2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 04/04/2015 *
4 * =================== Last change: 04/04/2015 *
6 * -------------------------------------------------------------------- *
7 * File : encryption-functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for encryption *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer Verschluesselung *
12 * -------------------------------------------------------------------- *
13 * Copyright (c) 2003 - 2009 by Roland Haeder *
14 * Copyright (c) 2009 - 2016 by Mailer Developer Team *
15 * For more information visit: http://mxchange.org *
17 * This program is free software; you can redistribute it and/or modify *
18 * it under the terms of the GNU General Public License as published by *
19 * the Free Software Foundation; either version 2 of the License, or *
20 * (at your option) any later version. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 if (!defined('__SECURITY')) {
37 // Generate salt if not set
38 function generateSalt ($salt = '', $hashLength = 48) {
39 // The length should not be shorter than 48 to have 8 byte as salt
40 assert(($hashLength >= 48) && ($hashLength <= 80));
44 // Then generate it from various data
45 $salt = hashSha256($hashLength . ':' . mt_rand(100000, 999999) . ':' . getSiteKey());
49 $salt = substr($salt, 0, $hashLength - 64);
55 // Hashes a string with SHA256, salts it and returns it hexdecimal-encoded
56 function hashString ($str, $salt = '') {
58 $salt = generateSalt($salt, 64);
61 $hash = hashSha256($salt . $str);
67 // Hash string with SHA256 and encode it to hex
68 function hashSha256 ($str) {
70 $hash = mhash(MHASH_SHA256, $str);
72 // Encode it to hexadecimal
74 for ($i = 0; $i < strlen($hash); $i++) {
75 // Encode char to decimal, pad it with zero, add it
76 $hex .= padLeftZero(dechex(ord(substr($hash, $i, 1))), 2);
79 // Make sure 'length modulo 2' = 0
80 assert((strlen($hex) % 2) == 0);
86 // "Calculates" password strength
87 function calculatePasswordStrength ($password, $configEntry = 'min_password_length') {
91 if ((strlen($password) < 1) || (strlen($password) < getConfig($configEntry))) {
96 // At least 8 chars long?
97 if (strlen($password) >= 8) {
102 // At least 10 chars long?
103 if (strlen($password) >= 10) {
108 // Lower and upper cases?
109 if ((preg_match('/[a-z]/', $password)) && (preg_match('/[A-Z]/', $password))) {
115 if (preg_match('/[0-9]/', $password)) {
120 // Special characters?
121 if (preg_match('/.[!,@,#,$,%,^,&,*,?,\/,_,~,+,-,(,)]/', $password)) {
126 // Return password score
130 // "Translates" password strength/score
131 function translatePasswordStrength ($strength) {
132 // Return it translated
133 return '{--PASSWORD_SCORE_' . bigintval($strength) . '--}';
136 // Checks whether given password is strong enough
137 function isStrongPassword ($password) {
139 return (calculatePasswordStrength($password) >= getConfig('min_password_score'));
142 // "Translates" encryption algorithm
143 function translateEncryptionAlgorithm ($algo) {
145 $translated = '{--SELECT_NONE--}';
147 // Is a valid number? Also '0' is valid.
148 if ((isValidNumber($algo)) || ($algo === '0')) {
150 $algos = getSupportedEncryptionAlgorithms();
153 if (isset($algos[$algo])) {
155 $translated = strtoupper($algos[$algo]);
157 // Unknown/unsupported
158 $translated = '{--UNSUPPORTED_ENCRYPTION_ALGO--}';
166 // "Translates" encryption mode
167 function translateEncryptionMode ($mode) {
169 $translated = '{--SELECT_NONE--}';
171 // Is a valid number?
172 if ((isValidNumber($mode)) || (is_numeric($mode))) {
174 $modes = getSupportedEncryptionModes();
177 if (isset($modes[$mode])) {
179 $translated = strtoupper($modes[$mode]);
181 // Unknown/unsupported
182 $translated = '{--UNSUPPORTED_ENCRYPTION_MODE--}';
190 // "Getter" for an array of supported ("safe") encryption algorithms
191 function getSupportedEncryptionAlgorithms () {
193 $algos = mcrypt_list_algorithms();
195 // Remove any unsecure (e.g. DES/3DES)
196 foreach (array('des', 'tripledes') as $unsecure) {
198 $id = array_search($unsecure, $algos, TRUE);
201 if (isValidNumber($id)) {
211 // "Getter" for an array of supported encryption modes
212 function getSupportedEncryptionModes () {
214 $modes = mcrypt_list_modes();
220 // Determines whether given encryption algorithm number is valid
221 function isValidEncryptionAlgorithm ($algo) {
222 // Default is not valid
226 if (isValidNumber($algo)) {
227 // Get supported algorithms
228 $algos = getSupportedEncryptionAlgorithms();
231 $isValid = (isset($algos[$algo]));
238 // Determines whether given encryption mode number is valid
239 function isValidEncryptionMode ($mode) {
240 // Default is not valid
244 if ((isValidNumber($mode)) || (is_numeric($mode))) {
245 // Get supported algorithms
246 $modes = getSupportedEncryptionModes();
249 $isValid = (isset($modes[$mode]));
256 // Encrypts a string by given algorithm and key
257 function encrytStringByCipher ($str, $algo, $mode, $key) {
259 $cipher = initEncryption($algo, $mode, $key);
262 $encrypted = mcrypt_generic($cipher, $str);
264 // Deinit/close cipher
265 deinitEncryption($cipher);
271 // Decrypts a string by given algorithm and key
272 function decrytStringByCipher ($str, $algo, $mode, $key, $iv) {
274 $cipher = initEncryption($algo, $mode, $key, $iv);
277 $encrypted = mdecrypt_generic($cipher, $str);
279 // Deinit/close cipher
280 deinitEncryption($cipher);
286 // Initializes encryption/decryption
287 function initEncryption ($algo, $mode, $key, $iv = NULL) {
288 // Must be valid algo/mode
289 assert((isValidEncryptionAlgorithm($algo)) && (isValidEncryptionMode($mode)));
291 // Get algorithms/modes
292 $algos = getSupportedEncryptionAlgorithms();
293 $modes = getSupportedEncryptionModes();
295 // Open encryption module
296 $cipher = mcrypt_module_open($algos[$algo], '', $modes[$mode], '');
298 // Ist not a resource?
299 assert(is_resource($cipher));
304 $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cipher), MCRYPT_DEV_RANDOM);
308 $keySize = mcrypt_enc_get_key_size($cipher);
310 // Key size must be smaller/equal key's size
311 assert($keySize <= strlen($key));
313 // Initialize encryption
314 mcrypt_generic_init($cipher, substr($key, 0, $keySize), $iv);
316 // Return prepared cipher
320 // Deinitializes encryption cipher
321 function deinitEncryption ($cipher) {
322 // Ist not a resource?
323 assert(is_resource($cipher));
325 // Deinit/close cipher
326 mcrypt_generic_deinit($cipher);
327 mcrypt_module_close($cipher);