RINO 2 based on php-encryption
reenable RINO 1 functions, add a deprecation note. use by default RINO 2 , with crypto from php-encryption fallback to RINO 1 for old nodes.
This commit is contained in:
parent
7d83a19fd4
commit
6fbb02fb93
|
@ -185,8 +185,9 @@ function salmon_key($pubkey) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/** disable rino
|
|
||||||
if(! function_exists('aes_decrypt')) {
|
if(! function_exists('aes_decrypt')) {
|
||||||
|
// DEPRECATED IN 3.4.1
|
||||||
function aes_decrypt($val,$ky)
|
function aes_decrypt($val,$ky)
|
||||||
{
|
{
|
||||||
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||||
|
@ -200,6 +201,7 @@ function aes_decrypt($val,$ky)
|
||||||
|
|
||||||
|
|
||||||
if(! function_exists('aes_encrypt')) {
|
if(! function_exists('aes_encrypt')) {
|
||||||
|
// DEPRECATED IN 3.4.1
|
||||||
function aes_encrypt($val,$ky)
|
function aes_encrypt($val,$ky)
|
||||||
{
|
{
|
||||||
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||||
|
@ -210,7 +212,6 @@ function aes_encrypt($val,$ky)
|
||||||
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
|
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
|
||||||
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
|
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
|
||||||
}}
|
}}
|
||||||
**/
|
|
||||||
|
|
||||||
function pkcs5_pad ($text, $blocksize)
|
function pkcs5_pad ($text, $blocksize)
|
||||||
{
|
{
|
||||||
|
|
|
@ -15,6 +15,9 @@ require_once('include/plaintext.php');
|
||||||
require_once('include/ostatus.php');
|
require_once('include/ostatus.php');
|
||||||
require_once('mod/share.php');
|
require_once('mod/share.php');
|
||||||
|
|
||||||
|
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
|
||||||
|
|
||||||
|
|
||||||
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
|
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
|
||||||
|
|
||||||
|
|
||||||
|
@ -1982,16 +1985,16 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
if($contact['duplex'] && $contact['issued-id'])
|
if($contact['duplex'] && $contact['issued-id'])
|
||||||
$idtosend = '1:' . $orig_id;
|
$idtosend = '1:' . $orig_id;
|
||||||
|
|
||||||
/**
|
|
||||||
* disable rino.
|
|
||||||
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
|
|
||||||
|
|
||||||
$rino_enable = get_config('system','rino_encrypt');
|
$rino = get_config('system','rino_encrypt');
|
||||||
|
|
||||||
if(! $rino_enable)
|
if(! $rino) {
|
||||||
$rino = 0;
|
$rino = 0;
|
||||||
**/
|
} else {
|
||||||
$rino = 0; $rino_enable = 0;
|
$rino = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$ssl_val = intval(get_config('system','ssl_policy'));
|
$ssl_val = intval(get_config('system','ssl_policy'));
|
||||||
$ssl_policy = '';
|
$ssl_policy = '';
|
||||||
|
@ -2009,7 +2012,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
|
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
|
||||||
|
|
||||||
logger('dfrn_deliver: ' . $url);
|
logger('dfrn_deliver: ' . $url);
|
||||||
|
|
||||||
|
@ -2040,7 +2043,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
$challenge = hex2bin((string) $res->challenge);
|
$challenge = hex2bin((string) $res->challenge);
|
||||||
$perm = (($res->perm) ? $res->perm : null);
|
$perm = (($res->perm) ? $res->perm : null);
|
||||||
$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
|
$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
|
||||||
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
|
$rino_remote_version = intval($res->rino);
|
||||||
$page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
|
$page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
|
||||||
|
|
||||||
if($owner['page-flags'] == PAGE_PRVGROUP)
|
if($owner['page-flags'] == PAGE_PRVGROUP)
|
||||||
|
@ -2101,12 +2104,45 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
if($page)
|
if($page)
|
||||||
$postvars['page'] = $page;
|
$postvars['page'] = $page;
|
||||||
|
|
||||||
/** disable rino
|
if($rino>0 && $rino_remote_version>0 && (! $dissolve)) {
|
||||||
if($rino && $rino_allowed && (! $dissolve)) {
|
logger('rino version: '. $rino_remote_version);
|
||||||
$key = substr(random_string(),0,16);
|
|
||||||
$data = bin2hex(aes_encrypt($postvars['data'],$key));
|
switch($rino_remote_version) {
|
||||||
$postvars['data'] = $data;
|
case 1:
|
||||||
logger('rino: sent key = ' . $key, LOGGER_DEBUG);
|
// Deprecated rino version!
