4 * This file is part of the civicrm-cxn-rpc package.
6 * Copyright (c) CiviCRM LLC <info@civicrm.org>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this package.
12 namespace Civi\Cxn\Rpc
;
14 use Civi\Cxn\Rpc\Exception\InvalidMessageException
;
19 * A secret, expressed in a series of printable ASCII characters.
21 public static function createSecret() {
22 return base64_encode(crypt_random_string(Constants
::AES_BYTES
));
27 * A secret, expressed in a series of printable ASCII characters.
29 * - enc: string, raw encryption key
30 * - auth: string, raw authentication key
32 public static function deriveAesKeys($secret) {
33 $rawSecret = base64_decode($secret);
34 if (Constants
::AES_BYTES
!= strlen($rawSecret)) {
35 throw new InvalidMessageException("Failed to derive keys from secret.");
39 'enc' => BinHex
::hex2bin(hash_hmac('sha256', 'dearbrutus', $rawSecret)),
40 'auth' => BinHex
::hex2bin(hash_hmac('sha256', 'thefaultisinourselves', $rawSecret)),
42 if (Constants
::AES_BYTES
!= strlen($result['enc']) || Constants
::AES_BYTES
!= strlen($result['auth'])) {
43 throw new InvalidMessageException("Failed to derive keys from secret.");
49 * Encrypt $plaintext with $secret, then date and sign the message.
51 * @param string $secret
52 * @param string $plaintext
54 * Array(string $body, string $signature).
55 * Note that $body begins with an unencrypted envelope (ttl, iv).
56 * @throws InvalidMessageException
58 public static function encryptThenSign($secret, $plaintext) {
59 $iv = crypt_random_string(Constants
::AES_BYTES
);
61 $keys = AesHelper
::deriveAesKeys($secret);
63 $cipher = new \
Crypt_AES(CRYPT_AES_MODE_CBC
);
64 $cipher->setKeyLength(Constants
::AES_BYTES
);
65 $cipher->setKey($keys['enc']);
68 // JSON string; this will be signed but not encrypted
69 $jsonEnvelope = json_encode(array(
70 'ttl' => Time
::getTime() + Constants
::REQUEST_TTL
,
71 'iv' => BinHex
::bin2hex($iv),
73 // JSON string; this will be signed and encrypted
74 $jsonEncrypted = $cipher->encrypt($plaintext);
75 $body = $jsonEnvelope . Constants
::PROTOCOL_DELIM
. $jsonEncrypted;
76 $signature = hash_hmac('sha256', $body, $keys['auth']);
77 return array($body, $signature);
81 * Validate the signature and date of the message, then
84 * @param string $secret
86 * @param string $signature
89 * @throws InvalidMessageException
91 public static function authenticateThenDecrypt($secret, $body, $signature) {
92 $keys = self
::deriveAesKeys($secret);
94 $localHmac = hash_hmac('sha256', $body, $keys['auth']);
95 if (!self
::hash_compare($signature, $localHmac)) {
96 throw new InvalidMessageException("Incorrect hash");
99 list ($jsonEnvelope, $jsonEncrypted) = explode(Constants
::PROTOCOL_DELIM
, $body, 2);
100 if (strlen($jsonEnvelope) > Constants
::MAX_ENVELOPE_BYTES
) {
101 throw new InvalidMessageException("Oversized envelope");
104 $envelope = json_decode($jsonEnvelope, TRUE);
106 throw new InvalidMessageException("Malformed envelope");
109 if (!is_numeric($envelope['ttl']) || Time
::getTime() > $envelope['ttl']) {
110 throw new InvalidMessageException("Invalid TTL");
113 if (!is_string($envelope['iv']) ||
strlen($envelope['iv']) !== Constants
::AES_BYTES
* 2 ||
!preg_match('/^[a-f0-9]+$/', $envelope['iv'])) {
114 // AES_BYTES (32) ==> bin2hex ==> 2 hex digits (4-bit) per byte (8-bit)
115 throw new InvalidMessageException("Malformed initialization vector");
118 $jsonPlaintext = UserError
::adapt('Civi\Cxn\Rpc\Exception\InvalidMessageException', function () use ($jsonEncrypted, $envelope, $keys) {
119 $cipher = new \
Crypt_AES(CRYPT_AES_MODE_CBC
);
120 $cipher->setKeyLength(Constants
::AES_BYTES
);
121 $cipher->setKey($keys['enc']);
122 $cipher->setIV(BinHex
::hex2bin($envelope['iv']));
123 return $cipher->decrypt($jsonEncrypted);
125 return $jsonPlaintext;
129 * Comparison function which resists timing attacks.
135 private static function hash_compare($a, $b) {
136 if (!is_string($a) ||
!is_string($b)) {
141 if ($len !== strlen($b)) {
146 for ($i = 0; $i < $len; $i++
) {
147 $status |
= ord($a[$i]) ^
ord($b[$i]);
149 return $status === 0;