<?php
/************************************************************************
 * Mailer v0.2.1-FINAL                                Start: 04/04/2015 *
 * ===================                          Last change: 04/04/2015 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : encryption-functions.php                         *
 * -------------------------------------------------------------------- *
 * Short description : Functions for encryption                         *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Funktionen fuer Verschluesselung                 *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2009 by Roland Haeder                           *
 * Copyright (c) 2009 - 2015 by Mailer Developer Team                   *
 * For more information visit: http://mxchange.org                      *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

if (!defined('__SECURITY')) {
	exit();
} // END - if

// Generate salt if not set
function generateSalt ($salt = '', $hashLength = 48) {
	// The length should not be shorter than 48 to have 8 byte as salt
	assert(($hashLength >= 48) && ($hashLength <= 80));

	// Is the salt set?
	if (empty($salt)) {
		// Then generate it from various data
		$salt = hashSha256($hashLength . ':' . mt_rand(100000, 999999) . ':' . getSiteKey());
	} // END - if

	// Shorten salt ...
	$salt = substr($salt, 0, $hashLength - 64);

	// Return salt
	return $salt;
}

// Hashes a string with SHA256, salts it and returns it hexdecimal-encoded
function hashString ($str, $salt = '') {
	// Generate salt
	$salt = generateSalt($salt, 64);

	// Generate salt
	$hash = hashSha256($salt . $str);

	// Return it
	return $salt . $hash;
}

// Hash string with SHA256 and encode it to hex
function hashSha256 ($str) {
	/// Hash string
	$hash = mhash(MHASH_SHA256, $str);

	// Encode it to hexadecimal
	$hex = '';
	for ($i = 0; $i < strlen($hash); $i++) {
		// Encode char to decimal, pad it with zero, add it
		$hex .= padLeftZero(dechex(ord(substr($hash, $i, 1))), 2);
	} // END - if

	// Make sure 'length modulo 2' = 0
	assert((strlen($hex) % 2) == 0);

	// Return it
	return $hex;
}

// "Calculates" password strength
function calculatePasswordStrength ($password, $configEntry = 'min_password_length') {
	// Default score
	$score = 1;

	if ((strlen($password) < 1) || (strlen($password) < getConfig($configEntry))) {
		// Is to weak
		return 0;
	} // END - if

	// At least 8 chars long?
	if (strlen($password) >= 8) {
		// Add score
		$score++;
	} // END - if

	// At least 10 chars long?
	if (strlen($password) >= 10) {
		// Add score
		$score++;
	} // END - if

	// Lower and upper cases?
	if ((preg_match('/[a-z]/', $password)) && (preg_match('/[A-Z]/', $password))) {
		// Add score
		$score++;
	} // END - if

	// Also numbers?
	if (preg_match('/[0-9]/', $password))  {
		// Add score
		$score++;
	} // END - if

	// Special characters?
	if (preg_match('/.[!,@,#,$,%,^,&,*,?,\/,_,~,+,-,(,)]/', $password)) {
		// Add score
		$score++;
	} // END - if

	// Return password score
	return $score;
}

// "Translates" password strength/score
function translatePasswordStrength ($strength) {
	// Return it translated
	return '{--PASSWORD_SCORE_' . bigintval($strength) . '--}';
}

// Checks whether given password is strong enough
function isStrongPassword ($password) {
	// Determine it
	return (calculatePasswordStrength($password) >= getConfig('min_password_score'));
}

// "Translates" encryption algorithm
function translateEncryptionAlgorithm ($algo) {
	// Default is 'NONE'
	$translated = '{--SELECT_NONE--}';

	// Is a valid number? Also '0' is valid.
	if ((isValidNumber($algo)) || ($algo === '0')) {
		// Get array
		$algos = getSupportedEncryptionAlgorithms();

		// Is it there?
		if (isset($algos[$algo])) {
			// "Translate" it
			$translated = strtoupper($algos[$algo]);
		} else {
			// Unknown/unsupported
			$translated = '{--UNSUPPORTED_ENCRYPTION_ALGO--}';
		}
	} // END - if

	// Return it
	return $translated;
}

// "Translates" encryption mode
function translateEncryptionMode ($mode) {
	// Default is 'NONE'
	$translated = '{--SELECT_NONE--}';