|
||||||
|
$key = substr(random_string(),0,16);
|
||||||
|
$data = aes_encrypt($postvars['data'],$key);
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
// RINO 2 based on php-encryption
|
||||||
|
try {
|
||||||
|
$key = Crypto::createNewRandomKey();
|
||||||
|
} catch (CryptoTestFailed $ex) {
|
||||||
|
logger('Cannot safely create a key');
|
||||||
|
return -1;
|
||||||
|
} catch (CannotPerformOperation $ex) {
|
||||||
|
logger('Cannot safely create a key');
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
$data = Crypto::encrypt($postvars['data'], $key);
|
||||||
|
} catch (CryptoTestFailed $ex) {
|
||||||
|
logger('Cannot safely perform encryption');
|
||||||
|
return -1;
|
||||||
|
} catch (CannotPerformOperation $ex) {
|
||||||
|
logger('Cannot safely perform encryption');
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
logger("rino: invalid requested verision '$rino_remote_version'");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
$postvars['rino'] = $rino_remote_version;
|
||||||
|
$postvars['data'] = bin2hex($data);
|
||||||
|
|
||||||
|
#logger('rino: sent key = ' . $key, LOGGER_DEBUG);
|
||||||
|
|
||||||
|
|
||||||
if($dfrn_version >= 2.1) {
|
if($dfrn_version >= 2.1) {
|
||||||
|
@ -2133,7 +2169,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
|
|
||||||
$postvars['key'] = bin2hex($postvars['key']);
|
$postvars['key'] = bin2hex($postvars['key']);
|
||||||
}
|
}
|
||||||
**/
|
|
||||||
|
|
||||||
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
|
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
|
||||||
|
|
||||||
|
|
22
library/defuse/php-encryption-1.2.1/.travis.yml
Normal file
22
library/defuse/php-encryption-1.2.1/.travis.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
language: php
|
||||||
|
php:
|
||||||
|
- "5.6"
|
||||||
|
- "5.5"
|
||||||
|
- "5.4"
|
||||||
|
- "5.3"
|
||||||
|
- "5.2"
|
||||||
|
# Versions below here are not installed on travis-ci
|
||||||
|
# - "5.1"
|
||||||
|
# - "5.0"
|
||||||
|
# - "4.4"
|
||||||
|
# - "4.3"
|
||||||
|
# - "4.2"
|
||||||
|
# - "4.1"
|
||||||
|
# - "4.0"
|
||||||
|
|
||||||
|
matrix:
|
||||||
|
allow_failures:
|
||||||
|
- php: "5.3"
|
||||||
|
- php: "5.2"
|
||||||
|
|
||||||
|
script: ./test.sh
|
677
library/defuse/php-encryption-1.2.1/Crypto.php
Normal file
677
library/defuse/php-encryption-1.2.1/Crypto.php
Normal file
|
@ -0,0 +1,677 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PHP Encryption Library
|
||||||
|
* Copyright (c) 2014, Taylor Hornby
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions are met:
|
||||||
|
*
|
||||||
|
* 1. Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||||
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
||||||
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||||
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||||
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||||
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||||
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Web: https://defuse.ca/secure-php-encryption.htm
|
||||||
|
* GitHub: https://github.com/defuse/php-encryption
|
||||||
|
*
|
||||||
|
* WARNING: This encryption library is not a silver bullet. It only provides
|
||||||
|
* symmetric encryption given a uniformly random key. This means you MUST NOT
|
||||||
|
* use an ASCII string like a password as the key parameter, it MUST be
|
||||||
|
* a uniformly random key generated by CreateNewRandomKey(). If you want to
|
||||||
|
* encrypt something with a password, apply a password key derivation function
|
||||||
|
* like PBKDF2 or scrypt with a random salt to generate a key.
|
||||||
|
*
|
||||||
|
* WARNING: Error handling is very important, especially for crypto code!
