我正在尝试为jCryption实现服务器端PHP处理代码而不使用proc_open(或exec或任何类似的东西),以便我可以完全禁用这些功能,但是我很难获得AES加密/解密为了匹配jCryption在客户端进行的操作,尽管我已经使用OpenSSL函数使用了RSA组件。
具体来说,我在编写代码以替换这两个函数的proc_open部分时遇到了困难:
$descriptorSpec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w") // stdout is a pipe that the child will write to
);
function handshake($encryptedAESKey) {
// Decrypt the AES key with the RSA key
$encryptedAESKey = base64_decode($encryptedAESKey);
$privKey = unserialize($_SESSION['priv_key']);
openssl_private_decrypt($encryptedAESKey, $key, $privKey);
// Store the AES key in the session
$_SESSION["AES_Key"] = $key;
// Generate the challenge to be sent back to the client
$challenge = NULL;
$cmd = sprintf("openssl enc -aes-256-cbc -pass pass:" . escapeshellarg($key) . " -a -e");
$process = proc_open($cmd, $descriptorSpec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $key);
fclose($pipes[0]);
// we have to trim all newlines and whitespaces by ourself
$challenge = trim(str_replace("\n", "", stream_get_contents($pipes[1])));
fclose($pipes[1]);
proc_close($process);
}
return $challenge;
}
// Once the handshake is done, we can receive encrypted data and decrypt it.
function decrypt($encryptedData) {
$key = $_SESSION["AES_Key"];
// Decrypt the client's request and send it to the clients(uncrypted)
$cmd = sprintf("openssl enc -aes-256-cbc -pass pass:" . escapeshellarg($key) . " -d");
$process = proc_open($cmd, $descriptorSpec, $pipes);
$decryptedData = NULL;
if (is_resource($process)) {
fwrite($pipes[0], base64_decode($encryptedData));
fclose($pipes[0]);
$decryptedData = stream_get_contents($pipes[1]);
fclose($pipes[1]);
proc_close($process);
}
return $decryptedData;
}
我已经尝试了PHP的MCrypt和OpenSSL功能,似乎都没有匹配(我没有手头上的东西,但我可以再试一次并发布它)。关于如何匹配openssl命令的任何建议都将非常感激。
答案 0 :(得分:1)
<强>参考: http://php.net/manual/en/function.openssl-decrypt.php#107210
<?php
class sqAES {
/**
* decrypt AES 256
*
* @param string $password
* @param data $edata
* @return dencrypted data
*/
public static function decrypt($password, $edata) {
$data = base64_decode($edata);
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
/**
* From https://github.com/mdp/gibberish-aes
*
* Number of rounds depends on the size of the AES in use
* 3 rounds for 256
* 2 rounds for the key, 1 for the IV
* 2 rounds for 128
* 1 round for the key, 1 round for the IV
* 3 rounds for 192 since it's not evenly divided by 128 bits
*/
$rounds = 3;
$data00 = $password.$salt;
$md5_hash = array();
$md5_hash[0] = md5($data00, true);
$result = $md5_hash[0];
for ($i = 1; $i < $rounds; $i++) {
$md5_hash[$i] = md5($md5_hash[$i - 1].$data00, true);
$result .= $md5_hash[$i];
}
$key = substr($result, 0, 32);
$iv = substr($result, 32,16);
return openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
}
/**
* crypt AES 256
*
* @param string $password
* @param data $data
* @return base64 encrypted data
*/
public static function crypt($password, $data) {
// Set a random salt
$salt = openssl_random_pseudo_bytes(8);
$salted = '';
$dx = '';
// Salt the key(32) and iv(16) = 48
while (strlen($salted) < 48) {
$dx = md5($dx.$password.$salt, true);
$salted .= $dx;
}
$key = substr($salted, 0, 32);
$iv = substr($salted, 32,16);
$encrypted_data = openssl_encrypt($data, 'aes-256-cbc', $key, true, $iv);
return base64_encode('Salted__' . $salt . $encrypted_data);
}
}
?>
您的新代码:
require './sqAES.php';
function handshake($encryptedAESKey) {
// Decrypt the AES key with the RSA key
$encryptedAESKey = base64_decode($encryptedAESKey);
$privKey = unserialize($_SESSION['priv_key']);
openssl_private_decrypt($encryptedAESKey, $key, $privKey);
// Store the AES key in the session
$_SESSION["AES_Key"] = $key;
// Generate the challenge to be sent back to the client
$challenge = trim(str_replace("\n", "", sqAES::crypt($key, $key)));
return $challenge;
}
// Once the handshake is done, we can receive encrypted data and decrypt it.
function decrypt($encryptedData) {
$key = $_SESSION["AES_Key"];
// Decrypt the client's request and send it to the clients(uncrypted)
$decryptedData = sqAES::decrypt($key, $encryptedData);
return $decryptedData;
}