mirror of
https://github.com/friendica/friendica
synced 2024-09-19 04:01:01 +02:00
Reverting php-encryption to version 1.2
This commit is contained in:
parent
1262d6bfee
commit
ccf4dcf270
|
@ -16,7 +16,7 @@
|
|||
"ezyang/htmlpurifier": "~4.7.0",
|
||||
"mobiledetect/mobiledetectlib": "2.8.*",
|
||||
"league/html-to-markdown": "~4.4.1",
|
||||
"defuse/php-encryption": "2.*",
|
||||
"defuse/php-encryption": "1.*",
|
||||
"pear/Text_LanguageDetect": "1.*",
|
||||
"pear-pear.php.net/Text_Highlighter": "*"
|
||||
},
|
||||
|
|
92
composer.lock
generated
92
composer.lock
generated
|
@ -4,39 +4,32 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "ce088458d9f01920ccee128082ef924a",
|
||||
"content-hash": "a6a3dae4b15752d8f377b1fc1e5a2b47",
|
||||
"packages": [
|
||||
{
|
||||
"name": "defuse/php-encryption",
|
||||
"version": "v2.1.0",
|
||||
"version": "v1.2.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/defuse/php-encryption.git",
|
||||
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
|
||||
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
|
||||
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-mcrypt": "*",
|
||||
"ext-openssl": "*",
|
||||
"paragonie/random_compat": "~2.0",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"nikic/php-parser": "^2.0|^3.0",
|
||||
"phpunit/phpunit": "^4|^5"
|
||||
},
|
||||
"bin": [
|
||||
"bin/generate-defuse-key"
|
||||
],
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Defuse\\Crypto\\": "src"
|
||||
}
|
||||
"files": [
|
||||
"Crypto.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
|
@ -45,29 +38,18 @@
|
|||
"authors": [
|
||||
{
|
||||
"name": "Taylor Hornby",
|
||||
"email": "taylor@defuse.ca",
|
||||
"homepage": "https://defuse.ca/"
|
||||
},
|
||||
{
|
||||
"name": "Scott Arciszewski",
|
||||
"email": "info@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
"email": "havoc@defuse.ca"
|
||||
}
|
||||
],
|
||||
"description": "Secure PHP Encryption Library",
|
||||
"keywords": [
|
||||
"aes",
|
||||
"authenticated encryption",
|
||||
"cipher",
|
||||
"crypto",
|
||||
"cryptography",
|
||||
"encrypt",
|
||||
"encryption",
|
||||
"openssl",
|
||||
"security",
|
||||
"symmetric key cryptography"
|
||||
"mcrypt",
|
||||
"security"
|
||||
],
|
||||
"time": "2017-05-18T21:28:48+00:00"
|
||||
"time": "2015-03-14T20:27:45+00:00"
|
||||
},
|
||||
{
|
||||
"name": "ezyang/htmlpurifier",
|
||||
|
@ -229,54 +211,6 @@
|
|||
],
|
||||
"time": "2017-08-29T18:23:54+00:00"
|
||||
},
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.11",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
|
||||
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
],
|
||||
"time": "2017-09-27T21:40:39+00:00"
|
||||
},
|
||||
{
|
||||
"name": "pear-pear.php.net/Archive_Tar",
|
||||
"version": "1.4.3",
|
||||
|
|
17
vendor/bin/generate-defuse-key
vendored
17
vendor/bin/generate-defuse-key
vendored
|
@ -1,17 +0,0 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
dir=$(d=${0%[/\\]*}; cd "$d"; cd "../defuse/php-encryption/bin" && pwd)
|
||||
|
||||
# See if we are running in Cygwin by checking for cygpath program
|
||||
if command -v 'cygpath' >/dev/null 2>&1; then
|
||||
# Cygwin paths start with /cygdrive/ which will break windows PHP,
|
||||
# so we need to translate the dir path to windows format. However
|
||||
# we could be using cygwin PHP which does not require this, so we
|
||||
# test if the path to PHP starts with /cygdrive/ rather than /usr/bin
|
||||
if [[ $(which php) == /cygdrive/* ]]; then
|
||||
dir=$(cygpath -m "$dir");
|
||||
fi
|
||||
fi
|
||||
|
||||
dir=$(echo $dir | sed 's/ /\ /g')
|
||||
"${dir}/generate-defuse-key" "$@"
|
4
vendor/bin/generate-defuse-key.bat
vendored
4
vendor/bin/generate-defuse-key.bat
vendored
|
@ -1,4 +0,0 @@
|
|||
@ECHO OFF
|
||||
setlocal DISABLEDELAYEDEXPANSION
|
||||
SET BIN_TARGET=%~dp0/../defuse/php-encryption/bin/generate-defuse-key
|
||||
php "%BIN_TARGET%" %*
|
14
vendor/composer/autoload_classmap.php
vendored
14
vendor/composer/autoload_classmap.php
vendored
|
@ -8,20 +8,6 @@ $baseDir = dirname($vendorDir);
|
|||
return array(
|
||||
'Archive_Tar' => $vendorDir . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
|
||||
'Console_Getopt' => $vendorDir . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
|
||||
'Defuse\\Crypto\\Core' => $vendorDir . '/defuse/php-encryption/src/Core.php',
|
||||
'Defuse\\Crypto\\Crypto' => $vendorDir . '/defuse/php-encryption/src/Crypto.php',
|
||||
'Defuse\\Crypto\\DerivedKeys' => $vendorDir . '/defuse/php-encryption/src/DerivedKeys.php',
|
||||
'Defuse\\Crypto\\Encoding' => $vendorDir . '/defuse/php-encryption/src/Encoding.php',
|
||||
'Defuse\\Crypto\\Exception\\BadFormatException' => $vendorDir . '/defuse/php-encryption/src/Exception/BadFormatException.php',
|
||||
'Defuse\\Crypto\\Exception\\CryptoException' => $vendorDir . '/defuse/php-encryption/src/Exception/CryptoException.php',
|
||||
'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => $vendorDir . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
|
||||
'Defuse\\Crypto\\Exception\\IOException' => $vendorDir . '/defuse/php-encryption/src/Exception/IOException.php',
|
||||
'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => $vendorDir . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
|
||||
'Defuse\\Crypto\\File' => $vendorDir . '/defuse/php-encryption/src/File.php',
|
||||
'Defuse\\Crypto\\Key' => $vendorDir . '/defuse/php-encryption/src/Key.php',
|
||||
'Defuse\\Crypto\\KeyOrPassword' => $vendorDir . '/defuse/php-encryption/src/KeyOrPassword.php',
|
||||
'Defuse\\Crypto\\KeyProtectedByPassword' => $vendorDir . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
|
||||
'Defuse\\Crypto\\RuntimeTests' => $vendorDir . '/defuse/php-encryption/src/RuntimeTests.php',
