/src/etc/inc/crypt.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/crypt.inc @ 8bc76ef2

1	8ff5ffcc	Matthew Grooms	<?php
2			/*
3	ac24dc24	Renato Botelho	* crypt.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2008-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	37d60e23	Luiz Souza	* Copyright (c) 2014-2025 Rubicon Communications, LLC (Netgate)
9	ac24dc24	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc. All rights reserved.
10			* All rights reserved.
11			*
12			* originally part of m0n0wall (http://m0n0.ch/wall)
13	c5d81585	Renato Botelho	* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
14	ac24dc24	Renato Botelho	* All rights reserved.
15			*
16	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
17			* you may not use this file except in compliance with the License.
18			* You may obtain a copy of the License at
19	ac24dc24	Renato Botelho	*
20	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
21	ac24dc24	Renato Botelho	*
22	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
23			* distributed under the License is distributed on an "AS IS" BASIS,
24			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25			* See the License for the specific language governing permissions and
26			* limitations under the License.
27	ac24dc24	Renato Botelho	*/
28	8ff5ffcc	Matthew Grooms
29	dd9b24e9	jim-p	define('PFS_OPENSSL_DEFAULT_ITERATIONS', '500000');
30
31	2404ca68	jim-p	function crypt_cleanup($file) {
32	6765f83a	jim-p	unlink_if_exists($file);
33			unlink_if_exists("{$file}.dec");
34			unlink_if_exists("{$file}.enc");
35	2404ca68	jim-p	}
36	6765f83a	jim-p
37	2404ca68	jim-p	function crypt_data($val, $pass, $opt, $legacy = false, $iterations = PFS_OPENSSL_DEFAULT_ITERATIONS) {
38			$file = tempnam("/tmp", "php-encrypt");
39			/* Ensure the files do not already exist */
40
41			crypt_cleanup($file);
42	3be0dff4	jim-p	file_put_contents("{$file}.dec", $val);
43	6765f83a	jim-p
44			/* Use PBKDF2 Key Derivation (https://en.wikipedia.org/wiki/PBKDF2)
45			* unless we need to read old data encrypted without it. */
46			$keyder = ($legacy) ? "" : "-pbkdf2";
47	ff383f32	jim-p	$md = ($legacy) ? "md5" : "sha256";
48	dd9b24e9	jim-p	$iter = ($legacy) ? '' : ' -iter ' . escapeshellarg($iterations);
49	6765f83a	jim-p
50			$output = "";
51			$exitcode = "";
52	134a8703	Marcos Mendoza	exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -pass pass:" . escapeshellarg($pass) . " -salt -md {$md} {$keyder} {$iter} 2> /dev/null", $output, $exitcode);
53	6765f83a	jim-p
54			if (($exitcode == 0) && file_exists("{$file}.enc") && (filesize("{$file}.enc") > 0)) {
55	15855fbc	jim-p	$result = file_get_contents("{$file}.enc");
56	2404ca68	jim-p	} elseif (($opt == "-d") && ($legacy === false) && ($iterations == PFS_OPENSSL_DEFAULT_ITERATIONS)) {
57	dd9b24e9	jim-p	/* If it failed with the current default iterations,
58			* next try with previous default number of iterations. */
59	2404ca68	jim-p	crypt_cleanup($file);
60	dd9b24e9	jim-p	$result = crypt_data($val, $pass, $opt, false, '10000');
61	2404ca68	jim-p	} elseif (($opt == "-d") && ($legacy === false)) {
62	6765f83a	jim-p	/* Operation failed without new options, try old. */
63	2404ca68	jim-p	crypt_cleanup($file);
64	6765f83a	jim-p	$result = crypt_data($val, $pass, $opt, true);
65	1e0b1727	Phil Davis	} else {
66	15855fbc	jim-p	$result = "";
67	d18f3f6e	Phil Davis	log_error(gettext("Failed to encrypt/decrypt data!"));
68	15855fbc	jim-p	}
69	6765f83a	jim-p
70			/* Cleanup */
71	2404ca68	jim-p	crypt_cleanup($file);
72	e22eca36	jim-p	return $result;
73	8ff5ffcc	Matthew Grooms	}
74
75	6765f83a	jim-p	function encrypt_data(& $data, $pass, $legacy = false) {
76			return base64_encode(crypt_data($data, $pass, "-e", $legacy));
77	8ff5ffcc	Matthew Grooms	}
78
79	6765f83a	jim-p	function decrypt_data(& $data, $pass, $legacy = false) {
80			return crypt_data(base64_decode($data), $pass, "-d", $legacy);
81	8ff5ffcc	Matthew Grooms	}
82
83			function tagfile_reformat($in, & $out, $tag) {
84
85			$out = "---- BEGIN {$tag} ----\n";
86
87			$size = 80;
88			$oset = 0;
89			while ($size >= 64) {
90			$line = substr($in, $oset, 64);
91			$out .= $line."\n";
92			$size = strlen($line);
93			$oset += $size;
94			}
95
96			$out .= "---- END {$tag} ----\n";
97
98			return true;
99			}
100
101			function tagfile_deformat($in, & $out, $tag) {
102
103			$btag_val = "---- BEGIN {$tag} ----";
104			$etag_val = "---- END {$tag} ----";
105
106			$btag_len = strlen($btag_val);
107			$etag_len = strlen($etag_val);
108
109			$btag_pos = stripos($in, $btag_val);
110			$etag_pos = stripos($in, $etag_val);
111
112	1e0b1727	Phil Davis	if (($btag_pos === false) \|\| ($etag_pos === false)) {
113	8ff5ffcc	Matthew Grooms	return false;
114	1e0b1727	Phil Davis	}
115	8ff5ffcc	Matthew Grooms
116			$body_pos = $btag_pos + $btag_len;
117			$body_len = strlen($in);
118	f5bafe95	Ermal	$body_len -= $btag_len;
119			$body_len -= $etag_len + 1;
120	8ff5ffcc	Matthew Grooms
121			$out = substr($in, $body_pos, $body_len);
122
123			return true;
124			}
125	5025a56c	Scott Ullrich
126	f5bafe95	Ermal	?>

Project

General

Profile

pfSense