Merge pull request bcit-ci#842 from narfbg/develop-encrypt

Phil Sturgeon · Phil Sturgeon · commit 99015bc43897 · 2012-01-25T08:50:23.000-08:00
Improve the Encryption library
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
@@ -1,13 +1,13 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
  * An open source application development framework for PHP 5.1.6 or newer
  *
  * NOTICE OF LICENSE
- * 
+ *
  * Licensed under the Open Software License version 3.0
- * 
+ *
  * This source file is subject to the Open Software License (OSL 3.0) that is
  * bundled with this package in the files license.txt / license.rst.  It is
  * also available through the world wide web at this URL:
@@ -25,8 +25,6 @@
  * @filesource
  */
 
-// ------------------------------------------------------------------------
-
 /**
  * CodeIgniter Encryption Class
  *
@@ -46,15 +44,10 @@ class CI_Encrypt {
 	protected $_mcrypt_cipher;
 	protected $_mcrypt_mode;
 
-	/**
-	 * Constructor
-	 *
-	 * Simply determines whether the mcrypt library exists.
-	 */
 	public function __construct()
 	{
 		$this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;
-		log_message('debug', "Encrypt Class Initialized");
+		log_message('debug', 'Encrypt Class Initialized');
 	}
 
 	// --------------------------------------------------------------------
@@ -95,7 +88,7 @@ public function get_key($key = '')
 	 * Set the encryption key
 	 *
 	 * @param	string
-	 * @return	void
+	 * @return	object
 	 */
 	public function set_key($key = '')
 	{
@@ -122,18 +115,8 @@ public function set_key($key = '')
 	 */
 	public function encode($string, $key = '')
 	{
-		$key = $this->get_key($key);
-
-		if ($this->_mcrypt_exists === TRUE)
-		{
-			$enc = $this->mcrypt_encode($string, $key);
-		}
-		else
-		{
-			$enc = $this->_xor_encode($string, $key);
-		}
-
-		return base64_encode($enc);
+		$method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_encode' : '_xor_encode';
+		return base64_encode($this->$method($string, $this->get_key($key)));
 	}
 
 	// --------------------------------------------------------------------
@@ -149,28 +132,13 @@ public function encode($string, $key = '')
 	 */
 	public function decode($string, $key = '')
 	{
-		$key = $this->get_key($key);
-
 		if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
 		{
 			return FALSE;
 		}
 
-		$dec = base64_decode($string);
-
-		if ($this->_mcrypt_exists === TRUE)
-		{
-			if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
-			{
-				return FALSE;
-			}
-		}
-		else
-		{
-			$dec = $this->_xor_decode($dec, $key);
-		}
-
-		return $dec;
+		$method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_decode' : '_xor_decode';
+		return $this->$method(base64_decode($string), $this->get_key($key));
 	}
 
 	// --------------------------------------------------------------------
@@ -197,6 +165,10 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key
 			log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.');
 			return FALSE;
 		}
+		elseif (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
+		{
+			return FALSE;
+		}
 
 		// decode it first
 		// set mode temporarily to what it was when string was encoded with the legacy
@@ -205,14 +177,7 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key
 		$this->set_mode($legacy_mode);
 
 		$key = $this->get_key($key);
-
-		if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
-		{
-			return FALSE;
-		}
-
 		$dec = base64_decode($string);
-
 		if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
 		{
 			return FALSE;
@@ -242,17 +207,18 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key
 	protected function _xor_encode($string, $key)
 	{
 		$rand = '';
-		while (strlen($rand) < 32)
+		do
 		{
 			$rand .= mt_rand(0, mt_getrandmax());
 		}
+		while (strlen($rand) < 32);
 
 		$rand = $this->hash($rand);
 
 		$enc = '';
-		for ($i = 0; $i < strlen($string); $i++)
+		for ($i = 0, $ls = strlen($string), $lr = strlen($rand); $i < $ls; $i++)
 		{
-			$enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));
+			$enc .= $rand[($i % $lr)].($rand[($i % $lr)] ^ $string[$i]);
 		}
 
 		return $this->_xor_merge($enc, $key);
@@ -275,9 +241,9 @@ protected function _xor_decode($string, $key)
 		$string = $this->_xor_merge($string, $key);
 
