Kohana_Encrypt_Engine_Mcrypt
extends Kohana_Encrypt_Engine
The Encrypt Mcrypt engine provides two-way encryption of text and binary strings using the Mcrypt extension, which consists of three parts: the key, the cipher, and the mode.
- The Key
- A secret passphrase that is used for encoding and decoding
- The Cipher
- A cipher determines how the encryption is mathematically calculated. By default, the "rijndael-128" cipher is used. This is commonly known as "AES-128" and is an industry standard.
- The Mode
- The mode determines how the encrypted data is written in binary form. By default, the "nofb" mode is used, which produces short output with high entropy.
Constants
- None
Properties
-
protected string $_cipher
-
mcrypt cipher
-
Default value:
NULL
-
protected int $_iv_size
-
the size of the Initialization Vector (IV) in bytes
-
Default value:
NULL
-
protected string $_key
-
Encryption key
-
Default value:
NULL
-
protected string $_mode
-
mcrypt mode
-
Default value:
NULL
-
protected static string $_rand
-
RAND type to use
Only MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM are considered safe. Using MCRYPT_RAND will silently revert to MCRYPT_DEV_URANDOM
-
string(18) "MCRYPT_DEV_URANDOM"
Methods
public __construct(mixed $key_config [, string $mode = NULL , string $cipher = NULL ] ) (defined in Kohana_Encrypt_Engine_Mcrypt)
Creates a new mcrypt wrapper.
Parameters
- mixed $key_config required - Mcrypt key or config array
- string $mode = NULL - Mcrypt mode
- string $cipher = NULL - Mcrypt cipher
Source Code
public function __construct($key_config, $mode = NULL, $cipher = NULL)
{
if ($mode === NULL)
{
// Add the default mode
$mode = MCRYPT_MODE_NOFB;
}
if ($cipher === NULL)
{
// Add the default cipher
$cipher = MCRYPT_RIJNDAEL_128;
}
parent::__construct($key_config, $mode, $cipher);
// Find the max length of the key, based on cipher and mode
$size = mcrypt_get_key_size($this->_cipher, $this->_mode);
if (isset($this->_key[$size]))
{
// Shorten the key to the maximum size
$this->_key = substr($this->_key, 0, $size);
}
else
{
$this->_key = $this->_normalize_key($this->_key, $this->_cipher, $this->_mode);
}
/*
* Silently use MCRYPT_DEV_URANDOM when the chosen random number generator
* is not one of those that are considered secure.
*/
if ((Encrypt_Engine_Mcrypt::$_rand !== MCRYPT_DEV_URANDOM) AND (Encrypt_Engine_Mcrypt::$_rand !== MCRYPT_DEV_RANDOM))
{
Encrypt_Engine_Mcrypt::$_rand = MCRYPT_DEV_URANDOM;
}
// Store the IV size
$this->_iv_size = mcrypt_get_iv_size($this->_cipher, $this->_mode);
}
public create_iv() (defined in Kohana_Encrypt_Engine_Mcrypt)
Proxy for the mcrypt_create_iv function - to allow mocking and testing against KAT vectors
Return Values
- string - The initialization vector or FALSE on error
Source Code
public function create_iv()
{
// Create a random initialization vector of the proper size for the current cipher
return mcrypt_create_iv($this->_iv_size, Encrypt_Engine_Mcrypt::$_rand);
}
public decrypt(string $data ) (defined in Kohana_Encrypt_Engine_Mcrypt)
Decrypts an encoded string back to its original value.
$data = $encrypt->decode($data);
Parameters
- string $data required - Encoded string to be decrypted
Return Values
- FALSE - If decryption fails
- string
Source Code
public function decrypt($data)
{
// Convert the data back to binary
$data = base64_decode($data, TRUE);
if ( ! $data)
{
// Invalid base64 data
return FALSE;
}
// Extract the initialization vector from the data
$iv = substr($data, 0, $this->_iv_size);
if ($this->_iv_size !== strlen($iv))
{
// The iv is not the expected size
return FALSE;
}
// Remove the iv from the data
$data = substr($data, $this->_iv_size);
// Return the decrypted data, trimming the \0 padding bytes from the end of the data
return rtrim(mcrypt_decrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv), "\0");
}
public encrypt(string $data , $iv ) (defined in Kohana_Encrypt_Engine_Mcrypt)
Encrypts a string and returns an encrypted string that can be decoded.
$data = $encrypt->encode($data);
The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.
Parameters
- string $data required - Data to be encrypted
- unknown $iv required
Return Values
- string
Source Code
public function encrypt($data, $iv)
{
// Encrypt the data using the configured options and generated iv
$data = mcrypt_encrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv);
// Use base64 encoding to convert to a string
return base64_encode($iv.$data);
}
protected _normalize_key(string $key , string $cipher , string $mode ) (defined in Kohana_Encrypt_Engine_Mcrypt)
Normalize key for PHP 5.6 for backwards compatibility
This method is a shim to make PHP 5.6 behave in a B/C way for legacy key padding when shorter-than-supported keys are used
Parameters
- string $key required - Encryption key
- string $cipher required - Mcrypt cipher
- string $mode required - Mcrypt mode
Source Code
protected function _normalize_key($key, $cipher, $mode)
{
// open the cipher
$td = mcrypt_module_open($cipher, '', $mode, '');
// loop through the supported key sizes
foreach (mcrypt_enc_get_supported_key_sizes($td) as $supported) {
// if key is short, needs padding
if (strlen($key) <= $supported)
{
return str_pad($key, $supported, "\0");
}
}
// at this point key must be greater than max supported size, shorten it
return substr($key, 0, mcrypt_get_key_size($cipher, $mode));
}