Skip to content

Commit

Permalink
More guardians and more unit tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@csev
csev committed Feb 4, 2024
1 parent e066074 commit 7dd1a82
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/Core/LTIX.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ public static function launchCheck($needed=self::ALL, $session_object=null,$requ
public static function encrypt_secret($secret)
{
global $CFG;
if ( ! is_string($secret) ) return null;
if ( startsWith($secret,'AES::') ) return $secret;
$encr = AesOpenSSL::encrypt($secret, $CFG->cookiesecret) ;
return 'AES::'.$encr;
Expand Down
5 changes: 5 additions & 0 deletions src/Crypt/AesOpenSSL.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,12 @@ class AesOpenSSL {
*/
public static function encrypt($plaintext, $password, $nBits=256) {
$method = "AES-256-CBC";
if ( !is_string($plaintext) || ! is_string($password) ) return null;
$key = hash('sha256', $password, true);
$iv = openssl_random_pseudo_bytes(16);

if ( ! is_string($plaintext) || ! is_string($password) ) return null;

$ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
$hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);

Expand All @@ -50,6 +53,8 @@ public static function encrypt($plaintext, $password, $nBits=256) {
* @return string decrypted text
*/
public static function decrypt($ciphertext, $password, $nBits=256) {
if ( ! is_string($ciphertext) || ! is_string($password) ) return null;

$method = "AES-256-CBC";
$ivHashCiphertext = base64_decode($ciphertext);
$iv = substr($ivHashCiphertext, 0, 16);
Expand Down
20 changes: 20 additions & 0 deletions tests/Crypt/AesTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,26 @@

class AesTest extends \PHPUnit\Framework\TestCase
{
public function testOpenSSLNull() {
$pw = 'L0ck it up saf3';
$pt = 'pssst ... đon’t tell anyøne!';

$encr = AesOpenSSL::encrypt(null, $pw) ;
$this->assertNull($encr);
$encr = AesOpenSSL::encrypt($pt, null) ;
$this->assertNull($encr);
$encr = AesOpenSSL::encrypt(null, null) ;
$this->assertNull($encr);

$decr = AesOpenSSL::decrypt(null, $pw) ;
$this->assertNull($decr);
$decr = AesOpenSSL::decrypt($pt, null) ;
$this->assertNull($decr);
$decr = AesOpenSSL::decrypt(null, null) ;
$this->assertNull($decr);

}

public function testOpenSSL() {
$pw = 'L0ck it up saf3';
$pt = 'pssst ... đon’t tell anyøne!';
Expand Down

0 comments on commit 7dd1a82

Please sign in to comment.