3v4l.org

run code in 300+ PHP versions simultaneously
<?php /** * http://stackoverflow.com/questions/9262109/php-simplest-two-way-encryption/30189841#30189841 * * This is not safe to use */ class UnsafeCrypto { const METHOD = 'aes-256-ctr'; /** * Encrypts (but does not authenticate) a message * * @param string $message - plaintext message * @param string $key - encryption key (raw binary expected) * @param boolean $encode - set to TRUE to return a base64-encoded * @return string (raw binary) */ public static function encrypt($message, $key, $encode = false) { $nonceSize = openssl_cipher_iv_length(self::METHOD); $nonce = openssl_random_pseudo_bytes($nonceSize); $ciphertext = openssl_encrypt( $message, self::METHOD, $key, OPENSSL_RAW_DATA, $nonce ); // Now let's pack the IV and the ciphertext together // Naively, we can just concatenate if ($encode) { return base64_encode($nonce.$ciphertext); } return $nonce.$ciphertext; } /** * Decrypts (but does not verify) a message * * @param string $message - ciphertext message * @param string $key - encryption key (raw binary expected) * @param boolean $encoded - are we expecting an encoded string? * @return string */ public static function decrypt($message, $key, $encoded = false) { if ($encoded) { $message = base64_decode($message, true); if ($message === false) { throw new Exception('Encryption failure'); } } $nonceSize = openssl_cipher_iv_length(self::METHOD); $nonce = mb_substr($message, 0, $nonceSize, '8bit'); $ciphertext = mb_substr($message, $nonceSize, null, '8bit'); $plaintext = openssl_decrypt( $ciphertext, self::METHOD, $key, OPENSSL_RAW_DATA, $nonce ); return $plaintext; } } class SaferCrypto extends UnsafeCrypto { const HASH_ALGO = 'sha256'; /** * Encrypts then MACs a message * * @param string $message - plaintext message * @param string $key - encryption key (raw binary expected) * @param boolean $encode - set to TRUE to return a base64-encoded string * @return string (raw binary) */ public static function encrypt($message, $key, $encode = false) { list($encKey, $authKey) = self::splitKeys($key); // Pass to UnsafeCrypto::encrypt $ciphertext = parent::encrypt($message, $encKey); // Calculate a MAC of the IV and ciphertext $mac = hash_hmac(self::HASH_ALGO, $ciphertext, $authKey, true); if ($encode) { return base64_encode($mac.$ciphertext); } // Prepend MAC to the ciphertext and return to caller return $mac.$ciphertext; } /** * Decrypts a message (after verifying integrity) * * @param string $message - ciphertext message * @param string $key - encryption key (raw binary expected) * @param boolean $encoded - are we expecting an encoded string? * @return string (raw binary) */ public static function decrypt($message, $key, $encoded = false) { list($encKey, $authKey) = self::splitKeys($key); if ($encoded) { $message = base64_decode($message, true); if ($message === false) { throw new Exception('Encryption failure'); } } // Hash Size -- in case HASH_ALGO is changed $hs = mb_strlen(hash(self::HASH_ALGO, '', true), '8bit'); $mac = mb_substr($message, 0, $hs, '8bit'); $ciphertext = mb_substr($message, $hs, null, '8bit'); $calculated = hash_hmac( self::HASH_ALGO, $ciphertext, $authKey, true ); if (!self::hashEquals($mac, $calculated)) { throw new Exception('Encryption failure'); } // Pass to UnsafeCrypto::decrypt $plaintext = parent::decrypt($ciphertext, $encKey); return $plaintext; } /** * Splits a key into two separate keys; one for encryption * and the other for authenticaiton * * @param string $masterKey (raw binary) * @return array (two raw binary strings) */ protected static function splitKeys($masterKey) { // You really want to implement HKDF here instead! return [ hash_hmac(self::HASH_ALGO, 'ENCRYPTION', $masterKey, true), hash_hmac(self::HASH_ALGO, 'AUTHENTICATION', $masterKey, true) ]; } /** * Compare two strings without leaking timing information * * @param string $a * @param string $b * @return boolean */ protected static function hashEquals($a, $b) { if (function_exists('hash_equals')) { return hash_equals($a, $b); } $nonce = openssl_random_pseudo_bytes(32); return hash_hmac(self::HASH_ALGO, $a, $nonce) === hash_hmac(self::HASH_ALGO, $b, $nonce); } } $message = 'Ready your ammunition; we attack at dawn.'; $key = hex2bin('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'); $encrypted = SaferCrypto::encrypt($message, $key); $decrypted = SaferCrypto::decrypt($encrypted, $key); var_dump($encrypted, $decrypted);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/49Zdh
function name:  (null)
number of ops:  20
compiled vars:  !0 = $message, !1 = $key, !2 = $encrypted, !3 = $decrypted
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  176     0  E >   ASSIGN                                                   !0, 'Ready+your+ammunition%3B+we+attack+at+dawn.'
  177     1        INIT_FCALL                                               'hex2bin'
          2        SEND_VAL                                                 '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'
          3        DO_ICALL                                         $5      
          4        ASSIGN                                                   !1, $5
  179     5        INIT_STATIC_METHOD_CALL                                  'SaferCrypto', 'encrypt'
          6        SEND_VAR                                                 !0
          7        SEND_VAR                                                 !1
          8        DO_FCALL                                      0  $7      
          9        ASSIGN                                                   !2, $7
  180    10        INIT_STATIC_METHOD_CALL                                  'SaferCrypto', 'decrypt'
         11        SEND_VAR                                                 !2
         12        SEND_VAR                                                 !1
         13        DO_FCALL                                      0  $9      
         14        ASSIGN                                                   !3, $9
  182    15        INIT_FCALL                                               'var_dump'
         16        SEND_VAR                                                 !2
         17        SEND_VAR                                                 !3
         18        DO_ICALL                                                 
         19      > RETURN                                                   1

