├── .coveralls.yml
├── .github
    └── workflows
    │   └── test.yml
├── .gitignore
├── LICENSE
├── README.md
├── composer.json
├── phpunit.xml
├── src
    ├── Cryptor.php
    ├── CryptorInterface.php
    ├── Exceptions
    │   ├── Concerns
    │   │   └── HasOriginalMessage.php
    │   ├── DecryptionFailedException.php
    │   ├── EasyCryptException.php
    │   ├── EncryptionFailedException.php
    │   └── UnsupportedCipherException.php
    ├── FixedPasswordCryptor.php
    ├── FixedPasswordCryptorInterface.php
    ├── IvGenerator
    │   ├── IvGeneratorInterface.php
    │   └── RandomIvGenerator.php
    └── OpenSSL
    │   ├── EncryptionResult.php
    │   └── OpenSSL.php
└── tests
    ├── CryptorTest.php
    └── FixedPasswordCryptorTest.php


/.coveralls.yml:
--------------------------------------------------------------------------------
1 | coverage_clover: build/logs/clover.xml
2 | json_path: build/logs/coveralls-upload.json
3 | 


--------------------------------------------------------------------------------
/.github/workflows/test.yml:
--------------------------------------------------------------------------------
 1 | name: Test
 2 | 
 3 | on: [push, pull_request]
 4 | 
 5 | jobs:
 6 |   build:
 7 |     runs-on: ubuntu-latest
 8 | 
 9 |     strategy:
10 |       matrix:
11 |         php: [8.2, 8.3, 8.4]
12 | 
13 |     steps:
14 |       - uses: actions/checkout@v3
15 | 
16 |       - name: Setup PHP
17 |         uses: shivammathur/setup-php@v2
18 |         with:
19 |           php-version: ${{ matrix.php }}
20 |           coverage: xdebug
21 | 
22 |       - run: composer update
23 |       - run: mkdir -p build/logs
24 |       - run: vendor/bin/phpunit --coverage-clover build/logs/clover.xml
25 | 
26 |       - name: Upload Coverage
27 |         uses: nick-invision/retry@v2
28 |         env:
29 |           COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
30 |           COVERALLS_PARALLEL: 'true'
31 |           COVERALLS_FLAG_NAME: 'php:${{ matrix.php }}'
32 |         with:
33 |           timeout_minutes: 1
34 |           max_attempts: 3
35 |           command: |
36 |             composer global require php-coveralls/php-coveralls
37 |             php-coveralls --coverage_clover=build/logs/clover.xml -v
38 | 
39 |   coverage-aggregation:
40 |     needs: build
41 |     runs-on: ubuntu-latest
42 |     steps:
43 |       - name: Aggregate Coverage
44 |         uses: coverallsapp/github-action@master
45 |         with:
46 |           github-token: ${{ secrets.GITHUB_TOKEN }}
47 |           parallel-finished: true
48 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /vendor/
2 | .php_cs.cache
3 | .phpunit.result.cache
4 | composer.lock
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 mpyw
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # EasyCrypt [![Build Status](https://github.com/mpyw/EasyCrypt/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/mpyw/EasyCrypt/actions) [![Coverage Status](https://coveralls.io/repos/github/mpyw/EasyCrypt/badge.svg?branch=master)](https://coveralls.io/github/mpyw/EasyCrypt?branch=master)
 2 | 
 3 | A class that provides simple interface for **decryptable** encryption.
 4 | 
 5 | ## Requirements
 6 | 
 7 | - PHP: `^8.2`
 8 | 
 9 | > [!NOTE]
10 | > Older versions have outdated dependency requirements. If you cannot prepare the latest environment, please refer to past releases.
11 | 
12 | ## Installing
13 | 
14 | ```
15 | composer require mpyw/easycrypt
16 | ```
17 | 
18 | ## Usage
19 | 
20 | ### Basic
21 | 
22 | The default cipher method is `aes256` (`aes-256-cbc`).
23 | 
24 | ```php
25 | <?php
26 | 
27 | use Mpyw\EasyCrypt\Cryptor;
28 | 
29 | $cryptor = new Cryptor;
30 | 
31 | $secretData = '[Secret Data]';
32 | $password = '[Password]';
33 | 
34 | $encrypted = $cryptor->encrypt($secretData, $password);
35 | $decrypted = $cryptor->decrypt($encrypted, $password); // String on success, false on failure.
