Read encrypted php files using ajax

2019-08-27 01:41发布

问题:

I encrypt all my core files using libsodium, but my problem is how to read the php files in decrypted state like calling the file using ajax like automatic decryption.

I'm not sure if its possible.

Its something like this.

Sorry, I'm still exploring on this library

I work on this before but method is wrong, and told me to use libsodium.

Hope you help me.

ENCRYPTION

    <?php
    require_once('function.php');
    if(isset($_FILES)){

        $tmp = "enc/";
        $tmpFiles = browseDir($tmp);

        foreach($tmpFiles as $file){ // iterate files

        if(is_file($tmp.$file))

            unlink($tmp.$file); // delete file
        }


        foreach($_FILES['files']['name'] as $key => $value){

            $file = explode(".", $_FILES['files']['name'][$key]);
            $ext = array("php");

            if(in_array($file[1], $ext)){

                $file_name = $file[0].'.'.$file[1];

                $source = $_FILES['files']['tmp_name'][$key];
                $location = $tmp.$file_name;

                $password = 'password';
                $chunk_size = 4096;

                $alg = SODIUM_CRYPTO_PWHASH_ALG_DEFAULT;
                $opslimit = SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE;
                $memlimit = SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE;
                $salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);

                $secret_key = sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES,
                                                $password, $salt, $opslimit, $memlimit, $alg);

                $fd_in = fopen($source, 'rb');
                $fd_out = fopen($location, 'wb');

                fwrite($fd_out, pack('V', $alg));
                fwrite($fd_out, pack('V', $opslimit));
                fwrite($fd_out, pack('V', $memlimit));
                fwrite($fd_out, $salt);

                list($stream, $header) = sodium_crypto_secretstream_xchacha20poly1305_init_push($secret_key);

                fwrite($fd_out, $header);

                $tag = SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE;
                do {
                    $chunk = fread($fd_in, $chunk_size);
                    if (feof($fd_in)) {
                        $tag = SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL;
                    }
                    $encrypted_chunk = sodium_crypto_secretstream_xchacha20poly1305_push($stream, $chunk, '', $tag);
                    fwrite($fd_out, $encrypted_chunk);
                } while ($tag !== SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL);

                fclose($fd_out);
                fclose($fd_in);

            }
        }
    }
?>

DECRYPTION

<?php

$password = 'password';
$encrypted_file = 'enc/inc.php';
$decrypted_file = 'dec/dec.php';
$chunk_size = 4096;

$fd_in = fopen($encrypted_file, 'rb');
$fd_out = fopen($decrypted_file, 'wb');

$alg = unpack('V', fread($fd_in, 4))[1];
$opslimit = unpack('V', fread($fd_in, 4))[1];
$memlimit = unpack('V', fread($fd_in, 4))[1];
$salt = fread($fd_in, SODIUM_CRYPTO_PWHASH_SALTBYTES);

echo $alg. ' alg';
echo $opslimit. 'ops';
echo $memlimit. 'mem';

$header = fread($fd_in, SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES);

$secret_key = sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES,
                                   $password, $salt, $opslimit, $memlimit, $alg);

$stream = sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $secret_key);
do {
    $chunk = fread($fd_in, $chunk_size + SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES);
    $res = sodium_crypto_secretstream_xchacha20poly1305_pull($stream, $chunk);
    if ($res === FALSE) {
       break;
    }
    list($decrypted_chunk, $tag) = $res;
    fwrite($fd_out, $decrypted_chunk);
} while (!feof($fd_in) && $tag !== SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL);
$ok = feof($fd_in);

fclose($fd_out);
fclose($fd_in);

if (!$ok) {
    die('Invalid/corrupted input');
}