Ajoute un mécanisme de chiffrement/déchiffrement
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

50 lines
1.6 KiB

1 year ago
<?php
/**
* Fonctions utiles au plugin Chiffrer
*
* @plugin Chiffrer
* @copyright 2021
* @author g0uZ
* @licence GNU/GPL
* @package SPIP\Chiffrer\Fonctions
*/
if (!defined('_ECRIRE_INC_VERSION')) {
return;
}
function initialiser_cle(){
$fichier_cles = _DIR_ETC."cles.php";
if ( ! file_exists($fichier_cles) ){
1 year ago
$GLOBALS['cle_secrete'] = openssl_random_pseudo_bytes(16);
ecrire_fichier($fichier_cles, "<?php\n\n\$GLOBALS['cle_secrete'] = base64_decode('".base64_encode($GLOBALS['cle_secrete'])."');\n");
}
}
function chiffrer($clair){
$cipher="AES-128-CBC";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$chiffre_raw = openssl_encrypt($clair, $cipher, $GLOBALS['cle_secrete'], $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $chiffre_raw, $GLOBALS['cle_secrete'], $as_binary=true);
$chiffre = base64_encode( $iv.$hmac.$chiffre_raw );
spip_log("chiffrer($clair)=$chiffre", _LOG_DEBUG);
return $chiffre;
}
function dechiffrer($chiffre){
$cipher="AES-128-CBC";
$c = base64_decode($chiffre);
$ivlen = openssl_cipher_iv_length($cipher);
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$chiffre_raw = substr($c, $ivlen+$sha2len);
$clair = openssl_decrypt($chiffre_raw, $cipher, $GLOBALS['cle_secrete'], $options=OPENSSL_RAW_DATA, $iv);
spip_log("dechiffrer($chiffre)=$clair", _LOG_DEBUG);
$calcmac = hash_hmac('sha256', $chiffre_raw, $GLOBALS['cle_secrete'], $as_binary=true);
if ( hash_equals($hmac, $calcmac) ){ // timing attack safe comparison
return $clair;
}
}