36 | 
37 | var_dump($secretData === $decrypted); // bool(true)
38 | ```
39 | 
40 | ### Throw `DecryptionFailedException` when decryption failed
41 | 
42 | It throws `DecryptionFailedException` instead of returning false.
43 | 
44 | ```php
45 | $decrypted = $cryptor->mustDecrypt($encrypted, $password);
46 | ```
47 | 
48 | ### Use fixed password
49 | 
50 | You can use `FixedPasswordCryptor` instead of raw `Cryptor`.
51 | This is useful when we use a fixed password from an application config.
52 | 
53 | ```php
54 | <?php
55 | 
56 | use Mpyw\EasyCrypt\FixedPasswordCryptor;
57 | 
58 | $cryptor = new FixedPasswordCryptor('[Password]');
59 | 
60 | $secretData = '[Secret Data]';
61 | 
62 | $encrypted = $cryptor->encrypt($secretData);
63 | $decrypted = $cryptor->decrypt($encrypted); // String on success, false on failure.
64 | 
65 | var_dump($secretData === $decrypted); // bool(true)
66 | ```
67 | 
68 | ### Use AEAD (Authenticated Encryption with Associated Data) suites
69 | 
70 | If you need to use AEAD suites that adopt CTR mode, it is recommended to provide truly unique counter value.
71 | 
72 | ```php
73 | use Mpyw\EasyCrypt\IvGenerator\IvGeneratorInterface;
74 | 
75 | class Counter implements IvGeneratorInterface
76 | {
77 |     protected \PDO $pdo;
78 | 
79 |     public function __construct(\PDO $pdo)
80 |     {
81 |         $this->pdo = $pdo;
82 |     }
83 | 
84 |     public function generate(int $length): string
85 |     {
86 |         $this->pdo->exec('INSERT INTO counters()');
87 |         return $this->pdo->lastInsertId();
88 |     }
89 | }
90 | ```
91 | 
92 | ```php
93 | <?php
94 | 
95 | use Mpyw\EasyCrypt\Cryptor;
96 | 
97 | $cryptor = new Cryptor('aes-256-gcm', new Counter(new \PDO(...)));
98 | ```
99 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "mpyw/easycrypt",
 3 |     "description": "A class that provides simple interface for decryptable encryption.",
 4 |     "type": "library",
 5 |     "license": "MIT",
 6 |     "keywords": [
 7 |         "encrypt",
 8 |         "decrypt",
 9 |         "openssl"
10 |     ],
11 |     "authors": [
12 |         {
13 |             "name": "mpyw",
14 |             "email": "ryosuke_i_628@yahoo.co.jp"
15 |         }
16 |     ],
17 |     "autoload": {
18 |         "psr-4": {
19 |             "Mpyw\\EasyCrypt\\": "src/"
20 |         }
21 |     },
22 |     "autoload-dev": {
23 |         "psr-4": {
24 |             "Mpyw\\EasyCrypt\\Tests\\": "tests/"
25 |         }
26 |     },
27 |     "require": {
28 |         "php": "^8.2",
29 |         "ext-openssl": "*"
30 |     },
31 |     "require-dev": {
32 |         "phpunit/phpunit": ">=11.0"
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/phpunit.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit backupGlobals="false"
 3 |          bootstrap="vendor/autoload.php"
 4 |          colors="true"
 5 |          processIsolation="false"
 6 |          stopOnFailure="false"
 7 |          cacheDirectory=".phpunit.cache"
 8 |          backupStaticProperties="false">
 9 | 
10 |     <source>
11 |         <include>
12 |             <directory>./src</directory>
13 |         </include>
14 |     </source>
15 | 
16 |     <coverage/>
17 | 
18 |     <testsuites>
19 |         <testsuite name="Package Test Suite">
20 |             <directory suffix="Test.php">./tests</directory>
21 |         </testsuite>
22 |     </testsuites>
23 | </phpunit>
24 | 


--------------------------------------------------------------------------------
/src/Cryptor.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Mpyw\EasyCrypt;
  4 | 
  5 | use Mpyw\EasyCrypt\Exceptions\DecryptionFailedException;
  6 | use Mpyw\EasyCrypt\IvGenerator\IvGeneratorInterface;
  7 | use Mpyw\EasyCrypt\IvGenerator\RandomIvGenerator;
  8 | use Mpyw\EasyCrypt\OpenSSL\OpenSSL;
  9 | 
 10 | class Cryptor implements CryptorInterface
 11 | {
 12 |     public const DEFAULT_CIPHER_METHOD = 'aes256';
 13 | 
 14 |     /**
 15 |      * @var OpenSSL
 16 |      */
 17 |     protected $openssl;
 18 | 
 19 |     /**
 20 |      * @var IvGeneratorInterface
 21 |      */
 22 |     protected $ivGenerator;
 23 | 
 24 |     /**
 25 |      * Constructor.