|
||||
'Detection\\MobileDetect' => $vendorDir . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
|
||||
'Friendica\\App' => $baseDir . '/src/App.php',
|
||||
'Friendica\\Core\\Config' => $baseDir . '/src/Core/Config.php',
|
||||
|
|
2
vendor/composer/autoload_files.php
vendored
2
vendor/composer/autoload_files.php
vendored
|
@ -6,6 +6,6 @@ $vendorDir = dirname(dirname(__FILE__));
|
|||
$baseDir = dirname($vendorDir);
|
||||
|
||||
return array(
|
||||
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
|
||||
'2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
|
||||
'8170285c807a9f24f165f37b15bc9a36' => $vendorDir . '/defuse/php-encryption/Crypto.php',
|
||||
);
|
||||
|
|
1
vendor/composer/autoload_psr4.php
vendored
1
vendor/composer/autoload_psr4.php
vendored
|
@ -8,5 +8,4 @@ $baseDir = dirname($vendorDir);
|
|||
return array(
|
||||
'League\\HTMLToMarkdown\\' => array($vendorDir . '/league/html-to-markdown/src'),
|
||||
'Friendica\\' => array($baseDir . '/src'),
|
||||
'Defuse\\Crypto\\' => array($vendorDir . '/defuse/php-encryption/src'),
|
||||
);
|
||||
|
|
24
vendor/composer/autoload_static.php
vendored
24
vendor/composer/autoload_static.php
vendored
|
@ -7,8 +7,8 @@ namespace Composer\Autoload;
|
|||
class ComposerStaticInitFriendica
|
||||
{
|
||||
public static $files = array (
|
||||
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
|
||||
'2cffec82183ee1cea088009cef9a6fc3' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
|
||||
'8170285c807a9f24f165f37b15bc9a36' => __DIR__ . '/..' . '/defuse/php-encryption/Crypto.php',
|
||||
);
|
||||
|
||||
public static $prefixLengthsPsr4 = array (
|
||||
|
@ -20,10 +20,6 @@ class ComposerStaticInitFriendica
|
|||
array (
|
||||
'Friendica\\' => 10,
|
||||
),
|
||||
'D' =>
|
||||
array (
|
||||
'Defuse\\Crypto\\' => 14,
|
||||
),
|
||||
);
|
||||
|
||||
public static $prefixDirsPsr4 = array (
|
||||
|
@ -35,10 +31,6 @@ class ComposerStaticInitFriendica
|
|||
array (
|
||||
0 => __DIR__ . '/../..' . '/src',
|
||||
),
|
||||
'Defuse\\Crypto\\' =>
|
||||
array (
|
||||
0 => __DIR__ . '/..' . '/defuse/php-encryption/src',
|
||||
),
|
||||
);
|
||||
|
||||
public static $prefixesPsr0 = array (
|
||||
|
@ -68,20 +60,6 @@ class ComposerStaticInitFriendica
|
|||
public static $classMap = array (
|
||||
'Archive_Tar' => __DIR__ . '/..' . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
|
||||
'Console_Getopt' => __DIR__ . '/..' . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
|
||||
'Defuse\\Crypto\\Core' => __DIR__ . '/..' . '/defuse/php-encryption/src/Core.php',
|
||||
'Defuse\\Crypto\\Crypto' => __DIR__ . '/..' . '/defuse/php-encryption/src/Crypto.php',
|
||||
'Defuse\\Crypto\\DerivedKeys' => __DIR__ . '/..' . '/defuse/php-encryption/src/DerivedKeys.php',
|
||||
'Defuse\\Crypto\\Encoding' => __DIR__ . '/..' . '/defuse/php-encryption/src/Encoding.php',
|
||||
'Defuse\\Crypto\\Exception\\BadFormatException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/BadFormatException.php',
|
||||
'Defuse\\Crypto\\Exception\\CryptoException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/CryptoException.php',
|
||||
'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
|
||||
'Defuse\\Crypto\\Exception\\IOException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/IOException.php',
|
||||
'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
|
||||
'Defuse\\Crypto\\File' => __DIR__ . '/..' . '/defuse/php-encryption/src/File.php',
|
||||
'Defuse\\Crypto\\Key' => __DIR__ . '/..' . '/defuse/php-encryption/src/Key.php',
|
||||
'Defuse\\Crypto\\KeyOrPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyOrPassword.php',
|
||||
'Defuse\\Crypto\\KeyProtectedByPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
|
||||
'Defuse\\Crypto\\RuntimeTests' => __DIR__ . '/..' . '/defuse/php-encryption/src/RuntimeTests.php',
|
||||
'Detection\\MobileDetect' => __DIR__ . '/..' . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
|
||||
'Friendica\\App' => __DIR__ . '/../..' . '/src/App.php',
|
||||
'Friendica\\Core\\Config' => __DIR__ . '/../..' . '/src/Core/Config.php',
|
||||
|
|
98
vendor/composer/installed.json
vendored
98
vendor/composer/installed.json
vendored
|
@ -444,118 +444,50 @@
|
|||
"homepage": "http://pear.php.net/package/Text_LanguageDetect"
|
||||
},
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.11",
|
||||
"version_normalized": "2.0.11.0",
|
||||
"name": "defuse/php-encryption",
|
||||
"version": "v1.2.1",
|
||||
"version_normalized": "1.2.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
|
||||
"url": "https://github.com/defuse/php-encryption.git",
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
|
||||
"reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
|
||||
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
"ext-mcrypt": "*",
|
||||
"ext-openssl": "*",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"time": "2017-09-27T21:40:39+00:00",
|
||||
"time": "2015-03-14T20:27:45+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
"Crypto.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "defuse/php-encryption",
|
||||
"version": "v2.1.0",
|
||||
"version_normalized": "2.1.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/defuse/php-encryption.git",
|
||||
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
|
||||
"reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-openssl": "*",
|
||||
"paragonie/random_compat": "~2.0",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"nikic/php-parser": "^2.0|^3.0",
|
||||
"phpunit/phpunit": "^4|^5"
|
||||
},
|
||||
"time": "2017-05-18T21:28:48+00:00",
|
||||
"bin": [
|
||||
"bin/generate-defuse-key"
|
||||
],
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Defuse\\Crypto\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Taylor Hornby",
