Initial commit

Author: archwisp

Autoloader.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace PHPCrypt;
+
+class Autoloader
+{
+   public static function load($class_name)
+   {
+      if (class_exists($class_name)) {
+         return TRUE;
+      }
+
+      $file_name = self::convertClassToPath($class_name);
+
+      $include_paths = explode(PATH_SEPARATOR, get_include_path());
+
+      foreach ($include_paths as $include_path) {
+
+          $full_path = $include_path . DIRECTORY_SEPARATOR . $file_name;
+
+         if (file_exists($full_path)) {
+            include_once $file_name;
+            return TRUE;
+         }
+      }
+      
+      return FALSE;
+   }
+
+   public static function install()
+   {
+       spl_autoload_register('self::load');
+   }
+
+   public static function convertClassToPath($class_name)
+   {
+      $path = str_replace('_', DIRECTORY_SEPARATOR, $class_name);
+      $path = str_replace('\\', DIRECTORY_SEPARATOR, $path);
+      $path .= '.php';
+
+      return $path;
+   }
+   
+   public static function registerIncludePath()
+   {
+       set_include_path(
+           get_include_path() . PATH_SEPARATOR . realpath(dirname(__FILE__) . '/..') 
+       );
+   }
+}

Example.php

@@ -0,0 +1,16 @@
+<?php // vim:ts=4:sts=4:sw=4:et:
+
+require_once 'Autoloader.php';
+\PHPCrypt\Autoloader::install();
+\PHPCrypt\Autoloader::registerIncludePath();
+
+$phpcrypt = new \PHPCrypt\Simple(
+    '6zp4y5vnUQpfEroWI6dMq5lC46F5Dmqa4NDcM1W4u2k=',
+    'RJikKksPg3UmqgQPXBwCmcSOMHQn0iOtQAFcfRcQOTU='
+);
+
+$ciphertext = $phpcrypt->encrypt('Foobar');
+printf("Ciphertext: %s\n", $ciphertext);
+
+$decrypted = $phpcrypt->decrypt($ciphertext);
+printf("Decrypted: %s\n", $decrypted);

