Modules

Kohana_Encrypt_Openssl

This class is a transparent base class for Encrypt_Openssl and should not be accessed directly.

Kohana Encrypt OpenSSL driver. Provides two-way encryption of text and binary strings using the OpenSSL extension.

package
Kohana
category
Security
author
Tinsh
copyright
© 2018 Kohana Group
license
https://kohana.top/license

Class declared in SYSPATH/classes/Kohana/Encrypt/Openssl.php on line 14.

Properties

protected string $aad

The authentication tag when using AEAD cipher mode (GCM or CCM).

Default value:
NULL

protected string $iv

The Initialization Vector for unit testing.

Default value:
NULL

protected int $ivSize

The size of the Initialization Vector (IV) in bytes.

Default value:
NULL

protected string $key

Encryption key.

Default value:
NULL

protected string $method

The cipher method.

Default value:
NULL

protected int $options

Encryption key.

Default value:
integer 3

protected string $tag

Encryption key.

Default value:
NULL

protected string $tagLength

The length of the authentication tag.

Default value:
NULL

Methods

public __construct( string $name , string $config ) (defined in Kohana_Encrypt_Openssl)

Creates a new mcrypt wrapper.

Parameters

  • string $name required - Configuration group name.
  • string $config required - Configuration parameters.

Source Code

public function __construct($name, $config)
{
    if (!isset($config['key'])) {
        // No default encryption key is provided!
        throw new Kohana_Exception('No encryption key is defined in the encryption configuration group: :group', [':group' => $name]);
    }

    if (!isset($config['method'])) {
        // Add the default cipher method.
        $config['method'] = 'AES-256-CTR';
    }

    // Store the cipher method and the key.
    $this->method = $config['method'];
    $this->key = $config['key'];

    // Store other parameters.
    isset($config['options']) and $this->options = $config['options'];
    isset($config['tag']) and $this->tag = $config['tag'];
    isset($config['aad']) and $this->aad = $config['aad'];
    isset($config['tagLength']) and $this->tagLength = $config['tagLength'];

    // Store the faked IV for unit testing.
    isset($config['iv']) and $this->iv = $config['iv'];

    // Store the IV size.
    $this->ivSize = openssl_cipher_iv_length($this->method);
}

public decode( string $data ) (defined in Kohana_Encrypt_Openssl)

Decrypts an encoded string back to its original value.

$data = $encrypt->decode($data);

Parameters

  • string $data required - Encoded string to be decrypted.

Return Values

  • false - If decryption fails.
  • string

Source Code

public function decode($data)
{
    // Convert the data back to binary.
    $data = base64_decode($data, true);

    if (!$data) {
        // Invalid base64 data.
        return false;
    }

    // Extract the initialization vector from the data.
    $iv = substr($data, 0, $this->ivSize);

    if ($this->ivSize !== strlen($iv)) {
        // The IV is not the expected size.
        return false;
    }

    // Remove the IV from the data.
    $data = substr($data, $this->ivSize);

    // Return the decrypted data, trimming the \0 padding bytes from the end of the data.
    if (PHP_VERSION_ID >= 71000) {
        return rtrim(openssl_decrypt($data, $this->method, $this->key, $this->options, $iv, $this->tag, $this->aad, $this->tagLength), "\0");
    } else {
        return rtrim(openssl_decrypt($data, $this->method, $this->key, $this->options, $iv), "\0");
    }
}

public encode( string $data ) (defined in Kohana_Encrypt_Openssl)

Encrypts a string and returns an encrypted string that can be decoded.

$data = $encrypt->encode($data);

The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.

Parameters

  • string $data required - Data to be encrypted.

Return Values

  • string

Source Code

public function encode($data)
{
    // Use a fake random initialization vector for unit testing.
    if (isset($this->iv)) {
        $iv = $this->iv;
    } else {
        // Create a random initialization vector of the proper size for the current cipher.
        $iv = openssl_random_pseudo_bytes($this->ivSize);
    }

    // Encrypt the data using the configured options and generated IV.
    if (PHP_VERSION_ID >= 71000) {
        $data = openssl_encrypt($data, $this->method, $this->key, $this->options, $iv, $this->tag, $this->aad, $this->tagLength);
    } else {
        $data = openssl_encrypt($data, $this->method, $this->key, $this->options, $iv);
    }

    // Use base64 encoding to convert to a string.
    return base64_encode($iv . $data);
}