Class UnsafeCrypto:
Function encrypt:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 21, Position 2 = 26
Branch analysis from position: 21
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 26
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/49Zdh
function name:  encrypt
number of ops:  29
compiled vars:  !0 = $message, !1 = $key, !2 = $encode, !3 = $nonceSize, !4 = $nonce, !5 = $ciphertext
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   19     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV_INIT                                        !2      <false>
   21     3        INIT_FCALL_BY_NAME                                       'openssl_cipher_iv_length'
          4        SEND_VAL_EX                                              'aes-256-ctr'
          5        DO_FCALL                                      0  $6      
          6        ASSIGN                                                   !3, $6
   22     7        INIT_FCALL_BY_NAME                                       'openssl_random_pseudo_bytes'
          8        SEND_VAR_EX                                              !3
          9        DO_FCALL                                      0  $8      
         10        ASSIGN                                                   !4, $8
   24    11        INIT_FCALL_BY_NAME                                       'openssl_encrypt'
   25    12        SEND_VAR_EX                                              !0
   26    13        SEND_VAL_EX                                              'aes-256-ctr'
   25    14        SEND_VAR_EX                                              !1
   28    15        FETCH_CONSTANT                                   ~10     'OPENSSL_RAW_DATA'
         16        SEND_VAL_EX                                              ~10
   25    17        SEND_VAR_EX                                              !4
   24    18        DO_FCALL                                      0  $11     
         19        ASSIGN                                                   !5, $11
   34    20      > JMPZ                                                     !2, ->26
   35    21    >   INIT_FCALL                                               'base64_encode'
         22        CONCAT                                           ~13     !4, !5
         23        SEND_VAL                                                 ~13
         24        DO_ICALL                                         $14     
         25      > RETURN                                                   $14
   37    26    >   CONCAT                                           ~15     !4, !5
         27      > RETURN                                                   ~15
   38    28*     > RETURN                                                   null