	// Is a valid number?
	if ((isValidNumber($mode)) || (is_numeric($mode))) {
		// Get array
		$modes = getSupportedEncryptionModes();

		// Is it there?
		if (isset($modes[$mode])) {
			// "Translate" it
			$translated = strtoupper($modes[$mode]);
		} else {
			// Unknown/unsupported
			$translated = '{--UNSUPPORTED_ENCRYPTION_MODE--}';
		}
	} // END - if

	// Return it
	return $translated;
}

// "Getter" for an array of supported ("safe") encryption algorithms
function getSupportedEncryptionAlgorithms () {
	// Get full list
	$algos = mcrypt_list_algorithms();

	// Remove any unsecure (e.g. DES/3DES)
	foreach (array('des', 'tripledes') as $unsecure) {
		// Search for it
		$id = array_search($unsecure, $algos, TRUE);

		// Is it found?
		if (isValidNumber($id)) {
			// Remove it
			unset($algos[$id]);
		} // END - if
	} // END - foreach

	// Return it
	return $algos;
}

// "Getter" for an array of supported encryption modes
function getSupportedEncryptionModes () {
	// Get full list
	$modes = mcrypt_list_modes();

	// Return it
	return $modes;
}

// Determines whether given encryption algorithm number is valid
function isValidEncryptionAlgorithm ($algo) {
	// Default is not valid
	$isValid = FALSE;

	// Is valid number?
	if (isValidNumber($algo)) {
		// Get supported algorithms
		$algos = getSupportedEncryptionAlgorithms();

		// Is it there?
		$isValid = (isset($algos[$algo]));
	} // END - if

	// Return status
	return $isValid;
}

// Determines whether given encryption mode number is valid
function isValidEncryptionMode ($mode) {
	// Default is not valid
	$isValid = FALSE;

	// Is valid number?
	if ((isValidNumber($mode)) || (is_numeric($mode))) {
		// Get supported algorithms
		$modes = getSupportedEncryptionModes();

		// Is it there?
		$isValid = (isset($modes[$mode]));
	} // END - if

	// Return status
	return $isValid;
}

// Encrypts a string by given algorithm and key
function encrytStringByCipher ($str, $algo, $mode, $key) {
	// Init encryption
	$cipher = initEncryption($algo, $mode, $key);

	// Encrypt it
	$encrypted = mcrypt_generic($cipher, $str);

	// Deinit/close cipher
	deinitEncryption($cipher);

	// Return encrypted
	return $encrypted;
}

// Decrypts a string by given algorithm and key
function decrytStringByCipher ($str, $algo, $mode, $key, $iv) {
	// Init encryption
	$cipher = initEncryption($algo, $mode, $key, $iv);

	// Decrypt it
	$encrypted = mdecrypt_generic($cipher, $str);

	// Deinit/close cipher
	deinitEncryption($cipher);

	// Return encrypted
	return $encrypted;
}

// Initializes encryption/decryption
function initEncryption ($algo, $mode, $key, $iv = NULL) {
	// Must be valid algo/mode
	assert((isValidEncryptionAlgorithm($algo)) && (isValidEncryptionMode($mode)));

	// Get algorithms/modes
	$algos = getSupportedEncryptionAlgorithms();
	$modes = getSupportedEncryptionModes();

	// Open encryption module
	$cipher = mcrypt_module_open($algos[$algo], '', $modes[$mode], '');

	// Ist not a resource?
	assert(is_resource($cipher));

	// Is iv set?
	if (is_null($iv)) {
		// Create IV
		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cipher), MCRYPT_DEV_RANDOM);
	} // END - if

	// Generate key size
	$keySize = mcrypt_enc_get_key_size($cipher);

	// Key size must be smaller/equal key's size
	assert($keySize <= strlen($key));

	// Initialize encryption
	mcrypt_generic_init($cipher, substr($key, 0, $keySize), $iv);

	// Return prepared cipher
	return $cipher;
}

// Deinitializes encryption cipher
function deinitEncryption ($cipher) {
	// Ist not a resource?
	assert(is_resource($cipher));

	// Deinit/close cipher
	mcrypt_generic_deinit($cipher);
	mcrypt_module_close($cipher);
}

// [EOF]
?>