Browse Source

Merge pull request #3888 from MrPetovan/issue/#3878-hotfix

Issue #3878 hotfix
pull/3891/head
Michael Vogel 5 years ago committed by GitHub
parent
commit
67e32ce859
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      composer.json
  2. 113
      composer.lock
  3. 3
      include/items.php
  4. 22
      library/defuse/php-encryption-1.2.1/.travis.yml
  5. 677
      library/defuse/php-encryption-1.2.1/Crypto.php
  6. 79
      library/defuse/php-encryption-1.2.1/README.md
  7. 42
      library/defuse/php-encryption-1.2.1/benchmark.php
  8. 20
      library/defuse/php-encryption-1.2.1/composer.json
  9. 36
      library/defuse/php-encryption-1.2.1/example.php
  10. 30
      library/defuse/php-encryption-1.2.1/test.sh
  11. 32
      library/defuse/php-encryption-1.2.1/tests/runtime.php
  12. 16
      mod/dfrn_notify.php
  13. 17
      src/Protocol/DFRN.php
  14. BIN
      util/composer.phar
  15. 17
      vendor/bin/generate-defuse-key
  16. 4
      vendor/bin/generate-defuse-key.bat
  17. 19
      vendor/composer/autoload_classmap.php
  18. 1
      vendor/composer/autoload_files.php
  19. 1
      vendor/composer/autoload_psr4.php
  20. 28
      vendor/composer/autoload_static.php
  21. 115
      vendor/composer/installed.json
  22. 11
      vendor/defuse/php-encryption/.gitignore
  23. 60
      vendor/defuse/php-encryption/.php_cs
  24. 21
      vendor/defuse/php-encryption/LICENSE
  25. 88
      vendor/defuse/php-encryption/README.md
  26. 14
      vendor/defuse/php-encryption/bin/generate-defuse-key
  27. 35
      vendor/defuse/php-encryption/composer.json
  28. 37
      vendor/defuse/php-encryption/dist/Makefile
  29. 25
      vendor/defuse/php-encryption/dist/box.json
  30. 52
      vendor/defuse/php-encryption/dist/signingkey.asc
  31. 64
      vendor/defuse/php-encryption/docs/CryptoDetails.md
  32. 39
      vendor/defuse/php-encryption/docs/FAQ.md
  33. 53
      vendor/defuse/php-encryption/docs/InstallingAndVerifying.md
  34. 160
      vendor/defuse/php-encryption/docs/InternalDeveloperDocs.md
  35. 298
      vendor/defuse/php-encryption/docs/Tutorial.md
  36. 51
      vendor/defuse/php-encryption/docs/UpgradingFromV1.2.md
  37. 260
      vendor/defuse/php-encryption/docs/classes/Crypto.md
  38. 446
      vendor/defuse/php-encryption/docs/classes/File.md
  39. 117
      vendor/defuse/php-encryption/docs/classes/Key.md
  40. 191
      vendor/defuse/php-encryption/docs/classes/KeyProtectedByPassword.md
  41. 9
      vendor/defuse/php-encryption/psalm.xml
  42. 446
      vendor/defuse/php-encryption/src/Core.php
  43. 393
      vendor/defuse/php-encryption/src/Crypto.php
  44. 50
      vendor/defuse/php-encryption/src/DerivedKeys.php
  45. 270
      vendor/defuse/php-encryption/src/Encoding.php
  46. 7
      vendor/defuse/php-encryption/src/Exception/BadFormatException.php
  47. 7
      vendor/defuse/php-encryption/src/Exception/CryptoException.php
  48. 7
      vendor/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php
  49. 7
      vendor/defuse/php-encryption/src/Exception/IOException.php
  50. 7
      vendor/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php
  51. 784
      vendor/defuse/php-encryption/src/File.php
  52. 95
      vendor/defuse/php-encryption/src/Key.php
  53. 133
      vendor/defuse/php-encryption/src/KeyOrPassword.php
  54. 115
      vendor/defuse/php-encryption/src/KeyProtectedByPassword.php
  55. 247
      vendor/defuse/php-encryption/src/RuntimeTests.php
  56. 22
      vendor/paragonie/random_compat/LICENSE
  57. 5
      vendor/paragonie/random_compat/build-phar.sh
  58. 37
      vendor/paragonie/random_compat/composer.json
  59. 5
      vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
  60. 11
      vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
  61. 181
      vendor/paragonie/random_compat/lib/byte_safe_strings.php
  62. 75
      vendor/paragonie/random_compat/lib/cast_to_int.php
  63. 49
      vendor/paragonie/random_compat/lib/error_polyfill.php
  64. 223
      vendor/paragonie/random_compat/lib/random.php
  65. 88
      vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
  66. 167
      vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
  67. 88
      vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
  68. 92
      vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
  69. 77
      vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
  70. 190
      vendor/paragonie/random_compat/lib/random_int.php
  71. 57
      vendor/paragonie/random_compat/other/build_phar.php
  72. 9
      vendor/paragonie/random_compat/psalm-autoload.php
  73. 16
      vendor/paragonie/random_compat/psalm.xml

1
composer.json

@ -16,6 +16,7 @@
"ezyang/htmlpurifier": "~4.7.0",
"mobiledetect/mobiledetectlib": "2.8.*",
"league/html-to-markdown": "~4.4.1",
"defuse/php-encryption": "2.*",
"pear/Text_LanguageDetect": "1.*",
"pear-pear.php.net/Text_Highlighter": "*"
},