 		$dec = '';
-		for ($i = 0; $i < strlen($string); $i++)
+		for ($i = 0, $l = strlen($string); $i < $l; $i++)
 		{
-			$dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1));
+			$dec .= ($string[$i++] ^ $string[$i]);
 		}
 
 		return $dec;
@@ -298,9 +264,9 @@ protected function _xor_merge($string, $key)
 	{
 		$hash = $this->hash($key);
 		$str = '';
-		for ($i = 0; $i < strlen($string); $i++)
+		for ($i = 0, $ls = strlen($string), $lh = strlen($hash); $i < $ls; $i++)
 		{
-			$str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);
+			$str .= $string[$i] ^ $hash[($i % $lh)];
 		}
 
 		return $str;
@@ -359,18 +325,17 @@ public function mcrypt_decode($data, $key)
 	 */
 	protected function _add_cipher_noise($data, $key)
 	{
-		$keyhash = $this->hash($key);
-		$keylen = strlen($keyhash);
+		$key = $this->hash($key);
 		$str = '';
 
-		for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+		for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j)
 		{
-			if ($j >= $keylen)
+			if ($j >= $lk)
 			{
 				$j = 0;
 			}
 
-			$str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);
+			$str .= chr((ord($data[$i]) + ord($key[$j])) % 256);
 		}
 
 		return $str;
@@ -389,22 +354,21 @@ protected function _add_cipher_noise($data, $key)
 	 */
 	protected function _remove_cipher_noise($data, $key)
 	{
-		$keyhash = $this->hash($key);
-		$keylen = strlen($keyhash);
+		$key = $this->hash($key);
 		$str = '';
 
-		for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+		for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j)
 		{
-			if ($j >= $keylen)
+			if ($j >= $lk)
 			{
 				$j = 0;
 			}
 
-			$temp = ord($data[$i]) - ord($keyhash[$j]);
+			$temp = ord($data[$i]) - ord($key[$j]);
 
 			if ($temp < 0)
 			{
-				$temp = $temp + 256;
+				$temp += 256;
 			}
 
 			$str .= chr($temp);
@@ -435,7 +399,7 @@ public function set_cipher($cipher)
 	 * @param	constant
 	 * @return	string
 	 */
-	function set_mode($mode)
+	public function set_mode($mode)
 	{
 		$this->_mcrypt_mode = $mode;
 		return $this;
@@ -452,7 +416,7 @@ protected function _get_cipher()
 	{
 		if ($this->_mcrypt_cipher == '')
 		{
-			$this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
+			return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
 		}
 
 		return $this->_mcrypt_cipher;
@@ -469,7 +433,7 @@ protected function _get_mode()
 	{
 		if ($this->_mcrypt_mode == '')
 		{
-			$this->_mcrypt_mode = MCRYPT_MODE_CBC;
+			return $this->_mcrypt_mode = MCRYPT_MODE_CBC;
 		}
 
 		return $this->_mcrypt_mode;
@@ -481,11 +445,11 @@ protected function _get_mode()
 	 * Set the Hash type
 	 *
 	 * @param	string
-	 * @return	string
+	 * @return	void
 	 */
 	public function set_hash($type = 'sha1')
 	{
-		$this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type;
+		$this->_hash_type = ($type !== 'sha1' && $type !== 'md5') ? 'sha1' : $type;
 	}
 
 	// --------------------------------------------------------------------
@@ -498,11 +462,9 @@ public function set_hash($type = 'sha1')
 	 */
 	public function hash($str)
 	{
-		return ($this->_hash_type == 'sha1') ? sha1($str) : md5($str);
+		return ($this->_hash_type === 'sha1') ? sha1($str) : md5($str);
 	}
 }
 
-// END CI_Encrypt class
-
 /* End of file Encrypt.php */
-/* Location: ./system/libraries/Encrypt.php */
+/* Location: ./system/libraries/Encrypt.php */

