Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Public Member Functions | Data Fields | Protected Attributes
Encryptor Class Reference
Inheritance diagram for Encryptor:
EncryptorInterface

Public Member Functions

 __construct (Random $random, DeploymentConfig $deploymentConfig)
 
 validateCipher ($version)
 
 getHash ($password, $salt=false, $version=self::HASH_VERSION_LATEST)
 
 hash ($data, $version=self::HASH_VERSION_LATEST)
 
 validateHash ($password, $hash)
 
 isValidHash ($password, $hash)
 
 validateHashVersion ($hash, $validateCount=false)
 
 encrypt ($data)
 
 encryptWithFastestAvailableAlgorithm ($data)
 
 decrypt ($data)
 
 validateKey ($key)
 
 setNewKey ($key)
 
 exportKeys ()
 
- Public Member Functions inherited from EncryptorInterface
 getHash ($password, $salt=false)
 
 hash ($data)
 

Data Fields

const HASH_VERSION_MD5 = 0
 
const HASH_VERSION_SHA256 = 1
 
const HASH_VERSION_LATEST = 1
 
const DEFAULT_SALT_LENGTH = 32
 
const PASSWORD_HASH = 0
 
const PASSWORD_SALT = 1
 
const PASSWORD_VERSION = 2
 
const PARAM_CRYPT_KEY = 'crypt/key'
 
const CIPHER_BLOWFISH = 0
 
const CIPHER_RIJNDAEL_128 = 1
 
const CIPHER_RIJNDAEL_256 = 2
 
const CIPHER_AEAD_CHACHA20POLY1305 = 3
 
const CIPHER_LATEST = 3
 
const DELIMITER = ':'
 

Protected Attributes

 $cipher = self::CIPHER_LATEST
 
 $keyVersion
 
 $keys = []
 

Detailed Description

Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data

Definition at line 21 of file Encryptor.php.

Constructor & Destructor Documentation

◆ __construct()

__construct ( Random  $random,
DeploymentConfig  $deploymentConfig 
)

Encryptor constructor.

Parameters
Random$random
DeploymentConfig$deploymentConfig

Definition at line 123 of file Encryptor.php.

126  {
127  $this->random = $random;
128 
129  // load all possible keys
130  $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get(self::PARAM_CRYPT_KEY)));
131  $this->keyVersion = count($this->keys) - 1;
132  }
$deploymentConfig

Member Function Documentation

◆ decrypt()

decrypt (   $data)

Look for key and crypt versions in encrypted data before decrypting

Unsupported/unspecified key version silently fallback to the oldest we have Unsupported cipher versions eventually throw exception Unspecified cipher version fallback to the oldest we support

Parameters
string$data
Returns
string
Exceptions

Implements EncryptorInterface.

Definition at line 319 of file Encryptor.php.

320  {
321  if ($data) {
322  $parts = explode(':', $data, 4);
323  $partsCount = count($parts);
324 
325  $initVector = null;
326  // specified key, specified crypt, specified iv
327  if (4 === $partsCount) {
328  list($keyVersion, $cryptVersion, $iv, $data) = $parts;
329  $initVector = $iv ? $iv : null;
330  $keyVersion = (int)$keyVersion;
331  $cryptVersion = self::CIPHER_RIJNDAEL_256;
332  // specified key, specified crypt
333  } elseif (3 === $partsCount) {
334  list($keyVersion, $cryptVersion, $data) = $parts;
335  $keyVersion = (int)$keyVersion;
336  $cryptVersion = (int)$cryptVersion;
337  // no key version = oldest key, specified crypt
338  } elseif (2 === $partsCount) {
339  list($cryptVersion, $data) = $parts;
340  $keyVersion = 0;
341  $cryptVersion = (int)$cryptVersion;
342  // no key version = oldest key, no crypt version = oldest crypt
343  } elseif (1 === $partsCount) {
344  $keyVersion = 0;
345  $cryptVersion = self::CIPHER_BLOWFISH;
346  // not supported format
347  } else {
348  return '';
349  }
350  // no key for decryption
351  if (!isset($this->keys[$keyVersion])) {
352  return '';
353  }
354  $crypt = $this->getCrypt($this->keys[$keyVersion], $cryptVersion, $initVector);
355  if (null === $crypt) {
356  return '';
357  }
358  return trim($crypt->decrypt(base64_decode((string)$data)));
359  }
360  return '';
361  }
$initVector
elseif(isset( $params[ 'redirect_parent']))
Definition: iframe.phtml:17