|
||||||
|
*
|
||||||
|
* How to use this code:
|
||||||
|
*
|
||||||
|
* Generating a Key
|
||||||
|
* ----------------
|
||||||
|
* try {
|
||||||
|
* $key = self::CreateNewRandomKey();
|
||||||
|
* // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
|
||||||
|
* // they may leak the key to the attacker through side channels.
|
||||||
|
* } catch (CryptoTestFailedException $ex) {
|
||||||
|
* die('Cannot safely create a key');
|
||||||
|
* } catch (CannotPerformOperationException $ex) {
|
||||||
|
* die('Cannot safely create a key');
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* Encrypting a Message
|
||||||
|
* --------------------
|
||||||
|
* $message = "ATTACK AT DAWN";
|
||||||
|
* try {
|
||||||
|
* $ciphertext = self::Encrypt($message, $key);
|
||||||
|
* } catch (CryptoTestFailedException $ex) {
|
||||||
|
* die('Cannot safely perform encryption');
|
||||||
|
* } catch (CannotPerformOperationException $ex) {
|
||||||
|
* die('Cannot safely perform decryption');
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* Decrypting a Message
|
||||||
|
* --------------------
|
||||||
|
* try {
|
||||||
|
* $decrypted = self::Decrypt($ciphertext, $key);
|
||||||
|
* } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
|
||||||
|
* // Either:
|
||||||
|
* // 1. The ciphertext was modified by the attacker,
|
||||||
|
* // 2. The key is wrong, or
|
||||||
|
* // 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||||
|
* // Assume the worst.
|
||||||
|
* die('DANGER! DANGER! The ciphertext has been tampered with!');
|
||||||
|
* } catch (CryptoTestFailedException $ex) {
|
||||||
|
* die('Cannot safely perform encryption');
|
||||||
|
* } catch (CannotPerformOperationException $ex) {
|
||||||
|
* die('Cannot safely perform decryption');
|
||||||
|
* }
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Raised by Decrypt() when one of the following conditions are met:
|
||||||
|
* - The key is wrong.
|
||||||
|
* - The ciphertext is invalid or not in the correct format.
|
||||||
|
* - The attacker modified the ciphertext.
|
||||||
|
*/
|
||||||
|
class InvalidCiphertextException extends Exception {}
|
||||||
|
/* If you see these, it means it is NOT SAFE to do encryption on your system. */
|
||||||
|
class CannotPerformOperationException extends Exception {}
|
||||||
|
class CryptoTestFailedException extends Exception {}
|
||||||
|
|
||||||
|
final class Crypto
|
||||||
|
{
|
||||||
|
// Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
|
||||||
|
|
||||||
|
/* DO NOT CHANGE THESE CONSTANTS!
|
||||||
|
*
|
||||||
|
* We spent *weeks* testing this code, making sure it is as perfect and
|
||||||
|
* correct as possible. Are you going to do the same after making your
|
||||||
|
* changes? Probably not. Besides, any change to these constants will break
|
||||||
|
* the runtime tests, which are extremely important for your security.
|
||||||
|
* You're literally millions of times more likely to screw up your own
|
||||||
|
* security by changing something here than you are to fall victim to an
|
||||||
|
* 128-bit key brute-force attack. You're also breaking your own
|
||||||
|
* compatibility with future updates to this library, so you'll be left
|
||||||
|
* vulnerable if we ever find a security bug and release a fix.
|
||||||
|
*
|
||||||
|
* So, PLEASE, do not change these constants.
|
||||||
|
*/
|
||||||
|
const CIPHER = 'aes-128';
|
||||||
|
const KEY_BYTE_SIZE = 16;
|
||||||
|
const CIPHER_MODE = 'cbc';
|
||||||
|
const HASH_FUNCTION = 'sha256';
|
||||||
|
const MAC_BYTE_SIZE = 32;
|
||||||
|
const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
|
||||||
|
const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Use this to generate a random encryption key.
|
||||||
|
*/
|
||||||
|
public static function CreateNewRandomKey()
|
||||||
|
{
|
||||||
|
self::RuntimeTest();
|
||||||
|
return self::SecureRandom(self::KEY_BYTE_SIZE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Encrypts a message.
