First Local Commit - After Clean up.

Signed-off-by: Rick Hays <rhays@haysgang.com>

system/Encryption/EncrypterInterface.php

@@ -0,0 +1,67 @@
+<?php
+
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2017 British Columbia Institute of Technology
+ * Copyright (c) 2019 CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package    CodeIgniter
+ * @author     CodeIgniter Dev Team
+ * @copyright  2014-2017 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license    https://opensource.org/licenses/MIT	MIT License
+ * @link       https://codeigniter.com
+ * @since      Version 4.0.0
+ * @filesource
+ */
+
+namespace CodeIgniter\Encryption;
+
+/**
+ * CodeIgniter Encryption Handler
+ *
+ * Provides two-way keyed encryption
+ */
+interface EncrypterInterface
+{
+
+	/**
+	 * Encrypt - convert plaintext into ciphertext
+	 *
+	 * @param  string $data   Input data
+	 * @param  array  $params Over-ridden parameters, specifically the key
+	 * @return string
+	 */
+	public function encrypt($data, $params = null);
+
+	/**
+	 * Decrypt - convert ciphertext into plaintext
+	 *
+	 * @param  string $data   Encrypted data
+	 * @param  array  $params Over-ridden parameters, specifically the key
+	 * @return string
+	 */
+	public function decrypt($data, $params = null);
+}

system/Encryption/Encryption.php

@@ -0,0 +1,210 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2017 British Columbia Institute of Technology
+ * Copyright (c) 2019 CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package    CodeIgniter
+ * @author     CodeIgniter Dev Team
+ * @copyright  2014-2017 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license    https://opensource.org/licenses/MIT	MIT License
+ * @link       https://codeigniter.com
+ * @since      Version 4.0.0
+ * @filesource
+ */
+
+namespace CodeIgniter\Encryption;
+
+use Config\Encryption as EncryptionConfig;
+use CodeIgniter\Encryption\Exceptions\EncryptionException;
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Config\Services;
+
+/**
+ * CodeIgniter Encryption Manager
+ *
+ * Provides two-way keyed encryption via PHP's Sodium and/or OpenSSL extensions.
+ * This class determines the driver, cipher, and mode to use, and then
+ * initializes the appropriate encryption handler.
+ */
+class Encryption
+{
+
+	/**
+	 * The encrypter we create
+	 *
+	 * @var string
+	 */
+	protected $encrypter;
+
+	/**
+	 * The driver being used
+	 */
+	protected $driver;
+
+	/**
+	 * The key/seed being used
+	 */
+	protected $key;
+
+	/**
+	 * The derived hmac key
+	 */
+	protected $hmacKey;
+
+	/**
+	 * HMAC digest to use
+	 */
+	protected $digest = 'SHA512';
+
+	/**
+	 * Map of drivers to handler classes, in preference order
+	 *
+	 * @var array
+	 */
+	protected $drivers = [
+		'OpenSSL',
+	];
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Class constructor
+	 *
+	 * @param  BaseConfig $config Configuration parameters
+	 * @return void
+	 *
+	 * @throws \CodeIgniter\Encryption\Exceptions\EncryptionException
+	 */
+	public function __construct(BaseConfig $config = null)
+	{
+		if (empty($config))
+		{
+			$config = new \Config\Encryption();
+		}
+		$this->driver = $config->driver;
+		$this->key    = $config->key;
+
+		// determine what is installed
+		$this->handlers = [
+			'OpenSSL' => extension_loaded('openssl'),
+		];
+
+		// if any aren't there, bomb
+		if (in_array(false, $this->handlers))
+		{
+			// this should never happen in travis-ci
+			// @codeCoverageIgnoreStart
+			throw EncryptionException::forNoHandlerAvailable($this->driver);
+			// @codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Initialize or re-initialize an encrypter
+	 *
+	 * @param  BaseConfig $config Configuration parameters
+	 * @return \CodeIgniter\Encryption\EncrypterInterface
+	 *
+	 * @throws \CodeIgniter\Encryption\Exceptions\EncryptionException
+	 */
+	public function initialize(BaseConfig $config = null)
+	{
+		// override config?
+		if (! empty($config))
+		{
+			$this->driver = $config->driver;
+			$this->key    = $config->key;
+		}
+
+		// Insist on a driver
+		if (empty($this->driver))
+		{
+			throw EncryptionException::forNoDriverRequested();
+		}
+
+		// Check for an unknown driver
+		if (! in_array($this->driver, $this->drivers))
+		{
+			throw EncryptionException::forUnKnownHandler($this->driver);
+		}
+
+		if (empty($this->key))
+		{
+			throw EncryptionException::forNeedsStarterKey();
+		}
+
+		// Derive a secret key for the encrypter
+		$this->hmacKey = bin2hex(\hash_hkdf($this->digest, $this->key));
+
+		$handlerName     = 'CodeIgniter\\Encryption\\Handlers\\' . $this->driver . 'Handler';
+		$this->encrypter = new $handlerName($config);
+		return $this->encrypter;
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Create a random key
+	 *
+	 * @param  integer $length Output length
+	 * @return string
+	 */
+	public static function createKey($length = 32)
+	{
+		return random_bytes($length);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * __get() magic, providing readonly access to some of our protected properties
+	 *
+	 * @param  string $key Property name
+	 * @return mixed
+	 */
+	public function __get($key)
+	{
+		if (in_array($key, ['key', 'digest', 'driver', 'drivers'], true))
+		{
+			return $this->{$key};
+		}
+
+		return null;
+	}
+
+	/**
+	 * __isset() magic, providing checking for some of our protected properties
+	 *
+	 * @param  string $key Property name
+	 * @return boolean
+	 */
+	public function __isset($key): bool
+	{
+		return in_array($key, ['key', 'digest', 'driver', 'drivers'], true);
+	}
+
+}

