You are here

Home » API reference » Two-factor Authentication (TFA) 8 » McryptAES128Encryption.php

class McryptAES128Encryption in Two-factor Authentication (TFA) 8

Deprecated Mcrypt AES 128 encryption plugin.

@package Drupal\encrypt\Plugin\EncryptionMethod

@EncryptionMethod( id = "mcrypt_aes_128", title = @Translation("Mcrypt AES 128"), description = "This uses PHP OpenSSL or Mcrypt extensions and <a href='http://en.wikipedia.org/wiki/Advanced_Encryption_Standard'>AES-128</a>.", key_type = {"encryption"}, can_decrypt = TRUE, deprecated = TRUE )

phpcs:disable PHPCompatibility

Hierarchy

Expanded class hierarchy of McryptAES128Encryption

File

src/Plugin/EncryptionMethod/McryptAES128Encryption.php, line 26

Namespace

Drupal\tfa\Plugin\EncryptionMethod
View source 
class McryptAES128Encryption extends EncryptionMethodBase implements EncryptionMethodInterface {
  use StringTranslationTrait;
  const CRYPT_VERSION = 1;

  /**
   * {@inheritdoc}
   */
  public function encrypt($text, $key) {

    // Backwards compatibility with Mcrypt.
    if (!extension_loaded('openssl') && extension_loaded('mcrypt')) {
      return $this
        ->encryptWithMcrypt($text, $key);
    }

    // Encrypt using OpenSSL.
    $iv = random_bytes(16);
    $ciphertext = openssl_encrypt($text, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
    $crypto_data = [
      'version' => self::CRYPT_VERSION,
      'iv_base64' => base64_encode($iv),
      'ciphertext_base64' => base64_encode($ciphertext),
    ];
    return Json::encode($crypto_data);
  }

  /**
   * Encrypt using the deprecated Mcrypt extension.
   *
   * @param string $text
   *   The text to be encrypted.
   * @param string $key
   *   The key to encrypt the text with.
   *
   * @return string
   *   The encrypted text.
   *
   * @noinspection PhpDeprecationInspection
   */
  private function encryptWithMcrypt($text, $key) {

    // Key cannot be too long for this encryption.
    $key = mb_substr($key, 0, 32);

    // Define iv cipher.
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $processed_text = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_ECB, $iv);
    $processed_text = base64_encode($processed_text);
    return $processed_text;
  }

  /**
   * {@inheritdoc}
   */
  public function decrypt($text, $key) {
    $crypto_data = Json::decode($text);
    if (empty($crypto_data['version']) || empty($crypto_data['iv_base64']) || empty($crypto_data['ciphertext_base64'])) {

      // Backwards compatibility with the old Mcrypt scheme.
      return extension_loaded('mcrypt') ? $this
        ->decryptLegacyDataWithMcrypt($text, $key) : $this
        ->decryptLegacyDataWithOpenSsl($text, $key);
    }
    else {
      $iv = base64_decode($crypto_data['iv_base64']);
      $ciphertext = base64_decode($crypto_data['ciphertext_base64']);
      return openssl_decrypt($ciphertext, 'aes-256-cbc', $key, TRUE, $iv);
    }
  }

  /**
   * Use OpenSSL to decrypt data that was originally encrypted with Mcrypt.
   *
   * @param string $text
   *   The text to be decrypted.
   * @param string $key
   *   The key to decrypt the text with.
   *
   * @return string|bool
   *   The decrypted text, or FALSE on failure.
   */
  private function decryptLegacyDataWithOpenSsl($text, $key) {
    $key = mb_substr($key, 0, 32);
    $text = base64_decode($text);
    return openssl_decrypt($text, 'aes-128-cbc', $key, OPENSSL_NO_PADDING);
  }

  /**
   * Decrypt using the deprecated Mcrypt extension.
   *
   * @param string $text
   *   The text to be decrypted.
   * @param string $key
   *   The key to decrypt the text with.
   *
   * @return string
   *   The decrypted text
   *
   * @noinspection PhpDeprecationInspection
   */
  private function decryptLegacyDataWithMcrypt($text, $key) {

    // Key cannot be too long for this encryption.
    $key = mb_substr($key, 0, 32);

    // Define iv cipher.
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $text = base64_decode($text);

    // Decrypt text.
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_ECB, $iv));
  }

  /**
   * Check dependencies for the encryption method.
   *
   * @param string $text
   *   The text to be checked.
   * @param string $key
   *   The key to be checked.
   *
   * @return array
   *   An array of error messages, providing info on missing dependencies.
   */
  public function checkDependencies($text = NULL, $key = NULL) {
    $errors = [];
    if (!extension_loaded('openssl') && !extension_loaded('mcrypt')) {
      $errors[] = $this
        ->t('OpenSSL and Mcrypt extensions are not installed.');
    }

    // Check if we have a 128 bit key.
    if (strlen($key) != 16) {
      $errors[] = $this
        ->t('This encryption method requires a 128 bit key.');
    }
    return $errors;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EncryptionMethodBase::calculateDependencies public function Calculates dependencies for the configured plugin. Overrides DependentPluginInterface::calculateDependencies
EncryptionMethodBase::canDecrypt public function Define if encryption method can also decrypt. Overrides EncryptionMethodInterface::canDecrypt
EncryptionMethodBase::create public static function
EncryptionMethodBase::defaultConfiguration public function Gets default configuration for this plugin. Overrides ConfigurableInterface::defaultConfiguration
EncryptionMethodBase::getConfiguration public function Gets this plugin's configuration. Overrides ConfigurableInterface::getConfiguration
EncryptionMethodBase::getLabel public function Get the label. Overrides EncryptionMethodInterface::getLabel
EncryptionMethodBase::isDeprecated public function Define if encryption method is deprecated. Overrides EncryptionMethodInterface::isDeprecated
EncryptionMethodBase::setConfiguration public function Sets the configuration for this plugin instance. Overrides ConfigurableInterface::setConfiguration
EncryptionMethodBase::__construct public function Constructs a \Drupal\Component\Plugin\PluginBase object. Overrides PluginBase::__construct
McryptAES128Encryption::checkDependencies public function Check dependencies for the encryption method. Overrides EncryptionMethodInterface::checkDependencies
McryptAES128Encryption::CRYPT_VERSION constant
McryptAES128Encryption::decrypt public function Decrypt text. Overrides EncryptionMethodInterface::decrypt
McryptAES128Encryption::decryptLegacyDataWithMcrypt private function Decrypt using the deprecated Mcrypt extension.
McryptAES128Encryption::decryptLegacyDataWithOpenSsl private function Use OpenSSL to decrypt data that was originally encrypted with Mcrypt.
McryptAES128Encryption::encrypt public function Encrypt text. Overrides EncryptionMethodInterface::encrypt
McryptAES128Encryption::encryptWithMcrypt private function Encrypt using the deprecated Mcrypt extension.
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
PluginBase::$configuration protected property Configuration information passed into the plugin. 1
PluginBase::$pluginDefinition protected property The plugin implementation definition. 1
PluginBase::$pluginId protected property The plugin_id.
PluginBase::DERIVATIVE_SEPARATOR constant A string which is used to separate base plugin IDs from the derivative ID.
PluginBase::getBaseId public function Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface::getBaseId
PluginBase::getDerivativeId public function Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface::getDerivativeId
PluginBase::getPluginDefinition public function Gets the definition of the plugin implementation. Overrides PluginInspectionInterface::getPluginDefinition 3
PluginBase::getPluginId public function Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface::getPluginId
PluginBase::isConfigurable public function Determines if the plugin is configurable.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.