|
||||||
|
* $plaintext is the message to encrypt.
|
||||||
|
* $key is the encryption key, a value generated by CreateNewRandomKey().
|
||||||
|
* You MUST catch exceptions thrown by this function. See docs above.
|
||||||
|
*/
|
||||||
|
public static function Encrypt($plaintext, $key)
|
||||||
|
{
|
||||||
|
self::RuntimeTest();
|
||||||
|
|
||||||
|
if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
|
||||||
|
{
|
||||||
|
throw new CannotPerformOperationException("Bad key.");
|
||||||
|
}
|
||||||
|
|
||||||
|
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||||
|
|
||||||
|
self::EnsureFunctionExists('openssl_get_cipher_methods');
|
||||||
|
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
|
||||||
|
throw new CannotPerformOperationException("Cipher method not supported.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate a sub-key for encryption.
|
||||||
|
$keysize = self::KEY_BYTE_SIZE;
|
||||||
|
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
|
||||||
|
|
||||||
|
// Generate a random initialization vector.
|
||||||
|
self::EnsureFunctionExists("openssl_cipher_iv_length");
|
||||||
|
$ivsize = openssl_cipher_iv_length($method);
|
||||||
|
if ($ivsize === FALSE || $ivsize <= 0) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
$iv = self::SecureRandom($ivsize);
|
||||||
|
|
||||||
|
$ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
|
||||||
|
|
||||||
|
// Generate a sub-key for authentication and apply the HMAC.
|
||||||
|
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
|
||||||
|
$auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
|
||||||
|
$ciphertext = $auth . $ciphertext;
|
||||||
|
|
||||||
|
return $ciphertext;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Decrypts a ciphertext.
|
||||||
|
* $ciphertext is the ciphertext to decrypt.
|
||||||
|
* $key is the key that the ciphertext was encrypted with.
|
||||||
|
* You MUST catch exceptions thrown by this function. See docs above.
|
||||||
|
*/
|
||||||
|
public static function Decrypt($ciphertext, $key)
|
||||||
|
{
|
||||||
|
self::RuntimeTest();
|
||||||
|
|
||||||
|
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||||
|
|
||||||
|
self::EnsureFunctionExists('openssl_get_cipher_methods');
|
||||||
|
if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
|
||||||
|
throw new CannotPerformOperationException("Cipher method not supported.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extract the HMAC from the front of the ciphertext.
|
||||||
|
if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
|
||||||
|
throw new InvalidCiphertextException();
|
||||||
|
}
|
||||||
|
$hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
|
||||||
|
if ($hmac === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
$ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
|
||||||
|
if ($ciphertext === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Regenerate the same authentication sub-key.
|
||||||
|
$akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
|
||||||
|
|
||||||
|
if (self::VerifyHMAC($hmac, $ciphertext, $akey))
|
||||||
|
{
|
||||||
|
// Regenerate the same encryption sub-key.
|
||||||
|
$keysize = self::KEY_BYTE_SIZE;
|
||||||
|
$ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
|
||||||
|
|
||||||
|
// Extract the initialization vector from the ciphertext.
|
||||||
|
self::EnsureFunctionExists("openssl_cipher_iv_length");
|
||||||
|
$ivsize = openssl_cipher_iv_length($method);
|
||||||
|
if ($ivsize === FALSE || $ivsize <= 0) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
if (self::our_strlen($ciphertext) <= $ivsize) {
|
||||||
|
throw new InvalidCiphertextException();
|
||||||
|
}
|
||||||
|
$iv = self::our_substr($ciphertext, 0, $ivsize);
|
||||||
|
if ($iv === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
$ciphertext = self::our_substr($ciphertext, $ivsize);
|
||||||
|
if ($ciphertext === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
|
||||||
|
|
||||||
|
return $plaintext;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* We throw an exception instead of returning FALSE because we want
|
||||||
|
* a script that doesn't handle this condition to CRASH, instead
|
||||||
|
* of thinking the ciphertext decrypted to the value FALSE.
|
||||||
|
*/
|
||||||
|
throw new InvalidCiphertextException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Runs tests.