End of function encrypt

Function decrypt:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 4, Position 2 = 15
Branch analysis from position: 4
2 jumps found. (Code = 43) Position 1 = 11, Position 2 = 15
Branch analysis from position: 11
1 jumps found. (Code = 108) Position 1 = -2
Branch analysis from position: 15
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 15
filename:       /in/49Zdh
function name:  decrypt
number of ops:  44
compiled vars:  !0 = $message, !1 = $key, !2 = $encoded, !3 = $nonceSize, !4 = $nonce, !5 = $ciphertext, !6 = $plaintext
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   48     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV_INIT                                        !2      <false>
   50     3      > JMPZ                                                     !2, ->15
   51     4    >   INIT_FCALL                                               'base64_decode'
          5        SEND_VAR                                                 !0
          6        SEND_VAL                                                 <true>
          7        DO_ICALL                                         $7      
          8        ASSIGN                                                   !0, $7
   52     9        TYPE_CHECK                                    4          !0
         10      > JMPZ                                                     ~9, ->15
   53    11    >   NEW                                              $10     'Exception'
         12        SEND_VAL_EX                                              'Encryption+failure'
         13        DO_FCALL                                      0          
         14      > THROW                                         0          $10
   57    15    >   INIT_FCALL_BY_NAME                                       'openssl_cipher_iv_length'
         16        SEND_VAL_EX                                              'aes-256-ctr'
         17        DO_FCALL                                      0  $12     
         18        ASSIGN                                                   !3, $12
   58    19        INIT_FCALL                                               'mb_substr'
         20        SEND_VAR                                                 !0
         21        SEND_VAL                                                 0
         22        SEND_VAR                                                 !3
         23        SEND_VAL                                                 '8bit'
         24        DO_ICALL                                         $14     
         25        ASSIGN                                                   !4, $14
   59    26        INIT_FCALL                                               'mb_substr'
         27        SEND_VAR                                                 !0
         28        SEND_VAR                                                 !3
         29        SEND_VAL                                                 null
         30        SEND_VAL                                                 '8bit'
         31        DO_ICALL                                         $16     
         32        ASSIGN                                                   !5, $16
   61    33        INIT_FCALL_BY_NAME                                       'openssl_decrypt'
   62    34        SEND_VAR_EX                                              !5
   63    35        SEND_VAL_EX                                              'aes-256-ctr'
   62    36        SEND_VAR_EX                                              !1
   65    37        FETCH_CONSTANT                                   ~18     'OPENSSL_RAW_DATA'
         38        SEND_VAL_EX                                              ~18
   62    39        SEND_VAR_EX                                              !4
   61    40        DO_FCALL                                      0  $19     
         41        ASSIGN                                                   !6, $19
   69    42      > RETURN                                                   !6
   70    43*     > RETURN                                                   null

End of function decrypt

End of class UnsafeCrypto.

Class SaferCrypto:
Function encrypt:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 24, Position 2 = 29
Branch analysis from position: 24
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 29
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/49Zdh
function name:  encrypt
number of ops:  32
compiled vars:  !0 = $message, !1 = $key, !2 = $encode, !3 = $encKey, !4 = $authKey, !5 = $ciphertext, !6 = $mac
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   84     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV_INIT                                        !2      <false>
   86     3        INIT_STATIC_METHOD_CALL                                  'splitKeys'
          4        SEND_VAR_EX                                              !1
          5        DO_FCALL                                      0  $7      
          6        FETCH_LIST_R                                     $8      $7, 0
          7        ASSIGN                                                   !3, $8
          8        FETCH_LIST_R                                     $10     $7, 1
          9        ASSIGN                                                   !4, $10
         10        FREE                                                     $7
   89    11        INIT_STATIC_METHOD_CALL                                  'encrypt'
         12        SEND_VAR_EX                                              !0
         13        SEND_VAR_EX                                              !3
         14        DO_FCALL                                      0  $12     
         15        ASSIGN                                                   !5, $12
   92    16        INIT_FCALL                                               'hash_hmac'
         17        SEND_VAL                                                 'sha256'
         18        SEND_VAR                                                 !5
         19        SEND_VAR                                                 !4
         20        SEND_VAL                                                 <true>
         21        DO_ICALL                                         $14     
         22        ASSIGN                                                   !6, $14
   94    23      > JMPZ                                                     !2, ->29
   95    24    >   INIT_FCALL                                               'base64_encode'
         25        CONCAT                                           ~16     !6, !5
         26        SEND_VAL                                                 ~16
         27        DO_ICALL                                         $17     
         28      > RETURN                                                   $17
   98    29    >   CONCAT                                           ~18     !6, !5
         30      > RETURN                                                   ~18
   99    31*     > RETURN                                                   null