 26 |      *
 27 |      * @param string                    $method
 28 |      * @param null|IvGeneratorInterface $ivGenerator
 29 |      */
 30 |     public function __construct(string $method = self::DEFAULT_CIPHER_METHOD, ?IvGeneratorInterface $ivGenerator = null)
 31 |     {
 32 |         $this->openssl = new OpenSSL($method);
 33 |         $this->ivGenerator = $ivGenerator ?? new RandomIvGenerator();
 34 |     }
 35 | 
 36 |     /**
 37 |      * Encrypt with shared password.
 38 |      *
 39 |      * @param  string $data
 40 |      * @param  string $password
 41 |      * @return string Binary string.
 42 |      */
 43 |     public function encrypt(string $data, string $password): string
 44 |     {
 45 |         $iv = $this->ivGenerator->generate($this->openssl->ivLength());
 46 |         $encrypted = $this->openssl->encrypt($data, $password, $iv);
 47 | 
 48 |         return "$iv{$encrypted->data}{$encrypted->tag}";
 49 |     }
 50 | 
 51 |     /**
 52 |      * Decrypt with shared password.
 53 |      *
 54 |      * @param  string      $data     Binary string.
 55 |      * @param  string      $password
 56 |      * @return bool|string String on success, false on failure.
 57 |      */
 58 |     public function decrypt(string $data, string $password)
 59 |     {
 60 |         try {
 61 |             return $this->mustDecrypt($data, $password);
 62 |         } catch (DecryptionFailedException $e) {
 63 |             return false;
 64 |         }
 65 |     }
 66 | 
 67 |     /**
 68 |      * Decrypt with shared password.
 69 |      *
 70 |      * @param  string                                               $data     Binary string.
 71 |      * @param  string                                               $password
 72 |      * @throws \Mpyw\EasyCrypt\Exceptions\DecryptionFailedException
 73 |      * @return string                                               Return string on success.
 74 |      */
 75 |     public function mustDecrypt(string $data, string $password): string
 76 |     {
 77 |         $originalData = $data;
 78 | 
 79 |         $iv = static::cutFragmentFrom($data, $this->openssl->ivLength());
 80 |         if (strlen($iv) !== $this->openssl->ivLength()) {
 81 |             throw new DecryptionFailedException('invalid iv length.', $originalData);
 82 |         }
 83 | 
 84 |         if ($this->openssl->useTag()) {
 85 |             $tag = static::cutFragmentFrom($data, -$this->openssl->tagLength());
 86 |             if (strlen($tag) !== $this->openssl->tagLength()) {
 87 |                 throw new DecryptionFailedException('invalid tag length.', $originalData);
 88 |             }
 89 |         }
 90 | 
 91 |         return $this->openssl->decrypt($data, $originalData, $password, $iv, $tag ?? null);
 92 |     }
 93 | 
 94 |     protected static function cutFragmentFrom(string &$data, int $length): string
 95 |     {
 96 |         [$fragment, $data] = [substr($data, 0, $length), substr($data, $length)];
 97 | 
 98 |         if ($length < 0) {
 99 |             [$fragment, $data] = [$data, $fragment];
100 |         }
101 | 
102 |         return $fragment;
103 |     }
104 | }
105 | 


--------------------------------------------------------------------------------
/src/CryptorInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt;
 4 | 
 5 | interface CryptorInterface
 6 | {
 7 |     /**
 8 |      * Encrypt with shared password.