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`		`-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');`
	`1`	`+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');`
`2`	`2`	`/**`
`3`	`3`	`* CodeIgniter`
`4`	`4`	`*`
`5`	`5`	`* An open source application development framework for PHP 5.1.6 or newer`
`6`	`6`	`*`
`7`	`7`	`* NOTICE OF LICENSE`
`8`		`- *`
	`8`	`+ *`
`9`	`9`	`* Licensed under the Open Software License version 3.0`
`10`		`- *`
	`10`	`+ *`
`11`	`11`	`* This source file is subject to the Open Software License (OSL 3.0) that is`
`12`	`12`	`* bundled with this package in the files license.txt / license.rst. It is`
`13`	`13`	`* also available through the world wide web at this URL:`
`@@ -25,8 +25,6 @@`
`25`	`25`	`* @filesource`
`26`	`26`	`*/`
`27`	`27`
`28`		`-// ------------------------------------------------------------------------`
`29`		`-`
`30`	`28`	`/**`
`31`	`29`	`* CodeIgniter Encryption Class`
`32`	`30`	`*`
`@@ -46,15 +44,10 @@ class CI_Encrypt {`
`46`	`44`	`protected $_mcrypt_cipher;`
`47`	`45`	`protected $_mcrypt_mode;`
`48`	`46`
`49`		`- /**`
`50`		`- * Constructor`
`51`		`- *`
`52`		`- * Simply determines whether the mcrypt library exists.`
`53`		`- */`
`54`	`47`	`public function __construct()`
`55`	`48`	`{`
`56`	`49`	`$this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;`
`57`		`- log_message('debug', "Encrypt Class Initialized");`
	`50`	`+ log_message('debug', 'Encrypt Class Initialized');`
`58`	`51`	`}`
`59`	`52`
`60`	`53`	`// --------------------------------------------------------------------`
`@@ -95,7 +88,7 @@ public function get_key($key = '')`
`95`	`88`	`* Set the encryption key`
`96`	`89`	`*`
`97`	`90`	`* @param string`
`98`		`- * @return void`
	`91`	`+ * @return object`
`99`	`92`	`*/`
`100`	`93`	`public function set_key($key = '')`
`101`	`94`	`{`
`@@ -122,18 +115,8 @@ public function set_key($key = '')`
`122`	`115`	`*/`
`123`	`116`	`public function encode($string, $key = '')`
`124`	`117`	`{`
`125`		`- $key = $this->get_key($key);`
`126`		`-`
`127`		`- if ($this->_mcrypt_exists === TRUE)`
`128`		`- {`
`129`		`- $enc = $this->mcrypt_encode($string, $key);`
`130`		`- }`
`131`		`- else`
`132`		`- {`
`133`		`- $enc = $this->_xor_encode($string, $key);`
`134`		`- }`
`135`		`-`
`136`		`- return base64_encode($enc);`
	`118`	`+ $method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_encode' : '_xor_encode';`
	`119`	`+ return base64_encode($this->$method($string, $this->get_key($key)));`
`137`	`120`	`}`
`138`	`121`
`139`	`122`	`// --------------------------------------------------------------------`
`@@ -149,28 +132,13 @@ public function encode($string, $key = '')`
`149`	`132`	`*/`
`150`	`133`	`public function decode($string, $key = '')`
`151`	`134`	`{`
`152`		`- $key = $this->get_key($key);`
`153`		`-`
`154`	`135`	`if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))`
`155`	`136`	`{`
`156`	`137`	`return FALSE;`
`157`	`138`	`}`
`158`	`139`
`159`		`- $dec = base64_decode($string);`
`160`		`-`
`161`		`- if ($this->_mcrypt_exists === TRUE)`
`162`		`- {`
`163`		`- if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)`
`164`		`- {`
`165`		`- return FALSE;`
`166`		`- }`
`167`		`- }`
`168`		`- else`
`169`		`- {`
`170`		`- $dec = $this->_xor_decode($dec, $key);`
`171`		`- }`
`172`		`-`
`173`		`- return $dec;`
