password_encrypt/password_encrypt.module at main · davyin-co/password_encrypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<?php

/**
 * @file
 * Module file for password_encrypt.
 */

use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Url;
use Drupal\Core\Form\FormStateInterface;

/**
 * Implements hook_help().
 */
function password_encrypt_help($route_name, RouteMatchInterface $route_match) {
  switch ($route_name) {
    case 'help.page.password_encrypt':
      $output = '<h3>' . t('About') . '</h3>';
      $output .= '<p>' . t('This module encrypts the user password on user form submission.
        It prevents the propagation of plain password over internet on user form submission.') . '</p>';
      $output .= '<h3>' . t('Dependencies:') . '</h3>';
      $output .= '<ol><li>' . t('OpenSSL extension.') . '</li>';
      $output .= '<li>' . t('CryptoJS library.') . '</li></ol>';
      $output .= '<h3>' . t('Installation:') . '</h3>';
      $output .= '<ol><li>' . t('Download CryptoJS library from %crypto and extract it. Move rollups/aes.js to %path.', [
        '%crypto' => Url::fromRoute('https://code.google.com/archive/p/crypto-js/downloads'),
        '%path' => 'sites/all/libraries/CryptoJS',
      ]) . '</li>';
      $output .= '<li>' . t('Install and Enable Password Encrypt module.') . '</li>';
      $output .= '<li>Clear cache.</li></ol>';

      return $output;
  }
}


/**
 * Verifies CryptoJS library is present.
 */
function password_encrypt_library_check() {
  if (function_exists('libraries_get_libraries')) {
    $library = libraries_get_libraries();
    if (isset($library['CryptoJS'])) {
      $password_encrypt_library_installed = TRUE;
    }
  }
  elseif (file_exists('libraries/CryptoJS/aes.js')) {
    $password_encrypt_library_installed = TRUE;
  }
  else {
    $password_encrypt_library_installed = FALSE;
  }

  return $password_encrypt_library_installed;
}

/**
 * Implements hook_form_alter().
 */
function password_encrypt_form_alter(&$form, FormStateInterface &$form_state, $form_id) {
  if ($form_id == 'user_login_form' || $form_id == 'user_login_block' || $form_id == 'user_register_form' || $form_id == 'user_form') {
    $password_encrypt_passkey = Drupal::state()->get('password_encrypt.passkey');
    $form['#attached']['drupalSettings']['password_encrypt']['passkey'] = $password_encrypt_passkey;
    $form['#attached']['library'][] = 'password_encrypt/password_encrypt';
    array_unshift($form['#validate'], 'password_encrypt_user_decrypt_password');
  }
}

/**
 * Callback: called to encrypt user password.
 */
function password_encrypt_user_decrypt_password(&$form, FormStateInterface $form_state) {
  if ($form_state->hasValue('pass')) {
    $password_encrypt_passkey = Drupal::state()->get('password_encrypt.passkey');
    $decrypted_pass = password_encrypt_crypto_js_aes_decrypt($password_encrypt_passkey, $form_state->getValue('pass'));
    $form_state->setValue('pass', $decrypted_pass);
  }

  if ($form_state->hasValue('current_pass')) {
    $password_encrypt_passkey = Drupal::state()->get('password_encrypt.passkey');
    $decrypted_pass = password_encrypt_crypto_js_aes_decrypt($password_encrypt_passkey, $form_state->getValue('current_pass'));
    $form_state->setValue('current_pass', $decrypted_pass);
  }
}

/**
 * Helper function for CryptoJS AES encryption/decryption.
 *
 * @param string $passphrase
 *   Passkey for encryption/decryption.
 * @param string $jsonstring
 *   Encoded string.
 *
 * @return string
 *   Decoded string.
 */
function password_encrypt_crypto_js_aes_decrypt($passphrase, $jsonstring) {
  $cipher_text = base64_decode($jsonstring);

  if (substr($cipher_text, 0, 8) != "Salted__") {
    return FALSE;
  }

  $salt = substr($cipher_text, 8, 8);
  $key_and_iv = password_encrypt_generate_iv($passphrase, $salt);
  $decrypt = openssl_decrypt(substr($cipher_text, 16), "aes-256-cbc", $key_and_iv["key"], OPENSSL_RAW_DATA, $key_and_iv["iv"]);
  return $decrypt;
}

/**
 * Generate key and iv used for decryption.
 *
 * @param string $password
 *   Passkey for encryption/decryption.
 * @param string $salt
 *   Salt from encrypted string to generate key and iv.
 * @param int $key_size
 *   Key length to generate key and iv.
 * @param int $iv_length
 *   IV length.
 * @param int $iterations
 *   No of iterations to finalize the hash.
 * @param string $algorithm
 *   Algorithm to generate key and iv.
 *
 * @return array
 *   Array of key and iv.
 */
function password_encrypt_generate_iv($password, $salt, $key_size = 8, $iv_length = 4, $iterations = 1, $algorithm = "md5") {
  $target_key_size = $key_size + $iv_length;
  $derived_bytes = "";
  $number_derived_words = 0;
  $block = NULL;
  $hasher = hash_init($algorithm);

  while ($number_derived_words < $target_key_size) {
    if ($block != NULL) {
      hash_update($hasher, $block);
    }

    hash_update($hasher, $password);
    hash_update($hasher, $salt);
    $block = hash_final($hasher, TRUE);
    $hasher = hash_init($algorithm);

    // Iterations.
    for ($i = 1; $i < $iterations; $i++) {
      hash_update($hasher, $block);
      $block = hash_final($hasher, TRUE);
      $hasher = hash_init($algorithm);
    }

    $derived_bytes .= substr($block, 0, min(strlen($block), ($target_key_size - $number_derived_words) * 4));
    $number_derived_words += strlen($block) / 4;
  }

  return [
    "key" => substr($derived_bytes, 0, $key_size * 4),
    "iv"  => substr($derived_bytes, $key_size * 4, $iv_length * 4),
  ];
}