End of function encrypt

Function decrypt:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 12, Position 2 = 23
Branch analysis from position: 12
2 jumps found. (Code = 43) Position 1 = 19, Position 2 = 23
Branch analysis from position: 19
1 jumps found. (Code = 108) Position 1 = -2
Branch analysis from position: 23
2 jumps found. (Code = 43) Position 1 = 60, Position 2 = 64
Branch analysis from position: 60
1 jumps found. (Code = 108) Position 1 = -2
Branch analysis from position: 64
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 23
filename:       /in/49Zdh
function name:  decrypt
number of ops:  71
compiled vars:  !0 = $message, !1 = $key, !2 = $encoded, !3 = $encKey, !4 = $authKey, !5 = $hs, !6 = $mac, !7 = $ciphertext, !8 = $calculated, !9 = $plaintext
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  109     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV_INIT                                        !2      <false>
  111     3        INIT_STATIC_METHOD_CALL                                  'splitKeys'
          4        SEND_VAR_EX                                              !1
          5        DO_FCALL                                      0  $10     
          6        FETCH_LIST_R                                     $11     $10, 0
          7        ASSIGN                                                   !3, $11
          8        FETCH_LIST_R                                     $13     $10, 1
          9        ASSIGN                                                   !4, $13
         10        FREE                                                     $10
  112    11      > JMPZ                                                     !2, ->23
  113    12    >   INIT_FCALL                                               'base64_decode'
         13        SEND_VAR                                                 !0
         14        SEND_VAL                                                 <true>
         15        DO_ICALL                                         $15     
         16        ASSIGN                                                   !0, $15
  114    17        TYPE_CHECK                                    4          !0
         18      > JMPZ                                                     ~17, ->23
  115    19    >   NEW                                              $18     'Exception'
         20        SEND_VAL_EX                                              'Encryption+failure'
         21        DO_FCALL                                      0          
         22      > THROW                                         0          $18
  120    23    >   INIT_FCALL                                               'mb_strlen'
         24        INIT_FCALL                                               'hash'
         25        SEND_VAL                                                 'sha256'
         26        SEND_VAL                                                 ''
         27        SEND_VAL                                                 <true>
         28        DO_ICALL                                         $20     
         29        SEND_VAR                                                 $20
         30        SEND_VAL                                                 '8bit'
         31        DO_ICALL                                         $21     
         32        ASSIGN                                                   !5, $21
  121    33        INIT_FCALL                                               'mb_substr'
         34        SEND_VAR                                                 !0
         35        SEND_VAL                                                 0
         36        SEND_VAR                                                 !5
         37        SEND_VAL                                                 '8bit'
         38        DO_ICALL                                         $23     
         39        ASSIGN                                                   !6, $23
  123    40        INIT_FCALL                                               'mb_substr'
         41        SEND_VAR                                                 !0
         42        SEND_VAR                                                 !5
         43        SEND_VAL                                                 null
         44        SEND_VAL                                                 '8bit'
         45        DO_ICALL                                         $25     
         46        ASSIGN                                                   !7, $25
  125    47        INIT_FCALL                                               'hash_hmac'
  126    48        SEND_VAL                                                 'sha256'
  127    49        SEND_VAR                                                 !7
  128    50        SEND_VAR                                                 !4
  129    51        SEND_VAL                                                 <true>
  125    52        DO_ICALL                                         $27     
         53        ASSIGN                                                   !8, $27
  132    54        INIT_STATIC_METHOD_CALL                                  'hashEquals'
         55        SEND_VAR_EX                                              !6
         56        SEND_VAR_EX                                              !8
         57        DO_FCALL                                      0  $29     
         58        BOOL_NOT                                         ~30     $29
         59      > JMPZ                                                     ~30, ->64
  133    60    >   NEW                                              $31     'Exception'
         61        SEND_VAL_EX                                              'Encryption+failure'
         62        DO_FCALL                                      0          
         63      > THROW                                         0          $31
  137    64    >   INIT_STATIC_METHOD_CALL                                  'decrypt'
         65        SEND_VAR_EX                                              !7
         66        SEND_VAR_EX                                              !3
         67        DO_FCALL                                      0  $33     
         68        ASSIGN                                                   !9, $33
  139    69      > RETURN                                                   !9
  140    70*     > RETURN                                                   null

