This class is a transparent base class for Encrypt and should not be accessed directly.
The Encrypt library provides two-way encryption of text and binary strings using the Mcrypt extension, which consists of three parts: the key, the cipher, and the mode.
Class declared in SYSPATH/classes/Kohana/Encrypt.php on line 26.
string
$defaultdefault instance name
string(7) "default"
array
$instancesEncrypt class instances
array(0)
string
$_ciphermcrypt cipher
NULL
int
$_iv_sizethe size of the Initialization Vector (IV) in bytes
NULL
string
$_keyEncryption key
NULL
string
$_modemcrypt mode
NULL
string
$_randRAND type to use
Only MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM are considered safe. Using MCRYPT_RAND will silently revert to MCRYPT_DEV_URANDOM
integer 1
Creates a new mcrypt wrapper.
string
$key
required - Encryption keystring
$mode
required - Mcrypt modestring
$cipher
required - Mcrypt cipherpublic function __construct($key, $mode, $cipher)
{
// Find the max length of the key, based on cipher and mode
$size = mcrypt_get_key_size($cipher, $mode);
if (isset($key[$size]))
{
// Shorten the key to the maximum size
$key = substr($key, 0, $size);
}
else if (version_compare(PHP_VERSION, '5.6.0', '>='))
{
$key = $this->_normalize_key($key, $cipher, $mode);
}
// Store the key, mode, and cipher
$this->_key = $key;
$this->_mode = $mode;
$this->_cipher = $cipher;
// Store the IV size
$this->_iv_size = mcrypt_get_iv_size($this->_cipher, $this->_mode);
}
Decrypts an encoded string back to its original value.
$data = $encrypt->decode($data);
string
$data
required - Encoded string to be decryptedFALSE
- If decryption failsstring
public function decode($data)
{
// Convert the data back to binary
$data = base64_decode($data, TRUE);
if ( ! $data)
{
// Invalid base64 data
return FALSE;
}
// Extract the initialization vector from the data
$iv = substr($data, 0, $this->_iv_size);
if ($this->_iv_size !== strlen($iv))
{
// The iv is not the expected size
return FALSE;
}
// Remove the iv from the data
$data = substr($data, $this->_iv_size);
// Return the decrypted data, trimming the \0 padding bytes from the end of the data
return rtrim(mcrypt_decrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv), "\0");
}
Encrypts a string and returns an encrypted string that can be decoded.
$data = $encrypt->encode($data);
The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.
string
$data
required - Data to be encryptedstring
public function encode($data)
{
// Get an initialization vector
$iv = $this->_create_iv();
// Encrypt the data using the configured options and generated iv
$data = mcrypt_encrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv);
// Use base64 encoding to convert to a string
return base64_encode($iv.$data);
}
Returns a singleton instance of Encrypt. An encryption key must be provided in your "encrypt" configuration file.
$encrypt = Encrypt::instance();
string
$name
= NULL - Configuration group nameEncrypt
public static function instance($name = NULL)
{
if ($name === NULL)
{
// Use the default instance name
$name = Encrypt::$default;
}
if ( ! isset(Encrypt::$instances[$name]))
{
// Load the configuration data
$config = Kohana::$config->load('encrypt')->$name;
if ( ! isset($config['key']))
{
// No default encryption key is provided!
throw new Kohana_Exception('No encryption key is defined in the encryption configuration group: :group',
array(':group' => $name));
}
if ( ! isset($config['mode']))
{
// Add the default mode
$config['mode'] = MCRYPT_MODE_NOFB;
}
if ( ! isset($config['cipher']))
{
// Add the default cipher
$config['cipher'] = MCRYPT_RIJNDAEL_128;
}
// Create a new instance
Encrypt::$instances[$name] = new Encrypt($config['key'], $config['mode'], $config['cipher']);
}
return Encrypt::$instances[$name];
}
Proxy for the mcrypt_create_iv function - to allow mocking and testing against KAT vectors
string
- The initialization vector or FALSE on errorprotected function _create_iv()
{
/*
* Silently use MCRYPT_DEV_URANDOM when the chosen random number generator
* is not one of those that are considered secure.
*
* Also sets Encrypt::$_rand to MCRYPT_DEV_URANDOM when it's not already set
*/
if ((Encrypt::$_rand !== MCRYPT_DEV_URANDOM) AND ( Encrypt::$_rand !== MCRYPT_DEV_RANDOM))
{
Encrypt::$_rand = MCRYPT_DEV_URANDOM;
}
// Create a random initialization vector of the proper size for the current cipher
return mcrypt_create_iv($this->_iv_size, Encrypt::$_rand);
}
Normalize key for PHP 5.6 for backwards compatibility
This method is a shim to make PHP 5.6 behave in a B/C way for legacy key padding when shorter-than-supported keys are used
string
$key
required - Encryption keystring
$cipher
required - Mcrypt cipherstring
$mode
required - Mcrypt modeprotected function _normalize_key($key, $cipher, $mode)
{
// open the cipher
$td = mcrypt_module_open($cipher, '', $mode, '');
// loop through the supported key sizes
foreach (mcrypt_enc_get_supported_key_sizes($td) as $supported) {
// if key is short, needs padding
if (strlen($key) <= $supported)
{
return str_pad($key, $supported, "\0");
}
}
// at this point key must be greater than max supported size, shorten it
return substr($key, 0, mcrypt_get_key_size($cipher, $mode));
}