|
||||
"email": "taylor@defuse.ca",
|
||||
"homepage": "https://defuse.ca/"
|
||||
},
|
||||
{
|
||||
"name": "Scott Arciszewski",
|
||||
"email": "info@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
"email": "havoc@defuse.ca"
|
||||
}
|
||||
],
|
||||
"description": "Secure PHP Encryption Library",
|
||||
"keywords": [
|
||||
"aes",
|
||||
"authenticated encryption",
|
||||
"cipher",
|
||||
"crypto",
|
||||
"cryptography",
|
||||
"encrypt",
|
||||
"encryption",
|
||||
"openssl",
|
||||
"security",
|
||||
"symmetric key cryptography"
|
||||
"mcrypt",
|
||||
"security"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
11
vendor/defuse/php-encryption/.gitignore
vendored
11
vendor/defuse/php-encryption/.gitignore
vendored
|
@ -1,11 +0,0 @@
|
|||
*~
|
||||
/test/unit/File/big-generated-file
|
||||
/composer.lock
|
||||
/vendor
|
||||
defuse-crypto.phar
|
||||
defuse-crypto.phar.sig
|
||||
composer.phar
|
||||
box.phar
|
||||
phpunit.phar
|
||||
phpunit.phar.asc
|
||||
test/unit/File/tmp
|
60
vendor/defuse/php-encryption/.php_cs
vendored
60
vendor/defuse/php-encryption/.php_cs
vendored
|
@ -1,60 +0,0 @@
|
|||
<?php
|
||||
|
||||
$config = Symfony\CS\Config\Config::create()
|
||||
->level(Symfony\CS\FixerInterface::PSR2_LEVEL)
|
||||
->fixers([
|
||||
'blankline_after_open_tag',
|
||||
'empty_return',
|
||||
'extra_empty_lines',
|
||||
'function_typehint_space',
|
||||
'join_function',
|
||||
'method_argument_default_value',
|
||||
'multiline_array_trailing_comma',
|
||||
'no_blank_lines_after_class_opening',
|
||||
'no_empty_lines_after_phpdocs',
|
||||
'phpdoc_indent',
|
||||
'phpdoc_no_access',
|
||||
'phpdoc_no_empty_return',
|
||||
'phpdoc_no_package',
|
||||
'phpdoc_params',
|
||||
'phpdoc_scalar',
|
||||
'phpdoc_separation',
|
||||
'phpdoc_trim',
|
||||
'phpdoc_type_to_var',
|
||||
'phpdoc_types',
|
||||
'phpdoc_var_without_name',
|
||||
'remove_leading_slash_use',
|
||||
'remove_lines_between_uses',
|
||||
'short_bool_cast',
|
||||
'single_quote',
|
||||
'spaces_after_semicolon',
|
||||
'spaces_before_semicolon',
|
||||
'spaces_cast',
|
||||
'standardize_not_equal',
|
||||
'ternary_spaces',
|
||||
'trim_array_spaces',
|
||||
'unneeded_control_parentheses',
|
||||
'unused_use',
|
||||
'whitespacy_lines',
|
||||
'align_double_arrow',
|
||||
'concat_with_spaces',
|
||||
'logical_not_operators_with_successor_space',
|
||||
'multiline_spaces_before_semicolon',
|
||||
'newline_after_open_tag',
|
||||
'ordered_use',
|
||||
'php_unit_construct',
|
||||
'phpdoc_order',
|
||||
'short_array_syntax',
|
||||
]);
|
||||
|
||||
if (null === $input->getArgument('path')) {
|
||||
$config
|
||||
->finder(
|
||||
Symfony\CS\Finder\DefaultFinder::create()
|
||||
->in('src')
|
||||
->in('test')
|
||||
->exclude('vendor')
|
||||
);
|
||||
}
|
||||
|
||||
return $config;
|
22
vendor/defuse/php-encryption/.travis.yml
vendored
Normal file
22
vendor/defuse/php-encryption/.travis.yml
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
language: php
|
||||
php:
|
||||
- "5.6"
|
||||
- "5.5"
|
||||
- "5.4"
|
||||
- "5.3"
|
||||
- "5.2"
|
||||
# Versions below here are not installed on travis-ci
|
||||
# - "5.1"
|
||||
# - "5.0"
|
||||
# - "4.4"
|
||||
# - "4.3"
|
||||
# - "4.2"
|
||||
# - "4.1"
|
||||
# - "4.0"
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
- php: "5.3"
|
||||
- php: "5.2"
|
||||
|
||||
script: ./test.sh
|
677
vendor/defuse/php-encryption/Crypto.php
vendored
Normal file
677
vendor/defuse/php-encryption/Crypto.php
vendored
Normal file
|
@ -0,0 +1,677 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* PHP Encryption Library
|
||||
* Copyright (c) 2014, Taylor Hornby
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Web: https://defuse.ca/secure-php-encryption.htm
|
||||
* GitHub: https://github.com/defuse/php-encryption
|
||||
*
|
||||
* WARNING: This encryption library is not a silver bullet. It only provides
|
||||
* symmetric encryption given a uniformly random key. This means you MUST NOT
|
||||
* use an ASCII string like a password as the key parameter, it MUST be
|
||||
* a uniformly random key generated by CreateNewRandomKey(). If you want to
|
||||
* encrypt something with a password, apply a password key derivation function
|
||||
* like PBKDF2 or scrypt with a random salt to generate a key.
|
||||
*
|
||||
* WARNING: Error handling is very important, especially for crypto code!
|
||||
*
|
||||
* How to use this code:
|
||||
*
|
||||
* Generating a Key
|
||||
* ----------------
|
||||
* try {
|
||||
* $key = self::CreateNewRandomKey();
|
||||
* // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
|
||||
* // they may leak the key to the attacker through side channels.
|
||||
* } catch (CryptoTestFailedException $ex) {
|
||||
* die('Cannot safely create a key');
|
||||
* } catch (CannotPerformOperationException $ex) {
|
||||
* die('Cannot safely create a key');
|
||||
* }
|
||||
*
|
||||
* Encrypting a Message
|
||||
* --------------------
|
||||
* $message = "ATTACK AT DAWN";
|
||||
* try {
|
||||
* $ciphertext = self::Encrypt($message, $key);
|
||||
* } catch (CryptoTestFailedException $ex) {
|
||||
* die('Cannot safely perform encryption');
|
||||
* } catch (CannotPerformOperationException $ex) {
|
||||
* die('Cannot safely perform decryption');
|
||||
* }
|
||||
*
|
||||
* Decrypting a Message
|
||||
* --------------------
|
||||
* try {
|
||||
* $decrypted = self::Decrypt($ciphertext, $key);
|
||||
* } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
|
||||
* // Either:
|
||||
* // 1. The ciphertext was modified by the attacker,
|
||||
* // 2. The key is wrong, or
|
||||
* // 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||
* // Assume the worst.