|
||||||
|
* Raises CannotPerformOperationException or CryptoTestFailedException if
|
||||||
|
* one of the tests fail. If any tests fails, your system is not capable of
|
||||||
|
* performing encryption, so make sure you fail safe in that case.
|
||||||
|
*/
|
||||||
|
public static function RuntimeTest()
|
||||||
|
{
|
||||||
|
// 0: Tests haven't been run yet.
|
||||||
|
// 1: Tests have passed.
|
||||||
|
// 2: Tests are running right now.
|
||||||
|
// 3: Tests have failed.
|
||||||
|
static $test_state = 0;
|
||||||
|
|
||||||
|
if ($test_state === 1 || $test_state === 2) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$test_state = 2;
|
||||||
|
self::AESTestVector();
|
||||||
|
self::HMACTestVector();
|
||||||
|
self::HKDFTestVector();
|
||||||
|
|
||||||
|
self::TestEncryptDecrypt();
|
||||||
|
if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
} catch (CryptoTestFailedException $ex) {
|
||||||
|
// Do this, otherwise it will stay in the "tests are running" state.
|
||||||
|
$test_state = 3;
|
||||||
|
throw $ex;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Change this to '0' make the tests always re-run (for benchmarking).
|
||||||
|
$test_state = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Never call this method directly!
|
||||||
|
*/
|
||||||
|
private static function PlainEncrypt($plaintext, $key, $iv)
|
||||||
|
{
|
||||||
|
|
||||||
|
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||||
|
|
||||||
|
self::EnsureConstantExists("OPENSSL_RAW_DATA");
|
||||||
|
self::EnsureFunctionExists("openssl_encrypt");
|
||||||
|
$ciphertext = openssl_encrypt(
|
||||||
|
$plaintext,
|
||||||
|
$method,
|
||||||
|
$key,
|
||||||
|
OPENSSL_RAW_DATA,
|
||||||
|
$iv
|
||||||
|
);
|
||||||
|
|
||||||
|
if ($ciphertext === false) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
return $ciphertext;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Never call this method directly!
|
||||||
|
*/
|
||||||
|
private static function PlainDecrypt($ciphertext, $key, $iv)
|
||||||
|
{
|
||||||
|
|
||||||
|
$method = self::CIPHER.'-'.self::CIPHER_MODE;
|
||||||
|
|
||||||
|
self::EnsureConstantExists("OPENSSL_RAW_DATA");
|
||||||
|
self::EnsureFunctionExists("openssl_encrypt");
|
||||||
|
$plaintext = openssl_decrypt(
|
||||||
|
$ciphertext,
|
||||||
|
$method,
|
||||||
|
$key,
|
||||||
|
OPENSSL_RAW_DATA,
|
||||||
|
$iv
|
||||||
|
);
|
||||||
|
if ($plaintext === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
return $plaintext;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns a random binary string of length $octets bytes.
|
||||||
|
*/
|
||||||
|
private static function SecureRandom($octets)
|
||||||
|
{
|
||||||
|
self::EnsureFunctionExists("mcrypt_create_iv");
|
||||||
|
$random = mcrypt_create_iv($octets, MCRYPT_DEV_URANDOM);
|
||||||
|
if ($random === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
} else {
|
||||||
|
return $random;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Use HKDF to derive multiple keys from one.
|
||||||
|
* http://tools.ietf.org/html/rfc5869
|
||||||
|
*/
|
||||||
|
private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
|
||||||
|
{
|
||||||
|
// Find the correct digest length as quickly as we can.
|
||||||
|
$digest_length = self::MAC_BYTE_SIZE;
|
||||||
|
if ($hash != self::HASH_FUNCTION) {
|
||||||
|
$digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sanity-check the desired output length.
|
||||||
|
if (empty($length) || !is_int($length) ||
|
||||||
|
$length < 0 || $length > 255 * $digest_length) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// "if [salt] not provided, is set to a string of HashLen zeroes."
|
||||||
|
if (is_null($salt)) {
|
||||||
|
$salt = str_repeat("\x00", $digest_length);
|
||||||
|
}
|
||||||
|
|
||||||
|
// HKDF-Extract:
|
||||||
|
// PRK = HMAC-Hash(salt, IKM)
|
||||||
|
// The salt is the HMAC key.