README

@@ -0,0 +1,97 @@
+\PHPCrypt\ Simple Encryption Library For PHP 5.3+
+Version 1.0
+Written by Bryan C. Geraghty
+
+Introduction
+============
+A fellow programmer/friend whom I know from my local PHP user group was
+tasked with encrypting some data in an application and started searching
+Google for a good solution. After finding something promising, she sent
+what she had found to me asking for a review, knowing that I have a deep
+intrest and some backgroud in cryptography. Upon reviewing the code, I
+found some critical problems. As I wrote my response and explained the
+fixes that would need to be implemented, I realized that these are not
+things that I could expect anyone without some cryptanalysis experience to
+to implement correctly.
+
+So, I set out to create this libray in which I have made all of the hard
+decisions for you. There are better contructions out there but they come
+with some baggage that is more difficult to handle and so they are not
+really suited for "simple" libraries. In this library's current design,
+all you must do is run a couple of commands to generate a couple of keys
+that will be stuck in your code. Then, you just call the encrypt() and
+decrypt() functions when you need them.
+
+My goal with this libary is to improve the baseline for encryption in PHP.
+
+Cryptgraphic Details
+====================
+For most cryptographic functionality, this libary makes use of the Mcrypt
+extension. The extension has been around for over a decade but is not
+include by default on many distributions. If it is not, you will need to
+ensure that you have installed it.
+
+The cryptographic primitives & practices behind this library are:
+
+* 256-bit Rijndael block cipher (256-bit key AND block size; not AES compatible)
+* CBC block cipher mode
+* HMAC-SHA-256
+* Encrypt-Then-MAC construction
+* Constant-time MAC comparison
+
+Example
+=======
+The goal of this libary was secure defaults and simplicity. There are
+five simple steps to follow to encrypt and decrypt data (see the
+Example.php script to see it all in one place):
+
+1) Find a Linux machine that has been running for more than 15 minutes and
+generate an encryption key with the following command:
+
+    head -c 32 /dev/urandom | base64
+
+    The output will look something like (IT MUST BE UNIQUE!):
+    6zp4y5vnUQpfEroWI6dMq5lC46F5Dmqa4NDcM1W4u2k=
+
+2) Run the command a second time to generate your MAC key:
+
+    > head -c 32 /dev/urandom | base64
+    RJikKksPg3UmqgQPXBwCmcSOMHQn0iOtQAFcfRcQOTU=
+
+3) Given the above inputs, add the following code to your bootstrap:
+
+    require_once 'PHPCrypt/Autoloader.php';
+    \PHPCrypt\Autoloader::install();
+
+    $phpcrypt = new \PHPCrypt\Simple(
+            '6zp4y5vnUQpfEroWI6dMq5lC46F5Dmqa4NDcM1W4u2k=',
+            'RJikKksPg3UmqgQPXBwCmcSOMHQn0iOtQAFcfRcQOTU=',
+    );
+
+4) Call the encrypt() function:
+
+    $ciphertext = $phpcrypt->encrypt('Foobar');
+
+    This will generate output similar to this:
+    DrZ/CdwAxdia1eO4A04jptl+hBpT57xI8FOEiNMSZE2ol0Pk1xDN6IY5VYi9s7wY9q6ubboF7lPnyQRTkx8y5w==|floT1+Ha5GHuO36+wie9rcNh+cQjRDJ5+OegF3mToew=
+
+    As you can see, the output is base64 encoded for you and the MAC is
+    appended automatically, so you don't have to worry about anything.
+    Just feed plaintext in, and encoded & signed ciphertext comes out.
+
+    Also, keep in mind that the IV for each encryption is randomized, so
+    encrypting the same value will produce different ciphertexts. The
+    encrypt() function accepts an IV as an optional second argument if you
+    need to manually control it. Most people should not use it.
+
+5) Call the decrypt() function:
+    
+    $ciphertext = $phpcrypt->decrypt(
+        'DrZ/CdwAxdia1eO4A04jptl+hBpT57xI8FOEiNMSZE2ol0Pk1xDN6IY5VYi9s7wY9q6ubboF7lPnyQRTkx8y5w==|floT1+Ha5GHuO36+wie9rcNh+cQjRDJ5+OegF3mToew='
+    );
+    
+    This will produce the value, 'Foobar'.
+
+That's it!
+==========
+I this is better than what we have now.