 9 |      *
10 |      * @param  string $data
11 |      * @param  string $password
12 |      * @return string Binary string.
13 |      */
14 |     public function encrypt(string $data, string $password): string;
15 | 
16 |     /**
17 |      * Decrypt with shared password.
18 |      *
19 |      * @param  string      $data     Binary string.
20 |      * @param  string      $password
21 |      * @return bool|string String on success, false on failure.
22 |      */
23 |     public function decrypt(string $data, string $password);
24 | 
25 |     /**
26 |      * Decrypt with shared password.
27 |      *
28 |      * @param  string                                               $data     Binary string.
29 |      * @param  string                                               $password
30 |      * @throws \Mpyw\EasyCrypt\Exceptions\DecryptionFailedException
31 |      * @return string                                               Return string on success.
32 |      */
33 |     public function mustDecrypt(string $data, string $password): string;
34 | }
35 | 


--------------------------------------------------------------------------------
/src/Exceptions/Concerns/HasOriginalMessage.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\Exceptions\Concerns;
 4 | 
 5 | trait HasOriginalMessage
 6 | {
 7 |     /**
 8 |      * @var string
 9 |      */
10 |     protected $originalMessage;
11 | 
12 |     /**
13 |      * @return string
14 |      */
15 |     public function getOriginalMessage(): string
16 |     {
17 |         return $this->originalMessage;
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/src/Exceptions/DecryptionFailedException.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\Exceptions;
 4 | 
 5 | use Exception;
 6 | use Throwable;
 7 | 
 8 | class DecryptionFailedException extends Exception implements EasyCryptException
 9 | {
10 |     use Concerns\HasOriginalMessage;
11 | 
12 |     /**
13 |      * @var string
14 |      */
15 |     protected $data;
16 | 
17 |     /**
18 |      * DecryptionFailedException constructor.
19 |      *
20 |      * @param string          $originalMessage
21 |      * @param string          $data
22 |      * @param null|\Throwable $previous
23 |      */
24 |     public function __construct(string $originalMessage, string $data, Throwable $previous = null)
25 |     {
26 |         $this->data = $data;
27 |         $this->originalMessage = $originalMessage;
28 | 
29 |         parent::__construct('Failed to decrypt.', 0, $previous);
30 |     }
31 | 
32 |     /**
33 |      * @return string
34 |      */
35 |     public function getData(): string
36 |     {
37 |         return $this->data;
38 |     }
39 | }
40 | 


--------------------------------------------------------------------------------
/src/Exceptions/EasyCryptException.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | namespace Mpyw\EasyCrypt\Exceptions;
4 | 
5 | interface EasyCryptException
6 | {
7 | }
8 | 


--------------------------------------------------------------------------------
/src/Exceptions/EncryptionFailedException.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\Exceptions;
 4 | 
 5 | use Throwable;
 6 | use UnexpectedValueException;
 7 | 
 8 | /**
 9 |  * @codeCoverageIgnore
10 |  */
11 | class EncryptionFailedException extends UnexpectedValueException implements EasyCryptException
12 | {
13 |     use Concerns\HasOriginalMessage;
14 | 
15 |     /**
16 |      * EncryptionFailedException constructor.
17 |      *
18 |      * @param string          $message
19 |      * @param null|\Throwable $previous
20 |      */
21 |     public function __construct(string $message, Throwable $previous = null)
22 |     {
23 |         $this->originalMessage = $message;
24 | 
25 |         parent::__construct('Failed to encrypt.', 0, $previous);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/src/Exceptions/UnsupportedCipherException.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\Exceptions;
 4 | 
 5 | use DomainException;
 6 | use Throwable;
 7 | 
 8 | class UnsupportedCipherException extends DomainException implements EasyCryptException
 9 | {
10 |     /**
11 |      * UnsupportedCipherException constructor.