|
||||||
|
$prk = hash_hmac($hash, $ikm, $salt, true);
|
||||||
|
|
||||||
|
// HKDF-Expand:
|
||||||
|
|
||||||
|
// This check is useless, but it serves as a reminder to the spec.
|
||||||
|
if (self::our_strlen($prk) < $digest_length) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// T(0) = ''
|
||||||
|
$t = '';
|
||||||
|
$last_block = '';
|
||||||
|
for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
|
||||||
|
// T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
|
||||||
|
$last_block = hash_hmac(
|
||||||
|
$hash,
|
||||||
|
$last_block . $info . chr($block_index),
|
||||||
|
$prk,
|
||||||
|
true
|
||||||
|
);
|
||||||
|
// T = T(1) | T(2) | T(3) | ... | T(N)
|
||||||
|
$t .= $last_block;
|
||||||
|
}
|
||||||
|
|
||||||
|
// ORM = first L octets of T
|
||||||
|
$orm = self::our_substr($t, 0, $length);
|
||||||
|
if ($orm === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
return $orm;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function VerifyHMAC($correct_hmac, $message, $key)
|
||||||
|
{
|
||||||
|
$message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
|
||||||
|
|
||||||
|
// We can't just compare the strings with '==', since it would make
|
||||||
|
// timing attacks possible. We could use the XOR-OR constant-time
|
||||||
|
// comparison algorithm, but I'm not sure if that's good enough way up
|
||||||
|
// here in an interpreted language. So we use the method of HMACing the
|
||||||
|
// strings we want to compare with a random key, then comparing those.
|
||||||
|
|
||||||
|
// NOTE: This leaks information when the strings are not the same
|
||||||
|
// length, but they should always be the same length here. Enforce it:
|
||||||
|
if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$blind = self::CreateNewRandomKey();
|
||||||
|
$message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
|
||||||
|
$correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
|
||||||
|
return $correct_compare === $message_compare;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function TestEncryptDecrypt()
|
||||||
|
{
|
||||||
|
$key = self::CreateNewRandomKey();
|
||||||
|
$data = "EnCrYpT EvErYThInG\x00\x00";
|
||||||
|
|
||||||
|
// Make sure encrypting then decrypting doesn't change the message.
|
||||||
|
$ciphertext = self::Encrypt($data, $key);
|
||||||
|
try {
|
||||||
|
$decrypted = self::Decrypt($ciphertext, $key);
|
||||||
|
} catch (InvalidCiphertextException $ex) {
|
||||||
|
// It's important to catch this and change it into a
|
||||||
|
// CryptoTestFailedException, otherwise a test failure could trick
|
||||||
|
// the user into thinking it's just an invalid ciphertext!
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
if($decrypted !== $data)
|
||||||
|
{
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Modifying the ciphertext: Appending a string.
|
||||||
|
try {
|
||||||
|
self::Decrypt($ciphertext . "a", $key);
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||||
|
|
||||||
|
// Modifying the ciphertext: Changing an IV byte.
|
||||||
|
try {
|
||||||
|
$ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
|
||||||
|
self::Decrypt($ciphertext, $key);
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||||
|
|
||||||
|
// Decrypting with the wrong key.
|
||||||
|
$key = self::CreateNewRandomKey();
|
||||||
|
$data = "abcdef";
|
||||||
|
$ciphertext = self::Encrypt($data, $key);
|
||||||
|
$wrong_key = self::CreateNewRandomKey();
|
||||||
|
try {
|
||||||
|
self::Decrypt($ciphertext, $wrong_key);
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||||
|
|
||||||
|
// Ciphertext too small (shorter than HMAC).
|
||||||
|
$key = self::CreateNewRandomKey();
|
||||||
|
$ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
|
||||||
|
try {
|
||||||
|
self::Decrypt($ciphertext, $key);
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
} catch (InvalidCiphertextException $e) { /* expected */ }
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function HKDFTestVector()
|
||||||
|
{
|
||||||
|
// HKDF test vectors from RFC 5869
|
||||||
|
|
||||||
|
// Test Case 1
|
||||||
|
$ikm = str_repeat("\x0b", 22);
|
||||||
|
$salt = self::hexToBytes("000102030405060708090a0b0c");
|
||||||
|
$info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
|
||||||
|
$length = 42;
|
||||||
|
$okm = self::hexToBytes(
|
||||||
|
"3cb25f25faacd57a90434f64d0362f2a" .