Simple.php

@@ -0,0 +1,140 @@
+<?php // vim:ts=4:sts=4:sw=4:et:
+
+/**
+ * Simple Encryption Library For PHP 5.3+
+ *
+ * PHP Version 5.3
+ *
+ * @category  PHP
+ * @package   PHPCrypt
+ * @author    Bryan C. Geraghty <[email protected]>
+ * @copyright 2013 Bryan C. Geraghty
+ * @license   http://www.gnu.org/licenses/lgpl-3.0.txt GNU LGPL
+ * @link      https://github.com/archwisp/PHPCrypt
+ */
+
+namespace PHPCrypt;
+
+class Simple
+{
+    private $_encryptionAlgorithm = MCRYPT_RIJNDAEL_256;
+    private $_mode = MCRYPT_MODE_CBC;
+    private $_macAlgorithm = 'sha256';
+    private $_macByteCount = 32;
+    private $_encryptionKey;
+    private $_macKey;
+
+    public function __construct($encryptionKey, $macKey) {
+        $this->_encryptionKey = base64_decode($encryptionKey);
+        $this->_macKey = base64_decode($macKey);
+    }
+
+    public function encrypt($plaintext, $iv = null) {
+        if (is_null($iv)) {
+            $iv = $this->generateIv();
+        }
+        
+        $decodedIv = base64_decode($iv);
+        $paddedPlaintext = $this->padWithPkcs7($plaintext);
+
+        $ciphertext = $decodedIv . mcrypt_encrypt($this->_encryptionAlgorithm, 
+            $this->_encryptionKey, $paddedPlaintext, $this->_mode, $decodedIv 
+        );
+
+        $signature = hash_hmac($this->_macAlgorithm, $ciphertext, $this->_macKey, true);
+
+        $output = base64_encode($ciphertext) . '|' . base64_encode($signature);
+
+        return $output; 
+    }
+
+    public function decrypt($signedCiphertext) {
+        $signedCiphertextParts = explode('|', $signedCiphertext);
+
+        If (count($signedCiphertextParts) !== 2) {
+            Throw new \RuntimeException('Invalid signature');
+        }
+
+        $decodedCiphertext = base64_decode($signedCiphertextParts[0]);
+        
+        $signature = hash_hmac($this->_macAlgorithm, 
+            $decodedCiphertext, $this->_macKey, true
+        );
+
+        // This should really be a constant-time comparison to prevent timing
+        // attacks (see http://blog.jasonmooberry.com/2010/10/constant-time-string-comparison/)
+        if (!$this->_compareMac($signature, base64_decode($signedCiphertextParts[1]))) {
+            Throw new \RuntimeException('Invalid signature');
+        }
+
+        $iv = substr($decodedCiphertext, 0, $this->getBlockSize());
+        $ciphertext = substr($decodedCiphertext, $this->getBlockSize());
+
+        $paddedPlaintext = mcrypt_decrypt($this->_encryptionAlgorithm,
+            $this->_encryptionKey, $ciphertext, $this->_mode, $iv);
+
+        return $this->trimPkcs7($paddedPlaintext);
+    }
+
+    public function generateIv() {
+        return base64_encode(mcrypt_create_iv($this->getBlockSize(), MCRYPT_DEV_URANDOM));
+    }
+
+    public function generateKey() {
+        return base64_encode(mcrypt_create_iv($this->getKeySize(), MCRYPT_DEV_URANDOM));
+    }
+    
+    private function getBlockSize() {
+        return mcrypt_get_iv_size($this->_encryptionAlgorithm, $this->_mode);
+    }
+
+    private function getKeySize() {
+        return mcrypt_get_key_size($this->_encryptionAlgorithm, $this->_mode);
+    }
+
+    private function padWithPkcs7($plaintext) {
+        $block_size = $this->getBlockSize();
+
+        if ($block_size > 255) {
+            throw new RuntimeException('PKCS7 padding is only well defined for block sizes smaller than 256 bits');
+        }
+
+        $pad_length = ($block_size - (strlen($plaintext) % $block_size));
+
+        return $plaintext . str_repeat(chr($pad_length), $pad_length);
+    }
+
+    private function trimPkcs7($plaintext) {
+        $pad_char = substr($plaintext, -1);
+        $pad_length = ord($pad_char);
+
+        if (substr($plaintext, -$pad_length) !== str_repeat($pad_char, $pad_length)) {
+            throw new \RuntimeException('Invalid pad value');
+        }
+
+        return substr($plaintext, 0, -$pad_length);
+    }
+
+    /**
+     * Constant-time comparison function
+     *
+     * Stolen and adapted from: 
+     * https://cryptocoding.net/index.php/Coding_rules#Compare_secret_strings_in_constant_time
+     *
+     * DON'T MESS WITH THIS FUNCTION
+     *
+     * returns boolean true on match, otherwise, false 
+     */
+    private function _compareMac($a, $b) {
+        $result = "\x00";
+
+        for ($i = 0; $i < $this->_macByteCount; $i++) {
+            $result |= substr($a, $i, 1) ^ substr($b, $i, 1);
+        }
+        
+        /* \x00 if equal, nonzero otherwise */
+        $return = ($result === "\x00") ? true : false;
+        
+        return $return;
+    }
+}

