry->findKey($keyIdOrTag);
8d3452c4 TO	91	if ($key['suite'] === 'plain') {
	92	if (!$this->isPlainText($plainText)) {
	93	throw new CryptoException("Cannot use plaintext encoding for data with reserved delimiter.");
	94	}
	95	return $plainText;
	96	}
	97
	98	/** @var \Civi\Crypto\CipherSuiteInterface $cipherSuite */
7c5110c3	99	$cipherSuite = $registry->findSuite($key['suite']);
8d3452c4	100	$cipherText = $cipherSuite->encrypt($plainText, $key);
5b394c8f TO	101
	102	return $this->delim . self::FMT_QUERY . \http_build_query([
	103	'k' => $key['id'],
	104	't' => \CRM_Utils_String::base64UrlEncode($cipherText),
	105	]);
8d3452c4 TO	106	}
	107
	108	/**
	109	* Get the plaintext (given an encrypted token).
	110	*
	111	* @param string $token
	112	* @param string\|string[] $keyIdOrTag
	113	* Whitelist of acceptable keys. Wildcard '*' will allow it to use
	114	* any/all available means to decode the token.
	115	* @return string
	116	* @throws \Civi\Crypto\Exception\CryptoException
	117	*/
	118	public function decrypt($token, $keyIdOrTag = '*') {
	119	$keyIdOrTag = (array) $keyIdOrTag;
	120
	121	if ($this->isPlainText($token)) {
	122	if (in_array('*', $keyIdOrTag) \|\| in_array('plain', $keyIdOrTag)) {
	123	return $token;
	124	}
	125	else {
	126	throw new CryptoException("Cannot decrypt token. Unexpected key: plain");
	127	}
	128	}
	129
7c5110c3 TO	130	/** @var CryptoRegistry $registry */
	131	$registry = \Civi::service('crypto.registry');
	132
5b394c8f TO	133	$fmt = substr($token, 1, 4);
	134	switch ($fmt) {
	135	case self::FMT_QUERY:
	136	parse_str(substr($token, 5), $tokenData);
	137	$keyId = $tokenData['k'];
	138	$cipherText = \CRM_Utils_String::base64UrlDecode($tokenData['t']);
	139	break;
	140
	141	default:
	142	throw new CryptoException("Cannot decrypt token. Invalid format.");
8d3452c4	143	}
8d3452c4	144
7c5110c3	145	$key = $registry->findKey($keyId);
8d3452c4	146	if (!in_array('*', $keyIdOrTag) && !in_array($keyId, $keyIdOrTag) && empty(array_intersect($keyIdOrTag, $key['tags']))) {
5b394c8f	147	throw new CryptoException("Cannot decrypt token. Unexpected key: {$keyId}");
8d3452c4 TO	148	}
	149
	150	/** @var \Civi\Crypto\CipherSuiteInterface $cipherSuite */
7c5110c3	151	$cipherSuite = $registry->findSuite($key['suite']);
8d3452c4 TO	152	$plainText = $cipherSuite->decrypt($cipherText, $key);
	153	return $plainText;
	154	}
	155
	156	}