12 |      *
13 |      * @param string          $cipher
14 |      * @param null|\Throwable $previous
15 |      */
16 |     public function __construct(string $cipher, Throwable $previous = null)
17 |     {
18 |         parent::__construct("Unsupported cipher method: $cipher", 0, $previous);
19 |     }
20 | }
21 | 


--------------------------------------------------------------------------------
/src/FixedPasswordCryptor.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt;
 4 | 
 5 | use Mpyw\EasyCrypt\Exceptions\DecryptionFailedException;
 6 | 
 7 | class FixedPasswordCryptor implements FixedPasswordCryptorInterface
 8 | {
 9 |     /**
10 |      * @var string
11 |      */
12 |     protected $password;
13 | 
14 |     /**
15 |      * @var CryptorInterface
16 |      */
17 |     protected $cryptor;
18 | 
19 |     /**
20 |      * Constructor.
21 |      *
22 |      * @param string                $password
23 |      * @param null|CryptorInterface $cryptor
24 |      */
25 |     public function __construct(string $password, ?CryptorInterface $cryptor = null)
26 |     {
27 |         $this->password = $password;
28 |         $this->cryptor = $cryptor ?? new Cryptor();
29 |     }
30 | 
31 |     /**
32 |      * Encrypt with shared password.
33 |      *
34 |      * @param  string $data
35 |      * @return string Binary string.
36 |      */
37 |     public function encrypt(string $data): string
38 |     {
39 |         return $this->cryptor->encrypt($data, $this->password);
40 |     }
41 | 
42 |     /**
43 |      * Decrypt with shared password.
44 |      *
45 |      * @param  string      $data Binary string.
46 |      * @return bool|string String on success, false on failure.
47 |      */
48 |     public function decrypt(string $data)
49 |     {
50 |         return $this->cryptor->decrypt($data, $this->password);
51 |     }
52 | 
53 |     /**
54 |      * Decrypt with shared password.
55 |      *
56 |      * @param  string                    $data Binary string.
57 |      * @throws DecryptionFailedException
58 |      * @return string                    Return string on success.
59 |      */
60 |     public function mustDecrypt(string $data): string
61 |     {
62 |         return $this->cryptor->mustDecrypt($data, $this->password);
63 |     }
64 | }
65 | 


--------------------------------------------------------------------------------
/src/FixedPasswordCryptorInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt;
 4 | 
 5 | interface FixedPasswordCryptorInterface
 6 | {
 7 |     /**
 8 |      * Encrypt with shared password.
 9 |      *
10 |      * @param  string $data
11 |      * @return string Binary string.
12 |      */
13 |     public function encrypt(string $data): string;
14 | 
15 |     /**
16 |      * Decrypt with shared password.
17 |      *
18 |      * @param  string      $data Binary string.
19 |      * @return bool|string String on success, false on failure.
20 |      */
21 |     public function decrypt(string $data);
22 | 
23 |     /**
24 |      * Decrypt with shared password.
25 |      *
26 |      * @param  string                                               $data Binary string.
27 |      * @throws \Mpyw\EasyCrypt\Exceptions\DecryptionFailedException
28 |      * @return string                                               Return string on success.
29 |      */
30 |     public function mustDecrypt(string $data): string;
31 | }
32 | 


--------------------------------------------------------------------------------
/src/IvGenerator/IvGeneratorInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\IvGenerator;
 4 | 
 5 | interface IvGeneratorInterface
 6 | {
 7 |     /**
 8 |      * Generate new iv/counter value.
 9 |      *
10 |      * @param  int    $length
11 |      * @return string
12 |      */
13 |     public function generate(int $length): string;
14 | }
15 | 


--------------------------------------------------------------------------------
/src/IvGenerator/RandomIvGenerator.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\IvGenerator;
 4 | 
 5 | class RandomIvGenerator implements IvGeneratorInterface
 6 | {
 7 |     /**
 8 |      * Generate new iv/counter value.
 9 |      *
10 |      * @param  int    $length
11 |      * @return string
12 |      */
13 |     public function generate(int $length): string
14 |     {
15 |         if ($length < 1) {
16 |             // @codeCoverageIgnoreStart
17 |             return '';
18 |         }
19 |         // @codeCoverageIgnoreEnd
20 | 
21 |         do {
22 |             $data = openssl_random_pseudo_bytes($length, $secure);
23 |         } while (!$secure);
24 | 
25 |         return $data;
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/src/OpenSSL/EncryptionResult.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\OpenSSL;
 4 | 
 5 | class EncryptionResult
 6 | {
 7 |     /**
 8 |      * @var string
 9 |      */
10 |     public $data;
11 | 
12 |     /**
13 |      * @var null|string
14 |      */
15 |     public $tag;
16 | 
17 |     /**
18 |      * EncryptionResult constructor.
