* @version 0.0.0 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2023 Core Developer Team * @license GNU GPL 3.0 or any newer version * @link http://www.shipsimu.org * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { // Exception constants const EXCEPTION_ENCRYPT_MISSING = 0x1f0; const EXCEPTION_ENCRYPT_INVALID = 0x1f1; /** * An instance of this own clas */ private static $selfInstance = NULL; /** * Instance of the crypto stream */ private $cryptoStreamInstance = NULL; /** * Salt for hashing operations */ private $salt = ''; /** * Instance of a RNG */ private $rngInstance = NULL; /** * Protected constructor * * @return void */ private function __construct () { // Call parent constructor parent::__construct(__CLASS__); } /** * Creates an instance of this class * * @return $cryptoInstance An instance of this crypto helper class */ public static final function createCryptoHelper () { // Get a new instance /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage('CRYPTO-HELPER: CALLED!'); $cryptoInstance = new CryptoHelper(); // Initialize the hasher /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage('CRYPTO-HELPER: Invoking cryptoInstance->initHasher() ...'); $cryptoInstance->initHasher(); // Attach a crypto stream /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage('CRYPTO-HELPER: Invoking cryptoInstance->attachCryptoStream() ...'); $cryptoInstance->attachCryptoStream(); // Return the instance /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage(sprintf('CRYPTO-HELPER: cryptoInstance=%s - EXIT!', $cryptoInstance->__toString())); return $cryptoInstance; } /** * Get a singleton instance of this class * * @return $selfInstance An instance of this crypto helper class */ public static final function getSelfInstance () { // Is no instance there? /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage(sprintf('CRYPTO-HELPER: self::selfInstance[]=%s - CALLED!', gettype(self::$selfInstance))); if (is_null(self::$selfInstance)) { // Then get a new one self::$selfInstance = self::createCryptoHelper(); } // Return the instance /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage(sprintf('CRYPTO-HELPER: self::selfInstance=%s - EXIT!', self::$selfInstance->__toString())); return self::$selfInstance; } /** * Setter for RNG instance * * @param $rngInstance An instance of a random number generator (RNG) * @return void */ protected final function setRngInstance (RandomNumberGenerator $rngInstance) { $this->rngInstance = $rngInstance; } /** * Getter for RNG instance * * @return $rngInstance An instance of a random number generator (RNG) */ public final function getRngInstance () { return $this->rngInstance; } /** * Attaches a crypto stream to this crypto helper by detecting loaded * modules. * * @return void */ protected function attachCryptoStream () { // @TODO Maybe rewrite this with DirectoryIterator, similar to Compressor thing? // Do we have openssl loaded? /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage('CRYPTO-HELPER: CALLED!'); if ($this->isPhpExtensionLoaded('openssl')) { // Then use it /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->debugMessage('CRYPTO-HELPER: Attaching openssl crypto stream ...'); $this->cryptoStreamInstance = ObjectFactory::createObjectByConfiguredName('crypto_openssl_stream_class', [$this->getRngInstance()]); } else { // If nothing works ... /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->debugMessage('CRYPTO-HELPER: Attaching NULL crypto stream ...'); $this->cryptoStreamInstance = ObjectFactory::createObjectByConfiguredName('crypto_null_stream_class'); } // Trace message /* NOISY-DEBUG: */ self::createDebugInstance(__CLASS__, __LINE__)->traceMessage('CRYPTO-HELPER: EXIT!'); } /** * Initializes the hasher for different purposes. * * @return void */ protected function initHasher () { // Initialize the random number generator which is required by some crypto methods $this->setRngInstance(ObjectFactory::createObjectByConfiguredName('rng_class')); // Generate a salt for the hasher $this->generateSalt(); } /** * Generates the salt based on configured length * * @return void */ private function generateSalt () { // Get a random string from the RNG $randomString = $this->getRngInstance()->randomString() . $this->createUuid(); // Get config entry for salt length $length = FrameworkBootstrap::getConfigurationInstance()->getConfigEntry('salt_length'); // Keep only defined number of characters $this->salt = substr(sha1($randomString), -$length, $length); } /** * Returns a UUID (Universal Unique IDentifier) if PECL extension uuid was * found or an empty string it not. * * @return $uuid UUID with leading dash or empty string */ public function createUuid () { // Init empty UUID $uuid = ''; // Is the UUID extension loaded and enabled? (see pecl) if (FrameworkBootstrap::getConfigurationInstance()->getConfigEntry('extension_uuid_loaded') === true) { // Then add it as well $uuid = uuid_create(); } // Return it return $uuid; } /** * Hashes a string with salt and returns the hash. If an old previous hash * is supplied the method will use the first X chars of that hash for hashing * the password. This is useful if you want to check if password is identical * for authorization purposes. * * @param $str Unhashed string * @param $oldHash A hash from previous hashed string * @param $withFixed Whether to include a fixed salt (not recommended in p2p applications) * @return $hashed The hashed and salted string */ public function hashString (string $str, string $oldHash = '', bool $withFixed = true) { // Default is the default salt ;-) $salt = $this->salt; // Is the old password set? if (!empty($oldHash)) { // Use the salt from hash, first get length $length = FrameworkBootstrap::getConfigurationInstance()->getConfigEntry('salt_length'); // Then extract the X first characters from the hash as our salt $salt = substr($oldHash, 0, $length); } // Hash the password with salt //* DEBUG: */ echo "salt=".$salt."/plain=".$str."
\n"; if ($withFixed === true) { // Use additional fixed salt $hashed = $salt . md5(sprintf(FrameworkBootstrap::getConfigurationInstance()->getConfigEntry('hash_extra_mask'), $salt, $this->getRngInstance()->getFixedSalt(), $str )); } else { // Use salt+string to hash $hashed = $salt . md5(sprintf(FrameworkBootstrap::getConfigurationInstance()->getConfigEntry('hash_normal_mask'), $salt, $str )); } // And return it return $hashed; } /** * Encrypt the string with fixed salt * * @param $str The unencrypted string * @param $key Optional key, if none provided, a random key will be generated * @return $encrypted Encrypted string */ public function encryptString (string $str, string $key = NULL) { // Encrypt the string through the stream $encrypted = $this->cryptoStreamInstance->encryptStream($str, $key); // Return the string return $encrypted; } /** * Decrypt the string with fixed salt * * @param $encrypted Encrypted string * @return $str The unencrypted string */ public function decryptString (string $encrypted) { // Encrypt the string through the stream $str = $this->cryptoStreamInstance->decryptStream($encrypted); // Return the string return $str; } }