|
||||
* die('DANGER! DANGER! The ciphertext has been tampered with!');
|
||||
* } catch (CryptoTestFailedException $ex) {
|
||||
* die('Cannot safely perform encryption');
|
||||
* } catch (CannotPerformOperationException $ex) {
|
||||
* die('Cannot safely perform decryption');
|
||||
* }
|
||||
*/
|
||||
|
||||
/*
|
||||
* Raised by Decrypt() when one of the following conditions are met:
|
||||
* - The key is wrong.
|
||||
* - The ciphertext is invalid or not in the correct format.
|
||||
* - The attacker modified the ciphertext.
|
||||
*/
|
||||
class InvalidCiphertextException extends Exception {}
|
||||
/* If you see these, it means it is NOT SAFE to do encryption on your system. */
|
||||
class CannotPerformOperationException extends Exception {}
|
||||
class CryptoTestFailedException extends Exception {}
|
||||
|
||||
final class Crypto
|
||||
{
|
||||
// Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
|
||||
|
||||
/* DO NOT CHANGE THESE CONSTANTS!
|
||||
*
|
||||
* We spent *weeks* testing this code, making sure it is as perfect and
|
||||
* correct as possible. Are you going to do the same after making your
|
||||
* changes? Probably not. Besides, any change to these constants will break
|
||||
* the runtime tests, which are extremely important for your security.
|
||||
* You're literally millions of times more likely to screw up your own
|
||||
* security by changing something here than you are to fall victim to an
|
||||
* 128-bit key brute-force attack. You're also breaking your own
|
||||
* compatibility with future updates to this library, so you'll be left
|
||||
* vulnerable if we ever find a security bug and release a fix.
|
||||
*
|
||||
* So, PLEASE, do not change these constants.
|
||||
*/
|
||||
const CIPHER = 'aes-128';
|
||||
const KEY_BYTE_SIZE = 16;
|
||||
const CIPHER_MODE = 'cbc';
|
||||
const HASH_FUNCTION = 'sha256';
|
||||
const MAC_BYTE_SIZE = 32;
|
||||
const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
|
||||
const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
|
||||
|
||||
/*
|
||||
* Use this to generate a random encryption key.
|
||||
*/
|
||||
public static function CreateNewRandomKey()
|
||||
{
|
||||
self::RuntimeTest();
|
||||
return self::SecureRandom(self::KEY_BYTE_SIZE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypts a message.
|
||||
* $plaintext is the message to encrypt.
|
||||
* $key is the encryption key, a value generated by CreateNewRandomKey().
|
||||
* You MUST catch exceptions thrown by this function. See docs above.
|
||||
*/
|
||||
public static function Encrypt($plaintext, $key)
|
||||
{
|
||||
self::RuntimeTest();
|
||||
|
||||
if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
|
||||
{
|
||||
throw new CannotPerformOperationException("Bad key.");
|
||||
}
|
||||
|
||||
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||
|
||||
self::EnsureFunctionExists('openssl_get_cipher_methods');
|
||||
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
|
||||
throw new CannotPerformOperationException("Cipher method not supported.");
|
||||
}
|
||||
|
||||
// Generate a sub-key for encryption.
|
||||
$keysize = self::KEY_BYTE_SIZE;
|
||||
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
|
||||
|
||||
// Generate a random initialization vector.
|
||||
self::EnsureFunctionExists("openssl_cipher_iv_length");
|
||||
$ivsize = openssl_cipher_iv_length($method);
|
||||
if ($ivsize === FALSE || $ivsize <= 0) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
$iv = self::SecureRandom($ivsize);
|
||||
|
||||
$ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
|
||||
|
||||
// Generate a sub-key for authentication and apply the HMAC.
|
||||
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
|
||||
$auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
|
||||
$ciphertext = $auth . $ciphertext;
|
||||
|
||||
return $ciphertext;
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypts a ciphertext.
|
||||
* $ciphertext is the ciphertext to decrypt.
|
||||
* $key is the key that the ciphertext was encrypted with.
|
||||
* You MUST catch exceptions thrown by this function. See docs above.
|
||||
*/
|
||||
public static function Decrypt($ciphertext, $key)
|
||||
{
|
||||
self::RuntimeTest();
|
||||
|
||||
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||
|
||||
self::EnsureFunctionExists('openssl_get_cipher_methods');
|
||||
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
|
||||
throw new CannotPerformOperationException("Cipher method not supported.");
|
||||
}
|
||||
|
||||
// Extract the HMAC from the front of the ciphertext.
|
||||
if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
|
||||
throw new InvalidCiphertextException();
|
||||
}
|
||||
$hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
|
||||
if ($hmac === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
$ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
|
||||
if ($ciphertext === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
// Regenerate the same authentication sub-key.
|
||||
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
|
||||
|
||||
if (self::VerifyHMAC($hmac, $ciphertext, $akey))
|
||||
{
|
||||
// Regenerate the same encryption sub-key.
|
||||
$keysize = self::KEY_BYTE_SIZE;
|
||||
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
|
||||
|
||||
// Extract the initialization vector from the ciphertext.
|
||||
self::EnsureFunctionExists("openssl_cipher_iv_length");
|
||||
$ivsize = openssl_cipher_iv_length($method);
|
||||
if ($ivsize === FALSE || $ivsize <= 0) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
if (self::our_strlen($ciphertext) <= $ivsize) {
|
||||
throw new InvalidCiphertextException();
|
||||
}
|
||||
$iv = self::our_substr($ciphertext, 0, $ivsize);
|
||||
if ($iv === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
$ciphertext = self::our_substr($ciphertext, $ivsize);
|
||||
if ($ciphertext === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
$plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
|
||||
|
||||
return $plaintext;
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
* We throw an exception instead of returning FALSE because we want
|
||||
* a script that doesn't handle this condition to CRASH, instead
|
||||
* of thinking the ciphertext decrypted to the value FALSE.
|
||||
*/
|
||||
throw new InvalidCiphertextException();
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Runs tests.
|
||||
* Raises CannotPerformOperationException or CryptoTestFailedException if
|
||||
* one of the tests fail. If any tests fails, your system is not capable of
|
||||
* performing encryption, so make sure you fail safe in that case.
