diff --git a/composer.json b/composer.json index 0dca48c70..df63226be 100644 --- a/composer.json +++ b/composer.json @@ -16,6 +16,7 @@ "ezyang/htmlpurifier": "~4.7.0", "mobiledetect/mobiledetectlib": "2.8.*", "league/html-to-markdown": "~4.4.1", + "defuse/php-encryption": "2.*", "pear/Text_LanguageDetect": "1.*", "pear-pear.php.net/Text_Highlighter": "*" }, diff --git a/composer.lock b/composer.lock index 217898dde..6f2bc8f11 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,71 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "a87f82da9a0256ca85c839e83a5c26f0", + "content-hash": "ce088458d9f01920ccee128082ef924a", "packages": [ + { + "name": "defuse/php-encryption", + "version": "v2.1.0", + "source": { + "type": "git", + "url": "https://github.com/defuse/php-encryption.git", + "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689", + "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "paragonie/random_compat": "~2.0", + "php": ">=5.4.0" + }, + "require-dev": { + "nikic/php-parser": "^2.0|^3.0", + "phpunit/phpunit": "^4|^5" + }, + "bin": [ + "bin/generate-defuse-key" + ], + "type": "library", + "autoload": { + "psr-4": { + "Defuse\\Crypto\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Taylor Hornby", + "email": "taylor@defuse.ca", + "homepage": "https://defuse.ca/" + }, + { + "name": "Scott Arciszewski", + "email": "info@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "Secure PHP Encryption Library", + "keywords": [ + "aes", + "authenticated encryption", + "cipher", + "crypto", + "cryptography", + "encrypt", + "encryption", + "openssl", + "security", + "symmetric key cryptography" + ], + "time": "2017-05-18T21:28:48+00:00" + }, { "name": "ezyang/htmlpurifier", "version": "v4.7.0", @@ -166,6 +229,54 @@ ], "time": "2017-08-29T18:23:54+00:00" }, + { + "name": "paragonie/random_compat", + "version": "v2.0.11", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8", + "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8", + "shasum": "" + }, + "require": { + "php": ">=5.2.0" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "type": "library", + "autoload": { + "files": [ + "lib/random.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "pseudorandom", + "random" + ], + "time": "2017-09-27T21:40:39+00:00" + }, { "name": "pear-pear.php.net/Archive_Tar", "version": "1.4.3", diff --git a/include/items.php b/include/items.php index 64aeabcea..6d4d30e7c 100644 --- a/include/items.php +++ b/include/items.php @@ -33,9 +33,6 @@ require_once 'mod/share.php'; require_once 'include/enotify.php'; require_once 'include/group.php'; -/// @TODO one day with composer autoloader no more needed -require_once 'library/defuse/php-encryption-1.2.1/Crypto.php'; - function construct_verb($item) { if ($item['verb']) { return $item['verb']; diff --git a/library/defuse/php-encryption-1.2.1/.travis.yml b/library/defuse/php-encryption-1.2.1/.travis.yml deleted file mode 100644 index 20ec31c20..000000000 --- a/library/defuse/php-encryption-1.2.1/.travis.yml +++ /dev/null @@ -1,22 +0,0 @@ -language: php -php: - - "5.6" - - "5.5" - - "5.4" - - "5.3" - - "5.2" -# Versions below here are not installed on travis-ci -# - "5.1" -# - "5.0" -# - "4.4" -# - "4.3" -# - "4.2" -# - "4.1" -# - "4.0" - -matrix: - allow_failures: - - php: "5.3" - - php: "5.2" - -script: ./test.sh diff --git a/library/defuse/php-encryption-1.2.1/Crypto.php b/library/defuse/php-encryption-1.2.1/Crypto.php deleted file mode 100644 index 5b60f6f12..000000000 --- a/library/defuse/php-encryption-1.2.1/Crypto.php +++ /dev/null @@ -1,677 +0,0 @@ - 255 * $digest_length) { - throw new CannotPerformOperationException(); - } - - // "if [salt] not provided, is set to a string of HashLen zeroes." - if (is_null($salt)) { - $salt = str_repeat("\x00", $digest_length); - } - - // HKDF-Extract: - // PRK = HMAC-Hash(salt, IKM) - // The salt is the HMAC key. - $prk = hash_hmac($hash, $ikm, $salt, true); - - // HKDF-Expand: - - // This check is useless, but it serves as a reminder to the spec. - if (self::our_strlen($prk) < $digest_length) { - throw new CannotPerformOperationException(); - } - - // T(0) = '' - $t = ''; - $last_block = ''; - for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) { - // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??) - $last_block = hash_hmac( - $hash, - $last_block . $info . chr($block_index), - $prk, - true - ); - // T = T(1) | T(2) | T(3) | ... | T(N) - $t .= $last_block; - } - - // ORM = first L octets of T - $orm = self::our_substr($t, 0, $length); - if ($orm === FALSE) { - throw new CannotPerformOperationException(); - } - return $orm; - } - - private static function VerifyHMAC($correct_hmac, $message, $key) - { - $message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true); - - // We can't just compare the strings with '==', since it would make - // timing attacks possible. We could use the XOR-OR constant-time - // comparison algorithm, but I'm not sure if that's good enough way up - // here in an interpreted language. So we use the method of HMACing the - // strings we want to compare with a random key, then comparing those. - - // NOTE: This leaks information when the strings are not the same - // length, but they should always be the same length here. Enforce it: - if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) { - throw new CannotPerformOperationException(); - } - - $blind = self::CreateNewRandomKey(); - $message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind); - $correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind); - return $correct_compare === $message_compare; - } - - private static function TestEncryptDecrypt() - { - $key = self::CreateNewRandomKey(); - $data = "EnCrYpT EvErYThInG\x00\x00"; - - // Make sure encrypting then decrypting doesn't change the message. - $ciphertext = self::Encrypt($data, $key); - try { - $decrypted = self::Decrypt($ciphertext, $key); - } catch (InvalidCiphertextException $ex) { - // It's important to catch this and change it into a - // CryptoTestFailedException, otherwise a test failure could trick - // the user into thinking it's just an invalid ciphertext! - throw new CryptoTestFailedException(); - } - if($decrypted !== $data) - { - throw new CryptoTestFailedException(); - } - - // Modifying the ciphertext: Appending a string. - try { - self::Decrypt($ciphertext . "a", $key); - throw new CryptoTestFailedException(); - } catch (InvalidCiphertextException $e) { /* expected */ } - - // Modifying the ciphertext: Changing an IV byte. - try { - $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256); - self::Decrypt($ciphertext, $key); - throw new CryptoTestFailedException(); - } catch (InvalidCiphertextException $e) { /* expected */ } - - // Decrypting with the wrong key. - $key = self::CreateNewRandomKey(); - $data = "abcdef"; - $ciphertext = self::Encrypt($data, $key); - $wrong_key = self::CreateNewRandomKey(); - try { - self::Decrypt($ciphertext, $wrong_key); - throw new CryptoTestFailedException(); - } catch (InvalidCiphertextException $e) { /* expected */ } - - // Ciphertext too small (shorter than HMAC). - $key = self::CreateNewRandomKey(); - $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1); - try { - self::Decrypt($ciphertext, $key); - throw new CryptoTestFailedException(); - } catch (InvalidCiphertextException $e) { /* expected */ } - } - - private static function HKDFTestVector() - { - // HKDF test vectors from RFC 5869 - - // Test Case 1 - $ikm = str_repeat("\x0b", 22); - $salt = self::hexToBytes("000102030405060708090a0b0c"); - $info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9"); - $length = 42; - $okm = self::hexToBytes( - "3cb25f25faacd57a90434f64d0362f2a" . - "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" . - "34007208d5b887185865" - ); - $computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt); - if ($computed_okm !== $okm) { - throw new CryptoTestFailedException(); - } - - // Test Case 7 - $ikm = str_repeat("\x0c", 22); - $length = 42; - $okm = self::hexToBytes( - "2c91117204d745f3500d636a62f64f0a" . - "b3bae548aa53d423b0d1f27ebba6f5e5" . - "673a081d70cce7acfc48" - ); - $computed_okm = self::HKDF("sha1", $ikm, $length); - if ($computed_okm !== $okm) { - throw new CryptoTestFailedException(); - } - - } - - private static function HMACTestVector() - { - // HMAC test vector From RFC 4231 (Test Case 1) - $key = str_repeat("\x0b", 20); - $data = "Hi There"; - $correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"; - if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) { - throw new CryptoTestFailedException(); - } - } - - private static function AESTestVector() - { - // AES CBC mode test vector from NIST SP 800-38A - $key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c"); - $iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f"); - $plaintext = self::hexToBytes( - "6bc1bee22e409f96e93d7e117393172a" . - "ae2d8a571e03ac9c9eb76fac45af8e51" . - "30c81c46a35ce411e5fbc1191a0a52ef" . - "f69f2445df4f9b17ad2b417be66c3710" - ); - $ciphertext = self::hexToBytes( - "7649abac8119b246cee98e9b12e9197d" . - "5086cb9b507219ee95db113a917678b2" . - "73bed6b8e3c1743b7116e69e22229516" . - "3ff1caa1681fac09120eca307586e1a7" . - /* Block due to padding. Not from NIST test vector. - Padding Block: 10101010101010101010101010101010 - Ciphertext: 3ff1caa1681fac09120eca307586e1a7 - (+) 2fe1dab1780fbc19021eda206596f1b7 - AES 8cb82807230e1321d3fae00d18cc2012 - - */ - "8cb82807230e1321d3fae00d18cc2012" - ); - - $computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv); - if ($computed_ciphertext !== $ciphertext) { - throw new CryptoTestFailedException(); - } - - $computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv); - if ($computed_plaintext !== $plaintext) { - throw new CryptoTestFailedException(); - } - } - - /* WARNING: Do not call this function on secrets. It creates side channels. */ - private static function hexToBytes($hex_string) - { - return pack("H*", $hex_string); - } - - private static function EnsureConstantExists($name) - { - if (!defined($name)) { - throw new CannotPerformOperationException(); - } - } - - private static function EnsureFunctionExists($name) - { - if (!function_exists($name)) { - throw new CannotPerformOperationException(); - } - } - - /* - * We need these strlen() and substr() functions because when - * 'mbstring.func_overload' is set in php.ini, the standard strlen() and - * substr() are replaced by mb_strlen() and mb_substr(). - */ - - private static function our_strlen($str) - { - if (function_exists('mb_strlen')) { - $length = mb_strlen($str, '8bit'); - if ($length === FALSE) { - throw new CannotPerformOperationException(); - } - return $length; - } else { - return strlen($str); - } - } - - private static function our_substr($str, $start, $length = NULL) - { - if (function_exists('mb_substr')) - { - // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP - // 5.3, so we have to find the length ourselves. - if (!isset($length)) { - if ($start >= 0) { - $length = self::our_strlen($str) - $start; - } else { - $length = -$start; - } - } - - return mb_substr($str, $start, $length, '8bit'); - } - - // Unlike mb_substr(), substr() doesn't accept NULL for length - if (isset($length)) { - return substr($str, $start, $length); - } else { - return substr($str, $start); - } - } - -} - -/* - * We want to catch all uncaught exceptions that come from the Crypto class, - * since by default, PHP will leak the key in the stack trace from an uncaught - * exception. This is a really ugly hack, but I think it's justified. - * - * Everything up to handler() getting called should be reliable, so this should - * reliably suppress the stack traces. The rest is just a bonus so that we don't - * make it impossible to debug other exceptions. - * - * This bit of code was adapted from: http://stackoverflow.com/a/7939492 - */ - -class CryptoExceptionHandler -{ - private $rethrow = NULL; - - public function __construct() - { - set_exception_handler(array($this, "handler")); - } - - public function handler($ex) - { - if ( - $ex instanceof InvalidCiphertextException || - $ex instanceof CannotPerformOperationException || - $ex instanceof CryptoTestFailedException - ) { - echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n"; - } else { - /* Re-throw the exception in the destructor. */ - $this->rethrow = $ex; - } - } - - public function __destruct() { - if ($this->rethrow) { - throw $this->rethrow; - } - } -} - -$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler(); - diff --git a/library/defuse/php-encryption-1.2.1/README.md b/library/defuse/php-encryption-1.2.1/README.md deleted file mode 100644 index 292ecf957..000000000 --- a/library/defuse/php-encryption-1.2.1/README.md +++ /dev/null @@ -1,79 +0,0 @@ -php-encryption -=============== - -This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.** - -[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption) - -Implementation --------------- - -Messages are encrypted with AES-128 in CBC mode and are authenticated with -HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to -a multiple of the block size. HKDF is used to split the user-provided key into -two keys: one for encryption, and the other for authentication. It is -implemented using the `openssl_` and `hash_hmac` functions. - -Warning --------- - -This is new code, and it hasn't received much review by experts. I have spent -many hours making it as secure as possible (extensive runtime tests, secure -coding practices), and auditing it for problems, but I may have missed some -issues. So be careful. Don't trust it with your life. Check out the open GitHub -issues for a list of known issues. If you find a problem with this library, -please report it by opening a GitHub issue. - -That said, you're probably much better off using this library than any other -encryption library written in PHP. - -Philosophy ------------ - -This library was created after noticing how much insecure PHP encryption code -there is. I once did a Google search for "php encryption" and found insecure -code or advice on 9 of the top 10 results. - -Encryption is becoming an essential component of modern websites. This library -aims to fulfil a subset of that need: Authenticated symmetric encryption of -short strings, given a random key. - -This library is developed around several core values: - -- Rule #1: Security is prioritized over everything else. - - > Whenever there is a conflict between security and some other property, - > security will be favored. For example, the library has runtime tests, - > which make it slower, but will hopefully stop it from encrypting stuff - > if the platform it's running on is broken. - -- Rule #2: It should be difficult to misuse the library. - - > We assume the developers using this library have no experience with - > cryptography. We only assume that they know that the "key" is something - > you need to encrypt and decrypt the messages, and that it must be - > protected. Whenever possible, the library should refuse to encrypt or - > decrypt messages when it is not being used correctly. - -- Rule #3: The library aims only to be compatible with itself. - - > Other PHP encryption libraries try to support every possible type of - > encryption, even the insecure ones (e.g. ECB mode). Because there are so - > many options, inexperienced developers must make decisions between - > things like "CBC" mode and "ECB" mode, knowing nothing about either one, - > which inevitably creates vulnerabilities. - - > This library will only support one secure mode. A developer using this - > library will call "encrypt" and "decrypt" not caring about how they are - > implemented. - -- Rule #4: The library should consist of a single PHP file and nothing more. - - > Some PHP encryption libraries, like libsodium-php [1], are not - > straightforward to install and cannot packaged with "just download and - > extract" applications. This library will always be just one PHP file - > that you can put in your source tree and require(). - -References: - - [1] https://github.com/jedisct1/libsodium-php diff --git a/library/defuse/php-encryption-1.2.1/benchmark.php b/library/defuse/php-encryption-1.2.1/benchmark.php deleted file mode 100644 index 3da61a628..000000000 --- a/library/defuse/php-encryption-1.2.1/benchmark.php +++ /dev/null @@ -1,42 +0,0 @@ - diff --git a/library/defuse/php-encryption-1.2.1/composer.json b/library/defuse/php-encryption-1.2.1/composer.json deleted file mode 100644 index 6856b9c72..000000000 --- a/library/defuse/php-encryption-1.2.1/composer.