19 |      *
20 |      * @param string      $data
21 |      * @param null|string $tag
22 |      */
23 |     public function __construct(string $data, ?string $tag)
24 |     {
25 |         $this->data = $data;
26 |         $this->tag = $tag;
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/src/OpenSSL/OpenSSL.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Mpyw\EasyCrypt\OpenSSL;
  4 | 
  5 | use Mpyw\EasyCrypt\Exceptions\DecryptionFailedException;
  6 | use Mpyw\EasyCrypt\Exceptions\EncryptionFailedException;
  7 | use Mpyw\EasyCrypt\Exceptions\UnsupportedCipherException;
  8 | use Mpyw\EasyCrypt\IvGenerator\RandomIvGenerator;
  9 | 
 10 | class OpenSSL
 11 | {
 12 |     /**
 13 |      * @var string
 14 |      */
 15 |     protected $method;
 16 | 
 17 |     /**
 18 |      * @var null|bool|int
 19 |      */
 20 |     protected $tagLength = false;
 21 | 
 22 |     /**
 23 |      * @var null|int
 24 |      */
 25 |     protected $ivLength;
 26 | 
 27 |     /**
 28 |      * OpenSSL constructor.
 29 |      *
 30 |      * @param string $method
 31 |      */
 32 |     public function __construct(string $method)
 33 |     {
 34 |         $methods = openssl_get_cipher_methods(true);
 35 | 
 36 |         if (!in_array($method, $methods, true)) {
 37 |             throw new UnsupportedCipherException($method);
 38 |         }
 39 | 
 40 |         $this->method = $method;
 41 |     }
 42 | 
 43 |     /**
 44 |      * @param  string           $data
 45 |      * @param  string           $password
 46 |      * @param  string           $iv
 47 |      * @return EncryptionResult
 48 |      */
 49 |     public function encrypt(string $data, string $password, string $iv = ''): EncryptionResult
 50 |     {
 51 |         $encrypted = $this->useTag()
 52 |             ? openssl_encrypt($data, $this->method, $password, OPENSSL_RAW_DATA, $iv, $tag)
 53 |             : openssl_encrypt($data, $this->method, $password, OPENSSL_RAW_DATA, $iv);
 54 | 
 55 |         if ($encrypted === false) {
 56 |             // @codeCoverageIgnoreStart
 57 |             throw new EncryptionFailedException(openssl_error_string());
 58 |             // @codeCoverageIgnoreEnd
 59 |         }
 60 | 
 61 |         return new EncryptionResult($encrypted, $tag ?? null);
 62 |     }
 63 | 
 64 |     /**
 65 |      * @param  string                    $data
 66 |      * @param  string                    $originalData
 67 |      * @param  string                    $password
 68 |      * @param  string                    $iv
 69 |      * @param  null|string               $tag
 70 |      * @throws DecryptionFailedException
 71 |      * @return string
 72 |      */
 73 |     public function decrypt(string $data, string $originalData, string $password, string $iv = '', ?string $tag = null): string
 74 |     {
 75 |         $decrypted = $this->useTag()
 76 |             ? openssl_decrypt($data, $this->method, $password, OPENSSL_RAW_DATA, $iv, $tag ?? '')
 77 |             : openssl_decrypt($data, $this->method, $password, OPENSSL_RAW_DATA, $iv);
 78 | 
 79 |         if ($decrypted === false) {
 80 |             $error = openssl_error_string() ?: ($this->useTag() ? 'invalid tag content.' : 'unknown error.');
 81 |             throw new DecryptionFailedException($error, $originalData);
 82 |         }
 83 | 
 84 |         return $decrypted;
 85 |     }
 86 | 
 87 |     /**
 88 |      * @return int
 89 |      */
 90 |     public function ivLength(): int
 91 |     {
 92 |         return $this->ivLength ?? ($this->ivLength = openssl_cipher_iv_length($this->method));
 93 |     }
 94 | 
 95 |     /**
 96 |      * @return null|int
 97 |      */
 98 |     public function tagLength(): ?int
 99 |     {
100 |         if (!is_bool($this->tagLength)) {
101 |             return $this->tagLength;
102 |         }
103 | 