◆ encrypt()

encrypt (   $data)

Prepend key and cipher versions to encrypted data after encrypting

Parameters
string$data
Returns
string

Implements EncryptorInterface.

Definition at line 283 of file Encryptor.php.

284  {
285  $crypt = new SodiumChachaIetf($this->keys[$this->keyVersion]);
286 
287  return $this->keyVersion .
288  ':' . self::CIPHER_AEAD_CHACHA20POLY1305 .
289  ':' . base64_encode($crypt->encrypt($data));
290  }

◆ encryptWithFastestAvailableAlgorithm()

encryptWithFastestAvailableAlgorithm (   $data)

Encrypt data using the fastest available algorithm

Parameters
string$data
Returns
string

Definition at line 298 of file Encryptor.php.

299  {
300  $crypt = $this->getCrypt();
301  if (null === $crypt) {
302  return $data;
303  }
304  return $this->keyVersion .
305  ':' . $this->getCipherVersion() .
306  ':' . base64_encode($crypt->encrypt($data));
307  }

◆ exportKeys()

exportKeys ( )

Export current keys as string

Returns
string

Definition at line 396 of file Encryptor.php.

397  {
398  return implode("\n", $this->keys);
399  }

◆ getHash()

getHash (   $password,
  $salt = false,
  $version = self::HASH_VERSION_LATEST 
)

Definition at line 162 of file Encryptor.php.

163  {
164  if ($salt === false) {
165  return $this->hash($password, $version);
166  }
167  if ($salt === true) {
169  }
170  if (is_integer($salt)) {
171  $salt = $this->random->getRandomString($salt);
172  }
173 
174  return implode(
175  self::DELIMITER,
176  [
177  $this->hash($salt . $password, $version),
178  $salt,
179  $version
180  ]
181  );
182  }
hash($data, $version=self::HASH_VERSION_LATEST)
Definition: Encryptor.php:187

◆ hash()

array map of password hash (   $data,
  $version = self::HASH_VERSION_LATEST 
)

Definition at line 187 of file Encryptor.php.

188  {
189  return hash($this->hashVersionMap[$version], (string)$data);
190  }
hash($data, $version=self::HASH_VERSION_LATEST)
Definition: Encryptor.php:187

◆ isValidHash()

isValidHash (   $password,
  $hash 
)

Validate hash against hashing method (with or without salt)

Parameters
string$password
string$hash
Returns
bool
Exceptions

Implements EncryptorInterface.

Definition at line 203 of file Encryptor.php.

204  {
205  $this->explodePasswordHash($hash);
206 
207  foreach ($this->getPasswordVersion() as $hashVersion) {
208  $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
209  }
210 
212  $password,
213  $this->getPasswordHash()
214  );
215  }
hash($data, $version=self::HASH_VERSION_LATEST)
Definition: Encryptor.php:187
static compareStrings($expected, $actual)
Definition: Security.php:26

◆ setNewKey()

setNewKey (   $key)

Attempt to append new key & version

Parameters
string$key
Returns
$this
Exceptions

Definition at line 383 of file Encryptor.php.

384  {
385  $this->validateKey($key);
386  $this->keys[] = $key;
387  $this->keyVersion += 1;
388  return $this;
389  }

◆ validateCipher()

validateCipher (   $version)

Check whether specified cipher version is supported

Returns matched supported version or throws exception

Parameters
int$version
Returns
int
Exceptions

Definition at line 143 of file Encryptor.php.