|
||||
*/
|
||||
public static function RuntimeTest()
|
||||
{
|
||||
// 0: Tests haven't been run yet.
|
||||
// 1: Tests have passed.
|
||||
// 2: Tests are running right now.
|
||||
// 3: Tests have failed.
|
||||
static $test_state = 0;
|
||||
|
||||
if ($test_state === 1 || $test_state === 2) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$test_state = 2;
|
||||
self::AESTestVector();
|
||||
self::HMACTestVector();
|
||||
self::HKDFTestVector();
|
||||
|
||||
self::TestEncryptDecrypt();
|
||||
if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
|
||||
if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
} catch (CryptoTestFailedException $ex) {
|
||||
// Do this, otherwise it will stay in the "tests are running" state.
|
||||
$test_state = 3;
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
// Change this to '0' make the tests always re-run (for benchmarking).
|
||||
$test_state = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Never call this method directly!
|
||||
*/
|
||||
private static function PlainEncrypt($plaintext, $key, $iv)
|
||||
{
|
||||
|
||||
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||
|
||||
self::EnsureConstantExists("OPENSSL_RAW_DATA");
|
||||
self::EnsureFunctionExists("openssl_encrypt");
|
||||
$ciphertext = openssl_encrypt(
|
||||
$plaintext,
|
||||
$method,
|
||||
$key,
|
||||
OPENSSL_RAW_DATA,
|
||||
$iv
|
||||
);
|
||||
|
||||
if ($ciphertext === false) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
return $ciphertext;
|
||||
}
|
||||
|
||||
/*
|
||||
* Never call this method directly!
|
||||
*/
|
||||
private static function PlainDecrypt($ciphertext, $key, $iv)
|
||||
{
|
||||
|
||||
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||
|
||||
self::EnsureConstantExists("OPENSSL_RAW_DATA");
|
||||
self::EnsureFunctionExists("openssl_encrypt");
|
||||
$plaintext = openssl_decrypt(
|
||||
$ciphertext,
|
||||
$method,
|
||||
$key,
|
||||
OPENSSL_RAW_DATA,
|
||||
$iv
|
||||
);
|
||||
if ($plaintext === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
return $plaintext;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns a random binary string of length $octets bytes.
|
||||
*/
|
||||
private static function SecureRandom($octets)
|
||||
{
|
||||
self::EnsureFunctionExists("mcrypt_create_iv");
|
||||
$random = mcrypt_create_iv($octets, MCRYPT_DEV_URANDOM);
|
||||
if ($random === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
} else {
|
||||
return $random;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Use HKDF to derive multiple keys from one.
|
||||
* http://tools.ietf.org/html/rfc5869
|
||||
*/
|
||||
private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
|
||||
{
|
||||
// Find the correct digest length as quickly as we can.
|
||||
$digest_length = self::MAC_BYTE_SIZE;
|
||||
if ($hash != self::HASH_FUNCTION) {
|
||||
$digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
|
||||
}
|
||||
|
||||
// Sanity-check the desired output length.
|
||||
if (empty($length) || !is_int($length) ||
|
||||
$length < 0 || $length > 255 * $digest_length) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
// "if [salt] not provided, is set to a string of HashLen zeroes."
|
||||
if (is_null($salt)) {
|
||||
$salt = str_repeat("\x00", $digest_length);
|
||||
}
|
||||
|
||||
// HKDF-Extract:
|
||||
// PRK = HMAC-Hash(salt, IKM)
|
||||
// The salt is the HMAC key.
|
||||
$prk = hash_hmac($hash, $ikm, $salt, true);
|
||||
|
||||
// HKDF-Expand:
|
||||
|
||||
// This check is useless, but it serves as a reminder to the spec.
|
||||
if (self::our_strlen($prk) < $digest_length) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
// T(0) = ''
|
||||
$t = '';
|
||||
$last_block = '';
|
||||
for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
|
||||
// T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
|
||||
$last_block = hash_hmac(
|
||||
$hash,
|
||||
$last_block . $info . chr($block_index),
|
||||
$prk,
|
||||
true
|
||||
);
|
||||
// T = T(1) | T(2) | T(3) | ... | T(N)
|
||||
$t .= $last_block;
|
||||
}
|
||||
|
||||
// ORM = first L octets of T
|
||||
$orm = self::our_substr($t, 0, $length);
|
||||
if ($orm === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
return $orm;
|
||||
}
|
||||
|
||||
private static function VerifyHMAC($correct_hmac, $message, $key)
|
||||
{
|
||||
$message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
|
||||
|
||||
// We can't just compare the strings with '==', since it would make
|
||||
// timing attacks possible. We could use the XOR-OR constant-time
|
||||
// comparison algorithm, but I'm not sure if that's good enough way up
|
||||
// here in an interpreted language. So we use the method of HMACing the
|
||||
// strings we want to compare with a random key, then comparing those.
|
||||
|
||||
// NOTE: This leaks information when the strings are not the same
|
||||
// length, but they should always be the same length here. Enforce it:
|
||||
if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
|
||||
$blind = self::CreateNewRandomKey();
|
||||
$message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
|
||||
$correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
|
||||
return $correct_compare === $message_compare;
|
||||
}
|
||||
|
||||
private static function TestEncryptDecrypt()
|
||||
{
|
||||
$key = self::CreateNewRandomKey();
|
||||
$data = "EnCrYpT EvErYThInG\x00\x00";
|
||||
|
||||
// Make sure encrypting then decrypting doesn't change the message.
|
||||
$ciphertext = self::Encrypt($data, $key);
|
||||
try {
|
||||
$decrypted = self::Decrypt($ciphertext, $key);
|
||||
} catch (InvalidCiphertextException $ex) {
|
||||
// It's important to catch this and change it into a
|
||||
// CryptoTestFailedException, otherwise a test failure could trick
|
||||
// the user into thinking it's just an invalid ciphertext!