	`140`	`+ $method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_decode' : '_xor_decode';`
	`141`	`+ return $this->$method(base64_decode($string), $this->get_key($key));`
`174`	`142`	`}`
`175`	`143`
`176`	`144`	`// --------------------------------------------------------------------`
`@@ -197,6 +165,10 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key`
`197`	`165`	`log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.');`
`198`	`166`	`return FALSE;`
`199`	`167`	`}`
	`168`	`+ elseif (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))`
	`169`	`+ {`
	`170`	`+ return FALSE;`
	`171`	`+ }`
`200`	`172`
`201`	`173`	`// decode it first`
`202`	`174`	`// set mode temporarily to what it was when string was encoded with the legacy`
`@@ -205,14 +177,7 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key`
`205`	`177`	`$this->set_mode($legacy_mode);`
`206`	`178`
`207`	`179`	`$key = $this->get_key($key);`
`208`		`-`
`209`		`- if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))`
`210`		`- {`
`211`		`- return FALSE;`
`212`		`- }`
`213`		`-`
`214`	`180`	`$dec = base64_decode($string);`
`215`		`-`
`216`	`181`	`if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)`
`217`	`182`	`{`
`218`	`183`	`return FALSE;`
`@@ -242,17 +207,18 @@ public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key`
`242`	`207`	`protected function _xor_encode($string, $key)`
`243`	`208`	`{`
`244`	`209`	`$rand = '';`
`245`		`- while (strlen($rand) < 32)`
	`210`	`+ do`
`246`	`211`	`{`
`247`	`212`	`$rand .= mt_rand(0, mt_getrandmax());`
`248`	`213`	`}`
	`214`	`+ while (strlen($rand) < 32);`
`249`	`215`
`250`	`216`	`$rand = $this->hash($rand);`
`251`	`217`
`252`	`218`	`$enc = '';`
`253`		`- for ($i = 0; $i < strlen($string); $i++)`
	`219`	`+ for ($i = 0, $ls = strlen($string), $lr = strlen($rand); $i < $ls; $i++)`
`254`	`220`	`{`
`255`		`- $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));`
	`221`	`+ $enc .= $rand[($i % $lr)].($rand[($i % $lr)] ^ $string[$i]);`
`256`	`222`	`}`
`257`	`223`
`258`	`224`	`return $this->_xor_merge($enc, $key);`
`@@ -275,9 +241,9 @@ protected function _xor_decode($string, $key)`
`275`	`241`	`$string = $this->_xor_merge($string, $key);`
`276`	`242`
`277`	`243`	`$dec = '';`
`278`		`- for ($i = 0; $i < strlen($string); $i++)`
	`244`	`+ for ($i = 0, $l = strlen($string); $i < $l; $i++)`
`279`	`245`	`{`
`280`		`- $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1));`
	`246`	`+ $dec .= ($string[$i++] ^ $string[$i]);`
`281`	`247`	`}`
`282`	`248`
`283`	`249`	`return $dec;`
`@@ -298,9 +264,9 @@ protected function _xor_merge($string, $key)`
`298`	`264`	`{`
`299`	`265`	`$hash = $this->hash($key);`
`300`	`266`	`$str = '';`
`301`		`- for ($i = 0; $i < strlen($string); $i++)`
	`267`	`+ for ($i = 0, $ls = strlen($string), $lh = strlen($hash); $i < $ls; $i++)`
`302`	`268`	`{`
`303`		`- $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);`
	`269`	`+ $str .= $string[$i] ^ $hash[($i % $lh)];`
`304`	`270`	`}`
`305`	`271`
`306`	`272`	`return $str;`
`@@ -359,18 +325,17 @@ public function mcrypt_decode($data, $key)`
`359`	`325`	`*/`
`360`	`326`	`protected function _add_cipher_noise($data, $key)`
`361`	`327`	`{`
`362`		`- $keyhash = $this->hash($key);`
`363`		`- $keylen = strlen($keyhash);`
	`328`	`+ $key = $this->hash($key);`
`364`	`329`	`$str = '';`
`365`	`330`
`366`		`- for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)`
