You are here

function aes_encrypt in AES encryption 7

Same name and namespace in other branches
  1. 5 aes.module \aes_encrypt()
  2. 6 aes.module \aes_encrypt()

Encrypts a string.

Parameters

string $string: The string to encrypt.

bool $base64encode: Whether to return the string base64 encoded (recommended for database insertion).

string $custom_key: Use this as the key rather than the stored one for this operation.

string $custom_cipher: Use this cipher rather than the default one. (only with Mcrypt - ignored with phpseclib)

string $custom_iv: Use this initialization vector instead of the default one. Base64-encoded.

string $custom_implementation: Can be "phpseclib" or "mcrypt". Warning: Does not check if the requested implementation actually exists.

Return value

bool|string The encrypted string on success, FALSE on error.

1 call to aes_encrypt()
aes_user_alter in ./aes.module
Implements hook_user_alter().
2 string references to 'aes_encrypt'
aes_aes_config_change in ./aes.admin.inc
Implements hook_aes_config_change().
hook_aes_config_change in ./aes.api.php
hook_aes_config_change() This hook provide ability for developers to reencrypt data in modules when aes configuration changed.

File

./aes.module, line 487
Main file of the AES encryption module.

Code

function aes_encrypt($string, $base64encode = TRUE, $custom_key = NULL, $custom_cipher = NULL, $custom_iv = NULL, $custom_implementation = NULL) {

  // Bail out if the passed string is empty.
  if (empty($string)) {
    watchdog("aes", "Tried to encrypt an empty string.", array(), WATCHDOG_WARNING);
    return FALSE;
  }
  if ($custom_cipher != NULL) {
    $cipher = $custom_cipher;
  }
  else {
    $cipher = variable_get("aes_cipher", "rijndael-128");
  }
  if (!empty($custom_key)) {
    $key = $custom_key;
  }
  else {
    $key = aes_get_key();
  }
  if ($custom_implementation == "mcrypt" || $custom_implementation == "phpseclib") {
    $implementation = $custom_implementation;
  }
  else {
    $implementation = variable_get("aes_implementation", "mcrypt");
  }
  if ($implementation == "phpseclib") {

    // Using phpseclib implementation.
    // phpseclib doesn't support custom ciphers.
    if (is_null($custom_cipher) == FALSE) {
      watchdog("aes", "A custom cipher was defined when encrypting a string in the AES module using the phpseclib implementation. This implementation doesn't support custom ciphers therefore the argument was ignored and the encryption was done with the standard cipher.", array(), WATCHDOG_WARNING);
    }
    aes_load_phpsec();
    $phpsec = new Crypt_AES();
    $phpsec
      ->setKey($key);
    if (!is_null($custom_iv)) {
      $phpsec
        ->setIV(base64_decode($custom_iv));
    }
    $encrypted = $phpsec
      ->encrypt($string);
  }
  else {
    if ($implementation == "mcrypt") {

      // Using mcrypt implementation.
      $td = mcrypt_module_open_safe($cipher, "", MCRYPT_MODE_CBC, "");
      if ($custom_iv == NULL) {
        $iv = base64_decode(variable_get("aes_encryption_iv", ""));
      }
      else {
        $iv = base64_decode($custom_iv);
      }
      if (empty($iv)) {
        aes_make_iv();
        $iv = base64_decode(variable_get("aes_encryption_iv", ""));
        watchdog("aes", "No initialization vector found while trying to encrypt! This could be a bit of a pain since you might have to reset all the passwords for all users. I've created a new one now and will try to carry on as normal.", array(), WATCHDOG_WARNING);
      }
      $ks = mcrypt_enc_get_key_size($td);
      $key = substr(sha1($key), 0, $ks);
      mcrypt_generic_init($td, $key, $iv);
      $encrypted = mcrypt_generic($td, $string);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    else {
      $error_msg = t("Request was sent to encrypt a string with the AES module, but the AES module has no active encryption implementation to work with! Did you forget to run update.php after upgrading this module?");
      if (user_access('administer aes')) {
        drupal_set_message($error_msg, "error");
      }
      watchdog("aes", $error_msg, array(), WATCHDOG_ERROR);
      return FALSE;
    }
  }
  if ($base64encode) {
    return base64_encode($encrypted);
  }
  else {
    return $encrypted;
  }
}