NancyJ

11-06-2006, 05:31 PM

This morning - without warning, our server was upgraded to php 5.2 - which subsequently broke our credit card encryption/decryption system - no errors, just the encryption/decryption were no longer right. I cant see anything obvious in the change log that would break this code

These are the functions

function getKey()

{

$arrSalt = explode("\r\n",chunk_split(md5(substr($this->name, 0, 1)), 15));

$arrPepper = explode("\r\n", chunk_split(md5(substr($this->name, -1, 1)),15));

$k[] = $arrSalt[0];

$k[] = $arrSalt[1];

$k[] = $arrPepper[0];

$k[] = $arrPepper[1];

return $k;

}

function str2long($data)

{

$n = strlen($data);

$tmp = unpack('N*', $data);

$data_long = array();

$j = 0;

foreach ($tmp as $value) $data_long[$j++] = $value;

return $data_long;

}

function long2str($l)

{

return pack('N', $l);

}

function xteaEncrypt($v, $k)

{

$v0=$v[0];

$v1=$v[1];

$sum=0;

$delta=0x9e3779b9;

for ($i=0; $i<32; $i++)

{

$v0 += ($v1<<4 ^ $v1>>5) + $v1 ^ $sum + $k[$sum & 3];

$sum += $delta;

$v1 += ($v0 << 4 ^ $v0 >> 5) + $v0 ^ $sum + $k[$sum>>11 & 3];

}

$v[0]=$v0;

$v[1]=$v1;

return $v;

}

function xteaDecrypt($v, $k)

{

$v0=$v[0];

$v1=$v[1];

$delta=0x9e3779b9;

$sum=0xC6EF3720;

for ($i=0; $i<32; $i++)

{

$v1 -= ($v0 << 4 ^ $v0 >> 5) + $v0 ^ $sum + $k[$sum>>11 & 3];

$sum -= $delta;

$v0 -= ($v1 << 4 ^ $v1 >> 5) + $v1 ^ $sum + $k[$sum&3];

}

$v[0]=$v0;

$v[1]=$v1;

return $v;

}

function encrypt()

{

$key = $this->getKey();

$text = $this->number;

$n = strlen($text);

if($n%8 != 0) $lng = ($n+(8-($n%8)));

$text = str_pad($text, $lng, ' ');

$secret[0][0] = (double)microtime()*1000000;

$secret[0][1] = time();;

$v = $this->str2long($text);

$a = 1;

for($i = 0; $i<count($v); $i+=2)

{

$v[$i] ^= $secret[$a-1][0];

$v[$i+1] ^= $secret[$a-1][1];

$secret[] = $this->xteaEncrypt(array($v[$i],$v[$i+1]),$key);

$a++;

}

for($i = 0; $i<count($secret); $i++)

{

$decrypted .= $this->long2str($secret[$i][0]);

$decrypted .= $this->long2str($secret[$i][1]);

}

$this->encryptedNumber = strrev(base64_encode(md5($this->secCode)).base64_encode($decrypted));

}

function decrypt()

{

$key = $this->getKey();

$text = str_replace(base64_encode(md5($this->secCode)), '',strrev($this->encryptedNumber));

$secret = $this->str2long(base64_decode($text));

$clear = array();

for($i = 2; $i<count($secret); $i+=2)

{

$return = $this->xteaDecrypt(array($secret[$i],$secret[$i+1]),$key);

$clear[] = array($return[0]^$secret[$i-2],$return[1]^$secret[$i-1]);

}

for($i = 0; $i<count($clear); $i++)

{

$decrypted .= $this->long2str($clear[$i][0]);

$decrypted .= $this->long2str($clear[$i][1]);

}

$this->number = $decrypted;

}

These are the functions

function getKey()

{

$arrSalt = explode("\r\n",chunk_split(md5(substr($this->name, 0, 1)), 15));

$arrPepper = explode("\r\n", chunk_split(md5(substr($this->name, -1, 1)),15));

$k[] = $arrSalt[0];

$k[] = $arrSalt[1];

$k[] = $arrPepper[0];

$k[] = $arrPepper[1];

return $k;

}

function str2long($data)

{

$n = strlen($data);

$tmp = unpack('N*', $data);

$data_long = array();

$j = 0;

foreach ($tmp as $value) $data_long[$j++] = $value;

return $data_long;

}

function long2str($l)

{

return pack('N', $l);

}

function xteaEncrypt($v, $k)

{

$v0=$v[0];

$v1=$v[1];

$sum=0;

$delta=0x9e3779b9;

for ($i=0; $i<32; $i++)

{

$v0 += ($v1<<4 ^ $v1>>5) + $v1 ^ $sum + $k[$sum & 3];

$sum += $delta;

$v1 += ($v0 << 4 ^ $v0 >> 5) + $v0 ^ $sum + $k[$sum>>11 & 3];

}

$v[0]=$v0;

$v[1]=$v1;

return $v;

}

function xteaDecrypt($v, $k)

{

$v0=$v[0];

$v1=$v[1];

$delta=0x9e3779b9;

$sum=0xC6EF3720;

for ($i=0; $i<32; $i++)

{

$v1 -= ($v0 << 4 ^ $v0 >> 5) + $v0 ^ $sum + $k[$sum>>11 & 3];

$sum -= $delta;

$v0 -= ($v1 << 4 ^ $v1 >> 5) + $v1 ^ $sum + $k[$sum&3];

}

$v[0]=$v0;

$v[1]=$v1;

return $v;

}

function encrypt()

{

$key = $this->getKey();

$text = $this->number;

$n = strlen($text);

if($n%8 != 0) $lng = ($n+(8-($n%8)));

$text = str_pad($text, $lng, ' ');

$secret[0][0] = (double)microtime()*1000000;

$secret[0][1] = time();;

$v = $this->str2long($text);

$a = 1;

for($i = 0; $i<count($v); $i+=2)

{

$v[$i] ^= $secret[$a-1][0];

$v[$i+1] ^= $secret[$a-1][1];

$secret[] = $this->xteaEncrypt(array($v[$i],$v[$i+1]),$key);

$a++;

}

for($i = 0; $i<count($secret); $i++)

{

$decrypted .= $this->long2str($secret[$i][0]);

$decrypted .= $this->long2str($secret[$i][1]);

}

$this->encryptedNumber = strrev(base64_encode(md5($this->secCode)).base64_encode($decrypted));

}

function decrypt()

{

$key = $this->getKey();

$text = str_replace(base64_encode(md5($this->secCode)), '',strrev($this->encryptedNumber));

$secret = $this->str2long(base64_decode($text));

$clear = array();

for($i = 2; $i<count($secret); $i+=2)

{

$return = $this->xteaDecrypt(array($secret[$i],$secret[$i+1]),$key);

$clear[] = array($return[0]^$secret[$i-2],$return[1]^$secret[$i-1]);

}

for($i = 0; $i<count($clear); $i++)

{

$decrypted .= $this->long2str($clear[$i][0]);

$decrypted .= $this->long2str($clear[$i][1]);

}

$this->number = $decrypted;

}