add stream filter

terrafrost · terrafrost · commit f43b508e5aa7 · 2016-06-30T22:58:43.000-05:00
diff --git a/lib/mcrypt.php b/lib/mcrypt.php
@@ -828,6 +828,119 @@ function phpseclib_mcrypt_decrypt($cipher, $key, $data, $mode, $iv = NULL)
     {
         return phpseclib_mcrypt_helper($cipher, $key, $data, $mode, $iv, 'decrypt');
     }
+
+    /**
+     * mcrypt_compat stream filter
+     *
+     * @author  Jim Wigginton <terrafrost@php.net>
+     * @access  public
+     */
+    class phpseclib_mcrypt_filter extends php_user_filter
+    {
+        /**
+         * The Cipher Object
+         *
+         * @var object
+         * @access private
+         */
+        private $cipher;
+
+        /**
+         * To encrypt or decrypt
+         *
+         * @var boolean
+         * @access private
+         */
+        private $op;
+
+        /**
+         * Called when applying the filter
+         *
+         * This method is called whenever data is read from or written to the attached stream
+         * (such as with fread() or fwrite()).
+         *
+         * @param resource $in
+         * @param resource $out
+         * @param int $consumed
+         * @param bool $closing
+         * @link http://php.net/manual/en/php-user-filter.filter.php
+         * @return int
+         * @access public
+         */
+        function filter($in, $out, &$consumed, $closing)
+        {
+            while ($bucket = stream_bucket_make_writeable($in)) {
+                $bucket->data = $this->opt ?
+                    $this->cipher->encrypt($bucket->data) :
+                    $this->cipher->decrypt($bucket->data);
+                $consumed+= $bucket->datalen;
+                stream_bucket_append($out, $bucket);
+            }
+
+            // can also return PSFS_FEED_ME and PSFS_ERR_FATAL
+            return PSFS_PASS_ON;
+        }
+
+        /**
+         * Called when creating the filter
+         *
+         * This method is called during instantiation of the filter class object.
+         * If your filter allocates or initializes any other resources (such as a buffer), 
+         * this is the place to do it.
+         *
+         * @link http://php.net/manual/en/php-user-filter.oncreate.php
+         * @return bool
+         * @access public
+         */
+        function onCreate()
+        {
+            if (!isset($this->params) || !is_array($this->params)) {
+                user_error('stream_filter_append(): Filter parameters for ' . $this->filtername . ' must be an array');
+                return false;
+            }
+            if (!isset($this->params['iv']) || !is_string($this->params['iv'])) {
+                user_error('stream_filter_append(): Filter parameter[iv] not provided or not of type: string');
+                return false;
+            }
+            if (!isset($this->params['key']) || !is_string($this->params['key'])) {
+                user_error('stream_filter_append(): key not specified or is not a string');
+                return false;
+            }
+            $filtername = substr($this->filtername, 0, 10) == 'phpseclib.' ?
+                substr($this->filtername, 10) :
+                $this->filtername;
+            $parts = explode('.', $filtername);
+            if ($parts != 2) {
+                user_error('stream_filter_append(): Could not open encryption module');
+                return false;
+            }
+            switch ($parts[0]) {
+                case 'mcrypt':
+                case 'mdecrypt':
+                    break;
+                default:
+                    user_error('stream_filter_append(): Could not open encryption module');
+                    return false;
+            }
+            $mode = isset($this->params['mode']) ? $this->params['mode'] : 'cbc';
+            $cipher = @phpseclib_mcrypt_module_open($parts[1], '', $mode, '');
+            if ($cipher === false) {
+                user_error('stream_filter_append(): Could not open encryption module');
+                return false;
+            }
+
+            $cipher->setKey($key);
+            $cipher->setIV($iv);
+
+            $this->op = $parts[0] == 'mcrypt';
+            $this->cipher = $cipher;
+
+            return true;
+        }
+    }
+
+    stream_filter_register('phpseclib.mcrypt.*', 'phpseclib_mcrypt_filter');
+    stream_filter_register('phpseclib.mdecrypt.*', 'phpseclib_mcrypt_filter');
 }
 
 // define
@@ -966,4 +1079,9 @@ function mcrypt_decrypt($cipher, $key, $data, $mode, $iv = NULL)
     {
         return phpseclib_mcrypt_decrypt($cipher, $key, $data, $mode, $iv);
     }
+
+    //if (!in_array('mcrypt.*', stream_get_filters()) {
+    stream_filter_register('mcrypt.*', 'phpseclib_mcrypt_filter');
+    stream_filter_register('mdecrypt.*', 'phpseclib_mcrypt_filter');
+    //}
 }
diff --git a/tests/MCryptCompatTest.php b/tests/MCryptCompatTest.php
@@ -11,6 +11,28 @@ public function testListAlgorithms()
         $this->assertInternalType('array', phpseclib_mcrypt_list_algorithms());
     }
 
+    public function testAESBasicSuccess()
+    {
+        $key = str_repeat('z', 16);
+        $iv = str_repeat('z', 16);
+
+        // a plaintext / ciphertext of length 1 is of an insufficient length for cbc mode
+        $plaintext = str_repeat('a', 16);
+
+        $mcrypt = bin2hex(mcrypt_encrypt('rijndael-128', $key, $plaintext, 'cbc', $iv));
+        $compat = bin2hex(phpseclib_mcrypt_encrypt('rijndael-128', $key, $plaintext, 'cbc', $iv));
+        $this->assertEquals($mcrypt, $compat);
+
+        $ciphertext = $mcrypt;
+
+        $mcrypt = bin2hex(mcrypt_decrypt('rijndael-128', $key, $ciphertext, 'cbc', $iv);
+        $compat = bin2hex(phpseclib_mcrypt_decrypt('rijndael-128', $key, $ciphertext, 'cbc', $iv);
+        $this->assertEquals($mcrypt, $compat);
+
+        $decrypted = $mcrypt;
+        $this->assertEquals($plaintext, $decrypted);
+    }
+
     /**
      * @expectedException PHPUnit_Framework_Error_Warning
      */
@@ -83,4 +105,33 @@ public function testNullPadding()
         $compat = bin2hex(phpseclib_mcrypt_decrypt('rijndael-128', $key, $ciphertext, 'cbc', $iv));
         $this->assertEquals($mcrypt, $compat);
     }
+
+    /**
+     * adapted from the example at http://php.net/manual/en/filters.encryption.php
+     */
+    public function testStream()
+    {
+        $passphrase = 'My secret';
+
+        $iv = substr(md5('iv'.$passphrase, true), 0, 8);
+        $key = substr(md5('pass1'.$passphrase, true) .
+                      md5('pass2'.$passphrase, true), 0, 24);
+        $opts = array('iv'=>$iv, 'key'=>$key);
+
+        $fp = fopen('php://memory', 'wb+');
+        stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
+        fwrite($fp, 'Secret secret secret data');
+        rewind($fp);
+        $mcrypt = bin2hex(fread($fp, 1024));
+        fclose($fp);
+
+        $fp = fopen('php://memory', 'wb+');
+        stream_filter_append($fp, 'phpseclib.mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
+        fwrite($fp, 'Secret secret secret data');
+        rewind($fp);
+        $compat = bin2hex(fread($fp, 1024));
+        fclose($fp);
+
+        $this->assertEquals($mcrypt, $compat);
+    }
 }