104 |         set_error_handler(static function () {});
105 |         openssl_encrypt('', $this->method, '', OPENSSL_RAW_DATA, (new RandomIvGenerator())->generate($this->ivLength()), $tag);
106 |         restore_error_handler();
107 | 
108 |         return $this->tagLength = $tag === null ? null : strlen($tag);
109 |     }
110 | 
111 |     /**
112 |      * @return bool
113 |      */
114 |     public function useTag(): bool
115 |     {
116 |         return $this->tagLength() !== null;
117 |     }
118 | }
119 | 


--------------------------------------------------------------------------------
/tests/CryptorTest.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Mpyw\EasyCrypt\Tests;
  4 | 
  5 | use Mpyw\EasyCrypt\Cryptor;
  6 | use Mpyw\EasyCrypt\Exceptions\DecryptionFailedException;
  7 | use Mpyw\EasyCrypt\Exceptions\UnsupportedCipherException;
  8 | use PHPUnit\Framework\TestCase;
  9 | 
 10 | /**
 11 |  * Class CryptorTest
 12 |  */
 13 | class CryptorTest extends TestCase
 14 | {
 15 |     public function testInvalidMethod(): void
 16 |     {
 17 |         $this->expectException(UnsupportedCipherException::class);
 18 |         new Cryptor('invalid');
 19 |     }
 20 | 
 21 |     public function testAes256(): void
 22 |     {
 23 |         $cryptor = new Cryptor();
 24 | 
 25 |         $encryptedA = $cryptor->encrypt('data', 'password');
 26 |         $encryptedB = $cryptor->encrypt('data', 'password');
 27 | 
 28 |         $this->assertSame('data', $cryptor->decrypt($encryptedA, 'password'));
 29 |         $this->assertSame('data', $cryptor->decrypt($encryptedB, 'password'));
 30 |         $this->assertNotSame($encryptedA, $encryptedB);
 31 | 
 32 |         $this->assertFalse($cryptor->decrypt($encryptedA, 'passward'));
 33 |     }
 34 | 
 35 |     public function testAes256Gcm(): void
 36 |     {
 37 |         $cryptor = new Cryptor('aes-256-gcm');
 38 | 
 39 |         $encryptedA = $cryptor->encrypt('data', 'password');
 40 |         $encryptedB = $cryptor->encrypt('data', 'password');
 41 | 
 42 |         $this->assertSame('data', $cryptor->decrypt($encryptedA, 'password'));
 43 |         $this->assertSame('data', $cryptor->decrypt($encryptedB, 'password'));
 44 |         $this->assertNotSame($encryptedA, $encryptedB);
 45 | 
 46 |         $this->assertFalse($cryptor->decrypt($encryptedA, 'passward'));
 47 |     }
 48 | 
 49 |     public function testInvalidIvLength(): void
 50 |     {
 51 |         $cryptor = new Cryptor();
 52 |         $this->assertFalse($cryptor->decrypt('', 'password'));
 53 | 
 54 |         try {
 55 |             $cryptor->mustDecrypt('', 'password');
 56 |             $this->assertTrue(false);
 57 |         } catch (DecryptionFailedException $e) {
 58 |             $this->assertSame('', $e->getData());
 59 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
 60 |             $this->assertSame('invalid iv length.', $e->getOriginalMessage());
 61 |         }
 62 |     }
 63 | 
 64 |     public function testInvalidTagLength(): void
 65 |     {
 66 |         $cryptor = new Cryptor('aes-256-gcm');
 67 |         $this->assertFalse($cryptor->decrypt(str_repeat('x', 16), 'password'));
 68 | 
 69 |         try {
 70 |             $cryptor->mustDecrypt(str_repeat('x', 16), 'password');
 71 |             $this->assertTrue(false);
 72 |         } catch (DecryptionFailedException $e) {
 73 |             $this->assertSame(str_repeat('x', 16), $e->getData());
 74 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
 75 |             $this->assertSame('invalid tag length.', $e->getOriginalMessage());
 76 |         }
 77 |     }
 78 | 
 79 |     public function testInvalidTagContent(): void
 80 |     {
 81 |         $cryptor = new Cryptor('aes-256-gcm');
 82 | 
 83 |         $corrupted = substr_replace(
 84 |             $cryptor->encrypt('', 'password'),