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "defuse/php-encryption", - "description": "Secure PHP Encryption Library", - "license": "MIT", - "keywords": ["security", "encryption", "AES", "mcrypt", "cipher"], - "authors": [ - { - "name": "Taylor Hornby", - "email": "havoc@defuse.ca" - } - ], - "autoload": { - "files": ["Crypto.php"] - }, - "require": { - "php": ">=5.4.0", - "ext-openssl": "*", - "ext-mcrypt": "*" - } -} diff --git a/library/defuse/php-encryption-1.2.1/example.php b/library/defuse/php-encryption-1.2.1/example.php deleted file mode 100644 index 10e73f915..000000000 --- a/library/defuse/php-encryption-1.2.1/example.php +++ /dev/null @@ -1,36 +0,0 @@ - diff --git a/library/defuse/php-encryption-1.2.1/test.sh b/library/defuse/php-encryption-1.2.1/test.sh deleted file mode 100644 index d1691e7c6..000000000 --- a/library/defuse/php-encryption-1.2.1/test.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -echo "Normal" -echo "--------------------------------------------------" -php -d mbstring.func_overload=0 tests/runtime.php -if [ $? -ne 0 ]; then - echo "FAIL." - exit 1 -fi -echo "--------------------------------------------------" - -echo "" - -echo "Multibyte" -echo "--------------------------------------------------" -php -d mbstring.func_overload=7 tests/runtime.php -if [ $? -ne 0 ]; then - echo "FAIL." - exit 1 -fi -echo "--------------------------------------------------" - -echo "" - -if [ -z "$(php Crypto.php)" ]; then - echo "PASS: Crypto.php output is empty." -else - echo "FAIL: Crypto.php output is not empty." - exit 1 -fi diff --git a/library/defuse/php-encryption-1.2.1/tests/runtime.php b/library/defuse/php-encryption-1.2.1/tests/runtime.php deleted file mode 100644 index 76565c58e..000000000 --- a/library/defuse/php-encryption-1.2.1/tests/runtime.php +++ /dev/null @@ -1,32 +0,0 @@ - diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index e0e30a248..7397b415a 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -11,10 +11,8 @@ use Friendica\Core\Config; use Friendica\Database\DBM; use Friendica\Protocol\DFRN; -require_once('include/items.php'); -require_once('include/event.php'); - -require_once('library/defuse/php-encryption-1.2.1/Crypto.php'); +require_once 'include/items.php'; +require_once 'include/event.php'; function dfrn_notify_post(App $a) { logger(__function__, LOGGER_TRACE); @@ -185,8 +183,9 @@ function dfrn_notify_post(App $a) { break; case 2: try { - $data = Crypto::decrypt(hex2bin($data), $final_key); - } catch (InvalidCiphertext $ex) { // VERY IMPORTANT + $FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString(bin2hex($final_key)); + $data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $FinalKey); + } catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT /* * Either: * 1. The ciphertext was modified by the attacker, @@ -196,12 +195,9 @@ function dfrn_notify_post(App $a) { */ logger('The ciphertext has been tampered with!'); xml_status(0, 'The ciphertext has been tampered with!'); - } catch (Ex\CryptoTestFailed $ex) { + } catch (\Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) { logger('Cannot safely perform dencryption'); xml_status(0, 'CryptoTestFailed'); - } catch (Ex\CannotPerformOperation $ex) { - logger('Cannot safely perform decryption'); - xml_status(0, 'Cannot safely perform decryption'); } break; default: diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index f400d033e..7f37f9839 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -1296,26 +1296,21 @@ class DFRN case 2: // RINO 2 based on php-encryption try { - $key = Crypto::createNewRandomKey(); - } catch (CryptoTestFailed $ex) { + $KeyObject = \Defuse\Crypto\Key::createNewRandomKey(); + } catch (\Defuse\Crypto\Exception\CryptoException $ex) { logger('Cannot safely create a key'); return -4; - } catch (CannotPerformOperation $ex) { - logger('Cannot safely create a key'); - return -5; } try { - $data = Crypto::encrypt($postvars['data'], $key); - } catch (CryptoTestFailed $ex) { + $data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $KeyObject); + $key = $KeyObject->saveToAsciiSafeString(); + } catch (\Defuse\Crypto\Exception\CryptoException $ex) { logger('Cannot safely perform encryption'); return -6; - } catch (CannotPerformOperation $ex) { - logger('Cannot safely perform encryption'); - return -7; } break; default: - logger("rino: invalid requested verision '$rino_remote_version'"); + logger("rino: invalid requested version '$rino_remote_version'"); return -8; } diff --git a/util/composer.phar b/util/composer.phar index 357793176..508f9cf27 100755 Binary files a/util/composer.phar and b/util/composer.phar differ diff --git a/vendor/bin/generate-defuse-key b/vendor/bin/generate-defuse-key new file mode 100644 index 000000000..68ef2cac3 --- /dev/null +++ b/vendor/bin/generate-defuse-key @@ -0,0 +1,17 @@ +#!/usr/bin/env sh + +dir=$(d=${0%[/\\]*}; cd "$d"; cd "../defuse/php-encryption/bin" && pwd) + +# See if we are running in Cygwin by checking for cygpath program +if command -v 'cygpath' >/dev/null 2>&1; then + # Cygwin paths start with /cygdrive/ which will break windows PHP, + # so we need to translate the dir path to windows format. However + # we could be using cygwin PHP which does not require this, so we + # test if the path to PHP starts with /cygdrive/ rather than /usr/bin + if [[ $(which php) == /cygdrive/* ]]; then + dir=$(cygpath -m "$dir"); + fi +fi + +dir=$(echo $dir | sed 's/ /\ /g') +"${dir}/generate-defuse-key" "$@" diff --git a/vendor/bin/generate-defuse-key.bat b/vendor/bin/generate-defuse-key.bat new file mode 100644 index 000000000..50b5ac677 --- /dev/null +++ b/vendor/bin/generate-defuse-key.bat @@ -0,0 +1,4 @@ +@ECHO OFF +setlocal DISABLEDELAYEDEXPANSION +SET BIN_TARGET=%~dp0/../defuse/php-encryption/bin/generate-defuse-key +php "%BIN_TARGET%" %* diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index 3c21b357b..b3bd25393 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -8,13 +8,32 @@ $baseDir = dirname($vendorDir); return array( 'Archive_Tar' => $vendorDir . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php', 'Console_Getopt' => $vendorDir . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php', + 'Defuse\\Crypto\\Core' => $vendorDir . '/defuse/php-encryption/src/Core.php', + 'Defuse\\Crypto\\Crypto' => $vendorDir . '/defuse/php-encryption/src/Crypto.php', + 'Defuse\\Crypto\\DerivedKeys' => $vendorDir . '/defuse/php-encryption/src/DerivedKeys.php', + 'Defuse\\Crypto\\Encoding' => $vendorDir . '/defuse/php-encryption/src/Encoding.php', + 'Defuse\\Crypto\\Exception\\BadFormatException' => $vendorDir . '/defuse/php-encryption/src/Exception/BadFormatException.php', + 'Defuse\\Crypto\\Exception\\CryptoException' => $vendorDir . '/defuse/php-encryption/src/Exception/CryptoException.php', + 'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => $vendorDir . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php', + 'Defuse\\Crypto\\Exception\\IOException' => $vendorDir . '/defuse/php-encryption/src/Exception/IOException.php', + 'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => $vendorDir . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php', + 'Defuse\\Crypto\\File' => $vendorDir . '/defuse/php-encryption/src/File.php', + 'Defuse\\Crypto\\Key' => $vendorDir . '/defuse/php-encryption/src/Key.php', + 'Defuse\\Crypto\\KeyOrPassword' => $vendorDir . '/defuse/php-encryption/src/KeyOrPassword.php', + 'Defuse\\Crypto\\KeyProtectedByPassword' => $vendorDir . '/defuse/php-encryption/src/KeyProtectedByPassword.php', + 'Defuse\\Crypto\\RuntimeTests' => $vendorDir . '/defuse/php-encryption/src/RuntimeTests.php', 'Detection\\MobileDetect' => $vendorDir . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php', 'Friendica\\App' => $baseDir . '/src/App.php', 'Friendica\\Core\\Config' => $baseDir . '/src/Core/Config.php', + 'Friendica\\Core\\NotificationsManager' => $baseDir . '/src/Core/NotificationsManager.php', 'Friendica\\Core\\PConfig' => $baseDir . '/src/Core/PConfig.php', 'Friendica\\Core\\System' => $baseDir . '/src/Core/System.php', + 'Friendica\\Core\\Worker' => $baseDir . '/src/Core/Worker.php', + 'Friendica\\Database\\DBM' => $baseDir . '/src/Database/DBM.php', 'Friendica\\Network\\Probe' => $baseDir . '/src/Network/Probe.php', 'Friendica\\ParseUrl' => $baseDir . '/src/ParseUrl.php', + 'Friendica\\Protocol\\DFRN' => $baseDir . '/src/Protocol/DFRN.php', + 'Friendica\\Protocol\\Diaspora' => $baseDir . '/src/Protocol/Diaspora.php', 'Friendica\\Util\\Lock' => $baseDir . '/src/Util/Lock.php', 'HTMLPurifier' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.php', 'HTMLPurifier_Arborize' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php', diff --git a/vendor/composer/autoload_files.php b/vendor/composer/autoload_files.php index c25686b15..f3c197e2b 100644 --- a/vendor/composer/autoload_files.php +++ b/vendor/composer/autoload_files.php @@ -6,5 +6,6 @@ $vendorDir = dirname(dirname(__FILE__)); $baseDir = dirname($vendorDir); return array( + '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php', '2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php', ); diff --git a/vendor/composer/autoload_psr4.php b/vendor/composer/autoload_psr4.php index 61a440ffd..9c9cf9880 100644 --- a/vendor/composer/autoload_psr4.php +++ b/vendor/composer/autoload_psr4.php @@ -8,4 +8,5 @@ $baseDir = dirname($vendorDir); return array( 'League\\HTMLToMarkdown\\' => array($vendorDir . '/league/html-to-markdown/src'), 'Friendica\\' => array($baseDir . '/src'), + 'Defuse\\Crypto\\' => array($vendorDir . '/defuse/php-encryption/src'), ); diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 2ccc848ef..f560931d5 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -7,6 +7,7 @@ namespace Composer\Autoload; class ComposerStaticInitFriendica { public static $files = array ( + '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php', '2cffec82183ee1cea088009cef9a6fc3' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php', ); @@ -19,6 +20,10 @@ class ComposerStaticInitFriendica array ( 'Friendica\\' => 10, ), + 'D' => + array ( + 'Defuse\\Crypto\\' => 14, + ), ); public static $prefixDirsPsr4 = array ( @@ -30,6 +35,10 @@ class ComposerStaticInitFriendica array ( 0 => __DIR__ . '/../..' . '/src', ), + 'Defuse\\Crypto\\' => + array ( + 0 => __DIR__ . '/..' . '/defuse/php-encryption/src', + ), ); public static $prefixesPsr0 = array ( @@ -59,13 +68,32 @@ class ComposerStaticInitFriendica public static $classMap = array ( 'Archive_Tar' => __DIR__ . '/..' . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php', 'Console_Getopt' => __DIR__ . '/..' . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php', + 'Defuse\\Crypto\\Core' => __DIR__ . '/..' . '/defuse/php-encryption/src/Core.php', + 'Defuse\\Crypto\\Crypto' => __DIR__ . '/..' . '/defuse/php-encryption/src/Crypto.php', + 'Defuse\\Crypto\\DerivedKeys' => __DIR__ . '/..' . '/defuse/php-encryption/src/DerivedKeys.php', + 'Defuse\\Crypto\\Encoding' => __DIR__ . '/..' . '/defuse/php-encryption/src/Encoding.php', + 'Defuse\\Crypto\\Exception\\BadFormatException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/BadFormatException.php', + 'Defuse\\Crypto\\Exception\\CryptoException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/CryptoException.php', + 'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php', + 'Defuse\\Crypto\\Exception\\IOException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/IOException.php', + 'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php', + 'Defuse\\Crypto\\File' => __DIR__ . '/..' . '/defuse/php-encryption/src/File.php', + 'Defuse\\Crypto\\Key' => __DIR__ . '/..' . '/defuse/php-encryption/src/Key.php', + 'Defuse\\Crypto\\KeyOrPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyOrPassword.php', + 'Defuse\\Crypto\\KeyProtectedByPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyProtectedByPassword.php', + 'Defuse\\Crypto\\RuntimeTests' => __DIR__ . '/..' . '/defuse/php-encryption/src/RuntimeTests.php', 'Detection\\MobileDetect' => __DIR__ . '/..' . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php', 'Friendica\\App' => __DIR__ . '/../..' . '/src/App.php', 'Friendica\\Core\\Config' => __DIR__ . '/../..' . '/src/Core/Config.php', + 'Friendica\\Core\\NotificationsManager' => __DIR__ . '/../..' . '/src/Core/NotificationsManager.php', 'Friendica\\Core\\PConfig' => __DIR__ . '/../..' . '/src/Core/PConfig.php', 'Friendica\\Core\\System' => __DIR__ . '/../..' . '/src/Core/System.php', + 'Friendica\\Core\\Worker' => __DIR__ . '/../..' . '/src/Core/Worker.php', + 'Friendica\\Database\\DBM' => __DIR__ . '/../..' . '/src/Database/DBM.php', 'Friendica\\Network\\Probe' => __DIR__ . '/../..' . '/src/Network/Probe.php', 'Friendica\\ParseUrl' => __DIR__ . '/../..' . '/src/ParseUrl.php', + 'Friendica\\Protocol\\DFRN' => __DIR__ . '/../..' . '/src/Protocol/DFRN.php', + 'Friendica\\Protocol\\Diaspora' => __DIR__ . '/../..' . '/src/Protocol/Diaspora.php', 'Friendica\\Util\\Lock' => __DIR__ . '/../..' . '/src/Util/Lock.php', 'HTMLPurifier' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.php', 'HTMLPurifier_Arborize' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php', diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index 2424ae9be..02d5f612c 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -442,5 +442,120 @@ ], "description": "Identify human languages from text samples", "homepage": "http://pear.php.net/package/Text_LanguageDetect" + }, + { + "name": "paragonie/random_compat", + "version": "v2.0.11", + "version_normalized": "2.0.11.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8", + "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8", + "shasum": "" + }, + "require": { + "php": ">=5.2.0" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "time": "2017-09-27T21:40:39+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "files": [ + "lib/random.