system/Encryption/Exceptions/EncryptionException.php

@@ -0,0 +1,41 @@
+<?php
+namespace CodeIgniter\Encryption\Exceptions;
+
+use CodeIgniter\Exceptions\ExceptionInterface;
+
+/**
+ * Encryption exception
+ */
+class EncryptionException extends \RuntimeException implements ExceptionInterface
+{
+
+	public static function forNoDriverRequested()
+	{
+		return new static(lang('Encryption.noDriverRequested'));
+	}
+
+	public static function forNoHandlerAvailable()
+	{
+		return new static(lang('Encryption.noHandlerAvailable'));
+	}
+
+	public static function forUnKnownHandler(string $driver = null)
+	{
+		return new static(lang('Encryption.unKnownHandler', [$driver]));
+	}
+
+	public static function forNeedsStarterKey()
+	{
+		return new static(lang('Encryption.starterKeyNeeded'));
+	}
+
+	public static function forAuthenticationFailed()
+	{
+		return new static(lang('Encryption.authenticationFailed'));
+	}
+	public static function forEncryptionFailed()
+	{
+		return new static(lang('Encryption.encryptionFailed'));
+	}
+
+}

system/Encryption/Handlers/BaseHandler.php

@@ -0,0 +1,124 @@
+<?php
+
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2017 British Columbia Institute of Technology
+ * Copyright (c) 2019 CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package    CodeIgniter
+ * @author     CodeIgniter Dev Team
+ * @copyright  2014-2017 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license    https://opensource.org/licenses/MIT	MIT License
+ * @link       https://codeigniter.com
+ * @since      Version 4.0.0
+ * @filesource
+ */
+
+namespace CodeIgniter\Encryption\Handlers;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Base class for encryption handling
+ */
+abstract class BaseHandler implements \CodeIgniter\Encryption\EncrypterInterface
+{
+
+	/**
+	 * Configuraiton passed from encryption manager
+	 *
+	 * @var string
+	 */
+	protected $config;
+
+	/**
+	 * Logger instance to record error messages and warnings.
+	 *
+	 * @var \PSR\Log\LoggerInterface
+	 */
+	protected $logger;
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Constructor
+	 *
+	 * @param BaseConfig $config
+	 */
+	public function __construct(BaseConfig $config = null)
+	{
+		if (empty($config))
+		{
+			$config = new \Config\Encryption();
+		}
+
+		// make the parameters conveniently accessible
+		foreach ($config as $pkey => $value)
+		{
+			$this->$pkey = $value;
+		}
+	}
+
+	/**
+	 * Byte-safe substr()
+	 *
+	 * @param  string  $str
+	 * @param  integer $start
+	 * @param  integer $length
+	 * @return string
+	 */
+	protected static function substr($str, $start, $length = null)
+	{
+		return mb_substr($str, $start, $length, '8bit');
+	}
+
+	/**
+	 * __get() magic, providing readonly access to some of our properties
+	 *
+	 * @param  string $key Property name
+	 * @return mixed
+	 */
+	public function __get($key)
+	{
+		if (in_array($key, ['cipher', 'key'], true))
+		{
+			return $this->{$key};
+		}
+
+		return null;
+	}
+
+	/**
+	 * __isset() magic, providing checking for some of our properties
+	 *
+	 * @param  string $key Property name
+	 * @return boolean
+	 */
+	public function __isset($key): bool
+	{
+		return in_array($key, ['cipher', 'key'], true);
+	}
+}