 85 |             str_repeat('x', 16),
 86 |             -16
 87 |         );
 88 | 
 89 |         $this->assertFalse($cryptor->decrypt($corrupted, 'password'));
 90 | 
 91 |         try {
 92 |             $cryptor->mustDecrypt($corrupted, 'password');
 93 |             $this->assertTrue(false);
 94 |         } catch (DecryptionFailedException $e) {
 95 |             $this->assertSame($corrupted, $e->getData());
 96 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
 97 |             $this->assertSame('invalid tag content.', $e->getOriginalMessage());
 98 |         }
 99 |     }
100 | }
101 | 


--------------------------------------------------------------------------------
/tests/FixedPasswordCryptorTest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Mpyw\EasyCrypt\Tests;
 4 | 
 5 | use Mpyw\EasyCrypt\Cryptor;
 6 | use Mpyw\EasyCrypt\Exceptions\DecryptionFailedException;
 7 | use Mpyw\EasyCrypt\FixedPasswordCryptor;
 8 | use PHPUnit\Framework\TestCase;
 9 | 
10 | /**
11 |  * Class FixedPasswordCryptorTest
12 |  */
13 | class FixedPasswordCryptorTest extends TestCase
14 | {
15 |     public function testAes256(): void
16 |     {
17 |         $cryptor = new FixedPasswordCryptor('password');
18 |         $anotherCryptor = new FixedPasswordCryptor('passward');
19 | 
20 |         $encryptedA = $cryptor->encrypt('data');
21 |         $encryptedB = $cryptor->encrypt('data');
22 | 
23 |         $this->assertSame('data', $cryptor->decrypt($encryptedA));
24 |         $this->assertSame('data', $cryptor->decrypt($encryptedB));
25 |         $this->assertNotSame($encryptedA, $encryptedB);
26 | 
27 |         $this->assertFalse($anotherCryptor->decrypt($encryptedA));
28 |     }
29 | 
30 |     public function testInvalidIvLength(): void
31 |     {
32 |         $cryptor = new FixedPasswordCryptor('password');
33 |         $this->assertFalse($cryptor->decrypt(''));
34 | 
35 |         try {
36 |             $cryptor->mustDecrypt('');
37 |             $this->assertTrue(false);
38 |         } catch (DecryptionFailedException $e) {
39 |             $this->assertSame('', $e->getData());
40 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
41 |             $this->assertSame('invalid iv length.', $e->getOriginalMessage());
42 |         }
43 |     }
44 | 
45 |     public function testInvalidTagLength(): void
46 |     {
47 |         $cryptor = new FixedPasswordCryptor('password', new Cryptor('aes-256-gcm'));
48 |         $this->assertFalse($cryptor->decrypt(str_repeat('x', 16)));
49 | 
50 |         try {
51 |             $cryptor->mustDecrypt(str_repeat('x', 16));
52 |             $this->assertTrue(false);
53 |         } catch (DecryptionFailedException $e) {
54 |             $this->assertSame(str_repeat('x', 16), $e->getData());
55 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
56 |             $this->assertSame('invalid tag length.', $e->getOriginalMessage());
57 |         }
58 |     }
59 | 
60 |     public function testInvalidTagContent(): void
61 |     {
62 |         $cryptor = new FixedPasswordCryptor('password', new Cryptor('aes-256-gcm'));
63 | 
64 |         $corrupted = substr_replace(
65 |             $cryptor->encrypt(''),
66 |             str_repeat('x', 16),
67 |             -16
68 |         );
69 | 
70 |         $this->assertFalse($cryptor->decrypt($corrupted));
71 | 
72 |         try {
73 |             $cryptor->mustDecrypt($corrupted);
74 |             $this->assertTrue(false);
75 |         } catch (DecryptionFailedException $e) {
76 |             $this->assertSame($corrupted, $e->getData());
77 |             $this->assertSame('Failed to decrypt.', $e->getMessage());
78 |             $this->assertSame('invalid tag content.', $e->getOriginalMessage());
79 |         }
80 |     }
81 | }
82 | 


--------------------------------------------------------------------------------