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "pseudorandom", + "random" + ] + }, + { + "name": "defuse/php-encryption", + "version": "v2.1.0", + "version_normalized": "2.1.0.0", + "source": { + "type": "git", + "url": "https://github.com/defuse/php-encryption.git", + "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689", + "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "paragonie/random_compat": "~2.0", + "php": ">=5.4.0" + }, + "require-dev": { + "nikic/php-parser": "^2.0|^3.0", + "phpunit/phpunit": "^4|^5" + }, + "time": "2017-05-18T21:28:48+00:00", + "bin": [ + "bin/generate-defuse-key" + ], + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Defuse\\Crypto\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Taylor Hornby", + "email": "taylor@defuse.ca", + "homepage": "https://defuse.ca/" + }, + { + "name": "Scott Arciszewski", + "email": "info@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "Secure PHP Encryption Library", + "keywords": [ + "aes", + "authenticated encryption", + "cipher", + "crypto", + "cryptography", + "encrypt", + "encryption", + "openssl", + "security", + "symmetric key cryptography" + ] } ] diff --git a/vendor/defuse/php-encryption/.gitignore b/vendor/defuse/php-encryption/.gitignore new file mode 100644 index 000000000..987c51645 --- /dev/null +++ b/vendor/defuse/php-encryption/.gitignore @@ -0,0 +1,11 @@ +*~ +/test/unit/File/big-generated-file +/composer.lock +/vendor +defuse-crypto.phar +defuse-crypto.phar.sig +composer.phar +box.phar +phpunit.phar +phpunit.phar.asc +test/unit/File/tmp diff --git a/vendor/defuse/php-encryption/.php_cs b/vendor/defuse/php-encryption/.php_cs new file mode 100644 index 000000000..e317732de --- /dev/null +++ b/vendor/defuse/php-encryption/.php_cs @@ -0,0 +1,60 @@ +level(Symfony\CS\FixerInterface::PSR2_LEVEL) + ->fixers([ + 'blankline_after_open_tag', + 'empty_return', + 'extra_empty_lines', + 'function_typehint_space', + 'join_function', + 'method_argument_default_value', + 'multiline_array_trailing_comma', + 'no_blank_lines_after_class_opening', + 'no_empty_lines_after_phpdocs', + 'phpdoc_indent', + 'phpdoc_no_access', + 'phpdoc_no_empty_return', + 'phpdoc_no_package', + 'phpdoc_params', + 'phpdoc_scalar', + 'phpdoc_separation', + 'phpdoc_trim', + 'phpdoc_type_to_var', + 'phpdoc_types', + 'phpdoc_var_without_name', + 'remove_leading_slash_use', + 'remove_lines_between_uses', + 'short_bool_cast', + 'single_quote', + 'spaces_after_semicolon', + 'spaces_before_semicolon', + 'spaces_cast', + 'standardize_not_equal', + 'ternary_spaces', + 'trim_array_spaces', + 'unneeded_control_parentheses', + 'unused_use', + 'whitespacy_lines', + 'align_double_arrow', + 'concat_with_spaces', + 'logical_not_operators_with_successor_space', + 'multiline_spaces_before_semicolon', + 'newline_after_open_tag', + 'ordered_use', + 'php_unit_construct', + 'phpdoc_order', + 'short_array_syntax', + ]); + +if (null === $input->getArgument('path')) { + $config + ->finder( + Symfony\CS\Finder\DefaultFinder::create() + ->in('src') + ->in('test') + ->exclude('vendor') + ); +} + +return $config; diff --git a/vendor/defuse/php-encryption/LICENSE b/vendor/defuse/php-encryption/LICENSE new file mode 100644 index 000000000..f3e7c8e60 --- /dev/null +++ b/vendor/defuse/php-encryption/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Taylor Hornby and Paragon Initiative +Enterprises . + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/defuse/php-encryption/README.md b/vendor/defuse/php-encryption/README.md new file mode 100644 index 000000000..a8f29258d --- /dev/null +++ b/vendor/defuse/php-encryption/README.md @@ -0,0 +1,88 @@ +php-encryption +=============== + +[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption) + +This is a library for encrypting data with a key or password in PHP. **It +requires PHP 5.4 or newer.** The current version is v2.0.0, which is expected to +remain stable and supported by its authors with security and bugfixes until at +least January 1st, 2019. + +The library is a joint effort between [Taylor Hornby](https://defuse.ca/) and +[Scott Arciszewski](https://paragonie.com/blog/author/scott-arcizewski) as well +as numerous open-source contributors. + +What separates this library from other PHP encryption libraries is, firstly, +that it is secure. The authors used to encounter insecure PHP encryption code on +a daily basis, so they created this library to bring more security to the +ecosystem. Secondly, this library is "difficult to misuse." Like +[libsodium](https://github.com/jedisct1/libsodium), its API is designed to be +easy to use in a secure way and hard to use in an insecure way. + +Dependencies +------------ + +This library requres no special dependencies except for PHP 5.4 or newer with +the OpenSSL extensions enabled (this is the default). It uses +[random\_compat](https://github.com/paragonie/random_compat), which is bundled +in with this library so that your users will not need to follow any special +installation steps. + +Getting Started +---------------- + +Start with the [**Tutorial**](docs/Tutorial.md). You can find instructions for +obtaining this library's code securely in the [Installing and +Verifying](docs/InstallingAndVerifying.md) documentation. + +After you've read the tutorial and got the code, refer to the formal +documentation for each of the classes this library provides: + +- [Crypto](docs/classes/Crypto.md) +- [File](docs/classes/File.md) +- [Key](docs/classes/Key.md) +- [KeyProtectedByPassword](docs/classes/KeyProtectedByPassword.md) + +If you encounter difficulties, see the [FAQ](docs/FAQ.md) answers. The fixes to +the most commonly-reported problems are explained there. + +If you're a cryptographer and want to understand the nitty-gritty details of how +this library works, look at the [Cryptography Details](docs/CryptoDetails.md) +documentation. + +If you're interested in contributing to this library, see the [Internal +Developer Documentation](docs/InternalDeveloperDocs.md). + +Examples +--------- + +If the documentation is not enough for you to understand how to use this +library, then you can look at an example project that uses this library: + +- [encutil](https://github.com/defuse/encutil) +- [fileencrypt](https://github.com/tsusanka/fileencrypt) + +Security Audit Status +--------------------- + +This code has not been subjected to a formal, paid, security audit. However, it +has received lots of review from members of the PHP security community, and the +authors are experienced with cryptography. In all likelihood, you are safer +using this library than almost any other encryption library for PHP. + +If you use this library as a part of your business and would like to help fund +a formal audit, please [contact Taylor Hornby](https://defuse.ca/contact.htm). + +Public Keys +------------ + +The GnuPG public key used to sign releases is available in +[dist/signingkey.asc](https://github.com/defuse/php-encryption/raw/master/dist/signingkey.asc). Its fingerprint is: + +``` +2FA6 1D8D 99B9 2658 6BAC 3D53 385E E055 A129 1538 +``` + +You can verify it against the Taylor Hornby's [contact +page](https://defuse.ca/contact.htm) and +[twitter](https://twitter.com/DefuseSec/status/723741424253059074). diff --git a/vendor/defuse/php-encryption/bin/generate-defuse-key b/vendor/defuse/php-encryption/bin/generate-defuse-key new file mode 100644 index 000000000..24e31b5e0 --- /dev/null +++ b/vendor/defuse/php-encryption/bin/generate-defuse-key @@ -0,0 +1,14 @@ +#!/usr/bin/env php +saveToAsciiSafeString(), "\n"; diff --git a/vendor/defuse/php-encryption/composer.json b/vendor/defuse/php-encryption/composer.json new file mode 100644 index 000000000..866b4975e --- /dev/null +++ b/vendor/defuse/php-encryption/composer.json @@ -0,0 +1,35 @@ +{ + "name": "defuse/php-encryption", + "description": "Secure PHP Encryption Library", + "license": "MIT", + "keywords": ["security", "encryption", "AES", "openssl", "cipher", "cryptography", "symmetric key cryptography", "crypto", "encrypt", "authenticated encryption"], + "authors": [ + { + "name": "Taylor Hornby", + "email": "taylor@defuse.ca", + "homepage": "https://defuse.ca/" + }, + { + "name": "Scott Arciszewski", + "email": "info@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "autoload": { + "psr-4": { + "Defuse\\Crypto\\": "src" + } + }, + "require": { + "paragonie/random_compat": "~2.0", + "ext-openssl": "*", + "php": ">=5.4.0" + }, + "require-dev": { + "phpunit/phpunit": "^4|^5", + "nikic/php-parser": "^2.0|^3.0" + }, + "bin": [ + "bin/generate-defuse-key" + ] +} diff --git a/vendor/defuse/php-encryption/dist/Makefile b/vendor/defuse/php-encryption/dist/Makefile new file mode 100644 index 000000000..4b65c9ec4 --- /dev/null +++ b/vendor/defuse/php-encryption/dist/Makefile @@ -0,0 +1,37 @@ +# This builds defuse-crypto.phar. To run this Makefile, `box` and `composer` +# must be installed and in your $PATH. Run it from inside the dist/ directory. + +box := $(shell which box) +composer := "composer" + +.PHONY: all +all: build-phar + +.PHONY: sign-phar +sign-phar: + gpg -u 7B4B2D98 --armor --output defuse-crypto.phar.sig --detach-sig defuse-crypto.phar + +# ensure we run in clean tree. export git tree and run there. +.PHONY: build-phar +build-phar: + @echo "Creating .phar from revision $(shell git rev-parse HEAD)." + rm -rf worktree + install -d worktree + (cd $(CURDIR)/..; git archive HEAD) | tar -x -C worktree + $(MAKE) -f $(CURDIR)/Makefile -C worktree defuse-crypto.phar + mv worktree/*.phar . + rm -rf worktree + +.PHONY: clean +clean: + rm -vf defuse-crypto.phar defuse-crypto.phar.sig + +# Inside workdir/: + +defuse-crypto.phar: dist/box.json composer.lock + cp dist/box.json . + php -d phar.readonly=0 $(box) build -c box.json -v + +composer.lock: + $(composer) install --no-dev + diff --git a/vendor/defuse/php-encryption/dist/box.json b/vendor/defuse/php-encryption/dist/box.json new file mode 100644 index 000000000..f225f781e --- /dev/null +++ b/vendor/defuse/php-encryption/dist/box.json @@ -0,0 +1,25 @@ +{ + "chmod": "0755", + "finder": [ + { + "in": "src", + "name": "*.php" + }, + { + "in": "vendor/composer", + "name": "*.php" + }, + { + "in": "vendor/paragonie", + "name": "*.php", + "exclude": "other" + } + ], + "compactors": [ + "Herrera\\Box\\Compactor\\Php" + ], + "main": "vendor/autoload.php", + "output": "defuse-crypto.phar", + "shebang": false, + "stub": true +} diff --git a/vendor/defuse/php-encryption/dist/signingkey.asc b/vendor/defuse/php-encryption/dist/signingkey.asc new file mode 100644 index 000000000..63b6aa3dd --- /dev/null +++ b/vendor/defuse/php-encryption/dist/signingkey.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFarvO4BEACdQBaLt6SUBx1cB5liUu1qo+YwVLh9bxTregQtmEREMdTVqXYt +e5b79uL4pQp2GlKHcEyRURS+6rIIruM0oh9ZYGTJYPAkCDzJxaU2awZeFbfBvpCm +iF66/O4ZJI4mlT8dFKmxBJxDhfeOR2UmmhDiEsJK9FxBKUzvo/dWrX2pBzf8Y122 +iIaVraSo+tymaf7vriaIf/NnSKhDw8dtQYGM4NMrxxsPTfbCF8XiboDgTkoD2A+6 +NpOJYxA4Veedsf2TP9YLhljH4m5yYlfjjqBzbBCPWuE6Hhy5Xze9mncgDr7LKenm +Ctf2NxW6y4O3RCI+9eLlBfFWB+KuGV87/b5daetX7NNLbjID8z2rqEa+d6wu5xA5 +Ta2uiVkAOEovr3XnkayZ9zth+Za7w7Ai0ln0N/LVMkM+Gu4z/pJv6HjmTGDM2wJb +fs+UOM0TFdg+N81Do67XT2M4o0MeHyUqsIiWpYa2Qf1PNmqTQNJnRk8uZZ9I96Nh +eCgNuCbhsQiYBMicox+xmuWAlGAfA06y0kCtmqGhiBGArdJlWvUqPqGiZ4Hln9z0 +FJmXDOh0Q/FIPxcDg8mKRRbx+lOP389PLsPpj4b2B/4PEgfpCCOwuKpLotATZxC1 +9JwFk0Y/cvUUkq4a+nAJBNtBbtRJkEesuuUnRq6XexmnE3uUucDcV0XCSwARAQAB +tCBUYXlsb3IgSG9ybmJ5IDx0YXlsb3JAZGVmdXNlLmNhPokCPQQTAQgAJwUCVqu8 +7gIbAwUJB4TOAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA4XuBVoSkVOJbx +EACG0F9blPMAsK05EWyNnnS4mw25zPfbaqqEvYbquAeM0nBpRDm7sRn2MNR0AL4g +7XrtxE/4qYkdEl6f2wFCQeRhZgxE3w22llredzLme11Hic8hn4i7ysdIw0r9dMMR +kjgR5UcWpv8iU847czyK09PkKW2EaLRbX2qbA7rNU5qCFKeD4Sy4bBTteISeVsHo +Vr9o1/bRrMhgZ++ts8hYf0LmujIf5cxp+qcdKwCXSnS/gmmXaKRMCPv/Wdlq9bt6 +LX9jZB9lXBdGxcBJeFOsTG+QRDiVjg3d6i3o3TAKV87ALBI4v2ADEYtN8lviHo3/ +SovVKv6zrUsZHxhoGiLTiksNrYsKMmiMxdJCoOazmtUPnZ4UOtT8NdqMPoKvdoRz +f4rhZ+f5jSVD9OuX2PDmfyq21Rdiym7Vcgr+uTIFJ3ShRHjWb/ytCwoB2FeGY6+G +AKY58bTQvUIqEJvSov/+TAqZ4BfOuSdTLcHglV1OdUu2SFZvU2gmyVp0l5elGv5t +FyUlBJUkQT9MtvsdLOR7vQi8QapV+9LWpqwvaj9hyEJz848DQ2sdYTphUytFHv7H +k58DAtVhTrVjHyeefjiYtMl6vSAgTjy5LWAUpo5TfhdGrAi0Tdd/GD7amHoWoDy8 +EKXKq2xPLo3JOdkWYQUi5NErzEskfsSzpCOgyDJmGetWK7kCDQRWq7zuARAAu7/i +cm8cjgLhHEX/bgfwOT2hLOLSjjve0O8YFSuJO9XqIHXqmfVOrqWtfG0Mh4bwlfqc +MAvBfF5NSSPfAE4ftBAQ1e5jEv8hJeqICpq3IHTFX4etBs49NfNkyveQl/amVTu1 ++/O5J4CuIcsEf3y0Xuu38n7EB3SfMQCWLcOR1NyZoX3bI+CGRpOVVoFse3ljSWL4 +LhLVl0WiEMXULsussEoN+c6x9KCyAi/jFOrxrTrFC//sZesKj6KucoqKGfwMWrrv +IeRT9Ga8Wn5MJnQu0aWg+zVVYqTedXZLNLODgQIInFnXO0seBXy15yDok1y5bkx2 +sinKg4+mueYaGUpoUti0hM3J3yaC34i6Cwa8MQoLNw1JIS/oNtKjpMxyV10w8aoc +PHRK3n7UYp10mJHx7aM+lldSKvVS1NTQmI4vloNLwMp324H5ANDFAlRUz7mysVnu +DEEvigPSPxs5ZYENu/i7pCQC5qHfhrlBrQwTjhegr0pQPcumy2fO5SGC9l/5B7ev +bqQSZmDeWWoTvh2w2wl5/RWAsgZKx6rDtkCqYx7sSBY17uorrxP24LP4zhq7NxRV +nfdsLogbCFNVQ66u7qvq5zFccdFtg9h1HQWdS7wbnKSBGZoo5gl6js7GGtxfGbb0 +oQ9kp6eciF4U92r6POhVgbRe4CfPo50nqgZBddkAEQEAAYkCJQQYAQgADwUCVqu8 +7gIbDAUJB4TOAAAKCRA4XuBVoSkVOFJ8D/9J8IJ4XWUU3FYIaHJ3XeSoxDmTi7d5 +WmNdf1lmwz82MQjG4uw17oCbvQzmj4/a/CM1Ly4v0WwBhUf9aiNErD0ByHASFnuc +tlQBLVJdk0vRyD0fZakGg64qCA76hiySjMhlGHkQFyP2mDORc2GNu/OqFGm79pXT +ZUplXxd431E603/agM5xJrweutMMpP1nBFTSEMJvbMNzDVN8I1A1CH4zVmAVxOUk +sQ5L5rXW+KeXWyiMF24+l2CMnkQ2CxfHpkcpfPJs1Cbt+TIBSSofIqK8QJXrb/2f +Zpl/ftqW7Xe86rJFrB/Y/77LDWx10rqWEvfCqrBxrMj7ONAQfbKQF/IjAwDN17Wf +1K74rqKnRu+KHCyNM89s1iDbQC9kzZfzYt4AEOvAH/ZQDMZffzPSbnfkBerExFpa +93XMuiR66jiBsf9IXIQeydpJD4Ogl2sSUSxFEJxJ/bBSxPxC5w7/BVMA7Am1y8Zo +3hrpqnX2PBzxG7L0FZ6fYkfR3p8JS7vI6nByBf2IDv8W32wn43olPf+u6uobHLvt +ttapOjwPAhPDalRuxs9U6WSg06QJkT/0F8TFUPWpsFmKTl+G4Ty7PHWsjeeNHJCL +7/5RQboFY3k8Jy3/sIofABO6Un9LJivDuu9PxqA0IgvaS6Mja8JdCCk9Nyk4vHB7 +IEgAL/CYqrk38w== +=lmD7 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/vendor/defuse/php-encryption/docs/CryptoDetails.md b/vendor/defuse/php-encryption/docs/CryptoDetails.md new file mode 100644 index 000000000..43abd72ab --- /dev/null +++ b/vendor/defuse/php-encryption/docs/CryptoDetails.md @@ -0,0 +1,64 @@ +Cryptography Details +===================== + +Here is a high-level description of how this library works. Any discrepancy +between this documentation and the actual implementation will be considered +a security bug. + +Let's start with the following definitions: + +- HKDF-SHA256(*k*, *n*, *info*, *s*) is the key derivation function specified in + RFC 5869 (using the SHA256 hash function). The parameters are: + - *k*: The initial keying material. + - *n*: The number of output bytes. + - *info*: The info string. + - *s*: The salt. +- AES-256-CTR(*m*, *k*, *iv*) is AES-256 encryption in CTR mode. The parameters + are: + - *m*: An arbitrary-length (possibly zero-length) message. + - *k*: A 32-byte key. + - *iv*: A 16-byte initialization vector (nonce). +- PBKDF2-SHA256(*p*, *s*, *i*, *n*) is the password-based key derivation + function defined in RFC 2898 (using the SHA256 hash function). The parameters + are: + - *p*: The password string. + - *s*: The salt string. + - *i*: The iteration count. + - *n*: The output length in bytes. +- VERSION is the string `"\xDE\xF5\x02\x00"`. +- AUTHINFO is the string `"DefusePHP|V2|KeyForAuthentication"`. +- ENCRINFO is the string `"DefusePHP|V2|KeyForEncryption"`. + +To encrypt a message *m* using a 32-byte key *k*, the following steps are taken: + +1. Generate a random 32-byte string *salt*. +2. Derive the 32-byte authentication key *akey* = HKDF-SHA256(*k*, 32, AUTHINFO, *salt*). +3. Derive the 32-byte encryption key *ekey* = HKDF-SHA256(*k*, 32, ENCRINFO, *salt*). +4. Generate a random 16-byte initialization vector *iv*. +5. Compute *c* = AES-256-CTR(*m*, *ekey*, *iv*). +6. Combine *ctxt* = VERSION || *salt* || *iv* || *c*. +7. Compute *h* = HMAC-SHA256(*ctxt*, *akey*). +8. Output *ctxt* || *h*. + +Decryption is roughly the reverse process (see the code for details, since the +security of the decryption routine is highly implementation-dependent). + +For encryption using a password *p*, steps 1-3 above are replaced by: + +1. Generate a random 32-byte string *salt*. +2. Compute *k* = PBKDF2-SHA256(SHA256(*p*), *salt*, 100000, 32). +3. Derive the 32-byte authentication key *akey* = HKDF-SHA256(*k*, 32, AUTHINFO, *salt*) +4. Derive the 32-byte encryption key *ekey* = HKDF-SHA256(*k*, 32, ENCRINFO, *salt*) + +The remainder of the process is the same. Notice the reuse of the same *salt* +for PBKDF2-SHA256 and HKDF-SHA256. The prehashing of the password in step 2 is +done to prevent a [DoS attack using long +passwords](https://github.com/defuse/php-encryption/issues/230). + +For `KeyProtectedByPassword`, the serialized key is encrypted according to the +password encryption defined above. However, the actual password used for +encryption is the SHA256 hash of the password the user provided. This is done in +order to provide domain separation between the message encryption in the user's +application and the internal key encryption done by this library. It fixes +a [key replacement chosen-protocol +attack](https://github.com/defuse/php-encryption/issues/240). diff --git a/vendor/defuse/php-encryption/docs/FAQ.md b/vendor/defuse/php-encryption/docs/FAQ.md new file mode 100644 index 000000000..135e235ce --- /dev/null +++ b/vendor/defuse/php-encryption/docs/FAQ.md @@ -0,0 +1,39 @@ +Frequently Asked Questions +=========================== + +How do I use this library to encrypt passwords? +------------------------------------------------ + +Passwords should not be encrypted, they should be hashed with a *slow* password +hashing function that's designed to slow down password guessing attacks. See +[How to Safely Store Your Users' Passwords in +2016](https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016). + +How do I give it the same key every time instead of a new random key? +---------------------------------------------------------------------- + +A `Key` object can be saved to a string by calling its `saveToAsciiSafeString()` +method. You will have to save that string somewhere safe, and then load it back +into a `Key` object using `Key`'s `loadFromAsciiSafeString` static method. + +Where you store the string depends on your application. For example if you are +using `KeyProtectedByPassword` to encrypt files with a user's login password, +then you should not store the `Key` at all. If you are protecting sensitive data +on a server that may be compromised, then you should store it in a hardware +security module. When in doubt, consult a security expert. + +Why is an EnvironmentIsBrokenException getting thrown? +------------------------------------------------------- + +Either you've encountered a bug in this library, or your system doesn't support +the use of this library. For example, if your system does not have a secure +random number generator, this library will refuse to run, by throwing that +exception, instead of falling back to an insecure random number generator. + +Why am I getting a BadFormatException when loading a Key from a string? +------------------------------------------------------------------------ + +If you're getting this exception, then the string you're giving to +`loadFromAsciiSafeString()` is *not* the same as the string you got from +`saveToAsciiSafeString()`. Perhaps your database column isn't wide enough and +it's truncating the string as you insert it? diff --git a/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md b/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md new file mode 100644 index 000000000..12b5fee43 --- /dev/null +++ b/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md @@ -0,0 +1,53 @@ +Getting The Code +================= + +There are two ways to use this library in your applications. You can either: + +1. Use [Composer](https://getcomposer.org/), or +2. `require_once` a single `.phar` file in your application. + +If you are not using either option (for example, because you're using Git submodules), you may need to write your own autoloader ([example](https://gist.github.com/paragonie-scott/949daee819bb7f19c50e5e103170b400)). + +Option 1: Using Composer +------------------------- + +Run this inside the directory of your composer-enabled project: + +```sh +composer require defuse/php-encryption +``` + +Unfortunately, composer doesn't provide a way for you to verify that the code +you're getting was signed by this library's authors. If you want a more secure +option, use the `.phar` method described below. + +Option 2: Including a PHAR +---------------------------- + +The `.phar` option lets you include this library into your project simply by +calling `require_once` on a single file. Download `defuse-crypto.phar` and +`defuse-crypto.phar.sig` from this project's +[releases](https://github.com/defuse/php-encryption/releases) page. + +You should verify the integrity of the `.phar`. The `defuse-crypto.phar.sig` +contains the signature of `defuse-crypto.phar`. It is signed with Taylor +Hornby's PGP key. You can find Taylor's public key in `dist/signingkey.asc`. You +can verify the public key's fingerprint against the Taylor Hornby's [contact +page](https://defuse.ca/contact.htm) and +[twitter](https://twitter.com/DefuseSec/status/723741424253059074). + +Once you have verified the signature, it is safe to use the `.phar`. Place it +somewhere in your file system, e.g. `/var/www/lib/defuse-crypto.phar`, and then +pass that path to `require_once`. + +```php + Whenever there is a conflict between security and some other property, + > security will be favored. For example, the library has runtime tests, + > which make it slower, but will hopefully stop it from encrypting stuff + > if the platform it's running on is broken. + +- Rule #2: It should be difficult to misuse the library. + + > We assume the developers using this library have no experience with + > cryptography. We only assume that they know that the "key" is something + > you need to encrypt and decrypt the messages, and that it must be kept + > secret. Whenever possible, the library should refuse to encrypt or decrypt + > messages when it is not being used correctly. + +- Rule #3: The library aims only to be compatible with itself. + + > Other PHP encryption libraries try to support every possible type of + > encryption, even the insecure ones (e.g. ECB mode). Because there are so + > many options, inexperienced developers must decide whether to use "CBC + > mode" or "ECB mode" when both are meaningless terms to them. This + > inevitably leads to vulnerabilities. + + > This library will only support one secure mode. A developer using this + > library will call "encrypt" and "decrypt" methods without worrying about + > how they are implemented. + +- Rule #4: The library should require no special installation. + + > Some PHP encryption libraries, like libsodium-php, are not straightforward + > to install and cannot packaged with "just download and extract" + > applications. This library will always be just a handful of PHP files that + > you can copy to your source tree and require(). + +Publishing Releases +-------------------- + +To make a release, you will need to install [composer](https://getcomposer.org/) +and [box](https://github.com/box-project/box2) on your system. They will need to +be available in your `$PATH` so that running the commands `composer` and `box` +in your terminal run them, respectively. You will also need the private key for +signing (ID: 7B4B2D98) available. + +Once you have those tools installed and the key available follow these steps: + +**Remember to set the version number in `composer.json`!** + +Make a fresh clone of the repository: + +``` +git clone +``` + +Check out the branch you want to release: + +``` +git checkout +``` + +Check that the version number in composer.json is correct: + +``` +cat composer.json +``` + +Run the tests: + +``` +composer install +./test.sh +``` + +Generate the `.phar`: + +``` +cd dist +make build-phar +``` + +Test the `.phar`: + +``` +cd ../ +./test.sh dist/defuse-crypto.phar +``` + +Sign the `.phar`: + +``` +cd dist +make sign-phar +``` + +Tag the release: + +``` +git -c user.signingkey=7B4B2D98 tag -s "" -m "" +``` + +`` should be in the format `v2.0.0` and `` should look +like "Release of v2.0.0." + +Push the tag to github, then use the +[releases](https://github.com/defuse/php-encryption/releases) page to draft +a new release for that tag. Upload the `.phar` and the `.phar.sig` file to be +included as part of that release. diff --git a/vendor/defuse/php-encryption/docs/Tutorial.md b/vendor/defuse/php-encryption/docs/Tutorial.md new file mode 100644 index 000000000..40285cc33 --- /dev/null +++ b/vendor/defuse/php-encryption/docs/Tutorial.md @@ -0,0 +1,298 @@ +Tutorial +========= + +Hello! If you're reading this file, it's because you want to add encryption to +one of your PHP projects. My job, as the person writing this documentation, is +to help you make sure you're doing the right thing and then show you how to use +this library to do it. To help me help you, please read the documentation +*carefully* and *deliberately*. + +A Word of Caution +------------------ + +Encryption is not magic dust you can sprinkle on a system to make it more +secure. The way encryption is integrated into a system's design needs to be +carefully thought out. Sometimes, encryption is the wrong thing to use. Other +times, encryption needs to be used in a very specific way in order for it to +work as intended. Even if you are sure of what you are doing, we strongly +recommend seeking advice from an expert. + +The first step is to think about your application's threat model. Ask yourself +the following questions. Who will want to attack my application, and what will +they get out of it? Are they trying to steal some information? Trying to alter +or destroy some information? Or just trying to make the system go down so people +can't access it? Then ask yourself how encryption can help combat those threats. +If you're going to add encryption to your application, you should have a very +clear idea of exactly which kinds of attacks it's helping to secure your +application against. Once you have your threat model, think about what kinds of +attacks it *does not* cover, and whether or not you should improve your threat +model to include those attacks. + +**This isn't for storing user login passwords:** The most common use of +cryptography in web applications is to protect the users' login passwords. If +you're trying to use this library to "encrypt" your users' passwords, you're in +the wrong place. Passwords shouldn't be *encrypted*, they should be *hashed* +with a slow computation-heavy function that makes password guessing attacks more +expensive. See [How to Safely Store Your Users' Passwords in +2016](https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016). + +**This isn't for encrypting network communication:** Likewise, if you're trying +to encrypt messages sent between two parties over the Internet, you don't want +to be using this library. For that, set up a TLS connection between the two +points, or, if it's a chat app, use the [Signal +Protocol](https://whispersystems.org/blog/advanced-ratcheting/). + +What this library provides is symmetric encryption for "data at rest." This +means it is not suitable for use in building protocols where "data is in motion" +(i.e. moving over a network) except in limited set of cases. + +Getting the Code +----------------- + +There are several different ways to obtain this library's code and to add it to +your project. Even if you've already cloned the code from GitHub, you should +take steps to verify the cryptographic signatures to make sure the code you got +was not intercepted and modified by an attacker. + +Please head over to the [**Installing and +Verifying**](InstallingAndVerifying.md) documentation to get the code, and then +come back here to continue the tutorial. + +Using the Library +------------------ + +I'm going to assume you know what symmetric encryption is, and the difference +between symmetric and asymmetric encryption. If you don't, I recommend taking +[Dan Boneh's Cryptography I course](https://www.coursera.org/learn/crypto/) on +Coursera. + +To give you a quick introduction to the library, I'm going to explain how it +would be used in two sterotypical scenarios. Hopefully, one of these sterotypes +is close enough to what you want to do that you'll be able to figure out what +needs to be different on your own. + +### Formal Documentation + +While this tutorial should get you up and running fast, it's important to +understand how this library behaves. Please make sure to read the formal +documentation of all of the functions you're using, since there are some +important security warnings there. + +The following classes are available for you to use: + +- [Crypto](classes/Crypto.md): Encrypting and decrypting strings. +- [File](classes/File.md): Encrypting and decrypting files. +- [Key](classes/Key.md): Represents a secret encryption key. +- [KeyProtectedByPassword](classes/KeyProtectedByPassword.md): Represents + a secret encryption key that needs to be "unlocked" by a password before it + can be used. + +### Scenario #1: Keep data secret from the database administrator + +In this scenario, our threat model is as follows. Alice is a server +administrator responsible for managing a trusted web server. Eve is a database +administrator responsible for managing a database server. Dave is a web +developer working on code that will eventually run on the trusted web server. + +Let's say Alice and Dave trust each other, and Alice is going to host Dave's +application on her server. But both Alice and Dave don't trust Eve. They know +Eve is a good database administrator, but she might have incentive to steal the +data from the database. They want to keep some of the web application's data +secret from Eve. + +In order to do that, Alice will use the included `generate-defuse-key` script +which generates a random encryption key and prints it to standard output: + +```sh +$ composer require defuse/php-encryption +$ vendor/bin/generate-defuse-key +``` + +Alice will run this script once and save the output to a configuration file, say +in `/etc/daveapp-secret-key.txt` and set the file permissions so that only the +user that the website PHP scripts run as can access it. + +Dave will write his code to load the key from the configuration file: + +```php +saveToAsciiSafeString(); + // ... save $protected_key_encoded into the user's account record +} +``` + +Then, when the user logs in, Dave's code will load the protected key from the +user's account record, unlock it to get a `Key` object, and save the `Key` +object somewhere safe (like temporary memory-backed session storage). Note that +wherever Dave's code saves the key, it must be destroyed once the user logs out, +or else the attacker might be able to find users' keys even if they were never +logged in during the attack. + +```php +unlockKey($password); +$user_key_encoded = $user_key->saveToAsciiSafeString(); +// ... save $user_key_encoded in the session +``` + +```php + + + + + + diff --git a/vendor/defuse/php-encryption/src/Core.php b/vendor/defuse/php-encryption/src/Core.php new file mode 100644 index 000000000..3f5ed5224 --- /dev/null +++ b/vendor/defuse/php-encryption/src/Core.php @@ -0,0 +1,446 @@ + PHP_INT_MAX - 255) { + throw new Ex\EnvironmentIsBrokenException( + 'Integer overflow may occur.' + ); + } + + /* + * We start at the rightmost byte (big-endian) + * So, too, does OpenSSL: http://stackoverflow.com/a/3146214/2224584 + */ + for ($i = Core::BLOCK_BYTE_SIZE - 1; $i >= 0; --$i) { + $sum = \ord($ctr[$i]) + $inc; + + /* Detect integer overflow and fail. */ + if (! \is_int($sum)) { + throw new Ex\EnvironmentIsBrokenException( + 'Integer overflow in CTR mode nonce increment.' + ); + } + + $ctr[$i] = \pack('C', $sum & 0xFF); + $inc = $sum >> 8; + } + return $ctr; + } + + /** + * Returns a random byte string of the specified length. + * + * @param int $octets + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + public static function secureRandom($octets) + { + self::ensureFunctionExists('random_bytes'); + try { + return \random_bytes($octets); + } catch (\Exception $ex) { + throw new Ex\EnvironmentIsBrokenException( + 'Your system does not have a secure random number generator.' + ); + } + } + + /** + * Computes the HKDF key derivation function specified in + * http://tools.ietf.org/html/rfc5869. + * + * @param string $hash Hash Function + * @param string $ikm Initial Keying Material + * @param int $length How many bytes? + * @param string $info What sort of key are we deriving? + * @param string $salt + * + * @throws Ex\EnvironmentIsBrokenException + * @psalm-suppress UndefinedFunction - We're checking if the function exists first. + * + * @return string + */ + public static function HKDF($hash, $ikm, $length, $info = '', $salt = null) + { + static $nativeHKDF = null; + if ($nativeHKDF === null) { + $nativeHKDF = \is_callable('\\hash_hkdf'); + } + if ($nativeHKDF) { + return \hash_hkdf($hash, $ikm, $length, $info, $salt); + } + + $digest_length = Core::ourStrlen(\hash_hmac($hash, '', '', true)); + + // Sanity-check the desired output length. + if (empty($length) || ! \is_int($length) || + $length < 0 || $length > 255 * $digest_length) { + throw new Ex\EnvironmentIsBrokenException( + 'Bad output length requested of HKDF.' + ); + } + + // "if [salt] not provided, is set to a string of HashLen zeroes." + if (\is_null($salt)) { + $salt = \str_repeat("\x00", $digest_length); + } + + // HKDF-Extract: + // PRK = HMAC-Hash(salt, IKM) + // The salt is the HMAC key. + $prk = \hash_hmac($hash, $ikm, $salt, true); + + // HKDF-Expand: + + // This check is useless, but it serves as a reminder to the spec. + if (Core::ourStrlen($prk) < $digest_length) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // T(0) = '' + $t = ''; + $last_block = ''; + for ($block_index = 1; Core::ourStrlen($t) < $length; ++$block_index) { + // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??) + $last_block = \hash_hmac( + $hash, + $last_block . $info . \chr($block_index), + $prk, + true + ); + // T = T(1) | T(2) | T(3) | ... | T(N) + $t .= $last_block; + } + + // ORM = first L octets of T + /** @var string $orm */ + $orm = Core::ourSubstr($t, 0, $length); + if (!\is_string($orm)) { + throw new Ex\EnvironmentIsBrokenException(); + } + return $orm; + } + + /** + * Checks if two equal-length strings are the same without leaking + * information through side channels. + * + * @param string $expected + * @param string $given + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return bool + */ + public static function hashEquals($expected, $given) + { + static $native = null; + if ($native === null) { + $native = \function_exists('hash_equals'); + } + if ($native) { + return \hash_equals($expected, $given); + } + + // We can't just compare the strings with '==', since it would make + // timing attacks possible. We could use the XOR-OR constant-time + // comparison algorithm, but that may not be a reliable defense in an + // interpreted language. So we use the approach of HMACing both strings + // with a random key and comparing the HMACs. + + // We're not attempting to make variable-length string comparison + // secure, as that's very difficult. Make sure the strings are the same + // length. + if (Core::ourStrlen($expected) !== Core::ourStrlen($given)) { + throw new Ex\EnvironmentIsBrokenException(); + } + + $blind = Core::secureRandom(32); + $message_compare = \hash_hmac(Core::HASH_FUNCTION_NAME, $given, $blind); + $correct_compare = \hash_hmac(Core::HASH_FUNCTION_NAME, $expected, $blind); + return $correct_compare === $message_compare; + } + /** + * Throws an exception if the constant doesn't exist. + * + * @param string $name + * @return void + * + * @throws Ex\EnvironmentIsBrokenException + */ + public static function ensureConstantExists($name) + { + if (! \defined($name)) { + throw new Ex\EnvironmentIsBrokenException(); + } + } + + /** + * Throws an exception if the function doesn't exist. + * + * @param string $name + * @return void + * + * @throws Ex\EnvironmentIsBrokenException + */ + public static function ensureFunctionExists($name) + { + if (! \function_exists($name)) { + throw new Ex\EnvironmentIsBrokenException(); + } + } + + /* + * We need these strlen() and substr() functions because when + * 'mbstring.func_overload' is set in php.ini, the standard strlen() and + * substr() are replaced by mb_strlen() and mb_substr(). + */ + + /** + * Computes the length of a string in bytes. + * + * @param string $str + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return int + */ + public static function ourStrlen($str) + { + static $exists = null; + if ($exists === null) { + $exists = \function_exists('mb_strlen'); + } + if ($exists) { + $length = \mb_strlen($str, '8bit'); + if ($length === false) { + throw new Ex\EnvironmentIsBrokenException(); + } + return $length; + } else { + return \strlen($str); + } + } + + /** + * Behaves roughly like the function substr() in PHP 7 does. + * + * @param string $str + * @param int $start + * @param int $length + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string|bool + */ + public static function ourSubstr($str, $start, $length = null) + { + static $exists = null; + if ($exists === null) { + $exists = \function_exists('mb_substr'); + } + + if ($exists) { + // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP + // 5.3, so we have to find the length ourselves. + if (! isset($length)) { + if ($start >= 0) { + $length = Core::ourStrlen($str) - $start; + } else { + $length = -$start; + } + } + + // This is required to make mb_substr behavior identical to substr. + // Without this, mb_substr() would return false, contra to what the + // PHP documentation says (it doesn't say it can return false.) + if ($start === Core::ourStrlen($str) && $length === 0) { + return ''; + } + + if ($start > Core::ourStrlen($str)) { + return false; + } + + $substr = \mb_substr($str, $start, $length, '8bit'); + if (Core::ourStrlen($substr) !== $length) { + throw new Ex\EnvironmentIsBrokenException( + 'Your version of PHP has bug #66797. Its implementation of + mb_substr() is incorrect. See the details here: + https://bugs.php.net/bug.php?id=66797' + ); + } + return $substr; + } + + // Unlike mb_substr(), substr() doesn't accept NULL for length + if (isset($length)) { + return \substr($str, $start, $length); + } else { + return \substr($str, $start); + } + } + + /** + * Computes the PBKDF2 password-based key derivation function. + * + * The PBKDF2 function is defined in RFC 2898. Test vectors can be found in + * RFC 6070. This implementation of PBKDF2 was originally created by Taylor + * Hornby, with improvements from http://www.variations-of-shadow.com/. + * + * @param string $algorithm The hash algorithm to use. Recommended: SHA256 + * @param string $password The password. + * @param string $salt A salt that is unique to the password. + * @param int $count Iteration count. Higher is better, but slower. Recommended: At least 1000. + * @param int $key_length The length of the derived key in bytes. + * @param bool $raw_output If true, the key is returned in raw binary format. Hex encoded otherwise. + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string A $key_length-byte key derived from the password and salt. + */ + public static function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) + { + // Type checks: + if (! \is_string($algorithm)) { + throw new \InvalidArgumentException( + 'pbkdf2(): algorithm must be a string' + ); + } + if (! \is_string($password)) { + throw new \InvalidArgumentException( + 'pbkdf2(): password must be a string' + ); + } + if (! \is_string($salt)) { + throw new \InvalidArgumentException( + 'pbkdf2(): salt must be a string' + ); + } + // Coerce strings to integers with no information loss or overflow + $count += 0; + $key_length += 0; + + $algorithm = \strtolower($algorithm); + if (! \in_array($algorithm, \hash_algos(), true)) { + throw new Ex\EnvironmentIsBrokenException( + 'Invalid or unsupported hash algorithm.' + ); + } + + // Whitelist, or we could end up with people using CRC32. + $ok_algorithms = [ + 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', + 'ripemd160', 'ripemd256', 'ripemd320', 'whirlpool', + ]; + if (! \in_array($algorithm, $ok_algorithms, true)) { + throw new Ex\EnvironmentIsBrokenException( + 'Algorithm is not a secure cryptographic hash function.' + ); + } + + if ($count <= 0 || $key_length <= 0) { + throw new Ex\EnvironmentIsBrokenException( + 'Invalid PBKDF2 parameters.' + ); + } + + if (\function_exists('hash_pbkdf2')) { + // The output length is in NIBBLES (4-bits) if $raw_output is false! + if (! $raw_output) { + $key_length = $key_length * 2; + } + return \hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output); + } + + $hash_length = Core::ourStrlen(\hash($algorithm, '', true)); + $block_count = \ceil($key_length / $hash_length); + + $output = ''; + for ($i = 1; $i <= $block_count; $i++) { + // $i encoded as 4 bytes, big endian. + $last = $salt . \pack('N', $i); + // first iteration + $last = $xorsum = \hash_hmac($algorithm, $last, $password, true); + // perform the other $count - 1 iterations + for ($j = 1; $j < $count; $j++) { + $xorsum ^= ($last = \hash_hmac($algorithm, $last, $password, true)); + } + $output .= $xorsum; + } + + if ($raw_output) { + return (string) Core::ourSubstr($output, 0, $key_length); + } else { + return Encoding::binToHex((string) Core::ourSubstr($output, 0, $key_length)); + } + } +} diff --git a/vendor/defuse/php-encryption/src/Crypto.php b/vendor/defuse/php-encryption/src/Crypto.php new file mode 100644 index 000000000..fdb411c76 --- /dev/null +++ b/vendor/defuse/php-encryption/src/Crypto.php @@ -0,0 +1,393 @@ +deriveKeys($salt); + $ekey = $keys->getEncryptionKey(); + $akey = $keys->getAuthenticationKey(); + $iv = Core::secureRandom(Core::BLOCK_BYTE_SIZE); + + $ciphertext = Core::CURRENT_VERSION . $salt . $iv . self::plainEncrypt($plaintext, $ekey, $iv); + $auth = \hash_hmac(Core::HASH_FUNCTION_NAME, $ciphertext, $akey, true); + $ciphertext = $ciphertext . $auth; + + if ($raw_binary) { + return $ciphertext; + } + return Encoding::binToHex($ciphertext); + } + + /** + * Decrypts a ciphertext to a string with either a key or a password. + * + * @param string $ciphertext + * @param KeyOrPassword $secret + * @param bool $raw_binary + * + * @throws Ex\EnvironmentIsBrokenException + * @throws Ex\WrongKeyOrModifiedCiphertextException + * + * @return string + */ + private static function decryptInternal($ciphertext, KeyOrPassword $secret, $raw_binary) + { + RuntimeTests::runtimeTest(); + + if (! $raw_binary) { + try { + $ciphertext = Encoding::hexToBin($ciphertext); + } catch (Ex\BadFormatException $ex) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Ciphertext has invalid hex encoding.' + ); + } + } + + if (Core::ourStrlen($ciphertext) < Core::MINIMUM_CIPHERTEXT_SIZE) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Ciphertext is too short.' + ); + } + + // Get and check the version header. + /** @var string $header */ + $header = Core::ourSubstr($ciphertext, 0, Core::HEADER_VERSION_SIZE); + if ($header !== Core::CURRENT_VERSION) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Bad version header.' + ); + } + + // Get the salt. + /** @var string $salt */ + $salt = Core::ourSubstr( + $ciphertext, + Core::HEADER_VERSION_SIZE, + Core::SALT_BYTE_SIZE + ); + if (!\is_string($salt)) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Get the IV. + /** @var string $iv */ + $iv = Core::ourSubstr( + $ciphertext, + Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE, + Core::BLOCK_BYTE_SIZE + ); + if (!\is_string($iv)) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Get the HMAC. + /** @var string $hmac */ + $hmac = Core::ourSubstr( + $ciphertext, + Core::ourStrlen($ciphertext) - Core::MAC_BYTE_SIZE, + Core::MAC_BYTE_SIZE + ); + if (!\is_string($hmac)) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Get the actual encrypted ciphertext. + /** @var string $encrypted */ + $encrypted = Core::ourSubstr( + $ciphertext, + Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + + Core::BLOCK_BYTE_SIZE, + Core::ourStrlen($ciphertext) - Core::MAC_BYTE_SIZE - Core::SALT_BYTE_SIZE - + Core::BLOCK_BYTE_SIZE - Core::HEADER_VERSION_SIZE + ); + if (!\is_string($encrypted)) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Derive the separate encryption and authentication keys from the key + // or password, whichever it is. + $keys = $secret->deriveKeys($salt); + + if (self::verifyHMAC($hmac, $header . $salt . $iv . $encrypted, $keys->getAuthenticationKey())) { + $plaintext = self::plainDecrypt($encrypted, $keys->getEncryptionKey(), $iv, Core::CIPHER_METHOD); + return $plaintext; + } else { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Integrity check failed.' + ); + } + } + + /** + * Raw unauthenticated encryption (insecure on its own). + * + * @param string $plaintext + * @param string $key + * @param string $iv + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + protected static function plainEncrypt($plaintext, $key, $iv) + { + Core::ensureConstantExists('OPENSSL_RAW_DATA'); + Core::ensureFunctionExists('openssl_encrypt'); + /** @var string $ciphertext */ + $ciphertext = \openssl_encrypt( + $plaintext, + Core::CIPHER_METHOD, + $key, + OPENSSL_RAW_DATA, + $iv + ); + + if (!\is_string($ciphertext)) { + throw new Ex\EnvironmentIsBrokenException( + 'openssl_encrypt() failed.' + ); + } + + return $ciphertext; + } + + /** + * Raw unauthenticated decryption (insecure on its own). + * + * @param string $ciphertext + * @param string $key + * @param string $iv + * @param string $cipherMethod + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + protected static function plainDecrypt($ciphertext, $key, $iv, $cipherMethod) + { + Core::ensureConstantExists('OPENSSL_RAW_DATA'); + Core::ensureFunctionExists('openssl_decrypt'); + + /** @var string $plaintext */ + $plaintext = \openssl_decrypt( + $ciphertext, + $cipherMethod, + $key, + OPENSSL_RAW_DATA, + $iv + ); + if (!\is_string($plaintext)) { + throw new Ex\EnvironmentIsBrokenException( + 'openssl_decrypt() failed.' + ); + } + + return $plaintext; + } + + /** + * Verifies an HMAC without leaking information through side-channels. + * + * @param string $expected_hmac + * @param string $message + * @param string $key + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return bool + */ + protected static function verifyHMAC($expected_hmac, $message, $key) + { + $message_hmac = \hash_hmac(Core::HASH_FUNCTION_NAME, $message, $key, true); + return Core::hashEquals($message_hmac, $expected_hmac); + } +} diff --git a/vendor/defuse/php-encryption/src/DerivedKeys.php b/vendor/defuse/php-encryption/src/DerivedKeys.php new file mode 100644 index 000000000..86a48e5ea --- /dev/null +++ b/vendor/defuse/php-encryption/src/DerivedKeys.php @@ -0,0 +1,50 @@ +akey; + } + + /** + * Returns the encryption key. + * @return string + */ + public function getEncryptionKey() + { + return $this->ekey; + } + + /** + * Constructor for DerivedKeys. + * + * @param string $akey + * @param string $ekey + */ + public function __construct($akey, $ekey) + { + $this->akey = $akey; + $this->ekey = $ekey; + } +} diff --git a/vendor/defuse/php-encryption/src/Encoding.php b/vendor/defuse/php-encryption/src/Encoding.php new file mode 100644 index 000000000..001fb6e89 --- /dev/null +++ b/vendor/defuse/php-encryption/src/Encoding.php @@ -0,0 +1,270 @@ +> 4; + $hex .= \pack( + 'CC', + 87 + $b + ((($b - 10) >> 8) & ~38), + 87 + $c + ((($c - 10) >> 8) & ~38) + ); + } + return $hex; + } + + /** + * Converts a hexadecimal string into a byte string without leaking + * information through side channels. + * + * @param string $hex_string + * + * @throws Ex\BadFormatException + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + public static function hexToBin($hex_string) + { + $hex_pos = 0; + $bin = ''; + $hex_len = Core::ourStrlen($hex_string); + $state = 0; + $c_acc = 0; + + while ($hex_pos < $hex_len) { + $c = \ord($hex_string[$hex_pos]); + $c_num = $c ^ 48; + $c_num0 = ($c_num - 10) >> 8; + $c_alpha = ($c & ~32) - 55; + $c_alpha0 = (($c_alpha - 10) ^ ($c_alpha - 16)) >> 8; + if (($c_num0 | $c_alpha0) === 0) { + throw new Ex\BadFormatException( + 'Encoding::hexToBin() input is not a hex string.' + ); + } + $c_val = ($c_num0 & $c_num) | ($c_alpha & $c_alpha0); + if ($state === 0) { + $c_acc = $c_val * 16; + } else { + $bin .= \pack('C', $c_acc | $c_val); + } + $state ^= 1; + ++$hex_pos; + } + return $bin; + } + + /** + * Remove trialing whitespace without table look-ups or branches. + * + * Calling this function may leak the length of the string as well as the + * number of trailing whitespace characters through side-channels. + * + * @param string $string + * @return string + */ + public static function trimTrailingWhitespace($string = '') + { + $length = Core::ourStrlen($string); + if ($length < 1) { + return ''; + } + do { + $prevLength = $length; + $last = $length - 1; + $chr = \ord($string[$last]); + + /* Null Byte (0x00), a.k.a. \0 */ + // if ($chr === 0x00) $length -= 1; + $sub = (($chr - 1) >> 8 ) & 1; + $length -= $sub; + $last -= $sub; + + /* Horizontal Tab (0x09) a.k.a. \t */ + $chr = \ord($string[$last]); + // if ($chr === 0x09) $length -= 1; + $sub = (((0x08 - $chr) & ($chr - 0x0a)) >> 8) & 1; + $length -= $sub; + $last -= $sub; + + /* New Line (0x0a), a.k.a. \n */ + $chr = \ord($string[$last]); + // if ($chr === 0x0a) $length -= 1; + $sub = (((0x09 - $chr) & ($chr - 0x0b)) >> 8) & 1; + $length -= $sub; + $last -= $sub; + + /* Carriage Return (0x0D), a.k.a. \r */ + $chr = \ord($string[$last]); + // if ($chr === 0x0d) $length -= 1; + $sub = (((0x0c - $chr) & ($chr - 0x0e)) >> 8) & 1; + $length -= $sub; + $last -= $sub; + + /* Space */ + $chr = \ord($string[$last]); + // if ($chr === 0x20) $length -= 1; + $sub = (((0x1f - $chr) & ($chr - 0x21)) >> 8) & 1; + $length -= $sub; + } while ($prevLength !== $length && $length > 0); + return (string) Core::ourSubstr($string, 0, $length); + } + + /* + * SECURITY NOTE ON APPLYING CHECKSUMS TO SECRETS: + * + * The checksum introduces a potential security weakness. For example, + * suppose we apply a checksum to a key, and that an adversary has an + * exploit against the process containing the key, such that they can + * overwrite an arbitrary byte of memory and then cause the checksum to + * be verified and learn the result. + * + * In this scenario, the adversary can extract the key one byte at + * a time by overwriting it with their guess of its value and then + * asking if the checksum matches. If it does, their guess was right. + * This kind of attack may be more easy to implement and more reliable + * than a remote code execution attack. + * + * This attack also applies to authenticated encryption as a whole, in + * the situation where the adversary can overwrite a byte of the key + * and then cause a valid ciphertext to be decrypted, and then + * determine whether the MAC check passed or failed. + * + * By using the full SHA256 hash instead of truncating it, I'm ensuring + * that both ways of going about the attack are equivalently difficult. + * A shorter checksum of say 32 bits might be more useful to the + * adversary as an oracle in case their writes are coarser grained. + * + * Because the scenario assumes a serious vulnerability, we don't try + * to prevent attacks of this style. + */ + + /** + * INTERNAL USE ONLY: Applies a version header, applies a checksum, and + * then encodes a byte string into a range of printable ASCII characters. + * + * @param string $header + * @param string $bytes + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + public static function saveBytesToChecksummedAsciiSafeString($header, $bytes) + { + // Headers must be a constant length to prevent one type's header from + // being a prefix of another type's header, leading to ambiguity. + if (Core::ourStrlen($header) !== self::SERIALIZE_HEADER_BYTES) { + throw new Ex\EnvironmentIsBrokenException( + 'Header must be ' . self::SERIALIZE_HEADER_BYTES . ' bytes.' + ); + } + + return Encoding::binToHex( + $header . + $bytes . + \hash( + self::CHECKSUM_HASH_ALGO, + $header . $bytes, + true + ) + ); + } + + /** + * INTERNAL USE ONLY: Decodes, verifies the header and checksum, and returns + * the encoded byte string. + * + * @param string $expected_header + * @param string $string + * + * @throws Ex\EnvironmentIsBrokenException + * @throws Ex\BadFormatException + * + * @return string + */ + public static function loadBytesFromChecksummedAsciiSafeString($expected_header, $string) + { + // Headers must be a constant length to prevent one type's header from + // being a prefix of another type's header, leading to ambiguity. + if (Core::ourStrlen($expected_header) !== self::SERIALIZE_HEADER_BYTES) { + throw new Ex\EnvironmentIsBrokenException( + 'Header must be 4 bytes.' + ); + } + + /* If you get an exception here when attempting to load from a file, first pass your + key to Encoding::trimTrailingWhitespace() to remove newline characters, etc. */ + $bytes = Encoding::hexToBin($string); + + /* Make sure we have enough bytes to get the version header and checksum. */ + if (Core::ourStrlen($bytes) < self::SERIALIZE_HEADER_BYTES + self::CHECKSUM_BYTE_SIZE) { + throw new Ex\BadFormatException( + 'Encoded data is shorter than expected.' + ); + } + + /* Grab the version header. */ + $actual_header = (string) Core::ourSubstr($bytes, 0, self::SERIALIZE_HEADER_BYTES); + + if ($actual_header !== $expected_header) { + throw new Ex\BadFormatException( + 'Invalid header.' + ); + } + + /* Grab the bytes that are part of the checksum. */ + $checked_bytes = (string) Core::ourSubstr( + $bytes, + 0, + Core::ourStrlen($bytes) - self::CHECKSUM_BYTE_SIZE + ); + + /* Grab the included checksum. */ + $checksum_a = (string) Core::ourSubstr( + $bytes, + Core::ourStrlen($bytes) - self::CHECKSUM_BYTE_SIZE, + self::CHECKSUM_BYTE_SIZE + ); + + /* Re-compute the checksum. */ + $checksum_b = \hash(self::CHECKSUM_HASH_ALGO, $checked_bytes, true); + + /* Check if the checksum matches. */ + if (! Core::hashEquals($checksum_a, $checksum_b)) { + throw new Ex\BadFormatException( + "Data is corrupted, the checksum doesn't match" + ); + } + + return (string) Core::ourSubstr( + $bytes, + self::SERIALIZE_HEADER_BYTES, + Core::ourStrlen($bytes) - self::SERIALIZE_HEADER_BYTES - self::CHECKSUM_BYTE_SIZE + ); + } +} diff --git a/vendor/defuse/php-encryption/src/Exception/BadFormatException.php b/vendor/defuse/php-encryption/src/Exception/BadFormatException.php new file mode 100644 index 000000000..804d9c17e --- /dev/null +++ b/vendor/defuse/php-encryption/src/Exception/BadFormatException.php @@ -0,0 +1,7 @@ +deriveKeys($file_salt); + $ekey = $keys->getEncryptionKey(); + $akey = $keys->getAuthenticationKey(); + + $ivsize = Core::BLOCK_BYTE_SIZE; + $iv = Core::secureRandom($ivsize); + + /* Initialize a streaming HMAC state. */ + /** @var resource $hmac */ + $hmac = \hash_init(Core::HASH_FUNCTION_NAME, HASH_HMAC, $akey); + if (!\is_resource($hmac)) { + throw new Ex\EnvironmentIsBrokenException( + 'Cannot initialize a hash context' + ); + } + + /* Write the header, salt, and IV. */ + self::writeBytes( + $outputHandle, + Core::CURRENT_VERSION . $file_salt . $iv, + Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + $ivsize + ); + + /* Add the header, salt, and IV to the HMAC. */ + \hash_update($hmac, Core::CURRENT_VERSION); + \hash_update($hmac, $file_salt); + \hash_update($hmac, $iv); + + /* $thisIv will be incremented after each call to the encryption. */ + $thisIv = $iv; + + /* How many blocks do we encrypt at a time? We increment by this value. */ + $inc = (int) (Core::BUFFER_BYTE_SIZE / Core::BLOCK_BYTE_SIZE); + + /* Loop until we reach the end of the input file. */ + $at_file_end = false; + while (! (\feof($inputHandle) || $at_file_end)) { + /* Find out if we can read a full buffer, or only a partial one. */ + /** @var int */ + $pos = \ftell($inputHandle); + if (!\is_int($pos)) { + throw new Ex\IOException( + 'Could not get current position in input file during encryption' + ); + } + if ($pos + Core::BUFFER_BYTE_SIZE >= $inputSize) { + /* We're at the end of the file, so we need to break out of the loop. */ + $at_file_end = true; + $read = self::readBytes( + $inputHandle, + $inputSize - $pos + ); + } else { + $read = self::readBytes( + $inputHandle, + Core::BUFFER_BYTE_SIZE + ); + } + + /* Encrypt this buffer. */ + /** @var string */ + $encrypted = \openssl_encrypt( + $read, + Core::CIPHER_METHOD, + $ekey, + OPENSSL_RAW_DATA, + $thisIv + ); + + if (!\is_string($encrypted)) { + throw new Ex\EnvironmentIsBrokenException( + 'OpenSSL encryption error' + ); + } + + /* Write this buffer's ciphertext. */ + self::writeBytes($outputHandle, $encrypted, Core::ourStrlen($encrypted)); + /* Add this buffer's ciphertext to the HMAC. */ + \hash_update($hmac, $encrypted); + + /* Increment the counter by the number of blocks in a buffer. */ + $thisIv = Core::incrementCounter($thisIv, $inc); + /* WARNING: Usually, unless the file is a multiple of the buffer + * size, $thisIv will contain an incorrect value here on the last + * iteration of this loop. */ + } + + /* Get the HMAC and append it to the ciphertext. */ + $final_mac = \hash_final($hmac, true); + self::writeBytes($outputHandle, $final_mac, Core::MAC_BYTE_SIZE); + } + + /** + * Decrypts a file-backed resource with either a key or a password. + * + * @param resource $inputHandle + * @param resource $outputHandle + * @param KeyOrPassword $secret + * @return void + * + * @throws Ex\EnvironmentIsBrokenException + * @throws Ex\IOException + * @throws Ex\WrongKeyOrModifiedCiphertextException + */ + public static function decryptResourceInternal($inputHandle, $outputHandle, KeyOrPassword $secret) + { + if (! \is_resource($inputHandle)) { + throw new Ex\IOException( + 'Input handle must be a resource!' + ); + } + if (! \is_resource($outputHandle)) { + throw new Ex\IOException( + 'Output handle must be a resource!' + ); + } + + /* Make sure the file is big enough for all the reads we need to do. */ + $stat = \fstat($inputHandle); + if ($stat['size'] < Core::MINIMUM_CIPHERTEXT_SIZE) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Input file is too small to have been created by this library.' + ); + } + + /* Check the version header. */ + $header = self::readBytes($inputHandle, Core::HEADER_VERSION_SIZE); + if ($header !== Core::CURRENT_VERSION) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Bad version header.' + ); + } + + /* Get the salt. */ + $file_salt = self::readBytes($inputHandle, Core::SALT_BYTE_SIZE); + + /* Get the IV. */ + $ivsize = Core::BLOCK_BYTE_SIZE; + $iv = self::readBytes($inputHandle, $ivsize); + + /* Derive the authentication and encryption keys. */ + $keys = $secret->deriveKeys($file_salt); + $ekey = $keys->getEncryptionKey(); + $akey = $keys->getAuthenticationKey(); + + /* We'll store the MAC of each buffer-sized chunk as we verify the + * actual MAC, so that we can check them again when decrypting. */ + $macs = []; + + /* $thisIv will be incremented after each call to the decryption. */ + $thisIv = $iv; + + /* How many blocks do we encrypt at a time? We increment by this value. */ + $inc = (int) (Core::BUFFER_BYTE_SIZE / Core::BLOCK_BYTE_SIZE); + + /* Get the HMAC. */ + if (\fseek($inputHandle, (-1 * Core::MAC_BYTE_SIZE), SEEK_END) === false) { + throw new Ex\IOException( + 'Cannot seek to beginning of MAC within input file' + ); + } + + /* Get the position of the last byte in the actual ciphertext. */ + /** @var int $cipher_end */ + $cipher_end = \ftell($inputHandle); + if (!\is_int($cipher_end)) { + throw new Ex\IOException( + 'Cannot read input file' + ); + } + /* We have the position of the first byte of the HMAC. Go back by one. */ + --$cipher_end; + + /* Read the HMAC. */ + /** @var string $stored_mac */ + $stored_mac = self::readBytes($inputHandle, Core::MAC_BYTE_SIZE); + + /* Initialize a streaming HMAC state. */ + /** @var resource $hmac */ + $hmac = \hash_init(Core::HASH_FUNCTION_NAME, HASH_HMAC, $akey); + if (!\is_resource($hmac)) { + throw new Ex\EnvironmentIsBrokenException( + 'Cannot initialize a hash context' + ); + } + + /* Reset file pointer to the beginning of the file after the header */ + if (\fseek($inputHandle, Core::HEADER_VERSION_SIZE, SEEK_SET) === false) { + throw new Ex\IOException( + 'Cannot read seek within input file' + ); + } + + /* Seek to the start of the actual ciphertext. */ + if (\fseek($inputHandle, Core::SALT_BYTE_SIZE + $ivsize, SEEK_CUR) === false) { + throw new Ex\IOException( + 'Cannot seek input file to beginning of ciphertext' + ); + } + + /* PASS #1: Calculating the HMAC. */ + + \hash_update($hmac, $header); + \hash_update($hmac, $file_salt); + \hash_update($hmac, $iv); + /** @var resource $hmac2 */ + $hmac2 = \hash_copy($hmac); + + $break = false; + while (! $break) { + /** @var int $pos */ + $pos = \ftell($inputHandle); + if (!\is_int($pos)) { + throw new Ex\IOException( + 'Could not get current position in input file during decryption' + ); + } + + /* Read the next buffer-sized chunk (or less). */ + if ($pos + Core::BUFFER_BYTE_SIZE >= $cipher_end) { + $break = true; + $read = self::readBytes( + $inputHandle, + $cipher_end - $pos + 1 + ); + } else { + $read = self::readBytes( + $inputHandle, + Core::BUFFER_BYTE_SIZE + ); + } + + /* Update the HMAC. */ + \hash_update($hmac, $read); + + /* Remember this buffer-sized chunk's HMAC. */ + /** @var resource $chunk_mac */ + $chunk_mac = \hash_copy($hmac); + if (!\is_resource($chunk_mac)) { + throw new Ex\EnvironmentIsBrokenException( + 'Cannot duplicate a hash context' + ); + } + $macs []= \hash_final($chunk_mac); + } + + /* Get the final HMAC, which should match the stored one. */ + /** @var string $final_mac */ + $final_mac = \hash_final($hmac, true); + + /* Verify the HMAC. */ + if (! Core::hashEquals($final_mac, $stored_mac)) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'Integrity check failed.' + ); + } + + /* PASS #2: Decrypt and write output. */ + + /* Rewind to the start of the actual ciphertext. */ + if (\fseek($inputHandle, Core::SALT_BYTE_SIZE + $ivsize + Core::HEADER_VERSION_SIZE, SEEK_SET) === false) { + throw new Ex\IOException( + 'Could not move the input file pointer during decryption' + ); + } + + $at_file_end = false; + while (! $at_file_end) { + /** @var int $pos */ + $pos = \ftell($inputHandle); + if (!\is_int($pos)) { + throw new Ex\IOException( + 'Could not get current position in input file during decryption' + ); + } + + /* Read the next buffer-sized chunk (or less). */ + if ($pos + Core::BUFFER_BYTE_SIZE >= $cipher_end) { + $at_file_end = true; + $read = self::readBytes( + $inputHandle, + $cipher_end - $pos + 1 + ); + } else { + $read = self::readBytes( + $inputHandle, + Core::BUFFER_BYTE_SIZE + ); + } + + /* Recalculate the MAC (so far) and compare it with the one we + * remembered from pass #1 to ensure attackers didn't change the + * ciphertext after MAC verification. */ + \hash_update($hmac2, $read); + /** @var resource $calc_mac */ + $calc_mac = \hash_copy($hmac2); + if (!\is_resource($calc_mac)) { + throw new Ex\EnvironmentIsBrokenException( + 'Cannot duplicate a hash context' + ); + } + $calc = \hash_final($calc_mac); + + if (empty($macs)) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'File was modified after MAC verification' + ); + } elseif (! Core::hashEquals(\array_shift($macs), $calc)) { + throw new Ex\WrongKeyOrModifiedCiphertextException( + 'File was modified after MAC verification' + ); + } + + /* Decrypt this buffer-sized chunk. */ + /** @var string $decrypted */ + $decrypted = \openssl_decrypt( + $read, + Core::CIPHER_METHOD, + $ekey, + OPENSSL_RAW_DATA, + $thisIv + ); + if (!\is_string($decrypted)) { + throw new Ex\EnvironmentIsBrokenException( + 'OpenSSL decryption error' + ); + } + + /* Write the plaintext to the output file. */ + self::writeBytes( + $outputHandle, + $decrypted, + Core::ourStrlen($decrypted) + ); + + /* Increment the IV by the amount of blocks in a buffer. */ + /** @var string $thisIv */ + $thisIv = Core::incrementCounter($thisIv, $inc); + /* WARNING: Usually, unless the file is a multiple of the buffer + * size, $thisIv will contain an incorrect value here on the last + * iteration of this loop. */ + } + } + + /** + * Read from a stream; prevent partial reads. + * + * @param resource $stream + * @param int $num_bytes + * @return string + * + * @throws Ex\IOException + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + public static function readBytes($stream, $num_bytes) + { + if ($num_bytes < 0) { + throw new Ex\EnvironmentIsBrokenException( + 'Tried to read less than 0 bytes' + ); + } elseif ($num_bytes === 0) { + return ''; + } + $buf = ''; + $remaining = $num_bytes; + while ($remaining > 0 && ! \feof($stream)) { + /** @var string $read */ + $read = \fread($stream, $remaining); + if (!\is_string($read)) { + throw new Ex\IOException( + 'Could not read from the file' + ); + } + $buf .= $read; + $remaining -= Core::ourStrlen($read); + } + if (Core::ourStrlen($buf) !== $num_bytes) { + throw new Ex\IOException( + 'Tried to read past the end of the file' + ); + } + return $buf; + } + + /** + * Write to a stream; prevents partial writes. + * + * @param resource $stream + * @param string $buf + * @param int $num_bytes + * @return int + * + * @throws Ex\IOException + * + * @return string + */ + public static function writeBytes($stream, $buf, $num_bytes = null) + { + $bufSize = Core::ourStrlen($buf); + if ($num_bytes === null) { + $num_bytes = $bufSize; + } + if ($num_bytes > $bufSize) { + throw new Ex\IOException( + 'Trying to write more bytes than the buffer contains.' + ); + } + if ($num_bytes < 0) { + throw new Ex\IOException( + 'Tried to write less than 0 bytes' + ); + } + $remaining = $num_bytes; + while ($remaining > 0) { + /** @var int $written */ + $written = \fwrite($stream, $buf, $remaining); + if (!\is_int($written)) { + throw new Ex\IOException( + 'Could not write to the file' + ); + } + $buf = (string) Core::ourSubstr($buf, $written, null); + $remaining -= $written; + } + return $num_bytes; + } + + /** + * Returns the last PHP error's or warning's message string. + * + * @return string + */ + private static function getLastErrorMessage() + { + $error = error_get_last(); + if ($error === null) { + return '[no PHP error]'; + } else { + return $error['message']; + } + } +} diff --git a/vendor/defuse/php-encryption/src/Key.php b/vendor/defuse/php-encryption/src/Key.php new file mode 100644 index 000000000..fe4bf7d54 --- /dev/null +++ b/vendor/defuse/php-encryption/src/Key.php @@ -0,0 +1,95 @@ +key_bytes + ); + } + + /** + * Gets the raw bytes of the key. + * + * @return string + */ + public function getRawBytes() + { + return $this->key_bytes; + } + + /** + * Constructs a new Key object from a string of raw bytes. + * + * @param string $bytes + * + * @throws Ex\EnvironmentIsBrokenException + */ + private function __construct($bytes) + { + if (Core::ourStrlen($bytes) !== self::KEY_BYTE_SIZE) { + throw new Ex\EnvironmentIsBrokenException( + 'Bad key length.' + ); + } + $this->key_bytes = $bytes; + } + +} diff --git a/vendor/defuse/php-encryption/src/KeyOrPassword.php b/vendor/defuse/php-encryption/src/KeyOrPassword.php new file mode 100644 index 000000000..4a810d3f6 --- /dev/null +++ b/vendor/defuse/php-encryption/src/KeyOrPassword.php @@ -0,0 +1,133 @@ +secret_type === self::SECRET_TYPE_KEY) { + if (!($this->secret instanceof Key)) { + throw new Ex\CryptoException('Expected a Key object'); + } + $akey = Core::HKDF( + Core::HASH_FUNCTION_NAME, + $this->secret->getRawBytes(), + Core::KEY_BYTE_SIZE, + Core::AUTHENTICATION_INFO_STRING, + $salt + ); + $ekey = Core::HKDF( + Core::HASH_FUNCTION_NAME, + $this->secret->getRawBytes(), + Core::KEY_BYTE_SIZE, + Core::ENCRYPTION_INFO_STRING, + $salt + ); + return new DerivedKeys($akey, $ekey); + } elseif ($this->secret_type === self::SECRET_TYPE_PASSWORD) { + if (!\is_string($this->secret)) { + throw new Ex\CryptoException('Expected a string'); + } + /* Our PBKDF2 polyfill is vulnerable to a DoS attack documented in + * GitHub issue #230. The fix is to pre-hash the password to ensure + * it is short. We do the prehashing here instead of in pbkdf2() so + * that pbkdf2() still computes the function as defined by the + * standard. */ + $prehash = \hash(Core::HASH_FUNCTION_NAME, $this->secret, true); + $prekey = Core::pbkdf2( + Core::HASH_FUNCTION_NAME, + $prehash, + $salt, + self::PBKDF2_ITERATIONS, + Core::KEY_BYTE_SIZE, + true + ); + $akey = Core::HKDF( + Core::HASH_FUNCTION_NAME, + $prekey, + Core::KEY_BYTE_SIZE, + Core::AUTHENTICATION_INFO_STRING, + $salt + ); + /* Note the cryptographic re-use of $salt here. */ + $ekey = Core::HKDF( + Core::HASH_FUNCTION_NAME, + $prekey, + Core::KEY_BYTE_SIZE, + Core::ENCRYPTION_INFO_STRING, + $salt + ); + return new DerivedKeys($akey, $ekey); + } else { + throw new Ex\EnvironmentIsBrokenException('Bad secret type.'); + } + } + + /** + * Constructor for KeyOrPassword. + * + * @param int $secret_type + * @param mixed $secret (either a Key or a password string) + */ + private function __construct($secret_type, $secret) + { + $this->secret_type = $secret_type; + $this->secret = $secret; + } +} diff --git a/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php b/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php new file mode 100644 index 000000000..9d32e7629 --- /dev/null +++ b/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php @@ -0,0 +1,115 @@ +saveToAsciiSafeString(), + \hash(Core::HASH_FUNCTION_NAME, $password, true), + true + ); + + return new KeyProtectedByPassword($encrypted_key); + } + + /** + * Loads a KeyProtectedByPassword from its encoded form. + * + * @param string $saved_key_string + * + * @throws Ex\BadFormatException + * + * @return KeyProtectedByPassword + */ + public static function loadFromAsciiSafeString($saved_key_string) + { + $encrypted_key = Encoding::loadBytesFromChecksummedAsciiSafeString( + self::PASSWORD_KEY_CURRENT_VERSION, + $saved_key_string + ); + return new KeyProtectedByPassword($encrypted_key); + } + + /** + * Encodes the KeyProtectedByPassword into a string of printable ASCII + * characters. + * + * @throws Ex\EnvironmentIsBrokenException + * + * @return string + */ + public function saveToAsciiSafeString() + { + return Encoding::saveBytesToChecksummedAsciiSafeString( + self::PASSWORD_KEY_CURRENT_VERSION, + $this->encrypted_key + ); + } + + /** + * Decrypts the protected key, returning an unprotected Key object that can + * be used for encryption and decryption. + * + * @throws Ex\EnvironmentIsBrokenException + * @throws Ex\WrongKeyOrModifiedCiphertextException + * + * @return Key + */ + public function unlockKey($password) + { + try { + $inner_key_encoded = Crypto::decryptWithPassword( + $this->encrypted_key, + \hash(Core::HASH_FUNCTION_NAME, $password, true), + true + ); + return Key::loadFromAsciiSafeString($inner_key_encoded); + } catch (Ex\BadFormatException $ex) { + /* This should never happen unless an attacker replaced the + * encrypted key ciphertext with some other ciphertext that was + * encrypted with the same password. We transform the exception type + * here in order to make the API simpler, avoiding the need to + * document that this method might throw an Ex\BadFormatException. */ + throw new Ex\WrongKeyOrModifiedCiphertextException( + "The decrypted key was found to be in an invalid format. " . + "This very likely indicates it was modified by an attacker." + ); + } + } + + /** + * Constructor for KeyProtectedByPassword. + * + * @param string $encrypted_key + */ + private function __construct($encrypted_key) + { + $this->encrypted_key = $encrypted_key; + } +} diff --git a/vendor/defuse/php-encryption/src/RuntimeTests.php b/vendor/defuse/php-encryption/src/RuntimeTests.php new file mode 100644 index 000000000..9f00a97a1 --- /dev/null +++ b/vendor/defuse/php-encryption/src/RuntimeTests.php @@ -0,0 +1,247 @@ +getRawBytes()) != Core::KEY_BYTE_SIZE) { + throw new Ex\EnvironmentIsBrokenException(); + } + + if (Core::ENCRYPTION_INFO_STRING == Core::AUTHENTICATION_INFO_STRING) { + throw new Ex\EnvironmentIsBrokenException(); + } + } catch (Ex\EnvironmentIsBrokenException $ex) { + // Do this, otherwise it will stay in the "tests are running" state. + $test_state = 3; + throw $ex; + } + + // Change this to '0' make the tests always re-run (for benchmarking). + $test_state = 1; + } + + /** + * High-level tests of Crypto operations. + * + * @throws Ex\EnvironmentIsBrokenException + * @return void + */ + private static function testEncryptDecrypt() + { + $key = Key::createNewRandomKey(); + $data = "EnCrYpT EvErYThInG\x00\x00"; + + // Make sure encrypting then decrypting doesn't change the message. + $ciphertext = Crypto::encrypt($data, $key, true); + try { + $decrypted = Crypto::decrypt($ciphertext, $key, true); + } catch (Ex\WrongKeyOrModifiedCiphertextException $ex) { + // It's important to catch this and change it into a + // Ex\EnvironmentIsBrokenException, otherwise a test failure could trick + // the user into thinking it's just an invalid ciphertext! + throw new Ex\EnvironmentIsBrokenException(); + } + if ($decrypted !== $data) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Modifying the ciphertext: Appending a string. + try { + Crypto::decrypt($ciphertext . 'a', $key, true); + throw new Ex\EnvironmentIsBrokenException(); + } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */ + } + + // Modifying the ciphertext: Changing an HMAC byte. + $indices_to_change = [ + 0, // The header. + Core::HEADER_VERSION_SIZE + 1, // the salt + Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + 1, // the IV + Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + Core::BLOCK_BYTE_SIZE + 1, // the ciphertext + ]; + + foreach ($indices_to_change as $index) { + try { + $ciphertext[$index] = \chr((\ord($ciphertext[$index]) + 1) % 256); + Crypto::decrypt($ciphertext, $key, true); + throw new Ex\EnvironmentIsBrokenException(); + } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */ + } + } + + // Decrypting with the wrong key. + $key = Key::createNewRandomKey(); + $data = 'abcdef'; + $ciphertext = Crypto::encrypt($data, $key, true); + $wrong_key = Key::createNewRandomKey(); + try { + Crypto::decrypt($ciphertext, $wrong_key, true); + throw new Ex\EnvironmentIsBrokenException(); + } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */ + } + + // Ciphertext too small. + $key = Key::createNewRandomKey(); + $ciphertext = \str_repeat('A', Core::MINIMUM_CIPHERTEXT_SIZE - 1); + try { + Crypto::decrypt($ciphertext, $key, true); + throw new Ex\EnvironmentIsBrokenException(); + } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */ + } + } + + /** + * Test HKDF against test vectors. + * + * @throws Ex\EnvironmentIsBrokenException + * @return void + */ + private static function HKDFTestVector() + { + // HKDF test vectors from RFC 5869 + + // Test Case 1 + $ikm = \str_repeat("\x0b", 22); + $salt = Encoding::hexToBin('000102030405060708090a0b0c'); + $info = Encoding::hexToBin('f0f1f2f3f4f5f6f7f8f9'); + $length = 42; + $okm = Encoding::hexToBin( + '3cb25f25faacd57a90434f64d0362f2a' . + '2d2d0a90cf1a5a4c5db02d56ecc4c5bf' . + '34007208d5b887185865' + ); + $computed_okm = Core::HKDF('sha256', $ikm, $length, $info, $salt); + if ($computed_okm !== $okm) { + throw new Ex\EnvironmentIsBrokenException(); + } + + // Test Case 7 + $ikm = \str_repeat("\x0c", 22); + $length = 42; + $okm = Encoding::hexToBin( + '2c91117204d745f3500d636a62f64f0a' . + 'b3bae548aa53d423b0d1f27ebba6f5e5' . + '673a081d70cce7acfc48' + ); + $computed_okm = Core::HKDF('sha1', $ikm, $length, '', null); + if ($computed_okm !== $okm) { + throw new Ex\EnvironmentIsBrokenException(); + } + } + + /** + * Test HMAC against test vectors. + * + * @throws Ex\EnvironmentIsBrokenException + * @return void + */ + private static function HMACTestVector() + { + // HMAC test vector From RFC 4231 (Test Case 1) + $key = \str_repeat("\x0b", 20); + $data = 'Hi There'; + $correct = 'b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7'; + if (\hash_hmac(Core::HASH_FUNCTION_NAME, $data, $key) !== $correct) { + throw new Ex\EnvironmentIsBrokenException(); + } + } + + /** + * Test AES against test vectors. + * + * @throws Ex\EnvironmentIsBrokenException + * @return void + */ + private static function AESTestVector() + { + // AES CTR mode test vector from NIST SP 800-38A + $key = Encoding::hexToBin( + '603deb1015ca71be2b73aef0857d7781' . + '1f352c073b6108d72d9810a30914dff4' + ); + $iv = Encoding::hexToBin('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'); + $plaintext = Encoding::hexToBin( + '6bc1bee22e409f96e93d7e117393172a' . + 'ae2d8a571e03ac9c9eb76fac45af8e51' . + '30c81c46a35ce411e5fbc1191a0a52ef' . + 'f69f2445df4f9b17ad2b417be66c3710' + ); + $ciphertext = Encoding::hexToBin( + '601ec313775789a5b7a7f504bbf3d228' . + 'f443e3ca4d62b59aca84e990cacaf5c5' . + '2b0930daa23de94ce87017ba2d84988d' . + 'dfc9c58db67aada613c2dd08457941a6' + ); + + $computed_ciphertext = Crypto::plainEncrypt($plaintext, $key, $iv); + if ($computed_ciphertext !== $ciphertext) { + echo \str_repeat("\n", 30); + echo \bin2hex($computed_ciphertext); + echo "\n---\n"; + echo \bin2hex($ciphertext); + echo \str_repeat("\n", 30); + throw new Ex\EnvironmentIsBrokenException(); + } + + $computed_plaintext = Crypto::plainDecrypt($ciphertext, $key, $iv, Core::CIPHER_METHOD); + if ($computed_plaintext !== $plaintext) { + throw new Ex\EnvironmentIsBrokenException(); + } + } +} diff --git a/vendor/paragonie/random_compat/LICENSE b/vendor/paragonie/random_compat/LICENSE new file mode 100644 index 000000000..45c7017df --- /dev/null +++ b/vendor/paragonie/random_compat/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Paragon Initiative Enterprises + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/vendor/paragonie/random_compat/build-phar.sh b/vendor/paragonie/random_compat/build-phar.sh new file mode 100644 index 000000000..b4a5ba31c --- /dev/null +++ b/vendor/paragonie/random_compat/build-phar.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) ) + +php -dphar.readonly=0 "$basedir/other/build_phar.php" $* \ No newline at end of file diff --git a/vendor/paragonie/random_compat/composer.json b/vendor/paragonie/random_compat/composer.json new file mode 100644 index 000000000..1c5978c6f --- /dev/null +++ b/vendor/paragonie/random_compat/composer.json @@ -0,0 +1,37 @@ +{ + "name": "paragonie/random_compat", + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "random", + "pseudorandom" + ], + "license": "MIT", + "type": "library", + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "support": { + "issues": "https://github.com/paragonie/random_compat/issues", + "email": "info@paragonie.com", + "source": "https://github.com/paragonie/random_compat" + }, + "require": { + "php": ">=5.2.0" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "autoload": { + "files": [ + "lib/random.php" + ] + } +} diff --git a/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey new file mode 100644 index 000000000..eb50ebfcd --- /dev/null +++ b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm +pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p ++h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc +-----END PUBLIC KEY----- diff --git a/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc new file mode 100644 index 000000000..6a1d7f300 --- /dev/null +++ b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (MingW32) + +iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip +QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg +1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW +NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA +NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV +JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74= +=B6+8 +-----END PGP SIGNATURE----- diff --git a/vendor/paragonie/random_compat/lib/byte_safe_strings.php b/vendor/paragonie/random_compat/lib/byte_safe_strings.php new file mode 100644 index 000000000..3de86b223 --- /dev/null +++ b/vendor/paragonie/random_compat/lib/byte_safe_strings.php @@ -0,0 +1,181 @@ + RandomCompat_strlen($binary_string)) { + return ''; + } + + return (string) mb_substr($binary_string, $start, $length, '8bit'); + } + + } else { + + /** + * substr() implementation that isn't brittle to mbstring.func_overload + * + * This version just uses the default substr() + * + * @param string $binary_string + * @param int $start + * @param int $length (optional) + * + * @throws TypeError + * + * @return string + */ + function RandomCompat_substr($binary_string, $start, $length = null) + { + if (!is_string($binary_string)) { + throw new TypeError( + 'RandomCompat_substr(): First argument should be a string' + ); + } + + if (!is_int($start)) { + throw new TypeError( + 'RandomCompat_substr(): Second argument should be an integer' + ); + } + + if ($length !== null) { + if (!is_int($length)) { + throw new TypeError( + 'RandomCompat_substr(): Third argument should be an integer, or omitted' + ); + } + + return (string) substr($binary_string, $start, $length); + } + + return (string) substr($binary_string, $start); + } + } +} diff --git a/vendor/paragonie/random_compat/lib/cast_to_int.php b/vendor/paragonie/random_compat/lib/cast_to_int.php new file mode 100644 index 000000000..9a4fab991 --- /dev/null +++ b/vendor/paragonie/random_compat/lib/cast_to_int.php @@ -0,0 +1,75 @@ + operators might accidentally let a float + * through. + * + * @param int|float $number The number we want to convert to an int + * @param bool $fail_open Set to true to not throw an exception + * + * @return float|int + * @psalm-suppress InvalidReturnType + * + * @throws TypeError + */ + function RandomCompat_intval($number, $fail_open = false) + { + if (is_int($number) || is_float($number)) { + $number += 0; + } elseif (is_numeric($number)) { + $number += 0; + } + + if ( + is_float($number) + && + $number > ~PHP_INT_MAX + && + $number < PHP_INT_MAX + ) { + $number = (int) $number; + } + + if (is_int($number)) { + return (int) $number; + } elseif (!$fail_open) { + throw new TypeError( + 'Expected an integer.' + ); + } + return $number; + } +} diff --git a/vendor/paragonie/random_compat/lib/error_polyfill.php b/vendor/paragonie/random_compat/lib/error_polyfill.php new file mode 100644 index 000000000..6a91990ce --- /dev/null +++ b/vendor/paragonie/random_compat/lib/error_polyfill.php @@ -0,0 +1,49 @@ += 70000) { + return; +} + +if (!defined('RANDOM_COMPAT_READ_BUFFER')) { + define('RANDOM_COMPAT_READ_BUFFER', 8); +} + +$RandomCompatDIR = dirname(__FILE__); + +require_once $RandomCompatDIR . '/byte_safe_strings.php'; +require_once $RandomCompatDIR . '/cast_to_int.php'; +require_once $RandomCompatDIR . '/error_polyfill.php'; + +if (!is_callable('random_bytes')) { + /** + * PHP 5.2.0 - 5.6.x way to implement random_bytes() + * + * We use conditional statements here to define the function in accordance + * to the operating environment. It's a micro-optimization. + * + * In order of preference: + * 1. Use libsodium if available. + * 2. fread() /dev/urandom if available (never on Windows) + * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM) + * 4. COM('CAPICOM.Utilities.1')->GetRandom() + * + * See RATIONALE.md for our reasoning behind this particular order + */ + if (extension_loaded('libsodium')) { + // See random_bytes_libsodium.php + if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) { + require_once $RandomCompatDIR . '/random_bytes_libsodium.php'; + } elseif (method_exists('Sodium', 'randombytes_buf')) { + require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php'; + } + } + + /** + * Reading directly from /dev/urandom: + */ + if (DIRECTORY_SEPARATOR === '/') { + // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast + // way to exclude Windows. + $RandomCompatUrandom = true; + $RandomCompat_basedir = ini_get('open_basedir'); + + if (!empty($RandomCompat_basedir)) { + $RandomCompat_open_basedir = explode( + PATH_SEPARATOR, + strtolower($RandomCompat_basedir) + ); + $RandomCompatUrandom = (array() !== array_intersect( + array('/dev', '/dev/', '/dev/urandom'), + $RandomCompat_open_basedir + )); + $RandomCompat_open_basedir = null; + } + + if ( + !is_callable('random_bytes') + && + $RandomCompatUrandom + && + @is_readable('/dev/urandom') + ) { + // Error suppression on is_readable() in case of an open_basedir + // or safe_mode failure. All we care about is whether or not we + // can read it at this point. If the PHP environment is going to + // panic over trying to see if the file can be read in the first + // place, that is not helpful to us here. + + // See random_bytes_dev_urandom.php + require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php'; + } + // Unset variables after use + $RandomCompat_basedir = null; + } else { + $RandomCompatUrandom = false; + } + + /** + * mcrypt_create_iv() + * + * We only want to use mcypt_create_iv() if: + * + * - random_bytes() hasn't already been defined + * - the mcrypt extensions is loaded + * - One of these two conditions is true: + * - We're on Windows (DIRECTORY_SEPARATOR !== '/') + * - We're not on Windows and /dev/urandom is readabale + * (i.e. we're not in a chroot jail) + * - Special case: + * - If we're not on Windows, but the PHP version is between + * 5.6.10 and 5.6.12, we don't want to use mcrypt. It will + * hang indefinitely. This is bad. + * - If we're on Windows, we want to use PHP >= 5.3.7 or else + * we get insufficient entropy errors. + */ + if ( + !is_callable('random_bytes') + && + // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be. + (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307) + && + // Prevent this code from hanging indefinitely on non-Windows; + // see https://bugs.php.net/bug.php?id=69833 + ( + DIRECTORY_SEPARATOR !== '/' || + (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613) + ) + && + extension_loaded('mcrypt') + ) { + // See random_bytes_mcrypt.php + require_once $RandomCompatDIR . '/random_bytes_mcrypt.php'; + } + $RandomCompatUrandom = null; + + /** + * This is a Windows-specific fallback, for when the mcrypt extension + * isn't loaded. + */ + if ( + !is_callable('random_bytes') + && + extension_loaded('com_dotnet') + && + class_exists('COM') + ) { + $RandomCompat_disabled_classes = preg_split( + '#\s*,\s*#', + strtolower(ini_get('disable_classes')) + ); + + if (!in_array('com', $RandomCompat_disabled_classes)) { + try { + $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); + if (method_exists($RandomCompatCOMtest, 'GetRandom')) { + // See random_bytes_com_dotnet.php + require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php'; + } + } catch (com_exception $e) { + // Don't try to use it. + } + } + $RandomCompat_disabled_classes = null; + $RandomCompatCOMtest = null; + } + + /** + * throw new Exception + */ + if (!is_callable('random_bytes')) { + /** + * We don't have any more options, so let's throw an exception right now + * and hope the developer won't let it fail silently. + * + * @param mixed $length + * @return void + * @throws Exception + */ + function random_bytes($length) + { + unset($length); // Suppress "variable not used" warnings. + throw new Exception( + 'There is no suitable CSPRNG installed on your system' + ); + } + } +} + +if (!is_callable('random_int')) { + require_once $RandomCompatDIR . '/random_int.php'; +} + +$RandomCompatDIR = null; diff --git a/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php new file mode 100644 index 000000000..fc1926e5c --- /dev/null +++ b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php @@ -0,0 +1,88 @@ +GetRandom($bytes, 0)); + if (RandomCompat_strlen($buf) >= $bytes) { + /** + * Return our random entropy buffer here: + */ + return RandomCompat_substr($buf, 0, $bytes); + } + ++$execCount; + } while ($execCount < $bytes); + + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Could not gather sufficient random data' + ); + } +} \ No newline at end of file diff --git a/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php new file mode 100644 index 000000000..df5b91524 --- /dev/null +++ b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php @@ -0,0 +1,167 @@ + 0); + + /** + * Is our result valid? + */ + if (is_string($buf)) { + if (RandomCompat_strlen($buf) === $bytes) { + /** + * Return our random entropy buffer here: + */ + return $buf; + } + } + } + + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Error reading from source device' + ); + } +} diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php new file mode 100644 index 000000000..4af1a2422 --- /dev/null +++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php @@ -0,0 +1,88 @@ + 2147483647) { + $buf = ''; + for ($i = 0; $i < $bytes; $i += 1073741824) { + $n = ($bytes - $i) > 1073741824 + ? 1073741824 + : $bytes - $i; + $buf .= \Sodium\randombytes_buf($n); + } + } else { + $buf = \Sodium\randombytes_buf($bytes); + } + + if ($buf !== false) { + if (RandomCompat_strlen($buf) === $bytes) { + return $buf; + } + } + + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Could not gather sufficient random data' + ); + } +} diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php new file mode 100644 index 000000000..705af5262 --- /dev/null +++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php @@ -0,0 +1,92 @@ + 2147483647) { + for ($i = 0; $i < $bytes; $i += 1073741824) { + $n = ($bytes - $i) > 1073741824 + ? 1073741824 + : $bytes - $i; + $buf .= Sodium::randombytes_buf((int) $n); + } + } else { + $buf .= Sodium::randombytes_buf((int) $bytes); + } + + if (is_string($buf)) { + if (RandomCompat_strlen($buf) === $bytes) { + return $buf; + } + } + + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Could not gather sufficient random data' + ); + } +} diff --git a/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php new file mode 100644 index 000000000..aac9c013d --- /dev/null +++ b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php @@ -0,0 +1,77 @@ + operators might accidentally let a float + * through. + */ + + try { + $min = RandomCompat_intval($min); + } catch (TypeError $ex) { + throw new TypeError( + 'random_int(): $min must be an integer' + ); + } + + try { + $max = RandomCompat_intval($max); + } catch (TypeError $ex) { + throw new TypeError( + 'random_int(): $max must be an integer' + ); + } + + /** + * Now that we've verified our weak typing system has given us an integer, + * let's validate the logic then we can move forward with generating random + * integers along a given range. + */ + if ($min > $max) { + throw new Error( + 'Minimum value must be less than or equal to the maximum value' + ); + } + + if ($max === $min) { + return (int) $min; + } + + /** + * Initialize variables to 0 + * + * We want to store: + * $bytes => the number of random bytes we need + * $mask => an integer bitmask (for use with the &) operator + * so we can minimize the number of discards + */ + $attempts = $bits = $bytes = $mask = $valueShift = 0; + + /** + * At this point, $range is a positive number greater than 0. It might + * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to + * a float and we will lose some precision. + */ + $range = $max - $min; + + /** + * Test for integer overflow: + */ + if (!is_int($range)) { + + /** + * Still safely calculate wider ranges. + * Provided by @CodesInChaos, @oittaa + * + * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435 + * + * We use ~0 as a mask in this case because it generates all 1s + * + * @ref https://eval.in/400356 (32-bit) + * @ref http://3v4l.org/XX9r5 (64-bit) + */ + $bytes = PHP_INT_SIZE; + $mask = ~0; + + } else { + + /** + * $bits is effectively ceil(log($range, 2)) without dealing with + * type juggling + */ + while ($range > 0) { + if ($bits % 8 === 0) { + ++$bytes; + } + ++$bits; + $range >>= 1; + $mask = $mask << 1 | 1; + } + $valueShift = $min; + } + + $val = 0; + /** + * Now that we have our parameters set up, let's begin generating + * random integers until one falls between $min and $max + */ + do { + /** + * The rejection probability is at most 0.5, so this corresponds + * to a failure probability of 2^-128 for a working RNG + */ + if ($attempts > 128) { + throw new Exception( + 'random_int: RNG is broken - too many rejections' + ); + } + + /** + * Let's grab the necessary number of random bytes + */ + $randomByteString = random_bytes($bytes); + + /** + * Let's turn $randomByteString into an integer + * + * This uses bitwise operators (<< and |) to build an integer + * out of the values extracted from ord() + * + * Example: [9F] | [6D] | [32] | [0C] => + * 159 + 27904 + 3276800 + 201326592 => + * 204631455 + */ + $val &= 0; + for ($i = 0; $i < $bytes; ++$i) { + $val |= ord($randomByteString[$i]) << ($i * 8); + } + + /** + * Apply mask + */ + $val &= $mask; + $val += $valueShift; + + ++$attempts; + /** + * If $val overflows to a floating point number, + * ... or is larger than $max, + * ... or smaller than $min, + * then try again. + */ + } while (!is_int($val) || $val > $max || $val < $min); + + return (int) $val; + } +} diff --git a/vendor/paragonie/random_compat/other/build_phar.php b/vendor/paragonie/random_compat/other/build_phar.php new file mode 100644 index 000000000..70ef4b2ed --- /dev/null +++ b/vendor/paragonie/random_compat/other/build_phar.php @@ -0,0 +1,57 @@ +buildFromDirectory(dirname(__DIR__).'/lib'); +rename( + dirname(__DIR__).'/lib/index.php', + dirname(__DIR__).'/lib/random.php' +); + +/** + * If we pass an (optional) path to a private key as a second argument, we will + * sign the Phar with OpenSSL. + * + * If you leave this out, it will produce an unsigned .phar! + */ +if ($argc > 1) { + if (!@is_readable($argv[1])) { + echo 'Could not read the private key file:', $argv[1], "\n"; + exit(255); + } + $pkeyFile = file_get_contents($argv[1]); + + $private = openssl_get_privatekey($pkeyFile); + if ($private !== false) { + $pkey = ''; + openssl_pkey_export($private, $pkey); + $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey); + + /** + * Save the corresponding public key to the file + */ + if (!@is_readable($dist.'/random_compat.phar.pubkey')) { + $details = openssl_pkey_get_details($private); + file_put_contents( + $dist.'/random_compat.phar.pubkey', + $details['key'] + ); + } + } else { + echo 'An error occurred reading the private key from OpenSSL.', "\n"; + exit(255); + } +} diff --git a/vendor/paragonie/random_compat/psalm-autoload.php b/vendor/paragonie/random_compat/psalm-autoload.php new file mode 100644 index 000000000..d71d1b818 --- /dev/null +++ b/vendor/paragonie/random_compat/psalm-autoload.php @@ -0,0 +1,9 @@ + + + + + + + + + + + +