Lubuntu/lubuntu.me
8
0
Fork 0
mirror of https://github.com/lubuntu-team/lubuntu.me.git synced 2025-02-22 15:51:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
lubuntu.me/plugins/updraftplus/includes/Dropbox2/OAuth/Storage/Encrypter.php
Walter Lapchynski 9a3748aa8e initial commit
2016-11-28 21:52:15 -08:00

110 lines
3.9 KiB
PHP
Raw Blame History

<?php
/**
* This class provides the functionality to encrypt
* and decrypt access tokens stored by the application
* @author Ben Tadiar <ben@handcraftedbyben.co.uk>
* @link https://github.com/benthedesigner/dropbox
* @package Dropbox\Oauth
* @subpackage Storage
*/
/* UpdraftPlus notes
Using this was fairly pointless (it encrypts storage credentials at rest). But, it's implemented now, so needs supporting.
Investigation shows that mcrypt and phpseclib native encryption using different padding schemes.
As a result, that which is encrypted by phpseclib native can be decrypted by mcrypt, but not vice-versa. Each can (as you'd expect) decrypt the results of their own encryption.
As a consequence, it makes sense to always encrypt with phpseclib native, and prefer decrypting with with mcrypt if it is available and otherwise fall back to phpseclib.
We could deliberately re-encrypt all loaded information with phpseclib native, but there seems little need for that yet. There can only be a problem if mcrypt is disabled - which pre-July-2015 meant that Dropbox wouldn't work at all. Now, it will force a re-authorisation.
*/
class Dropbox_Encrypter
{
// Encryption settings - default settings yield encryption to AES (256-bit) standard
// @todo Provide PHPDOC for each class constant
const KEY_SIZE = 32;
const IV_SIZE = 16;
/**
* Encryption key
* @var null|string
*/
private $key = null;
/**
* Check Mcrypt is loaded and set the encryption key
* @param string $key
* @return void
*/
public function __construct($key)
{
if (preg_match('/^[A-Za-z0-9]+$/', $key) && $length = strlen($key) === self::KEY_SIZE) {
# Short-cut so that the mbstring extension is not required
$this->key = $key;
} elseif (($length = mb_strlen($key, '8bit')) !== self::KEY_SIZE) {
throw new Dropbox_Exception('Expecting a ' . self::KEY_SIZE . ' byte key, got ' . $length);
} else {
// Set the encryption key
$this->key = $key;
}
}
/**
* Encrypt the OAuth token
* @param \stdClass $token Serialized token object
* @return string
*/
public function encrypt($token)
{
// Encryption: we always use phpseclib for this
global $updraftplus;
$updraftplus->ensure_phpseclib('Crypt_AES', 'Crypt/AES');
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
if (!function_exists('crypt_random_string')) require_once(UPDRAFTPLUS_DIR.'/includes/phpseclib/Crypt/Random.php');
$iv = crypt_random_string(self::IV_SIZE);
// Defaults to CBC mode
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($this->key);
$rijndael->setIV($iv);
$cipherText = $rijndael->encrypt($token);
return base64_encode($iv . $cipherText);
}
/**
* Decrypt the ciphertext
* @param string $cipherText
* @return object \stdClass Unserialized token
*/
public function decrypt($cipherText)
{
// Decryption: prefer mcrypt, if available (since it can decrypt data encrypted by either mcrypt or phpseclib)
$cipherText = base64_decode($cipherText);
$iv = substr($cipherText, 0, self::IV_SIZE);
$cipherText = substr($cipherText, self::IV_SIZE);
if (function_exists('mcrypt_decrypt')) {
$token = @mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $cipherText, MCRYPT_MODE_CBC, $iv);
} else {
global $updraftplus;
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($this->key);
$rijndael->setIV($iv);
$token = $rijndael->decrypt($cipherText);
}
return $token;
}
}
Reference in New Issue View Git Blame Copy Permalink