Merge pull request #3307 from michalsn/encryption_key

Add hex2bin prefix handling for encryption key

Author: michalsn

env

@@ -83,6 +83,13 @@
 # contentsecuritypolicy.sandbox = false
 # contentsecuritypolicy.upgradeInsecureRequests = false
 
+#--------------------------------------------------------------------
+# ENCRYPTION
+#--------------------------------------------------------------------
+
+# encryption.key = 
+# encryption.driver = OpenSSL
+
 #--------------------------------------------------------------------
 # HONEYPOT
 #--------------------------------------------------------------------

system/Config/BaseConfig.php

@@ -92,6 +92,12 @@ public function __construct()
 		foreach ($properties as $property)
 		{
 			$this->initEnvValue($this->$property, $property, $prefix, $shortPrefix);
+
+			// Handle hex2bin prefix
+                      if ($shortPrefix === 'encryption' && $property === 'key' && strpos($this->$property, 'hex2bin:') === 0)
+			{
+				$this->$property = hex2bin(substr($this->$property, 8));
+			}
 		}
 
 		if (defined('ENVIRONMENT') && ENVIRONMENT !== 'testing')

system/Config/DotEnv.php

@@ -77,7 +77,7 @@ public function __construct(string $path, string $file = '.env')
 	public function load(): bool
 	{
 		$vars = $this->parse();
-		
+
 		return ($vars === null ? false : true);
 	}
 
@@ -182,6 +182,12 @@ public function normaliseVariable(string $name, string $value = ''): array
 
 		$value = $this->resolveNestedVariables($value);
 
+		// Handle hex2bin prefix
+              if ($name === 'encryption.key' && strpos($value, 'hex2bin:') === 0)
+		{
+			$value = hex2bin(substr($value, 8));
+		}
+
 		return [
 			$name,
 			$value,

tests/system/Config/BaseConfigTest.php

@@ -22,6 +22,10 @@ protected function setUp(): void
 		{
 			require $this->fixturesFolder . '/RegistrarConfig.php';
 		}
+		if (! class_exists('Encryption', false))
+		{
+			require $this->fixturesFolder . '/Encryption.php';
+		}
 	}
 
 	//--------------------------------------------------------------------
@@ -144,6 +148,36 @@ public function testSetsDefaultValues()
 
 	//--------------------------------------------------------------------
 
+	/**
+	 * @runInSeparateProcess
+	 * @preserveGlobalState  disabled
+	 */
+	public function testSetsDefaultValuesEncryption()
+	{
+		$dotenv = new DotEnv($this->fixturesFolder, 'encryption.env');
+		$dotenv->load();
+		$config = new \Encryption();
+
+		// override config with ENV var
+		$this->assertEquals('f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6', bin2hex($config->key));
+		$this->assertEquals('OpenSSL', $config->driver);
+	}
+
+	//--------------------------------------------------------------------
+
+	public function testSetsDefaultValuesHex2Bin()
+	{
+		$dotenv = new DotEnv($this->fixturesFolder, 'commented.env');
+		$dotenv->load();
+		$config = new \Encryption();
+
+		// override config with ENV var
+		$this->assertEquals('84cf2c0811d5daf9e1c897825a3debce91f9a33391e639f72f7a4740b30675a2', bin2hex($config->key));
+		$this->assertEquals('MCrypt', $config->driver);
+	}
+
+	//--------------------------------------------------------------------
+
 	public function testRecognizesLooseValues()
 	{
 		$dotenv = new DotEnv($this->fixturesFolder, 'loose.env');

tests/system/Config/DotEnvTest.php

@@ -56,6 +56,21 @@ public function testLoadsVars()
 
 	//--------------------------------------------------------------------
 
+	public function testLoadsHex2Bin()
+	{
+		$dotenv = new DotEnv($this->fixturesFolder, 'encryption.env');
+		$dotenv->load();
+
+		$value = getenv('encryption.key');
+
+		$this->assertTrue(! empty($value));
+		$this->assertEquals('f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6', bin2hex($value));
+		$this->assertEquals('hex2bin:f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6', getenv('different.key'));
+		$this->assertEquals('OpenSSL', getenv('encryption.driver'));
+	}
+
+	//--------------------------------------------------------------------
+
 	public function testLoadsNoneStringFiles()
 	{
 		$dotenv = new DotEnv($this->fixturesFolder, 2);

tests/system/Config/fixtures/.env

@@ -26,3 +26,4 @@ SimpleConfig.crew.pilot = Wash
 SimpleConfig.crew.comms = true
 SimpleConfig.crew.doctor = false
 
+

tests/system/Config/fixtures/Encryption.php

@@ -0,0 +1,8 @@
+<?php
+
+class Encryption extends \CodeIgniter\Config\BaseConfig
+{
+	public $key = 'hex2bin:84cf2c0811d5daf9e1c897825a3debce91f9a33391e639f72f7a4740b30675a2';
+
+	public $driver = 'MCrypt';
+}

tests/system/Config/fixtures/encryption.env

@@ -0,0 +1,3 @@
+encryption.key=hex2bin:f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6
+encryption.driver=OpenSSL
+different.key=hex2bin:f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6

user_guide_src/source/libraries/encryption.rst

@@ -128,9 +128,16 @@ a more friendly manner. For example::
 	// Get a hex-encoded representation of the key:
 	$encoded = bin2hex(Encryption::createKey(32));
 
-	// Put the same value in your config with hex2bin(),
+	// Put the same value with hex2bin(),
 	// so that it is still passed as binary to the library:
-	$key = hex2bin(<your hex-encoded key>);
+	$key = hex2bin('your-hex-encoded-key');
+
+	// In the Encryption config class you can use a special 'hex2bin:'
+	// prefix so that the value is still passed as binary to the library:
+	public $key = 'hex2bin:your-hex-encoded-key';
+
+	// You can also use the same prefix in your .env file
+	encryption.key = hex2bin:your-hex-encoded-key
 
 You might find the same technique useful for the results
 of encryption::