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
if($decrypted !== $data)
|
||||
{
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
|
||||
// Modifying the ciphertext: Appending a string.
|
||||
try {
|
||||
self::Decrypt($ciphertext . "a", $key);
|
||||
throw new CryptoTestFailedException();
|
||||
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||
|
||||
// Modifying the ciphertext: Changing an IV byte.
|
||||
try {
|
||||
$ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
|
||||
self::Decrypt($ciphertext, $key);
|
||||
throw new CryptoTestFailedException();
|
||||
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||
|
||||
// Decrypting with the wrong key.
|
||||
$key = self::CreateNewRandomKey();
|
||||
$data = "abcdef";
|
||||
$ciphertext = self::Encrypt($data, $key);
|
||||
$wrong_key = self::CreateNewRandomKey();
|
||||
try {
|
||||
self::Decrypt($ciphertext, $wrong_key);
|
||||
throw new CryptoTestFailedException();
|
||||
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||
|
||||
// Ciphertext too small (shorter than HMAC).
|
||||
$key = self::CreateNewRandomKey();
|
||||
$ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
|
||||
try {
|
||||
self::Decrypt($ciphertext, $key);
|
||||
throw new CryptoTestFailedException();
|
||||
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||
}
|
||||
|
||||
private static function HKDFTestVector()
|
||||
{
|
||||
// HKDF test vectors from RFC 5869
|
||||
|
||||
// Test Case 1
|
||||
$ikm = str_repeat("\x0b", 22);
|
||||
$salt = self::hexToBytes("000102030405060708090a0b0c");
|
||||
$info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
|
||||
$length = 42;
|
||||
$okm = self::hexToBytes(
|
||||
"3cb25f25faacd57a90434f64d0362f2a" .
|
||||
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
|
||||
"34007208d5b887185865"
|
||||
);
|
||||
$computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
|
||||
if ($computed_okm !== $okm) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
|
||||
// Test Case 7
|
||||
$ikm = str_repeat("\x0c", 22);
|
||||
$length = 42;
|
||||
$okm = self::hexToBytes(
|
||||
"2c91117204d745f3500d636a62f64f0a" .
|
||||
"b3bae548aa53d423b0d1f27ebba6f5e5" .
|
||||
"673a081d70cce7acfc48"
|
||||
);
|
||||
$computed_okm = self::HKDF("sha1", $ikm, $length);
|
||||
if ($computed_okm !== $okm) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private static function HMACTestVector()
|
||||
{
|
||||
// HMAC test vector From RFC 4231 (Test Case 1)
|
||||
$key = str_repeat("\x0b", 20);
|
||||
$data = "Hi There";
|
||||
$correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
|
||||
if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
}
|
||||
|
||||
private static function AESTestVector()
|
||||
{
|
||||
// AES CBC mode test vector from NIST SP 800-38A
|
||||
$key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
|
||||
$iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
|
||||
$plaintext = self::hexToBytes(
|
||||
"6bc1bee22e409f96e93d7e117393172a" .
|
||||
"ae2d8a571e03ac9c9eb76fac45af8e51" .
|
||||
"30c81c46a35ce411e5fbc1191a0a52ef" .
|
||||
"f69f2445df4f9b17ad2b417be66c3710"
|
||||
);
|
||||
$ciphertext = self::hexToBytes(
|
||||
"7649abac8119b246cee98e9b12e9197d" .
|
||||
"5086cb9b507219ee95db113a917678b2" .
|
||||
"73bed6b8e3c1743b7116e69e22229516" .
|
||||
"3ff1caa1681fac09120eca307586e1a7" .
|
||||
/* Block due to padding. Not from NIST test vector.
|
||||
Padding Block: 10101010101010101010101010101010
|
||||
Ciphertext: 3ff1caa1681fac09120eca307586e1a7
|
||||
(+) 2fe1dab1780fbc19021eda206596f1b7
|
||||
AES 8cb82807230e1321d3fae00d18cc2012
|
||||
|
||||
*/
|
||||
"8cb82807230e1321d3fae00d18cc2012"
|
||||
);
|
||||
|
||||
$computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
|
||||
if ($computed_ciphertext !== $ciphertext) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
|
||||
$computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
|
||||
if ($computed_plaintext !== $plaintext) {
|
||||
throw new CryptoTestFailedException();
|
||||
}
|
||||
}
|
||||
|
||||
/* WARNING: Do not call this function on secrets. It creates side channels. */
|
||||
private static function hexToBytes($hex_string)
|
||||
{
|
||||
return pack("H*", $hex_string);
|
||||
}
|
||||
|
||||
private static function EnsureConstantExists($name)
|
||||
{
|
||||
if (!defined($name)) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
}
|
||||
|
||||
private static function EnsureFunctionExists($name)
|
||||
{
|
||||
if (!function_exists($name)) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* We need these strlen() and substr() functions because when
|
||||
* 'mbstring.func_overload' is set in php.ini, the standard strlen() and
|
||||
* substr() are replaced by mb_strlen() and mb_substr().
|
||||
*/
|
||||
|
||||
private static function our_strlen($str)
|
||||
{
|
||||
if (function_exists('mb_strlen')) {
|
||||
$length = mb_strlen($str, '8bit');
|
||||
if ($length === FALSE) {
|
||||
throw new CannotPerformOperationException();
|
||||
}
|
||||
return $length;
|
||||
} else {
|
||||
return strlen($str);
|
||||
}
|
||||
}
|
||||
|
||||
private static function our_substr($str, $start, $length = NULL)
|
||||
{
|
||||
if (function_exists('mb_substr'))
|
||||
{
|
||||
// mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
|
||||
// 5.3, so we have to find the length ourselves.
|
||||
if (!isset($length)) {
|
||||
if ($start >= 0) {
|
||||
$length = self::our_strlen($str) - $start;
|
||||
} else {
|
||||
$length = -$start;
|
||||
}
|
||||
}
|
||||
|
||||
return mb_substr($str, $start, $length, '8bit');
|
||||
}
|
||||
|
||||
// Unlike mb_substr(), substr() doesn't accept NULL for length
|
||||
if (isset($length)) {
|
||||
return substr($str, $start, $length);
|
||||
} else {
|
||||
return substr($str, $start);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* We want to catch all uncaught exceptions that come from the Crypto class,
|
||||
* since by default, PHP will leak the key in the stack trace from an uncaught
|
||||
* exception. This is a really ugly hack, but I think it's justified.
|
||||
*
|
||||
* Everything up to handler() getting called should be reliable, so this should
|
||||
* reliably suppress the stack traces. The rest is just a bonus so that we don't
|
||||
* make it impossible to debug other exceptions.
|
||||
*
|
||||
* This bit of code was adapted from: http://stackoverflow.com/a/7939492
|
||||
*/
|
||||
|
||||
class CryptoExceptionHandler
|
||||
{
|
||||
private $rethrow = NULL;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
set_exception_handler(array($this, "handler"));
|
||||
}
|
||||
|
||||
public function handler($ex)
|
||||
{
|
||||
if (
|
||||
$ex instanceof InvalidCiphertextException ||
|
||||
$ex instanceof CannotPerformOperationException ||
|
||||
$ex instanceof CryptoTestFailedException
|
||||
) {
|
||||
echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
|
||||
} else {
|
||||
/* Re-throw the exception in the destructor. */
|
||||
$this->rethrow = $ex;
|
||||
}
|
||||
}
|
||||
|
||||
public function __destruct() {
|
||||
if ($this->rethrow) {
|
||||
throw $this->rethrow;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();
|
||||
|
21
vendor/defuse/php-encryption/LICENSE
vendored
21
vendor/defuse/php-encryption/LICENSE
vendored
|
@ -1,21 +0,0 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Taylor Hornby <https://defuse.ca> and Paragon Initiative
|
||||
Enterprises <https://paragonie.com>.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
119
vendor/defuse/php-encryption/README.md
vendored
119
vendor/defuse/php-encryption/README.md
vendored
|
@ -1,88 +1,79 @@
|
|||
php-encryption
|
||||
===============
|
||||
|
||||
This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
|
||||
|
||||
[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
|
||||
|
||||
This is a library for encrypting data with a key or password in PHP. **It
|
||||
requires PHP 5.4 or newer.** The current version is v2.0.0, which is expected to
|
||||
remain stable and supported by its authors with security and bugfixes until at
|
||||
least January 1st, 2019.
|
||||
Implementation
|
||||
--------------
|
||||
|
||||
The library is a joint effort between [Taylor Hornby](https://defuse.ca/) and
|
||||
[Scott Arciszewski](https://paragonie.com/blog/author/scott-arcizewski) as well
|
||||
as numerous open-source contributors.
|
||||
Messages are encrypted with AES-128 in CBC mode and are authenticated with
|
||||
HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
|
||||
a multiple of the block size. HKDF is used to split the user-provided key into
|
||||
two keys: one for encryption, and the other for authentication. It is
|
||||
implemented using the `openssl_` and `hash_hmac` functions.
|
||||
|
||||
What separates this library from other PHP encryption libraries is, firstly,
|
||||
that it is secure. The authors used to encounter insecure PHP encryption code on
|
||||
a daily basis, so they created this library to bring more security to the
|
||||
ecosystem. Secondly, this library is "difficult to misuse." Like
|
||||
[libsodium](https://github.com/jedisct1/libsodium), its API is designed to be
|
||||
easy to use in a secure way and hard to use in an insecure way.
|
||||
Warning
|
||||
--------
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
This is new code, and it hasn't received much review by experts. I have spent
|
||||
many hours making it as secure as possible (extensive runtime tests, secure
|
||||
coding practices), and auditing it for problems, but I may have missed some
|
||||
issues. So be careful. Don't trust it with your life. Check out the open GitHub
|
||||
issues for a list of known issues. If you find a problem with this library,
|
||||
please report it by opening a GitHub issue.
|
||||
|
||||
This library requres no special dependencies except for PHP 5.4 or newer with
|
||||
the OpenSSL extensions enabled (this is the default). It uses
|
||||
[random\_compat](https://github.com/paragonie/random_compat), which is bundled
|
||||
in with this library so that your users will not need to follow any special
|
||||
installation steps.
|
||||
That said, you're probably much better off using this library than any other
|
||||
encryption library written in PHP.
|
||||
|
||||
Getting Started
|
||||
----------------
|
||||
Philosophy
|
||||
-----------
|
||||
|
||||
Start with the [**Tutorial**](docs/Tutorial.md). You can find instructions for
|
||||
obtaining this library's code securely in the [Installing and
|
||||
Verifying](docs/InstallingAndVerifying.md) documentation.
|
||||
This library was created after noticing how much insecure PHP encryption code
|
||||
there is. I once did a Google search for "php encryption" and found insecure
|
||||
code or advice on 9 of the top 10 results.
|
||||
|
||||
After you've read the tutorial and got the code, refer to the formal
|
||||
documentation for each of the classes this library provides:
|
||||
Encryption is becoming an essential component of modern websites. This library
|
||||
aims to fulfil a subset of that need: Authenticated symmetric encryption of
|
||||
short strings, given a random key.
|
||||
|
||||
- [Crypto](docs/classes/Crypto.md)
|
||||
- [File](docs/classes/File.md)
|
||||
- [Key](docs/classes/Key.md)
|
||||
- [KeyProtectedByPassword](docs/classes/KeyProtectedByPassword.md)
|
||||
This library is developed around several core values:
|
||||
|
||||
If you encounter difficulties, see the [FAQ](docs/FAQ.md) answers. The fixes to
|
||||
the most commonly-reported problems are explained there.
|
||||
- Rule #1: Security is prioritized over everything else.
|
||||
|
||||
If you're a cryptographer and want to understand the nitty-gritty details of how
|
||||
this library works, look at the [Cryptography Details](docs/CryptoDetails.md)
|
||||
documentation.
|
||||
> Whenever there is a conflict between security and some other property,
|
||||
> security will be favored. For example, the library has runtime tests,
|
||||
> which make it slower, but will hopefully stop it from encrypting stuff
|
||||
> if the platform it's running on is broken.
|
||||
|
||||
If you're interested in contributing to this library, see the [Internal
|
||||
Developer Documentation](docs/InternalDeveloperDocs.md).
|
||||
- Rule #2: It should be difficult to misuse the library.
|
||||
|
||||
Examples
|
||||
---------
|
||||
> We assume the developers using this library have no experience with
|
||||
> cryptography. We only assume that they know that the "key" is something
|
||||
> you need to encrypt and decrypt the messages, and that it must be
|
||||
> protected. Whenever possible, the library should refuse to encrypt or
|
||||
> decrypt messages when it is not being used correctly.
|
||||
|
||||
If the documentation is not enough for you to understand how to use this
|
||||
library, then you can look at an example project that uses this library:
|
||||
- Rule #3: The library aims only to be compatible with itself.
|
||||
|
||||
- [encutil](https://github.com/defuse/encutil)
|
||||
- [fileencrypt](https://github.com/tsusanka/fileencrypt)
|
||||
> Other PHP encryption libraries try to support every possible type of
|
||||
> encryption, even the insecure ones (e.g. ECB mode). Because there are so
|
||||
> many options, inexperienced developers must make decisions between
|
||||
> things like "CBC" mode and "ECB" mode, knowing nothing about either one,
|
||||
> which inevitably creates vulnerabilities.
|
||||
|
||||
Security Audit Status
|
||||
---------------------
|
||||
> This library will only support one secure mode. A developer using this
|
||||
> library will call "encrypt" and "decrypt" not caring about how they are
|
||||
> implemented.
|
||||
|
||||
This code has not been subjected to a formal, paid, security audit. However, it
|
||||
has received lots of review from members of the PHP security community, and the
|
||||
authors are experienced with cryptography. In all likelihood, you are safer
|
||||
using this library than almost any other encryption library for PHP.
|
||||
- Rule #4: The library should consist of a single PHP file and nothing more.
|
||||
|
||||
If you use this library as a part of your business and would like to help fund
|
||||
a formal audit, please [contact Taylor Hornby](https://defuse.ca/contact.htm).
|
||||
> Some PHP encryption libraries, like libsodium-php [1], are not
|
||||
> straightforward to install and cannot packaged with "just download and
|
||||
> extract" applications. This library will always be just one PHP file
|
||||
> that you can put in your source tree and require().
|
||||
|
||||
Public Keys
|
||||
------------
|
||||
References:
|
||||
|
||||
The GnuPG public key used to sign releases is available in
|
||||
[dist/signingkey.asc](https://github.com/defuse/php-encryption/raw/master/dist/signingkey.asc). Its fingerprint is:
|
||||
|
||||
```
|
||||
2FA6 1D8D 99B9 2658 6BAC 3D53 385E E055 A129 1538
|
||||
```
|
||||
|
||||
You can verify it against the Taylor Hornby's [contact
|
||||
page](https://defuse.ca/contact.htm) and
|
||||
[twitter](https://twitter.com/DefuseSec/status/723741424253059074).
|
||||
[1] https://github.com/jedisct1/libsodium-php
|
||||
|
|
42
vendor/defuse/php-encryption/benchmark.php
vendored
Normal file
42
vendor/defuse/php-encryption/benchmark.php
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
<?php
|
||||
|
||||
require_once('Crypto.php');
|
||||
|
||||
// Note: By default, the runtime tests are "cached" and not re-executed for
|
||||
// every call. To disable this, look at the RuntimeTest() function.
|
||||
|
||||
$start = microtime(true);
|
||||
for ($i = 0; $i < 1000; $i++) {
|
||||
$key = Crypto::CreateNewRandomKey();
|
||||
}
|
||||
$end = microtime(true);
|
||||
showResults("CreateNewRandomKey()", $start, $end, 1000);
|
||||
|
||||
$start = microtime(true);
|
||||
for ($i = 0; $i < 100; $i++) {
|
||||
$ciphertext = Crypto::Encrypt(
|
||||
str_repeat("A", 1024*1024),
|
||||
str_repeat("B", 16)
|
||||
);
|
||||
}
|
||||
$end = microtime(true);
|
||||
showResults("Encrypt(1MB)", $start, $end, 100);
|
||||
|
||||
$start = microtime(true);
|
||||
for ($i = 0; $i < 1000; $i++) {
|
||||
$ciphertext = Crypto::Encrypt(
|
||||
str_repeat("A", 1024),
|
||||
str_repeat("B", 16)
|
||||
);
|
||||
}
|
||||
$end = microtime(true);
|
||||
showResults("Encrypt(1KB)", $start, $end, 1000);
|
||||
|
||||
function showResults($type, $start, $end, $count)
|
||||
{
|
||||
$time = $end - $start;
|
||||
$rate = $count / $time;
|
||||
echo "$type: $rate calls/s\n";
|
||||
}
|
||||
|
||||
?>
|
|
@ -1,14 +0,0 @@
|
|||
#!/usr/bin/env php
|
||||
<?php
|
||||
|
||||
use Defuse\Crypto\Key;
|
||||
|
||||
foreach ([__DIR__ . '/../../../autoload.php', __DIR__ . '/../vendor/autoload.php'] as $file) {
|
||||
if (file_exists($file)) {
|
||||
require $file;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$key = Key::createNewRandomKey();
|
||||
echo $key->saveToAsciiSafeString(), "\n";
|
27
vendor/defuse/php-encryption/composer.json
vendored
27
vendor/defuse/php-encryption/composer.json
vendored
|
@ -2,34 +2,19 @@
|
|||
"name": "defuse/php-encryption",
|
||||
"description": "Secure PHP Encryption Library",
|
||||
"license": "MIT",
|
||||
"keywords": ["security", "encryption", "AES", "openssl", "cipher", "cryptography", "symmetric key cryptography", "crypto", "encrypt", "authenticated encryption"],
|
||||
"keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Taylor Hornby",
|
||||
"email": "taylor@defuse.ca",
|
||||
"homepage": "https://defuse.ca/"
|
||||
},
|
||||
{
|
||||
"name": "Scott Arciszewski",
|
||||
"email": "info@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
"email": "havoc@defuse.ca"
|
||||
}
|
||||
],
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Defuse\\Crypto\\": "src"
|
||||
}
|
||||
"files": ["Crypto.php"]
|
||||
},
|
||||
"require": {
|
||||
"paragonie/random_compat": "~2.0",
|
||||
"php": ">=5.4.0",
|
||||
"ext-openssl": "*",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4|^5",
|
||||
"nikic/php-parser": "^2.0|^3.0"
|
||||
},
|
||||
"bin": [
|
||||
"bin/generate-defuse-key"
|
||||
]
|
||||
"ext-mcrypt": "*"
|
||||
}
|
||||
}
|
||||
|
|
37
vendor/defuse/php-encryption/dist/Makefile
vendored
37
vendor/defuse/php-encryption/dist/Makefile
vendored
|
@ -1,37 +0,0 @@
|
|||
# This builds defuse-crypto.phar. To run this Makefile, `box` and `composer`
|
||||
# must be installed and in your $PATH. Run it from inside the dist/ directory.
|
||||
|
||||
box := $(shell which box)
|
||||
composer := "composer"
|
||||
|
||||
.PHONY: all
|
||||
all: build-phar
|
||||
|
||||
.PHONY: sign-phar
|
||||
sign-phar:
|
||||
gpg -u 7B4B2D98 --armor --output defuse-crypto.phar.sig --detach-sig defuse-crypto.phar
|
||||
|
||||
# ensure we run in clean tree. export git tree and run there.
|
||||
.PHONY: build-phar
|
||||
build-phar:
|
||||
@echo "Creating .phar from revision $(shell git rev-parse HEAD)."
|
||||
rm -rf worktree
|
||||
install -d worktree
|
||||
(cd $(CURDIR)/..; git archive HEAD) | tar -x -C worktree
|
||||
$(MAKE) -f $(CURDIR)/Makefile -C worktree defuse-crypto.phar
|
||||
mv worktree/*.phar .
|
||||
rm -rf worktree
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -vf defuse-crypto.phar defuse-crypto.phar.sig
|
||||
|
||||
# Inside workdir/:
|
||||