144  {
145  $types = [
150  ];
151 
152  $version = (int)$version;
153  if (!in_array($version, $types, true)) {
154  throw new \Exception((string)new \Magento\Framework\Phrase('Not supported cipher version'));
155  }
156  return $version;
157  }

◆ validateHash()

validateHash (   $password,
  $hash 
)

Validate hash against hashing method (with or without salt)

Parameters
string$password
string$hash
Returns
bool
Exceptions

Implements EncryptorInterface.

Definition at line 195 of file Encryptor.php.

196  {
197  return $this->isValidHash($password, $hash);
198  }

◆ validateHashVersion()

validateHashVersion (   $hash,
  $validateCount = false 
)

Validate hashing algorithm version

Parameters
string$hash
bool$validateCount
Returns
bool

Implements EncryptorInterface.

Definition at line 220 of file Encryptor.php.

221  {
222  $this->explodePasswordHash($hash);
223  $hashVersions = $this->getPasswordVersion();
224 
225  return $validateCount
226  ? end($hashVersions) === self::HASH_VERSION_LATEST && count($hashVersions) === 1
227  : end($hashVersions) === self::HASH_VERSION_LATEST;
228  }

◆ validateKey()

validateKey (   $key)

Validate key contains only allowed characters

Parameters
string | null$keyNULL value means usage of the default key specified on constructor
Exceptions

Implements EncryptorInterface.

Definition at line 369 of file Encryptor.php.

370  {
371  if (preg_match('/\s/s', $key)) {
372  throw new \Exception((string)new \Magento\Framework\Phrase('The encryption key format is invalid.'));
373  }
374  }

Field Documentation

◆ $cipher

$cipher = self::CIPHER_LATEST
protected

Definition at line 97 of file Encryptor.php.

◆ $keys

$keys = []
protected

Definition at line 111 of file Encryptor.php.

◆ $keyVersion

$keyVersion
protected

Definition at line 104 of file Encryptor.php.

◆ CIPHER_AEAD_CHACHA20POLY1305

const CIPHER_AEAD_CHACHA20POLY1305 = 3

Definition at line 65 of file Encryptor.php.

◆ CIPHER_BLOWFISH

const CIPHER_BLOWFISH = 0

#+ Cipher versions

Definition at line 59 of file Encryptor.php.

◆ CIPHER_LATEST

const CIPHER_LATEST = 3

Definition at line 67 of file Encryptor.php.

◆ CIPHER_RIJNDAEL_128

const CIPHER_RIJNDAEL_128 = 1

Definition at line 61 of file Encryptor.php.

◆ CIPHER_RIJNDAEL_256

const CIPHER_RIJNDAEL_256 = 2

Definition at line 63 of file Encryptor.php.

◆ DEFAULT_SALT_LENGTH

const DEFAULT_SALT_LENGTH = 32

Default length of salt in bytes

Definition at line 41 of file Encryptor.php.

◆ DELIMITER

const DELIMITER = ':'

#- Default hash string delimiter

Definition at line 73 of file Encryptor.php.

◆ HASH_VERSION_LATEST

const HASH_VERSION_LATEST = 1

Key of latest used algorithm

Definition at line 36 of file Encryptor.php.

◆ HASH_VERSION_MD5

const HASH_VERSION_MD5 = 0

Key of md5 algorithm

Definition at line 26 of file Encryptor.php.

◆ HASH_VERSION_SHA256

const HASH_VERSION_SHA256 = 1

Key of sha256 algorithm

Definition at line 31 of file Encryptor.php.

◆ PARAM_CRYPT_KEY

const PARAM_CRYPT_KEY = 'crypt/key'

#- Array key of encryption key in deployment config

Definition at line 54 of file Encryptor.php.

◆ PASSWORD_HASH

const PASSWORD_HASH = 0

#+ Exploded password hash keys

Definition at line 46 of file Encryptor.php.

◆ PASSWORD_SALT

const PASSWORD_SALT = 1

Definition at line 47 of file Encryptor.php.

◆ PASSWORD_VERSION

const PASSWORD_VERSION = 2

Definition at line 48 of file Encryptor.php.


The documentation for this class was generated from the following file: