You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.6 KiB
120 lines
3.6 KiB
<?php
|
|
|
|
class Enc {
|
|
|
|
public static function safe_encrypt(string $message, string $my_key = "") {
|
|
$nonce = "";
|
|
$cipher = "";
|
|
|
|
$my_key = hex2bin($my_key);
|
|
|
|
$nonce = random_bytes(
|
|
SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
|
|
);
|
|
|
|
$cipher = base64_encode(
|
|
$nonce .
|
|
sodium_crypto_secretbox(
|
|
$message,
|
|
$nonce,
|
|
$my_key
|
|
)
|
|
);
|
|
sodium_memzero($message);
|
|
sodium_memzero($my_key);
|
|
return $cipher;
|
|
}
|
|
|
|
public static function safe_decrypt(string $encrypted, string $my_key = "") {
|
|
$decoded = "";
|
|
$nonce = "";
|
|
$ciphertext = "";
|
|
$plain = "";
|
|
|
|
$my_key = hex2bin($my_key);
|
|
|
|
$decoded = base64_decode($encrypted);
|
|
if ($decoded === false) {
|
|
throw new \Exception("The encoding failed!");
|
|
}
|
|
if (mb_strlen($decoded, "8bit") < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
|
|
throw new \Exception("The message was truncated!");
|
|
}
|
|
$nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, "8bit");
|
|
$ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, "8bit");
|
|
|
|
$plain = sodium_crypto_secretbox_open(
|
|
$ciphertext,
|
|
$nonce,
|
|
$my_key
|
|
);
|
|
if ($plain === false) {
|
|
throw new \Exception("The message was tampered with in transit!");
|
|
}
|
|
sodium_memzero($ciphertext);
|
|
sodium_memzero($my_key);
|
|
return $plain;
|
|
}
|
|
|
|
public static function make_key_file(string $file_name): string {
|
|
if (!file_exists($file_name)) {
|
|
$key = self::generate_key();
|
|
write_file($file_name, $key);
|
|
chmod_file_or_dir($file_name, get_perms("secret"));
|
|
change_owner($file_name, "root", "root");
|
|
} else {
|
|
$key = read_file($file_name);
|
|
}
|
|
return $key;
|
|
}
|
|
|
|
public static function generate_key() {
|
|
return bin2hex(random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES));
|
|
}
|
|
|
|
public static function decode_file(string $file_name, string $key) {
|
|
$ciphertext = file_get_contents($file_name);
|
|
$ret = json_decode(base64_decode(self::safe_decrypt(self::bin_to_hex_to_string($ciphertext), $key)), false);
|
|
sodium_memzero($ciphertext);
|
|
return $ret;
|
|
}
|
|
|
|
public static function encode_file(string $file_name, $data, string $key) {
|
|
file_put_contents($file_name, self::string_to_hex_to_bin(self::safe_encrypt(base64_encode(json_encode((object) $data)), $key)));
|
|
}
|
|
|
|
private static function string_to_hex_to_bin(string $str): string {
|
|
$ooh = 0;
|
|
$hex = "";
|
|
for ($c = 0; $c < strlen($str); $c++) {
|
|
$ch = $str[$c];
|
|
if (ord($ch) + 62 < 255) {
|
|
$ooh = (int) ord($ch) + 62;
|
|
} else {
|
|
$ooh = (int) ord($ch);
|
|
}
|
|
$hex .= hex2bin(dechex($ooh));
|
|
}
|
|
return $hex;
|
|
}
|
|
|
|
private static function bin_to_hex_to_string(string $hex): string {
|
|
$decoded = "";
|
|
$my_hex = "";
|
|
$my_dec = "";
|
|
$ooh = 0;
|
|
for ($c = 0; $c < strlen($hex); $c++) {
|
|
$my_bin = $hex[$c];
|
|
$my_hex = bin2hex($my_bin);
|
|
$my_dec = hexdec($my_hex);
|
|
$ooh = (int) ord($my_dec);
|
|
if ($ooh + 62 < 255) {
|
|
$decoded .= chr($my_dec - 62);
|
|
} else {
|
|
$decoded .= chr($my_dec);
|
|
}
|
|
}
|
|
return $decoded;
|
|
}
|
|
|
|
}
|
|
|