113
composer.lock generated

@ -4,8 +4,71 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "a87f82da9a0256ca85c839e83a5c26f0",
"content-hash": "ce088458d9f01920ccee128082ef924a",
"packages": [
{
"name": "defuse/php-encryption",
"version": "v2.1.0",
"source": {
"type": "git",
"url": "https://github.com/defuse/php-encryption.git",
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"paragonie/random_compat": "~2.0",
"php": ">=5.4.0"
},
"require-dev": {
"nikic/php-parser": "^2.0|^3.0",
"phpunit/phpunit": "^4|^5"
},
"bin": [
"bin/generate-defuse-key"
],
"type": "library",
"autoload": {
"psr-4": {
"Defuse\\Crypto\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Taylor Hornby",
"email": "taylor@defuse.ca",
"homepage": "https://defuse.ca/"
},
{
"name": "Scott Arciszewski",
"email": "info@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "Secure PHP Encryption Library",
"keywords": [
"aes",
"authenticated encryption",
"cipher",
"crypto",
"cryptography",
"encrypt",
"encryption",
"openssl",
"security",
"symmetric key cryptography"
],
"time": "2017-05-18T21:28:48+00:00"
},
{
"name": "ezyang/htmlpurifier",
"version": "v4.7.0",
@ -166,6 +229,54 @@
],
"time": "2017-08-29T18:23:54+00:00"
},
{
"name": "paragonie/random_compat",
"version": "v2.0.11",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2017-09-27T21:40:39+00:00"
},
{
"name": "pear-pear.php.net/Archive_Tar",
"version": "1.4.3",

3
include/items.php

@ -33,9 +33,6 @@ require_once 'mod/share.php';
require_once 'include/enotify.php';
require_once 'include/group.php';
/// @TODO one day with composer autoloader no more needed
require_once 'library/defuse/php-encryption-1.2.1/Crypto.php';
function construct_verb($item) {
if ($item['verb']) {
return $item['verb'];

22
library/defuse/php-encryption-1.2.1/.travis.yml

@ -1,22 +0,0 @@
language: php
php:
- "5.6"
- "5.5"
- "5.4"
- "5.3"
- "5.2"
# Versions below here are not installed on travis-ci
# - "5.1"
# - "5.0"
# - "4.4"
# - "4.3"
# - "4.2"
# - "4.1"
# - "4.0"
matrix:
allow_failures:
- php: "5.3"
- php: "5.2"
script: ./test.sh

677
library/defuse/php-encryption-1.2.1/Crypto.php

@ -1,677 +0,0 @@
<?php
/*
* PHP Encryption Library
* Copyright (c) 2014, Taylor Hornby
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Web: https://defuse.ca/secure-php-encryption.htm
* GitHub: https://github.com/defuse/php-encryption
*
* WARNING: This encryption library is not a silver bullet. It only provides
* symmetric encryption given a uniformly random key. This means you MUST NOT
* use an ASCII string like a password as the key parameter, it MUST be
* a uniformly random key generated by CreateNewRandomKey(). If you want to
* encrypt something with a password, apply a password key derivation function
* like PBKDF2 or scrypt with a random salt to generate a key.
*
* WARNING: Error handling is very important, especially for crypto code!
*
* How to use this code:
*
* Generating a Key
* ----------------
* try {
* $key = self::CreateNewRandomKey();
* // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
* // they may leak the key to the attacker through side channels.
* } catch (CryptoTestFailedException $ex) {
* die('Cannot safely create a key');
* } catch (CannotPerformOperationException $ex) {
* die('Cannot safely create a key');
* }
*
* Encrypting a Message
* --------------------
* $message = "ATTACK AT DAWN";
* try {
* $ciphertext = self::Encrypt($message, $key);
* } catch (CryptoTestFailedException $ex) {
* die('Cannot safely perform encryption');
* } catch (CannotPerformOperationException $ex) {
* die('Cannot safely perform decryption');
* }
*
* Decrypting a Message
* --------------------
* try {
* $decrypted = self::Decrypt($ciphertext, $key);
* } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
* // Either:
* // 1. The ciphertext was modified by the attacker,
* // 2. The key is wrong, or
* // 3. $ciphertext is not a valid ciphertext or was corrupted.
* // Assume the worst.
* die('DANGER! DANGER! The ciphertext has been tampered with!');
* } catch (CryptoTestFailedException $ex) {
* die('Cannot safely perform encryption');
* } catch (CannotPerformOperationException $ex) {
* die('Cannot safely perform decryption');
* }
*/
/*
* Raised by Decrypt() when one of the following conditions are met:
* - The key is wrong.
* - The ciphertext is invalid or not in the correct format.
* - The attacker modified the ciphertext.
*/
class InvalidCiphertextException extends Exception {}
/* If you see these, it means it is NOT SAFE to do encryption on your system. */
class CannotPerformOperationException extends Exception {}
class CryptoTestFailedException extends Exception {}
final class Crypto
{
// Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
/* DO NOT CHANGE THESE CONSTANTS!
*
* We spent *weeks* testing this code, making sure it is as perfect and
* correct as possible. Are you going to do the same after making your
* changes? Probably not. Besides, any change to these constants will break
* the runtime tests, which are extremely important for your security.
* You're literally millions of times more likely to screw up your own
* security by changing something here than you are to fall victim to an
* 128-bit key brute-force attack. You're also breaking your own
* compatibility with future updates to this library, so you'll be left
* vulnerable if we ever find a security bug and release a fix.
*
* So, PLEASE, do not change these constants.
*/
const CIPHER = 'aes-128';
const KEY_BYTE_SIZE = 16;
const CIPHER_MODE = 'cbc';
const HASH_FUNCTION = 'sha256';
const MAC_BYTE_SIZE = 32;
const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
/*
* Use this to generate a random encryption key.
*/
public static function CreateNewRandomKey()
{
self::RuntimeTest();
return self::SecureRandom(self::KEY_BYTE_SIZE);
}
/*
* Encrypts a message.
* $plaintext is the message to encrypt.
* $key is the encryption key, a value generated by CreateNewRandomKey().
* You MUST catch exceptions thrown by this function. See docs above.
*/
public static function Encrypt($plaintext, $key)
{
self::RuntimeTest();
if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
{
throw new CannotPerformOperationException("Bad key.");
}
$method = self::CIPHER.'-'.self::CIPHER_MODE;
self::EnsureFunctionExists('openssl_get_cipher_methods');
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
throw new CannotPerformOperationException("Cipher method not supported.");
}
// Generate a sub-key for encryption.
$keysize = self::KEY_BYTE_SIZE;
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
// Generate a random initialization vector.
self::EnsureFunctionExists("openssl_cipher_iv_length");
$ivsize = openssl_cipher_iv_length($method);
if ($ivsize === FALSE || $ivsize <= 0) {
throw new CannotPerformOperationException();
}
$iv = self::SecureRandom($ivsize);
$ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
// Generate a sub-key for authentication and apply the HMAC.
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
$auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
$ciphertext = $auth . $ciphertext;
return $ciphertext;
}
/*
* Decrypts a ciphertext.
* $ciphertext is the ciphertext to decrypt.
* $key is the key that the ciphertext was encrypted with.
* You MUST catch exceptions thrown by this function. See docs above.
*/
public static function Decrypt($ciphertext, $key)
{
self::RuntimeTest();
$method = self::CIPHER.'-'.self::CIPHER_MODE;
self::EnsureFunctionExists('openssl_get_cipher_methods');
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
throw new CannotPerformOperationException("Cipher method not supported.");
}
// Extract the HMAC from the front of the ciphertext.
if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
throw new InvalidCiphertextException();
}
$hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
if ($hmac === FALSE) {
throw new CannotPerformOperationException();
}
$ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
if ($ciphertext === FALSE) {
throw new CannotPerformOperationException();
}
// Regenerate the same authentication sub-key.
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
if (self::VerifyHMAC($hmac, $ciphertext, $akey))
{
// Regenerate the same encryption sub-key.
$keysize = self::KEY_BYTE_SIZE;
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
// Extract the initialization vector from the ciphertext.
self::EnsureFunctionExists("openssl_cipher_iv_length");
$ivsize = openssl_cipher_iv_length($method);
if ($ivsize === FALSE || $ivsize <= 0) {
throw new CannotPerformOperationException();
}
if (self::our_strlen($ciphertext) <= $ivsize) {
throw new InvalidCiphertextException();
}
$iv = self::our_substr($ciphertext, 0, $ivsize);
if ($iv === FALSE) {
throw new CannotPerformOperationException();
}
$ciphertext = self::our_substr($ciphertext, $ivsize);
if ($ciphertext === FALSE) {
throw new CannotPerformOperationException();
}
$plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
return $plaintext;
}
else
{
/*
* We throw an exception instead of returning FALSE because we want
* a script that doesn't handle this condition to CRASH, instead
* of thinking the ciphertext decrypted to the value FALSE.
*/
throw new InvalidCiphertextException();
}
}
/*
* Runs tests.
* Raises CannotPerformOperationException or CryptoTestFailedException if
* one of the tests fail. If any tests fails, your system is not capable of
* performing encryption, so make sure you fail safe in that case.
*/
public static function RuntimeTest()
{
// 0: Tests haven't been run yet.
// 1: Tests have passed.
// 2: Tests are running right now.
// 3: Tests have failed.
static $test_state = 0;
if ($test_state === 1 || $test_state === 2) {
return;
}
try {
$test_state = 2;
self::AESTestVector();
self::HMACTestVector();
self::HKDFTestVector();
self::TestEncryptDecrypt();
if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
throw new CryptoTestFailedException();
}
if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
throw new CryptoTestFailedException();
}
} catch (CryptoTestFailedException $ex) {
// Do this, otherwise it will stay in the "tests are running" state.
$test_state = 3;
throw $ex;
}
// Change this to '0' make the tests always re-run (for benchmarking).
$test_state = 1;
}
/*
* Never call this method directly!
*/
private static function PlainEncrypt($plaintext, $key, $iv)
{
$method = self::CIPHER.'-'.self::CIPHER_MODE;
self::EnsureConstantExists("OPENSSL_RAW_DATA");
self::EnsureFunctionExists("openssl_encrypt");
$ciphertext = openssl_encrypt(
$plaintext,
$method,
$key,
OPENSSL_RAW_DATA,
$iv
);
if ($ciphertext === false) {
throw new CannotPerformOperationException();
}
return $ciphertext;
}
/*
* Never call this method directly!
*/
private static function PlainDecrypt($ciphertext, $key, $iv)
{
$method = self::CIPHER.'-'.self::CIPHER_MODE;
self::EnsureConstantExists("OPENSSL_RAW_DATA");
self::EnsureFunctionExists("openssl_encrypt");
$plaintext = openssl_decrypt(
$ciphertext,
$method,
$key,
OPENSSL_RAW_DATA,
$iv
);
if ($plaintext === FALSE) {
throw new CannotPerformOperationException();
}
return $plaintext;
}
/*
* Returns a random binary string of length $octets bytes.
*/
private static function SecureRandom($octets)
{
self::EnsureFunctionExists("openssl_random_pseudo_bytes");
$random = openssl_random_pseudo_bytes($octets, $crypto_strong);
if ($crypto_strong === FALSE) {
throw new CannotPerformOperationException();
} else {
return $random;
}
}
/*
* Use HKDF to derive multiple keys from one.
* http://tools.ietf.org/html/rfc5869
*/
private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
{
// Find the correct digest length as quickly as we can.
$digest_length = self::MAC_BYTE_SIZE;
if ($hash != self::HASH_FUNCTION) {
$digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
}
// Sanity-check the desired output length.
if (empty($length) || !is_int($length) ||
$length < 0 || $length > 255 * $digest_length) {
throw new CannotPerformOperationException();
}
// "if [salt] not provided, is set to a string of HashLen zeroes."
if (is_null($salt)) {
$salt = str_repeat("\x00", $digest_length);
}
// HKDF-Extract:
// PRK = HMAC-Hash(salt, IKM)
// The salt is the HMAC key.
$prk = hash_hmac($hash, $ikm, $salt, true);
// HKDF-Expand:
// This check is useless, but it serves as a reminder to the spec.
if (self::our_strlen($prk) < $digest_length) {
throw new CannotPerformOperationException();
}
// T(0) = ''
$t = '';
$last_block = '';
for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
// T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
$last_block = hash_hmac(
$hash,
$last_block . $info . chr($block_index),
$prk,
true
);
// T = T(1) | T(2) | T(3) | ... | T(N)
$t .= $last_block;
}
// ORM = first L octets of T
$orm = self::our_substr($t, 0, $length);
if ($orm === FALSE) {
throw new CannotPerformOperationException();
}
return $orm;
}
private static function VerifyHMAC($correct_hmac, $message, $key)
{
$message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
// We can't just compare the strings with '==', since it would make
// timing attacks possible. We could use the XOR-OR constant-time
// comparison algorithm, but I'm not sure if that's good enough way up
// here in an interpreted language. So we use the method of HMACing the
// strings we want to compare with a random key, then comparing those.
// NOTE: This leaks information when the strings are not the same
// length, but they should always be the same length here. Enforce it:
if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
throw new CannotPerformOperationException();
}
$blind = self::CreateNewRandomKey();
$message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
$correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
return $correct_compare === $message_compare;
}
private static function TestEncryptDecrypt()
{
$key = self::CreateNewRandomKey();
$data = "EnCrYpT EvErYThInG\x00\x00";
// Make sure encrypting then decrypting doesn't change the message.
$ciphertext = self::Encrypt($data, $key);
try {
$decrypted = self::Decrypt($ciphertext, $key);
} catch (InvalidCiphertextException $ex) {
// It's important to catch this and change it into a
// CryptoTestFailedException, otherwise a test failure could trick
// the user into thinking it's just an invalid ciphertext!
throw new CryptoTestFailedException();
}
if($decrypted !== $data)
{
throw new CryptoTestFailedException();
}
// Modifying the ciphertext: Appending a string.
try {
self::Decrypt($ciphertext . "a", $key);
throw new CryptoTestFailedException();
} catch (InvalidCiphertextException $e) { /* expected */ }
// Modifying the ciphertext: Changing an IV byte.
try {
$ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
self::Decrypt($ciphertext, $key);
throw new CryptoTestFailedException();
} catch (InvalidCiphertextException $e) { /* expected */ }
// Decrypting with the wrong key.
$key = self::CreateNewRandomKey();
$data = "abcdef";
$ciphertext = self::Encrypt($data, $key);
$wrong_key = self::CreateNewRandomKey();
try {
self::Decrypt($ciphertext, $wrong_key);
throw new CryptoTestFailedException();
} catch (InvalidCiphertextException $e) { /* expected */ }
// Ciphertext too small (shorter than HMAC).
$key = self::CreateNewRandomKey();
$ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
try {
self::Decrypt($ciphertext, $key);
throw new CryptoTestFailedException();
} catch (InvalidCiphertextException $e) { /* expected */ }
}
private static function HKDFTestVector()
{
// HKDF test vectors from RFC 5869
// Test Case 1
$ikm = str_repeat("\x0b", 22);
$salt = self::hexToBytes("000102030405060708090a0b0c");
$info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
$length = 42;
$okm = self::hexToBytes(
"3cb25f25faacd57a90434f64d0362f2a" .
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
"34007208d5b887185865"
);
$computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
if ($computed_okm !== $okm) {
throw new CryptoTestFailedException();
}
// Test Case 7
$ikm = str_repeat("\x0c", 22);
$length = 42;
$okm = self::hexToBytes(
"2c91117204d745f3500d636a62f64f0a" .
"b3bae548aa53d423b0d1f27ebba6f5e5" .
"673a081d70cce7acfc48"
);
$computed_okm = self::HKDF("sha1", $ikm, $length);
if ($computed_okm !== $okm) {
throw new CryptoTestFailedException();
}
}
private static function HMACTestVector()
{
// HMAC test vector From RFC 4231 (Test Case 1)
$key = str_repeat("\x0b", 20);
$data = "Hi There";
$correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
throw new CryptoTestFailedException();
}
}
private static function AESTestVector()
{
// AES CBC mode test vector from NIST SP 800-38A
$key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
$iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
$plaintext = self::hexToBytes(
"6bc1bee22e409f96e93d7e117393172a" .
"ae2d8a571e03ac9c9eb76fac45af8e51" .
"30c81c46a35ce411e5fbc1191a0a52ef" .
"f69f2445df4f9b17ad2b417be66c3710"
);
$ciphertext = self::hexToBytes(
"7649abac8119b246cee98e9b12e9197d" .
"5086cb9b507219ee95db113a917678b2" .
"73bed6b8e3c1743b7116e69e22229516" .
"3ff1caa1681fac09120eca307586e1a7" .
/* Block due to padding. Not from NIST test vector.
Padding Block: 10101010101010101010101010101010
Ciphertext: 3ff1caa1681fac09120eca307586e1a7
(+) 2fe1dab1780fbc19021eda206596f1b7
AES 8cb82807230e1321d3fae00d18cc2012
*/
"8cb82807230e1321d3fae00d18cc2012"
);
$computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
if ($computed_ciphertext !== $ciphertext) {
throw new CryptoTestFailedException();
}
$computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
if ($computed_plaintext !== $plaintext) {
throw new CryptoTestFailedException();
}
}
/* WARNING: Do not call this function on secrets. It creates side channels. */
private static function hexToBytes($hex_string)
{
return pack("H*", $hex_string);
}
private static function EnsureConstantExists($name)
{
if (!defined($name)) {
throw new CannotPerformOperationException();
}
}
private static function EnsureFunctionExists($name)
{
if (!function_exists($name)) {
throw new CannotPerformOperationException();
}
}
/*
* We need these strlen() and substr() functions because when
* 'mbstring.func_overload' is set in php.ini, the standard strlen() and
* substr() are replaced by mb_strlen() and mb_substr().
*/
private static function our_strlen($str)
{
if (function_exists('mb_strlen')) {
$length = mb_strlen($str, '8bit');
if ($length === FALSE) {
throw new CannotPerformOperationException();
}
return $length;
} else {
return strlen($str);
}
}
private static function our_substr($str, $start, $length = NULL)
{
if (function_exists('mb_substr'))
{
// mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
// 5.3, so we have to find the length ourselves.
if (!isset($length)) {
if ($start >= 0) {
$length = self::our_strlen($str) - $start;
} else {
$length = -$start;
}
}
return mb_substr($str, $start, $length, '8bit');
}
// Unlike mb_substr(), substr() doesn't accept NULL for length
if (isset($length)) {
return substr($str, $start, $length);
} else {
return substr($str, $start);
}
}
}
/*
* We want to catch all uncaught exceptions that come from the Crypto class,
* since by default, PHP will leak the key in the stack trace from an uncaught
* exception. This is a really ugly hack, but I think it's justified.
*
* Everything up to handler() getting called should be reliable, so this should
* reliably suppress the stack traces. The rest is just a bonus so that we don't
* make it impossible to debug other exceptions.
*
* This bit of code was adapted from: http://stackoverflow.com/a/7939492
*/
class CryptoExceptionHandler
{
private $rethrow = NULL;
public function __construct()
{
set_exception_handler(array($this, "handler"));
}
public function handler($ex)
{
if (
$ex instanceof InvalidCiphertextException ||
$ex instanceof CannotPerformOperationException ||
$ex instanceof CryptoTestFailedException
) {
echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
} else {
/* Re-throw the exception in the destructor. */
$this->rethrow = $ex;
}
}
public function __destruct() {
if ($this->rethrow) {
throw $this->rethrow;
}
}
}
$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();

79
library/defuse/php-encryption-1.2.1/README.md

@ -1,79 +0,0 @@
php-encryption
===============
This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
Implementation
--------------
Messages are encrypted with AES-128 in CBC mode and are authenticated with
HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
a multiple of the block size. HKDF is used to split the user-provided key into
two keys: one for encryption, and the other for authentication. It is
implemented using the `openssl_` and `hash_hmac` functions.
Warning
--------
This is new code, and it hasn't received much review by experts. I have spent
many hours making it as secure as possible (extensive runtime tests, secure
coding practices), and auditing it for problems, but I may have missed some
issues. So be careful. Don't trust it with your life. Check out the open GitHub
issues for a list of known issues. If you find a problem with this library,
please report it by opening a GitHub issue.
That said, you're probably much better off using this library than any other
encryption library written in PHP.
Philosophy
-----------
This library was created after noticing how much insecure PHP encryption code
there is. I once did a Google search for "php encryption" and found insecure
code or advice on 9 of the top 10 results.
Encryption is becoming an essential component of modern websites. This library
aims to fulfil a subset of that need: Authenticated symmetric encryption of
short strings, given a random key.
This library is developed around several core values:
- Rule #1: Security is prioritized over everything else.
> Whenever there is a conflict between security and some other property,
> security will be favored. For example, the library has runtime tests,
> which make it slower, but will hopefully stop it from encrypting stuff
> if the platform it's running on is broken.
- Rule #2: It should be difficult to misuse the library.
> We assume the developers using this library have no experience with
> cryptography. We only assume that they know that the "key" is something
> you need to encrypt and decrypt the messages, and that it must be
> protected. Whenever possible, the library should refuse to encrypt or
> decrypt messages when it is not being used correctly.
- Rule #3: The library aims only to be compatible with itself.
> Other PHP encryption libraries try to support every possible type of
> encryption, even the insecure ones (e.g. ECB mode). Because there are so
> many options, inexperienced developers must make decisions between
> things like "CBC" mode and "ECB" mode, knowing nothing about either one,
> which inevitably creates vulnerabilities.
> This library will only support one secure mode. A developer using this
> library will call "encrypt" and "decrypt" not caring about how they are
> implemented.
- Rule #4: The library should consist of a single PHP file and nothing more.
> Some PHP encryption libraries, like libsodium-php [1], are not
> straightforward to install and cannot packaged with "just download and
> extract" applications. This library will always be just one PHP file
> that you can put in your source tree and require().
References:
[1] https://github.com/jedisct1/libsodium-php

42
library/defuse/php-encryption-1.2.1/benchmark.php

@ -1,42 +0,0 @@
<?php
require_once('Crypto.php');
// Note: By default, the runtime tests are "cached" and not re-executed for
// every call. To disable this, look at the RuntimeTest() function.
$start = microtime(true);
for ($i = 0; $i < 1000; $i++) {
$key = Crypto::CreateNewRandomKey();
}
$end = microtime(true);
showResults("CreateNewRandomKey()", $start, $end, 1000);
$start = microtime(true);
for ($i = 0; $i < 100; $i++) {
$ciphertext = Crypto::Encrypt(
str_repeat("A", 1024*1024),
str_repeat("B", 16)
);
}
$end = microtime(true);
showResults("Encrypt(1MB)", $start, $end, 100);
$start = microtime(true);
for ($i = 0; $i < 1000; $i++) {
$ciphertext = Crypto::Encrypt(
str_repeat("A", 1024),
str_repeat("B", 16)
);
}
$end = microtime(true);
showResults("Encrypt(1KB)", $start, $end, 1000);
function showResults($type, $start, $end, $count)
{
$time = $end - $start;
$rate = $count / $time;
echo "$type: $rate calls/s\n";
}
?>

20
library/defuse/php-encryption-1.2.1/composer.json

@ -1,20 +0,0 @@
{
"name": "defuse/php-encryption",
"description": "Secure PHP Encryption Library",
"license": "MIT",
"keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
"authors": [
{
"name": "Taylor Hornby",
"email": "havoc@defuse.ca"
}
],
"autoload": {
"files": ["Crypto.php"]
},
"require": {
"php": ">=5.4.0",
"ext-openssl": "*",
"ext-mcrypt": "*"
}
}

36
library/defuse/php-encryption-1.2.1/example.php

@ -1,36 +0,0 @@
<?php
require_once('Crypto.php');
try {
$key = Crypto::CreateNewRandomKey();
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
// they may leak the key to the attacker through side channels.
} catch (CryptoTestFailedException $ex) {
die('Cannot safely create a key');
} catch (CannotPerformOperationException $ex) {
die('Cannot safely create a key');
}
$message = "ATTACK AT DAWN";
try {
$ciphertext = Crypto::Encrypt($message, $key);
} catch (CryptoTestFailedException $ex) {
die('Cannot safely perform encryption');
} catch (CannotPerformOperationException $ex) {
die('Cannot safely perform decryption');
}
try {
$decrypted = Crypto::Decrypt($ciphertext, $key);
} catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
// Either:
// 1. The ciphertext was modified by the attacker,
// 2. The key is wrong, or
// 3. $ciphertext is not a valid ciphertext or was corrupted.
// Assume the worst.
die('DANGER! DANGER! The ciphertext has been tampered with!');
} catch (CryptoTestFailedException $ex) {
die('Cannot safely perform encryption');
} catch (CannotPerformOperationException $ex) {
die('Cannot safely perform decryption');
}
?>

30
library/defuse/php-encryption-1.2.1/test.sh

@ -1,30 +0,0 @@
#!/bin/bash
echo "Normal"
echo "--------------------------------------------------"
php -d mbstring.func_overload=0 tests/runtime.php
if [ $? -ne 0 ]; then
echo "FAIL."
exit 1
fi
echo "--------------------------------------------------"
echo ""
echo "Multibyte"
echo "--------------------------------------------------"
php -d mbstring.func_overload=7 tests/runtime.php
if [ $? -ne 0 ]; then
echo "FAIL."
exit 1
fi
echo "--------------------------------------------------"
echo ""
if [ -z "$(php Crypto.php)" ]; then
echo "PASS: Crypto.php output is empty."
else
echo "FAIL: Crypto.php output is not empty."
exit 1
fi

32
library/defuse/php-encryption-1.2.1/tests/runtime.php

@ -1,32 +0,0 @@
<?php
// Set the encoding to something more "challenging."
$ret = mb_internal_encoding('UTF-8');
if ($ret === FALSE) {
echo "Couldn't set encoding.";
exit(1);
}
// Dump out the settings / encoding for future reference.
$val = ini_get("mbstring.func_overload");
echo "Settings: \n";
echo " func_overload: " . $val . "\n";
echo " mb_internal_encoding(): " . mb_internal_encoding() . "\n";
// Perform the tests.
require_once('Crypto.php');
try {
Crypto::RuntimeTest();
echo "TEST PASSED!\n";
exit(0);
} catch (CryptoTestFailedException $ex) {
echo "TEST FAILED!\n";
var_dump($ex);
exit(1);
} catch (CannotPerformOperationException $ex) {
echo "TEST FAILED\n";
var_dump($ex);
exit(1);
}
?>

16
mod/dfrn_notify.php

@ -11,10 +11,8 @@ use Friendica\Core\Config;
use Friendica\Database\DBM;
use Friendica\Protocol\DFRN;
require_once('include/items.php');
require_once('include/event.php');
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
require_once 'include/items.php';
require_once 'include/event.php';
function dfrn_notify_post(App $a) {
logger(__function__, LOGGER_TRACE);
@ -185,8 +183,9 @@ function dfrn_notify_post(App $a) {
break;
case 2:
try {
$data = Crypto::decrypt(hex2bin($data), $final_key);
} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString(bin2hex($final_key));
$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $FinalKey);
} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
/*
* Either:
* 1. The ciphertext was modified by the attacker,
@ -196,12 +195,9 @@ function dfrn_notify_post(App $a) {
*/
logger('The ciphertext has been tampered with!');
xml_status(0, 'The ciphertext has been tampered with!');
} catch (Ex\CryptoTestFailed $ex) {
} catch (\Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) {
logger('Cannot safely perform dencryption');
xml_status(0, 'CryptoTestFailed');
} catch (Ex\CannotPerformOperation $ex) {
logger('Cannot safely perform decryption');
xml_status(0, 'Cannot safely perform decryption');
}
break;
default:

17
src/Protocol/DFRN.php

@ -1296,26 +1296,21 @@ class DFRN
case 2:
// RINO 2 based on php-encryption
try {
$key = Crypto::createNewRandomKey();
} catch (CryptoTestFailed $ex) {
$KeyObject = \Defuse\Crypto\Key::createNewRandomKey();
} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
logger('Cannot safely create a key');
return -4;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely create a key');
return -5;
}
try {
$data = Crypto::encrypt($postvars['data'], $key);
} catch (CryptoTestFailed $ex) {
$data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $KeyObject);
$key = $KeyObject->saveToAsciiSafeString();
} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
logger('Cannot safely perform encryption');
return -6;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely perform encryption');
return -7;
}
break;
default:
logger("rino: invalid requested verision '$rino_remote_version'");
logger("rino: invalid requested version '$rino_remote_version'");
return -8;
}

BIN
util/composer.phar

Binary file not shown.

17
vendor/bin/generate-defuse-key vendored

@ -0,0 +1,17 @@
#!/usr/bin/env sh
dir=$(d=${0%[/\\]*}; cd "$d"; cd "../defuse/php-encryption/bin" && pwd)
# See if we are running in Cygwin by checking for cygpath program
if command -v 'cygpath' >/dev/null 2>&1; then
# Cygwin paths start with /cygdrive/ which will break windows PHP,
# so we need to translate the dir path to windows format. However
# we could be using cygwin PHP which does not require this, so we
# test if the path to PHP starts with /cygdrive/ rather than /usr/bin
if [[ $(which php) == /cygdrive/* ]]; then
dir=$(cygpath -m "$dir");
fi
fi
dir=$(echo $dir | sed 's/ /\ /g')
"${dir}/generate-defuse-key" "$@"

4
vendor/bin/generate-defuse-key.bat vendored

@ -0,0 +1,4 @@
@ECHO OFF
setlocal DISABLEDELAYEDEXPANSION
SET BIN_TARGET=%~dp0/../defuse/php-encryption/bin/generate-defuse-key
php "%BIN_TARGET%" %*

19
vendor/composer/autoload_classmap.php vendored

@ -8,13 +8,32 @@ $baseDir = dirname($vendorDir);
return array(
'Archive_Tar' => $vendorDir . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
'Console_Getopt' => $vendorDir . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
'Defuse\\Crypto\\Core' => $vendorDir . '/defuse/php-encryption/src/Core.php',
'Defuse\\Crypto\\Crypto' => $vendorDir . '/defuse/php-encryption/src/Crypto.php',
'Defuse\\Crypto\\DerivedKeys' => $vendorDir . '/defuse/php-encryption/src/DerivedKeys.php',
'Defuse\\Crypto\\Encoding' => $vendorDir . '/defuse/php-encryption/src/Encoding.php',
'Defuse\\Crypto\\Exception\\BadFormatException' => $vendorDir . '/defuse/php-encryption/src/Exception/BadFormatException.php',
'Defuse\\Crypto\\Exception\\CryptoException' => $vendorDir . '/defuse/php-encryption/src/Exception/CryptoException.php',
'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => $vendorDir . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
'Defuse\\Crypto\\Exception\\IOException' => $vendorDir . '/defuse/php-encryption/src/Exception/IOException.php',
'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => $vendorDir . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
'Defuse\\Crypto\\File' => $vendorDir . '/defuse/php-encryption/src/File.php',
'Defuse\\Crypto\\Key' => $vendorDir . '/defuse/php-encryption/src/Key.php',
'Defuse\\Crypto\\KeyOrPassword' => $vendorDir . '/defuse/php-encryption/src/KeyOrPassword.php',
'Defuse\\Crypto\\KeyProtectedByPassword' => $vendorDir . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
'Defuse\\Crypto\\RuntimeTests' => $vendorDir . '/defuse/php-encryption/src/RuntimeTests.php',
'Detection\\MobileDetect' => $vendorDir . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
'Friendica\\App' => $baseDir . '/src/App.php',
'Friendica\\Core\\Config' => $baseDir . '/src/Core/Config.php',
'Friendica\\Core\\NotificationsManager' => $baseDir . '/src/Core/NotificationsManager.php',
'Friendica\\Core\\PConfig' => $baseDir . '/src/Core/PConfig.php',
'Friendica\\Core\\System' => $baseDir . '/src/Core/System.php',
'Friendica\\Core\\Worker' => $baseDir . '/src/Core/Worker.php',
'Friendica\\Database\\DBM' => $baseDir . '/src/Database/DBM.php',
'Friendica\\Network\\Probe' => $baseDir . '/src/Network/Probe.php',
'Friendica\\ParseUrl' => $baseDir . '/src/ParseUrl.php',
'Friendica\\Protocol\\DFRN' => $baseDir . '/src/Protocol/DFRN.php',
'Friendica\\Protocol\\Diaspora' => $baseDir . '/src/Protocol/Diaspora.php',
'Friendica\\Util\\Lock' => $baseDir . '/src/Util/Lock.php',
'HTMLPurifier' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.php',
'HTMLPurifier_Arborize' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php',

1
vendor/composer/autoload_files.php vendored

@ -6,5 +6,6 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
'2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
);

1
vendor/composer/autoload_psr4.php vendored

@ -8,4 +8,5 @@ $baseDir = dirname($vendorDir);
return array(
'League\\HTMLToMarkdown\\' => array($vendorDir . '/league/html-to-markdown/src'),
'Friendica\\' => array($baseDir . '/src'),
'Defuse\\Crypto\\' => array($vendorDir . '/defuse/php-encryption/src'),
);

28
vendor/composer/autoload_static.php vendored

@ -7,6 +7,7 @@ namespace Composer\Autoload;
class ComposerStaticInitFriendica
{
public static $files = array (
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
'2cffec82183ee1cea088009cef9a6fc3' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
);
@ -19,6 +20,10 @@ class ComposerStaticInitFriendica
array (
'Friendica\\' => 10,
),
'D' =>
array (
'Defuse\\Crypto\\' => 14,
),
);
public static $prefixDirsPsr4 = array (
@ -30,6 +35,10 @@ class ComposerStaticInitFriendica
array (
0 => __DIR__ . '/../..' . '/src',
),
'Defuse\\Crypto\\' =>
array (
0 => __DIR__ . '/..' . '/defuse/php-encryption/src',
),
);
public static $prefixesPsr0 = array (
@ -59,13 +68,32 @@ class ComposerStaticInitFriendica
public static $classMap = array (
'Archive_Tar' => __DIR__ . '/..' . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
'Console_Getopt' => __DIR__ . '/..' . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
'Defuse\\Crypto\\Core' => __DIR__ . '/..' . '/defuse/php-encryption/src/Core.php',
'Defuse\\Crypto\\Crypto' => __DIR__ . '/..' . '/defuse/php-encryption/src/Crypto.php',
'Defuse\\Crypto\\DerivedKeys' => __DIR__ . '/..' . '/defuse/php-encryption/src/DerivedKeys.php',
'Defuse\\Crypto\\Encoding' => __DIR__ . '/..' . '/defuse/php-encryption/src/Encoding.php',
'Defuse\\Crypto\\Exception\\BadFormatException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/BadFormatException.php',
'Defuse\\Crypto\\Exception\\CryptoException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/CryptoException.php',
'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
'Defuse\\Crypto\\Exception\\IOException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/IOException.php',
'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
'Defuse\\Crypto\\File' => __DIR__ . '/..' . '/defuse/php-encryption/src/File.php',
'Defuse\\Crypto\\Key' => __DIR__ . '/..' . '/defuse/php-encryption/src/Key.php',
'Defuse\\Crypto\\KeyOrPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyOrPassword.php',
'Defuse\\Crypto\\KeyProtectedByPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
'Defuse\\Crypto\\RuntimeTests' => __DIR__ . '/..' . '/defuse/php-encryption/src/RuntimeTests.php',
'Detection\\MobileDetect' => __DIR__ . '/..' . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
'Friendica\\App' => __DIR__ . '/../..' . '/src/App.php',
'Friendica\\Core\\Config' => __DIR__ . '/../..' . '/src/Core/Config.php',
'Friendica\\Core\\NotificationsManager' => __DIR__ . '/../..' . '/src/Core/NotificationsManager.php',
'Friendica\\Core\\PConfig' => __DIR__ . '/../..' . '/src/Core/PConfig.php',
'Friendica\\Core\\System' => __DIR__ . '/../..' . '/src/Core/System.php',
'Friendica\\Core\\Worker' => __DIR__ . '/../..' . '/src/Core/Worker.php',
'Friendica\\Database\\DBM' => __DIR__ . '/../..' . '/src/Database/DBM.php',
'Friendica\\Network\\Probe' => __DIR__ . '/../..' . '/src/Network/Probe.php',
'Friendica\\ParseUrl' => __DIR__ . '/../..' . '/src/ParseUrl.php',
'Friendica\\Protocol\\DFRN' => __DIR__ . '/../..' . '/src/Protocol/DFRN.php',
'Friendica\\Protocol\\Diaspora' => __DIR__ . '/../..' . '/src/Protocol/Diaspora.php',
'Friendica\\Util\\Lock' => __DIR__ . '/../..' . '/src/Util/Lock.php',
'HTMLPurifier' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.php',
'HTMLPurifier_Arborize' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php',

115
vendor/composer/installed.json vendored

@ -442,5 +442,120 @@
],
"description": "Identify human languages from text samples",
"homepage": "http://pear.php.net/package/Text_LanguageDetect"
},
{
"name": "paragonie/random_compat",
"version": "v2.0.11",
"version_normalized": "2.0.11.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"time": "2017-09-27T21:40:39+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
]
},
{
"name": "defuse/php-encryption",
"version": "v2.1.0",
"version_normalized": "2.1.0.0",
"source": {
"type": "git",
"url": "https://github.com/defuse/php-encryption.git",
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"paragonie/random_compat": "~2.0",
"php": ">=5.4.0"
},
"require-dev": {
"nikic/php-parser": "^2.0|^3.0",
"phpunit/phpunit": "^4|^5"
},
"time": "2017-05-18T21:28:48+00:00",
"bin": [
"bin/generate-defuse-key"
],
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"Defuse\\Crypto\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Taylor Hornby",
"email": "taylor@defuse.ca",
"homepage": "https://defuse.ca/"
},
{
"name": "Scott Arciszewski",
"email": "info@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "Secure PHP Encryption Library",
"keywords": [
"aes",
"authenticated encryption",
"cipher",
"crypto",
"cryptography",
"encrypt",
"encryption",
"openssl",
"security",
"symmetric key cryptography"
]
}
]

11
vendor/defuse/php-encryption/.gitignore vendored

@ -0,0 +1,11 @@
*~
/test/unit/File/big-generated-file
/composer.lock
/vendor
defuse-crypto.phar
defuse-crypto.phar.sig
composer.phar
box.phar
phpunit.phar
phpunit.phar.asc
test/unit/File/tmp

60
vendor/defuse/php-encryption/.php_cs vendored

@ -0,0 +1,60 @@
<?php
$config = Symfony\CS\Config\Config::create()
->level(Symfony\CS\FixerInterface::PSR2_LEVEL)
->fixers([
'blankline_after_open_tag',
'empty_return',
'extra_empty_lines',
'function_typehint_space',
'join_function',
'method_argument_default_value',
'multiline_array_trailing_comma',
'no_blank_lines_after_class_opening',
'no_empty_lines_after_phpdocs',
'phpdoc_indent',
'phpdoc_no_access',
'phpdoc_no_empty_return',
'phpdoc_no_package',
'phpdoc_params',
'phpdoc_scalar',
'phpdoc_separation',
'phpdoc_trim',
'phpdoc_type_to_var',
'phpdoc_types',
'phpdoc_var_without_name',
'remove_leading_slash_use',
'remove_lines_between_uses',
'short_bool_cast',
'single_quote',
'spaces_after_semicolon',
'spaces_before_semicolon',
'spaces_cast',
'standardize_not_equal',
'ternary_spaces',
'trim_array_spaces',
'unneeded_control_parentheses',
'unused_use',
'whitespacy_lines',
'align_double_arrow',
'concat_with_spaces',
'logical_not_operators_with_successor_space',
'multiline_spaces_before_semicolon',
'newline_after_open_tag',
'ordered_use',
'php_unit_construct',
'phpdoc_order',
'short_array_syntax',
<