Merge pull request codeigniter4#7273 from kenjis/fix-Encryption-CI3-compat

fix: Encryption CI3 compatibility

Author: kenjis

app/Config/Encryption.php

@@ -80,4 +80,13 @@ class Encryption extends BaseConfig
      * Set to 'authentication' for CI3 Encryption compatibility.
      */
     public string $authKeyInfo = '';
+
+    /**
+     * Cipher to use.
+     * This setting is only used by OpenSSLHandler.
+     *
+     * Set to 'AES-128-CBC' to decrypt encrypted data that encrypted
+     * by CI3 Encryption default configuration.
+     */
+    public string $cipher = 'AES-256-CTR';
 }

tests/system/Encryption/EncryptionTest.php

@@ -151,7 +151,25 @@ public function testMagicGetMissing()
         $this->assertNull($this->encryption->bogus);
     }
 
-    public function testDecryptEncryptedDataByCI3()
+    public function testDecryptEncryptedDataByCI3AES128CBC()
+    {
+        $config                 = new EncryptionConfig();
+        $config->driver         = 'OpenSSL';
+        $config->key            = hex2bin('64c70b0b8d45b80b9eba60b8b3c8a34d0193223d20fea46f8644b848bf7ce67f');
+        $config->cipher         = 'AES-128-CBC'; // CI3's default config
+        $config->rawData        = false;
+        $config->encryptKeyInfo = 'encryption';
+        $config->authKeyInfo    = 'authentication';
+        $encrypter              = Services::encrypter($config, false);
+
+        $encrypted = '211c55b9d1948187557bff88c1e77e0f6b965e3711d477d97fb0b60907a7336028714dbb8dfe90598039e9bc7147b54e552d739b378cd864fb91dde9ad6d4ffalIvVxFDDLTPBYGaHLNDzUSJExBKbQJ0NW27KDaR83bYqz8MDz/mXXpE+HHdaWjEE';
+        $decrypted = $encrypter->decrypt($encrypted);
+
+        $expected = 'This is a plain-text message.';
+        $this->assertSame($expected, $decrypted);
+    }
+
+    public function testDecryptEncryptedDataByCI3AES256CTR()
     {
         $config                 = new EncryptionConfig();
         $config->driver         = 'OpenSSL';

user_guide_src/source/changelogs/index.rst

@@ -12,6 +12,7 @@ See all the changes.
 .. toctree::
     :titlesonly:
 
+    v4.3.3
     v4.3.2
     v4.3.1
     v4.3.0

user_guide_src/source/changelogs/v4.3.3.rst

@@ -0,0 +1,32 @@
+Version 4.3.3
+#################
+
+Release Date: Unreleased
+
+**4.3.3 release of CodeIgniter4**
+
+.. contents::
+    :local:
+    :depth: 3
+
+BREAKING
+********
+
+Message Changes
+***************
+
+Changes
+*******
+
+Deprecations
+************
+
+Bugs Fixed
+**********
+
+- **Config:** Added missing ``Config\Encryption::$cipher``.
+- **UserGuide:** Fixed the sample code for :ref:`encryption-compatible-with-ci3`.
+
+See the repo's
+`CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_
+for a complete list of bugs fixed.

user_guide_src/source/installation/upgrade_433.rst

@@ -0,0 +1,49 @@
+##############################
+Upgrading from 4.3.2 to 4.3.3
+##############################
+
+Please refer to the upgrade instructions corresponding to your installation method.
+
+- :ref:`Composer Installation App Starter Upgrading <app-starter-upgrading>`
+- :ref:`Composer Installation Adding CodeIgniter4 to an Existing Project Upgrading <adding-codeigniter4-upgrading>`
+- :ref:`Manual Installation Upgrading <installing-manual-upgrading>`
+
+.. contents::
+    :local:
+    :depth: 2
+
+Breaking Changes
+****************
+
+Mandatory File Changes
+**********************
+
+Project Files
+*************
+
+Some files in the **project space** (root, app, public, writable) received updates. Due to
+these files being outside of the **system** scope they will not be changed without your intervention.
+
+There are some third-party CodeIgniter modules available to assist with merging changes to
+the project space: `Explore on Packagist <https://packagist.org/explore/?query=codeigniter4%20updates>`_.
+
+Content Changes
+===============
+
+The following files received significant changes (including deprecations or visual adjustments)
+and it is recommended that you merge the updated versions with your application:
+
+Config
+------
+
+- app/Config/Encryption.php
+    - The missing property ``$cipher`` is added for CI3
+      Encryption compatibility. See :ref:`encryption-compatible-with-ci3`.
+
+All Changes
+===========
+
+This is a list of all files in the **project space** that received changes;
+many will be simple comments or formatting that have no effect on the runtime:
+
+- @TODO

user_guide_src/source/installation/upgrading.rst

@@ -16,6 +16,7 @@ See also :doc:`./backward_compatibility_notes`.
 
     backward_compatibility_notes
 
+    upgrade_433
     upgrade_432
     upgrade_431
     upgrade_430

user_guide_src/source/libraries/encryption.rst

@@ -61,17 +61,18 @@ Configuring the Library
 
 The example above uses the configuration settings found in **app/Config/Encryption.php**.
 
-============== ========================================================
+============== ==========================================================================
 Option         Possible values (default in parentheses)
-============== ========================================================
+============== ==========================================================================
 key            Encryption key starter
 driver         Preferred handler, e.g., OpenSSL or Sodium (``OpenSSL``)
-blockSize      Padding length in bytes for SodiumHandler (``16``)
 digest         Message digest algorithm (``SHA512``)
-encryptKeyInfo Encryption key info (``''``). This is only used by OpenSSLHandler.
-authKeyInfo    Authentication key info (``''``). This is only used by OpenSSLHandler.
-rawData        Whether the cipher-text should be raw (``true``). This is only used by OpenSSLHandler.
-============== ========================================================
+blockSize      [**SodiumHandler** only] Padding length in bytes (``16``)
+cipher         [**OpenSSLHandler** only] Cipher to use (``AES-256-CTR``)
+encryptKeyInfo [**OpenSSLHandler** only] Encryption key info (``''``)
+authKeyInfo    [**OpenSSLHandler** only] Authentication key info (``''``)
+rawData        [**OpenSSLHandler** only] Whether the cipher-text should be raw (``true``)
+============== ==========================================================================
 
 You can replace the config file's settings by passing a configuration
 object of your own to the ``Services`` call. The ``$config`` variable must be
@@ -281,7 +282,7 @@ Class Reference
 
         Please refer to the :ref:`configuration` section for detailed info.
 
-.. php:interface:: CodeIgniter\\Encryption\\EncrypterInterface
+.. php:interface:: CodeIgniter\Encryption\EncrypterInterface
 
     .. php:method:: encrypt($data[, $params = null])
 

user_guide_src/source/libraries/encryption/010.php

@@ -1,3 +1,3 @@
 <?php
 
-$encrypter = $encryption->initialize(['cipher' => '3des']);
+$encrypter = $encryption->initialize(['cipher' => 'AES-256-CTR']);

user_guide_src/source/libraries/encryption/013.php

@@ -5,8 +5,12 @@
 
 $config         = new Encryption();
 $config->driver = 'OpenSSL';
-// Your CI3's encryption_key
-$config->key            = hex2bin('64c70b0b8d45b80b9eba60b8b3c8a34d0193223d20fea46f8644b848bf7ce67f');
+
+// Your CI3's 'encryption_key'
+$config->key = hex2bin('64c70b0b8d45b80b9eba60b8b3c8a34d0193223d20fea46f8644b848bf7ce67f');
+// Your CI3's 'cipher' and 'mode'
+$config->cipher = 'AES-128-CBC';
+
 $config->rawData        = false;
 $config->encryptKeyInfo = 'encryption';
 $config->authKeyInfo    = 'authentication';