projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5243 from totten/4.5-dompdf
[civicrm-core.git] / CRM / Utils / Crypt.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2014 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2014
32 * $Id$
33 *
34 */
35 class CRM_Utils_Crypt {
36
37 /**
38 * Encrypts a string using AES256 in ECB mode, if encryption is enabled.
39 *
40 * After encrypting the string, it is base64 encoded.
41 *
42 * If encryption is not enabled, either due to CIVICRM_SITE_KEY being
43 * undefined or due to unavailability of the mcrypt module, the string is
44 * merely base64 encoded and is not encrypted at all.
45 *
46 * @param string $string
47 * Plaintext to be encrypted.
48 * @return string
49 * Base64-encoded ciphertext, or base64-encoded plaintext if encryption is
50 * disabled or unavailable.
51 */
52 static function encrypt($string) {
53 if (empty($string)) {
54 return $string;
55 }
56
57 if (function_exists('mcrypt_module_open') &&
58 defined('CIVICRM_SITE_KEY')
59 ) {
60 $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
61 // ECB mode - iv not needed - CRM-8198
62 $iv = '00000000000000000000000000000000';
63 $ks = mcrypt_enc_get_key_size($td);
64 $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
65
66 mcrypt_generic_init($td, $key, $iv);
67 $string = mcrypt_generic($td, $string);
68 mcrypt_generic_deinit($td);
69 mcrypt_module_close($td);
70 }
71 return base64_encode($string);
72 }
73
74 /**
75 * Decrypts ciphertext encrypted with AES256 in ECB mode, if possible.
76 *
77 * If the mcrypt module is not available or if CIVICRM_SITE_KEY is not set,
78 * the provided ciphertext is only base64-decoded, not decrypted.
79 *
80 * @param string $string
81 * Ciphertext to be decrypted.
82 * @return string
83 * Plaintext, or base64-decoded ciphertext if encryption is disabled or
84 * unavailable.
85 */
86 static function decrypt($string) {
87 if (empty($string)) {
88 return $string;
89 }
90
91 $string = base64_decode($string);
92 if (empty($string)) {
93 return $string;
94 }
95
96 if (function_exists('mcrypt_module_open') &&
97 defined('CIVICRM_SITE_KEY')
98 ) {
99 $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
100 // ECB mode - iv not needed - CRM-8198
101 $iv = '00000000000000000000000000000000';
102 $ks = mcrypt_enc_get_key_size($td);
103 $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
104
105 mcrypt_generic_init($td, $key, $iv);
106 $string = rtrim(mdecrypt_generic($td, $string));
107 mcrypt_generic_deinit($td);
108 mcrypt_module_close($td);
109 }
110
111 return $string;
112 }
113 }
114