	`331`	`+ for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j)`
`367`	`332`	`{`
`368`		`- if ($j >= $keylen)`
	`333`	`+ if ($j >= $lk)`
`369`	`334`	`{`
`370`	`335`	`$j = 0;`
`371`	`336`	`}`
`372`	`337`
`373`		`- $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);`
	`338`	`+ $str .= chr((ord($data[$i]) + ord($key[$j])) % 256);`
`374`	`339`	`}`
`375`	`340`
`376`	`341`	`return $str;`
`@@ -389,22 +354,21 @@ protected function _add_cipher_noise($data, $key)`
`389`	`354`	`*/`
`390`	`355`	`protected function _remove_cipher_noise($data, $key)`
`391`	`356`	`{`
`392`		`- $keyhash = $this->hash($key);`
`393`		`- $keylen = strlen($keyhash);`
	`357`	`+ $key = $this->hash($key);`
`394`	`358`	`$str = '';`
`395`	`359`
`396`		`- for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)`
	`360`	`+ for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j)`
`397`	`361`	`{`
`398`		`- if ($j >= $keylen)`
	`362`	`+ if ($j >= $lk)`
`399`	`363`	`{`
`400`	`364`	`$j = 0;`
`401`	`365`	`}`
`402`	`366`
`403`		`- $temp = ord($data[$i]) - ord($keyhash[$j]);`
	`367`	`+ $temp = ord($data[$i]) - ord($key[$j]);`
`404`	`368`
`405`	`369`	`if ($temp < 0)`
`406`	`370`	`{`
`407`		`- $temp = $temp + 256;`
	`371`	`+ $temp += 256;`
`408`	`372`	`}`
`409`	`373`
`410`	`374`	`$str .= chr($temp);`
`@@ -435,7 +399,7 @@ public function set_cipher($cipher)`
`435`	`399`	`* @param constant`
`436`	`400`	`* @return string`
`437`	`401`	`*/`
`438`		`- function set_mode($mode)`
	`402`	`+ public function set_mode($mode)`
`439`	`403`	`{`
`440`	`404`	`$this->_mcrypt_mode = $mode;`
`441`	`405`	`return $this;`
`@@ -452,7 +416,7 @@ protected function _get_cipher()`
`452`	`416`	`{`
`453`	`417`	`if ($this->_mcrypt_cipher == '')`
`454`	`418`	`{`
`455`		`- $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;`
	`419`	`+ return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;`
`456`	`420`	`}`
`457`	`421`
`458`	`422`	`return $this->_mcrypt_cipher;`
`@@ -469,7 +433,7 @@ protected function _get_mode()`
`469`	`433`	`{`
`470`	`434`	`if ($this->_mcrypt_mode == '')`
`471`	`435`	`{`
`472`		`- $this->_mcrypt_mode = MCRYPT_MODE_CBC;`
	`436`	`+ return $this->_mcrypt_mode = MCRYPT_MODE_CBC;`
`473`	`437`	`}`
`474`	`438`
`475`	`439`	`return $this->_mcrypt_mode;`
`@@ -481,11 +445,11 @@ protected function _get_mode()`
`481`	`445`	`* Set the Hash type`
`482`	`446`	`*`
`483`	`447`	`* @param string`
`484`		`- * @return string`
	`448`	`+ * @return void`
`485`	`449`	`*/`
`486`	`450`	`public function set_hash($type = 'sha1')`
`487`	`451`	`{`
`488`		`- $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type;`
	`452`	`+ $this->_hash_type = ($type !== 'sha1' && $type !== 'md5') ? 'sha1' : $type;`
`489`	`453`	`}`
`490`	`454`
`491`	`455`	`// --------------------------------------------------------------------`
`@@ -498,11 +462,9 @@ public function set_hash($type = 'sha1')`
`498`	`462`	`*/`
`499`	`463`	`public function hash($str)`
`500`	`464`	`{`
`501`		`- return ($this->_hash_type == 'sha1') ? sha1($str) : md5($str);`
	`465`	`+ return ($this->_hash_type === 'sha1') ? sha1($str) : md5($str);`
`502`	`466`	`}`
`503`	`467`	`}`
`504`	`468`
`505`		`-// END CI_Encrypt class`
`506`		`-`
`507`	`469`	`/* End of file Encrypt.php */`
`508`		`-/* Location: ./system/libraries/Encrypt.php */`
	`470`	`+/* Location: ./system/libraries/Encrypt.php */`