system/Encryption/Handlers/OpenSSLHandler.php

@@ -0,0 +1,176 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2017 British Columbia Institute of Technology
+ * Copyright (c) 2019 CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package    CodeIgniter
+ * @author     CodeIgniter Dev Team
+ * @copyright  2014-2017 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license    https://opensource.org/licenses/MIT	MIT License
+ * @link       https://codeigniter.com
+ * @since      Version 4.0.0
+ * @filesource
+ */
+
+namespace CodeIgniter\Encryption\Handlers;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Encryption\Exceptions\EncryptionException;
+
+/**
+ * Encryption handling for OpenSSL library
+ */
+class OpenSSLHandler extends BaseHandler
+{
+
+	/**
+	 * HMAC digest to use
+	 */
+	protected $digest = 'SHA512';
+
+	/**
+	 * Cipher to use
+	 */
+	protected $cipher = 'AES-256-CTR';
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Initialize OpenSSL, remembering parameters
+	 *
+	 * @param BaseConfig $config
+	 *
+	 * @throws \CodeIgniter\Encryption\EncryptionException
+	 */
+	public function __construct(BaseConfig $config = null)
+	{
+		parent::__construct($config);
+	}
+
+	/**
+	 * Encrypt plaintext, with optional HMAC and base64 encoding
+	 *
+	 * @param  string $data   Input data
+	 * @param  array  $params Over-ridden parameters, specifically the key
+	 * @return string
+	 * @throws \CodeIgniter\Encryption\EncryptionException
+	 */
+	public function encrypt($data, $params = null)
+	{
+		// Allow key over-ride
+		if (! empty($params))
+		{
+			if (isset($params['key']))
+			{
+				$this->key = $params['key'];
+			}
+			else
+			{
+				$this->key = $params;
+			}
+		}
+		if (empty($this->key))
+		{
+			throw EncryptionException::forNeedsStarterKey();
+		}
+
+		// derive a secret key
+		$secret = \hash_hkdf($this->digest, $this->key);
+
+		// basic encryption
+		$iv = ($iv_size = \openssl_cipher_iv_length($this->cipher)) ? \openssl_random_pseudo_bytes($iv_size) : null;
+
+		$data = \openssl_encrypt($data, $this->cipher, $secret, OPENSSL_RAW_DATA, $iv);
+
+		if ($data === false)
+		{
+			throw EncryptionException::forEncryptionFailed();
+		}
+
+		$result = $iv . $data;
+
+		$hmacKey = \hash_hmac($this->digest, $result, $secret, true);
+		$result  = $hmacKey . $result;
+
+		return $result;
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Decrypt ciphertext, with optional HMAC and base64 encoding
+	 *
+	 * @param  string $data   Encrypted data
+	 * @param  array  $params Over-ridden parameters, specifically the key
+	 * @return string
+	 * @throws \CodeIgniter\Encryption\EncryptionException
+	 */
+	public function decrypt($data, $params = null)
+	{
+		// Allow key over-ride
+		if (! empty($params))
+		{
+			if (isset($params['key']))
+			{
+				$this->key = $params['key'];
+			}
+			else
+			{
+				$this->key = $params;
+			}
+		}
+		if (empty($this->key))
+		{
+			throw EncryptionException::forStarterKeyNeeded();
+		}
+
+		// derive a secret key
+		$secret = \hash_hkdf($this->digest, $this->key);
+
+		$hmacLength = self::substr($this->digest, 3) / 8;
+		$hmacKey    = self::substr($data, 0, $hmacLength);
+		$data       = self::substr($data, $hmacLength);
+		$hmacCalc   = \hash_hmac($this->digest, $data, $secret, true);
+		if (! hash_equals($hmacKey, $hmacCalc))
+		{
+			throw EncryptionException::forAuthenticationFailed();
+		}
+
+		if ($iv_size = \openssl_cipher_iv_length($this->cipher))
+		{
+			$iv   = self::substr($data, 0, $iv_size);
+			$data = self::substr($data, $iv_size);
+		}
+		else
+		{
+			$iv = null;
+		}
+
+		return \openssl_decrypt($data, $this->cipher, $secret, OPENSSL_RAW_DATA, $iv);
+	}
+
+}