hash_crypt.php

<?php

    /**
    * Simple but secure encryption based on hash functions
    *
    * Basically this is algorithm provides a block cipher in ofb mode (output feedback mode)
    *
    * @author   Marc Wöhlken, Quadracom - Partnerschaft für Mediengestaltung, Bremen <woehlken@quadracom.de>
    * @copyright Copyright 2006 Marc W&ouml;hlken, Quadracom - Partnerschaft für Mediengestaltung, Bremen
    * @version Version 1.1, first public release
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    * @package hash_encryption
    **/

class hash_encryption {
    /**
     * Hashed value of the user provided encryption key
     * @var string
     **/
    var $hash_key;
    /**
     * String length of hashed values using the current algorithm
     * @var int
     **/
    var $hash_lenth;
    /**
     * Switch base64 enconding on / off
     * @var bool    true = use base64, false = binary output / input
     **/
    var $base64;
    /**
     * Secret value added to randomize output and protect the user provided key
     * @var string  Change this value to add more randomness to your encryption
     **/
    var $salt = 'Change this to any secret value you like. "d41d8cd98f00b204e9800998ecf8427e" might be a good example.';


    /**
     * Constructor method
     *
     * Used to set key for encryption and decryption.
     * @param   string  $key    Your secret key used for encryption and decryption
     * @param   boold   $base64 Enable base64 en- / decoding
     * @return mixed
     */
    function hash_encryption($key,$base64 = true) {
        // Toggle base64 usage on / off
        $this->base64 = $base64;

        // Instead of using the key directly we compress it using a hash function
        $this->hash_key = $this->_hash($key);

        // Remember length of hashvalues for later use
        $this->hash_length = strlen($this->hash_key);
    }

    /**
     * Method used for encryption
     * @param   string  $string Message to be encrypted
     * @return string   Encrypted message
     */
    function encrypt($string) {
        $iv = $this->_generate_iv();

        // Clear output
        $out = '';

        // First block of output is ($this->hash_hey XOR IV)
        for($c=0;$c < $this->hash_length;$c++) {
            $out .= chr(ord($iv[$c]) ^ ord($this->hash_key[$c]));
        }

        // Use IV as first key
        $key = $iv;
        $c = 0;

        // Go through input string
        while($c < strlen($string)) {
            // If we have used all characters of the current key we switch to a new one
            if(($c != 0) and ($c % $this->hash_length == 0)) {
                // New key is the hash of current key and last block of plaintext
                $key = $this->_hash($key . substr($string,$c - $this->hash_length,$this->hash_length));
            }
            // Generate output by xor-ing input and key character for character
            $out .= chr(ord($key[$c % $this->hash_length]) ^ ord($string[$c]));
            $c++;
        }
        // Apply base64 encoding if necessary
        if($this->base64) $out = base64_encode($out);
        return $out;
    }

    /**
     * Method used for decryption
     * @param   string  $string Message to be decrypted
     * @return string   Decrypted message
     */
    function decrypt($string) {
        // Apply base64 decoding if necessary
        if($this->base64) $string = base64_decode($string);

        // Extract encrypted IV from input
        $tmp_iv = substr($string,0,$this->hash_length);

        // Extract encrypted message from input
        $string = substr($string,$this->hash_length,strlen($string) - $this->hash_length);
        $iv = $out = '';

        // Regenerate IV by xor-ing encrypted IV from block 1 and $this->hashed_key
        // Mathematics: (IV XOR KeY) XOR Key = IV
        for($c=0;$c < $this->hash_length;$c++)
        {
            $iv .= chr(ord($tmp_iv[$c]) ^ ord($this->hash_key[$c]));
        }
        // Use IV as key for decrypting the first block cyphertext
        $key = $iv;
        $c = 0;

        // Loop through the whole input string
        while($c < strlen($string)) {
            // If we have used all characters of the current key we switch to a new one
            if(($c != 0) and ($c % $this->hash_length == 0)) {
                // New key is the hash of current key and last block of plaintext
                $key = $this->_hash($key . substr($out,$c - $this->hash_length,$this->hash_length));
            }
            // Generate output by xor-ing input and key character for character
            $out .= chr(ord($key[$c % $this->hash_length]) ^ ord($string[$c]));
            $c++;
        }
        return $out;
    }

    /**
     * Hashfunction used for encryption
     *
     * This class hashes any given string using the best available hash algorithm.
     * Currently support for md5 and sha1 is provided. In theory even crc32 could be used
     * but I don't recommend this.
     *
     * @access  private
     * @param   string  $string Message to hashed
     * @return string   Hash value of input message
     */
    function _hash($string) {
        // Use sha1() if possible, php versions >= 4.3.0 and 5
        if(function_exists('sha1')) {
            $hash = sha1($string);
        } else {
            // Fall back to md5(), php versions 3, 4, 5
            $hash = md5($string);
        }
        $out ='';
        // Convert hexadecimal hash value to binary string
        for($c=0;$c<strlen($hash);$c+=2) {
            $out .= $this->_hex2chr($hash[$c] . $hash[$c+1]);
        }
        return $out;
    }

    /**
     * Generate a random string to initialize encryption
     *
     * This method will return a random binary string IV ( = initialization vector).
     * The randomness of this string is one of the crucial points of this algorithm as it
     * is the basis of encryption. The encrypted IV will be added to the encrypted message
     * to make decryption possible. The transmitted IV will be encoded using the user provided key.
     *
     * @todo    Add more random sources.
     * @access  private
     * @see function    hash_encryption
     * @return string   Binary pseudo random string
     **/
    function _generate_iv() {
        // Initialize pseudo random generator
        srand ((double)microtime()*1000000);

        // Collect random data.
        // Add as many "pseudo" random sources as you can find.
        // Possible sources: Memory usage, diskusage, file and directory content...
        $iv  = $this->salt;
        $iv .= rand(0,getrandmax());
        // Changed to serialize as the second parameter to print_r is not available in php prior to version 4.4
        $iv .= serialize($GLOBALS);
        return $this->_hash($iv);
    }

    /**
     * Convert hexadecimal value to a binary string
     *
     * This method converts any given hexadecimal number between 00 and ff to the corresponding ASCII char
     *
     * @access  private
     * @param   string  Hexadecimal number between 00 and ff
     * @return  string  Character representation of input value
     **/
    function _hex2chr($num) {
        return chr(hexdec($num));
    }
}
?>