End of function decrypt

Function splitkeys:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/49Zdh
function name:  splitKeys
number of ops:  17
compiled vars:  !0 = $masterKey
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  149     0  E >   RECV                                             !0      
  153     1        INIT_FCALL                                               'hash_hmac'
          2        SEND_VAL                                                 'sha256'
          3        SEND_VAL                                                 'ENCRYPTION'
          4        SEND_VAR                                                 !0
          5        SEND_VAL                                                 <true>
          6        DO_ICALL                                         $1      
          7        INIT_ARRAY                                       ~2      $1
  154     8        INIT_FCALL                                               'hash_hmac'
          9        SEND_VAL                                                 'sha256'
         10        SEND_VAL                                                 'AUTHENTICATION'
         11        SEND_VAR                                                 !0
         12        SEND_VAL                                                 <true>
         13        DO_ICALL                                         $3      
         14        ADD_ARRAY_ELEMENT                                ~2      $3
         15      > RETURN                                                   ~2
  156    16*     > RETURN                                                   null

End of function splitkeys

Function hashequals:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 6, Position 2 = 11
Branch analysis from position: 6
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 11
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/49Zdh
function name:  hashEquals
number of ops:  28
compiled vars:  !0 = $a, !1 = $b, !2 = $nonce
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  165     0  E >   RECV                                             !0      
          1        RECV                                             !1      
  167     2        INIT_FCALL                                               'function_exists'
          3        SEND_VAL                                                 'hash_equals'
          4        DO_ICALL                                         $3      
          5      > JMPZ                                                     $3, ->11
  168     6    >   INIT_FCALL                                               'hash_equals'
          7        SEND_VAR                                                 !0
          8        SEND_VAR                                                 !1
          9        DO_ICALL                                         $4      
         10      > RETURN                                                   $4
  170    11    >   INIT_FCALL_BY_NAME                                       'openssl_random_pseudo_bytes'
         12        SEND_VAL_EX                                              32
         13        DO_FCALL                                      0  $5      
         14        ASSIGN                                                   !2, $5
  171    15        INIT_FCALL                                               'hash_hmac'
         16        SEND_VAL                                                 'sha256'
         17        SEND_VAR                                                 !0
         18        SEND_VAR                                                 !2
         19        DO_ICALL                                         $7      
         20        INIT_FCALL                                               'hash_hmac'
         21        SEND_VAL                                                 'sha256'
         22        SEND_VAR                                                 !1
         23        SEND_VAR                                                 !2
         24        DO_ICALL                                         $8      
         25        IS_IDENTICAL                                     ~9      $7, $8
         26      > RETURN                                                   ~9
  172    27*     > RETURN                                                   null

End of function hashequals

End of class SaferCrypto.

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
148.44 ms | 1494 KiB | 23 Q