<?php
//Build with Love and Passion! Have Fun with this library! Best regards Stefan! 04.03.2020 (https://projects.technerd.at/aeslib)  
//if php under 5.5 --> this hash algorythmus
function compat_pbkdf2($algo, $password, $salt, $iterations, $length = 0, $rawOutput = false)
{
    // check for hashing algorithm
    if (!in_array(strtolower($algo), hash_algos())) {
        trigger_error(sprintf(
            '%s(): Unknown hashing algorithm: %s',
            __FUNCTION__, $algo
        ), E_USER_WARNING);
        return false;
    }

    // check for type of iterations and length
    foreach (array(4 => $iterations, 5 => $length) as $index => $value) {
        if (!is_numeric($value)) {
            trigger_error(sprintf(
                '%s() expects parameter %d to be long, %s given',
                __FUNCTION__, $index, gettype($value)
            ), E_USER_WARNING);
            return null;
        }
    }

    // check iterations
    $iterations = (int)$iterations;
    if ($iterations <= 0) {
        trigger_error(sprintf(
            '%s(): Iterations must be a positive integer: %d',
            __FUNCTION__, $iterations
        ), E_USER_WARNING);
        return false;
    }

    // check length
    $length = (int)$length;
    if ($length < 0) {
        trigger_error(sprintf(
            '%s(): Iterations must be greater than or equal to 0: %d',
            __FUNCTION__, $length
        ), E_USER_WARNING);
        return false;
    }

    // check salt
    if (strlen($salt) > PHP_INT_MAX - 4) {
        trigger_error(sprintf(
            '%s(): Supplied salt is too long, max of INT_MAX - 4 bytes: %d supplied',
            __FUNCTION__, strlen($salt)
        ), E_USER_WARNING);
        return false;
    }

    // initialize
    $derivedKey = '';
    $loops = 1;
    if ($length > 0) {
        $loops = (int)ceil($length / strlen(hash($algo, '', $rawOutput)));
    }

    // hash for each blocks
    for ($i = 1; $i <= $loops; $i++) {
        $digest = hash_hmac($algo, $salt . pack('N', $i), $password, true);
        $block = $digest;
        for ($j = 1; $j < $iterations; $j++) {
            $digest = hash_hmac($algo, $digest, $password, true);
            $block ^= $digest;
        }
        $derivedKey .= $block;
    }

    if (!$rawOutput) {
        $derivedKey = bin2hex($derivedKey);
    }

    if ($length > 0) {
        return substr($derivedKey, 0, $length);
    }

    return $derivedKey;
}

function pbkdf2_hash($password, $salt, $key_length, $iterations, $algorithm){
    if(function_exists("openssl_pbkdf2"))
    {
        return openssl_pbkdf2($password,$salt,$key_length,$iterations,$algorithm);
    }
    else
    {
        return compat_pbkdf2($algorithm, $password, $salt, $iterations, $key_length, TRUE);
    }
}


function AES_Salt(){
return base64_encode(openssl_random_pseudo_bytes("128"));
}

function AES_Encrypt($password,$salt,$text_to_encrypt){

$salt = str_replace(" ", "+", $salt);

//$IVbytes = random_bytes("16");
$IVbytes = openssl_random_pseudo_bytes("16");

$method = "AES-128-CBC";

$key = mb_convert_encoding($password, "UTF-8");//Encoding to UTF-8

$iteration = '10000';
$keylength = '384';
$methodoption = 'sha1';

$hash = pbkdf2_hash($key,base64_decode($salt),$keylength/8,$iteration,$methodoption);

$cipherKey = substr($hash, 0, 16);
$integritykey = substr($hash, 16, 32);


$encryptedtext = openssl_encrypt($text_to_encrypt, $method, $cipherKey, OPENSSL_RAW_DATA, $IVbytes);

$ivCipherConcat = $IVbytes.$encryptedtext;
$sig = hash_hmac('sha256', $ivCipherConcat, $integritykey, true);


$all[0] = base64_encode($IVbytes);
$all[1] = base64_encode($sig);
$all[2] = base64_encode($encryptedtext);


$iv_mac_cyphertext = implode(":", $all);
return $iv_mac_cyphertext;
}


function AES_Decrypt($password,$salt,$text_to_decrypt){

//$password = base64_decode($password);

$salt = str_replace(" ", "+", $salt);

$exploded = explode(":", $text_to_decrypt);

$ivString = $exploded[0];

$ivString = str_replace(" ", "+", $ivString);

$macString = $exploded[1];

$macString = str_replace(" ", "+", $macString);

$cipherTextString = $exploded[2];

$cipherTextString = str_replace(" ", "+", $cipherTextString);


$macdecoded = base64_decode($macString);
$dataEncrypted = base64_decode($cipherTextString);
$salt1 = base64_decode($salt);
$IVbytes = base64_decode($ivString);

        $method = "AES-128-CBC";
        $key1 = mb_convert_encoding($password, "UTF-8");

        $iteration = '10000';
        $keylength = '384';
        $methodoption = 'sha1';

        $hash = pbkdf2_hash($key1,$salt1,$keylength,$iteration,$methodoption);   //$hash = openssl_pbkdf2($key1,$salt1,'256','65556', 'sha1');
        // Decrypt
$cipherKey = substr($hash, 0, 16);
$integritykey = substr($hash, 16, 32);

$ivCipherConcat = $IVbytes.$dataEncrypted;
$sig = hash_hmac('sha256', $ivCipherConcat, $integritykey, true);

if($macdecoded == $sig)
return openssl_decrypt($dataEncrypted, $method, $hash, OPENSSL_RAW_DATA, $IVbytes);
else
return "Mac does not match!";
}
?>