diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index 4c20bf8..a2c576e 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -17,3 +17,11 @@ $container['logger'] = function ($c) { $logger->pushHandler(new Monolog\Handler\StreamHandler($settings['path'], $settings['level'])); return $logger; }; + +// Cryto functions +$container['cryptographyService'] = function ($c) { + $cryptographySettings = $c->get('settings')['cryptography']; + require dirname(__FILE__) . "/../src/service/cryptography.php"; + $cryptographyService = new cryptographyService($cryptographySettings); + return $cryptographyService; +}; diff --git a/api-payroll/src/service/cryptography.php b/api-payroll/src/service/cryptography.php new file mode 100644 index 0000000..ef47199 --- /dev/null +++ b/api-payroll/src/service/cryptography.php @@ -0,0 +1,86 @@ +settings = $cryptographySettings; + } + + /** + * Encrypts a string using the predefined algorithm, the resulting string will contain the + * concatenated iv used for salting as well as the cipher text, both in hex format + * + * @param $text string + * @return string + * @throws Exception + */ + function encryptString($text){ + try { + $iv = random_bytes($this->settings['ivSize']); + $ivInHex = bin2hex($iv); + + $encryptedMessage = openssl_encrypt($text, $this->settings['encryptionAlgorithm'], + $this->settings['encryptionPassword'], 1, $iv); + + $hexedCipherText = bin2hex($encryptedMessage); + + return "$ivInHex$hexedCipherText"; + } catch (Exception $e) { + throw new Exception('here was an error encrypting the string, contact the system administrator.'); + $this->logger->warning("There was an error in the cryptographyService->encryptString caused by: $e "); + } + } + + /** + * Decrypts a string using the predefined algorithm + * + * This method assumes that an iv with the length taken from the setting ivSize is present + * at the beginning of the string and this will be used to decrypt the cipher text + * + * @param $cipherText string + * @return string + */ + function decryptString($cipherText) { + $cipherText = hex2bin($cipherText); + + $totalCharaters = strlen($cipherText); + $iv = substr($cipherText, 0, $this->settings['ivSize']); + $cipherTextWithIv = substr($cipherText, $this->settings['ivSize'], $totalCharaters); + + return openssl_decrypt($cipherTextWithIv, $this->settings['encryptionAlgorithm'], + $this->settings['encryptionPassword'], 1, $iv); + } + + /** + * Securely hashes a password for its coldstorage + * + * @param $password string + * @return string + */ + function encryptPassword($password) { + $options = [ + 'cost' => $this->settings['passwordHashCost'], + ]; + + return password_hash($password, PASSWORD_BCRYPT, $options); + } + + /** + * Compares a password given in plain text against the encrypted veersion to determined if they're + * the same password + * + * @param $plainPassword string + * @param $encryptedPassword string + * @return boolean + */ + function decryptPassword($plainPassword, $encryptedPassword) { + return password_verify($plainPassword, $encryptedPassword); + } +} \ No newline at end of file diff --git a/api-payroll/src/settings.php b/api-payroll/src/settings.php index 2346883..e8c6719 100644 --- a/api-payroll/src/settings.php +++ b/api-payroll/src/settings.php @@ -15,5 +15,13 @@ return [ 'path' => isset($_ENV['docker']) ? 'php://stdout' : __DIR__ . '/../logs/app.log', 'level' => \Monolog\Logger::DEBUG, ], + + // Cryptography settings + 'cryptography' => [ + 'encryptionAlgorithm' => 'AES-256-CBC', + 'encryptionPassword' => '7de431684c34cf2c898268cff71392f38c4175dde050c9ee69502b81571484e0', + 'passwordHashCost' => '12', + 'ivSize' => 16, // 128 bits + ], ], ];