Encryption and decryption functions

Author: ray-ang

config.php

@@ -85,6 +85,15 @@
 
 define('ENFORCE_SSL', FALSE);
 
+/*
+|--------------------------------------------------------------------------
+| Configuration for Encryption and Decryption
+|--------------------------------------------------------------------------
+*/
+
+define('PASS_PHRASE', '12345');
+define('CIPHER_METHOD', 'aes-256-cbc');
+
 /*
 |--------------------------------------------------------------------------
 | Set BASE_URL

controllers/EncryptionController.php

@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * In the controller file, you can handle and process variables,
+ * classes and functions; use if-elseif statements; load models, and
+ * include files. The variables can then be used in the view file.
+ */
+
+class EncryptionController
+{
+
+	public function index()
+	{
+
+		$page_title = 'Data Encryption';
+
+		$data = compact('page_title');
+		view('encryption', $data);
+
+	}
+
+}

functions.php

@@ -7,18 +7,20 @@
 | 
 | These are core functions necessary to run the nano-framework:
 |
-| 1. url_path() - retrieves the URL path substring separated by '/'
-| 2. route_rpc() - JSON-RPC v2.0 compatibility layer
-| 3. route_auto() - automatic routing of URL path to Class and method
-| 4. route_class() - routes URL path request to Controllers
-| 5. view() - passes data and renders the View
-| 6. pdo_conn() - PHP Data Objects (PDO) database connection
-| 7. api_response() - handles API response
-| 8. api_call() - handles API call
-| 9. firewall() - web application firewall
-| 10. force_ssl() - force application to use SSL
-| 11. esc() - uses htmlspecialchars() to prevent XSS
-| 12. csrf_token() - uses sessions to create per request CSRF token
+| 1. url_path()			- retrieves the URL path substring separated by '/'
+| 2. route_rpc()		- JSON-RPC v2.0 compatibility layer
+| 3. route_auto()		- automatic routing of URL path to Class and method
+| 4. route_class()		- routes URL path request to Controllers
+| 5. view()				- passes data and renders the View
+| 6. pdo_conn()			- PHP Data Objects (PDO) database connection
+| 7. api_response()		- handles API response
+| 8. api_call()			- handles API call
+| 9. firewall()			- web application firewall
+| 10. force_ssl()		- force application to use SSL
+| 11. esc()				- uses htmlspecialchars() to prevent XSS
+| 12. csrf_token()		- uses sessions to create per request CSRF token
+| 13. encrypt()			- encrypt data using AES-CBC-HMAC
+| 14. decrypt()			- decrypt data using AES-CBC-HMAC
 |
 */
 
@@ -355,4 +357,53 @@ function csrf_token()
 
 	}
 
+}
+
+/**
+ * Encrypt data using AES-CBC-HMAC
+ *
+ * @param string $plaintext - Plaintext to be encrypted
+ */
+
+function encrypt($plaintext)
+{
+
+	$cipher = CIPHER_METHOD;
+	$key = hash('sha256', PASS_PHRASE . md5(PASS_PHRASE));
+	$key_hmac = hash('sha256', md5(PASS_PHRASE));
+	$iv_len = openssl_cipher_iv_length($cipher);
+	$iv = random_bytes($iv_len);
+
+	$ciphertext = openssl_encrypt($plaintext, $cipher, $key, 0, $iv);
+	$hash = hash_hmac('sha256', $ciphertext, $key_hmac);
+
+	return base64_encode($ciphertext . '::' . $hash . '::' . $iv);
+
+}
+
+/**
+ * Decrypt data using AES-CBC-HMAC
+ *
+ * @param string $encypted - base64_encoded ciphertext, hash and iv
+ */
+
+function decrypt($encrypted)
+{
+
+	if ( ! isset($encrypted) || empty($encrypted) ) { return ''; }
+	
+	$cipher = CIPHER_METHOD;
+	$key = hash('sha256', PASS_PHRASE . md5(PASS_PHRASE));
+	$key_hmac = hash('sha256', md5(PASS_PHRASE));
+
+	list($ciphertext, $hash, $iv) = explode('::', base64_decode($encrypted));
+	$digest = hash_hmac('sha256', $ciphertext, $key_hmac);
+
+	if (hash_equals($hash, $digest)) {
+		return openssl_decrypt($ciphertext, $cipher, $key, 0, $iv);
+		}
+	else {
+		return 'Please verify authenticity of ciphertext.';
+	}
+
 }

views/encryption.php

@@ -0,0 +1,24 @@
+<?php
+// Show Header and Menu
+require_once 'template/header.php';
+require_once 'template/menu.php';
+
+$plaintext = 'ABC123';
+$encrypted = encrypt($plaintext);
+$decrypted = decrypt($encrypted);
+?>
+	<!-- Page Content -->
+    <div class="container">
+      <div class="row">
+        <div class="col-lg-12">
+			<h1 class="mt-5 text-center">Encryption</h1>
+			<p>The plaintext:<br /><strong><?= $plaintext ?></strong></p>
+			<p>The encrypted:<br /><strong><?= $encrypted ?></strong></p>
+      <p>The decrypted:<br /><strong><?= $decrypted ?></strong></p>
+        </div>
+      </div>
+    </div>
+<?php
+// Show Footer
+require_once 'template/footer.php';
+?>

views/template/menu.php

@@ -8,8 +8,8 @@
             <li class="nav-item <?php if (url_path(1) == '') echo 'active'; ?>">
               <a class="nav-link" href="<?php echo BASE_URL; ?>">Home</a>
             </li>
-            <li class="nav-item <?php if (url_path(1) == 'welcome') echo 'active'; ?>">
-              <a class="nav-link" href="<?php echo BASE_URL; ?>welcome">Welcome</a>
+            <li class="nav-item <?php if (url_path(1) == 'encryption') echo 'active'; ?>">
+              <a class="nav-link" href="<?php echo BASE_URL; ?>encryption">Encryption</a>
             </li>
             <li class="nav-item <?php if (url_path(1) == 'request') echo 'active'; ?>">
               <a class="nav-link" href="<?php echo BASE_URL; ?>request">Request</a>