SimpleTest.php

@@ -0,0 +1,92 @@
+<?php // vim:ts=4:sts=4:sw=4:et:
+
+namespace PHPCrypt;
+
+class SimpleTest extends \PHPUnit_Framework_TestCase
+{
+    private $_instance;
+    private $_iv = '3e5VO09Oslbw/sskJPdloizTQ/2iz8Icyo+VT3PxYWM=';
+    private $_encryptionKey = 'nXA5gXtlOgHgxl6EZTfkfDmIzWaRqxZ1rq7DRNCIQ/Q=';
+    private $_macKey = 'K9iPmOMowXUvcQTd7ehfcxvvHd4OtzyztQp+wuQwb6U=';
+
+    public function setUp() {
+        $this->_instance = new \PHPCrypt\Simple($this->_encryptionKey, $this->_macKey);
+    }
+
+    public function testEncrypt() {
+        $ciphertext = $this->_instance->encrypt('FooBar ', 'lAuCU7ft5tnHPKWRjF1IKV4J6V9/eCGQIisHZfuqMtY=');
+        
+        $this->assertEquals(
+            'lAuCU7ft5tnHPKWRjF1IKV4J6V9/eCGQIisHZfuqMta/3gJg7IhHgxvaUY6isRyPcRq+x/rQfnPxY/A1XqY2nA==|6MBBCKBbYc+aWLpnk1MQVW2jM5Jnz5oHfXnDriyIL9Q=',
+            $ciphertext
+        );
+    }
+    
+    public function testDecrypt() {
+        $plaintext = $this->_instance->decrypt(
+            'lAuCU7ft5tnHPKWRjF1IKV4J6V9/eCGQIisHZfuqMta/3gJg7IhHgxvaUY6isRyPcRq+x/rQfnPxY/A1XqY2nA==|6MBBCKBbYc+aWLpnk1MQVW2jM5Jnz5oHfXnDriyIL9Q='
+        );
+        
+        $this->assertEquals('FooBar ', $plaintext);
+    }
+
+    /**
+    /* This function encrypts the same string with randomized IVs and 
+    /* flips a single bit of the ciphertext 
+    */
+    public function invalidCiphertextData() {
+        $this->setUp();
+        $invalidCiphertexts = array();
+
+        for ($x = 0; $x < 100; $x++) {
+            $signedCiphertext = $this->_instance->encrypt('Randomize this with new IVs');
+            list($encodedCiphertext, $encodedSignature) = explode('|', $signedCiphertext);
+            $ciphertext = base64_decode($encodedCiphertext);
+            $randomByte = rand(1, strlen($ciphertext));
+            $mask = str_repeat("\x00", $randomByte -1) . "\x01" . str_repeat("\x00", strlen($ciphertext) - $randomByte);
+            
+            // SANITY CHECK: If this mask is removed, this test should fail every 
+            // single run because the ciphertext should match.
+            $invalidCiphertext = $ciphertext ^ $mask;
+
+            // printf("Ciphertext:         %s\n", bin2hex($ciphertext));
+            // printf("Mask:               %s\n", bin2hex($mask));
+            // printf("Invalid Ciphertext: %s\n", bin2hex($invalidCiphertext));
+            
+            $encodedInvalidCiphertext = base64_encode($invalidCiphertext);
+
+            $invalidCiphertexts[] = array($encodedInvalidCiphertext . '|' . $encodedSignature);
+        }
+
+        return $invalidCiphertexts;
+    }
+
+    /**
+     * @dataProvider invalidCiphertextData
+     */
+    public function testDecryptInvalidCiphertext($signedCiphertext) { 
+        $this->setExpectedException('Exception', 'Invalid signature');
+        $plaintext = $this->_instance->decrypt($signedCiphertext);
+    }
+    
+    public function testEncryptAndDecrypt() {
+        $plaintext = 'Something';
+        $ciphertext = $this->_instance->encrypt('Something');
+        $this->assertEquals($plaintext, $this->_instance->decrypt($ciphertext));
+    }
+
+    public function testEncryptInvalidIvLength() {
+        $this->setExpectedException('Exception');
+
+        $ciphertext = $this->_instance->encrypt(
+            'FooBar ', $this->_encryptionKey, $this->macKey, 'Short IV');
+
+        $this->assertEquals('This should never execute', base64_encode($ciphertext));
+    }
+
+    public function testGenerateIv() {
+        $iv = $this->_instance->generateIv();
+        $secondIv = $this->_instance->generateIv();
+        $this->assertNotEquals($iv, $secondIv);
+    }
+}