CRM/Utils/Crypt.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17 class CRM_Utils_Crypt {
  18
  19   /**
  20    * Encrypts a string using AES256 in ECB mode, if encryption is enabled.
  21    *
  22    * After encrypting the string, it is base64 encoded.
  23    *
  24    * If encryption is not enabled, either due to CIVICRM_SITE_KEY being
  25    * undefined or due to unavailability of the mcrypt module, the string is
  26    * merely base64 encoded and is not encrypted at all.
  27    *
  28    * @param string $string
  29    *   Plaintext to be encrypted.
  30    * @return string
  31    *   Base64-encoded ciphertext, or base64-encoded plaintext if encryption is
  32    *   disabled or unavailable.
  33    */
  34   public static function encrypt($string) {
  35     if (empty($string)) {
  36       return $string;
  37     }
  38
  39     if (function_exists('mcrypt_module_open') &&
  40       defined('CIVICRM_SITE_KEY')
  41     ) {
  42       // phpcs:disable
  43       $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
  44       // ECB mode - iv not needed - CRM-8198
  45       $iv = '00000000000000000000000000000000';
  46       $ks = mcrypt_enc_get_key_size($td);
  47       $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
  48
  49       mcrypt_generic_init($td, $key, $iv);
  50       $string = mcrypt_generic($td, $string);
  51       mcrypt_generic_deinit($td);
  52       mcrypt_module_close($td);
  53     }
  54     // phpcs:enable
  55     return base64_encode($string);
  56   }
  57
  58   /**
  59    * Decrypts ciphertext encrypted with AES256 in ECB mode, if possible.
  60    *
  61    * If the mcrypt module is not available or if CIVICRM_SITE_KEY is not set,
  62    * the provided ciphertext is only base64-decoded, not decrypted.
  63    *
  64    * @param string $string
  65    *   Ciphertext to be decrypted.
  66    * @return string
  67    *   Plaintext, or base64-decoded ciphertext if encryption is disabled or
  68    *   unavailable.
  69    */
  70   public static function decrypt($string) {
  71     if (empty($string)) {
  72       return $string;
  73     }
  74
  75     $string = base64_decode($string);
  76     if (empty($string)) {
  77       return $string;
  78     }
  79
  80     if (function_exists('mcrypt_module_open') &&
  81       defined('CIVICRM_SITE_KEY')
  82     ) {
  83       // phpcs:disable
  84       $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_ECB, '');
  85       // ECB mode - iv not needed - CRM-8198
  86       $iv = '00000000000000000000000000000000';
  87       $ks = mcrypt_enc_get_key_size($td);
  88       $key = substr(sha1(CIVICRM_SITE_KEY), 0, $ks);
  89
  90       mcrypt_generic_init($td, $key, $iv);
  91       $string = rtrim(mdecrypt_generic($td, $string));
  92       mcrypt_generic_deinit($td);
  93       mcrypt_module_close($td);
  94       // phpcs:enable
  95     }
  96
  97     return $string;
  98   }
  99
 100 }