|
||||||
|
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
|
||||||
|
"34007208d5b887185865"
|
||||||
|
);
|
||||||
|
$computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
|
||||||
|
if ($computed_okm !== $okm) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Test Case 7
|
||||||
|
$ikm = str_repeat("\x0c", 22);
|
||||||
|
$length = 42;
|
||||||
|
$okm = self::hexToBytes(
|
||||||
|
"2c91117204d745f3500d636a62f64f0a" .
|
||||||
|
"b3bae548aa53d423b0d1f27ebba6f5e5" .
|
||||||
|
"673a081d70cce7acfc48"
|
||||||
|
);
|
||||||
|
$computed_okm = self::HKDF("sha1", $ikm, $length);
|
||||||
|
if ($computed_okm !== $okm) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function HMACTestVector()
|
||||||
|
{
|
||||||
|
// HMAC test vector From RFC 4231 (Test Case 1)
|
||||||
|
$key = str_repeat("\x0b", 20);
|
||||||
|
$data = "Hi There";
|
||||||
|
$correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
|
||||||
|
if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function AESTestVector()
|
||||||
|
{
|
||||||
|
// AES CBC mode test vector from NIST SP 800-38A
|
||||||
|
$key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
|
||||||
|
$iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
|
||||||
|
$plaintext = self::hexToBytes(
|
||||||
|
"6bc1bee22e409f96e93d7e117393172a" .
|
||||||
|
"ae2d8a571e03ac9c9eb76fac45af8e51" .
|
||||||
|
"30c81c46a35ce411e5fbc1191a0a52ef" .
|
||||||
|
"f69f2445df4f9b17ad2b417be66c3710"
|
||||||
|
);
|
||||||
|
$ciphertext = self::hexToBytes(
|
||||||
|
"7649abac8119b246cee98e9b12e9197d" .
|
||||||
|
"5086cb9b507219ee95db113a917678b2" .
|
||||||
|
"73bed6b8e3c1743b7116e69e22229516" .
|
||||||
|
"3ff1caa1681fac09120eca307586e1a7" .
|
||||||
|
/* Block due to padding. Not from NIST test vector.
|
||||||
|
Padding Block: 10101010101010101010101010101010
|
||||||
|
Ciphertext: 3ff1caa1681fac09120eca307586e1a7
|
||||||
|
(+) 2fe1dab1780fbc19021eda206596f1b7
|
||||||
|
AES 8cb82807230e1321d3fae00d18cc2012
|
||||||
|
|
||||||
|
*/
|
||||||
|
"8cb82807230e1321d3fae00d18cc2012"
|
||||||
|
);
|
||||||
|
|
||||||
|
$computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
|
||||||
|
if ($computed_ciphertext !== $ciphertext) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
|
||||||
|
if ($computed_plaintext !== $plaintext) {
|
||||||
|
throw new CryptoTestFailedException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* WARNING: Do not call this function on secrets. It creates side channels. */
|
||||||
|
private static function hexToBytes($hex_string)
|
||||||
|
{
|
||||||
|
return pack("H*", $hex_string);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function EnsureConstantExists($name)
|
||||||
|
{
|
||||||
|
if (!defined($name)) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function EnsureFunctionExists($name)
|
||||||
|
{
|
||||||
|
if (!function_exists($name)) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We need these strlen() and substr() functions because when
|
||||||
|
* 'mbstring.func_overload' is set in php.ini, the standard strlen() and
|
||||||
|
* substr() are replaced by mb_strlen() and mb_substr().
|
||||||
|
*/
|
||||||
|
|
||||||
|
private static function our_strlen($str)
|
||||||
|
{
|
||||||
|
if (function_exists('mb_strlen')) {
|
||||||
|
$length = mb_strlen($str, '8bit');
|
||||||
|
if ($length === FALSE) {
|
||||||
|
throw new CannotPerformOperationException();
|
||||||
|
}
|
||||||
|
return $length;
|
||||||
|
} else {
|
||||||
|
return strlen($str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function our_substr($str, $start, $length = NULL)
|
||||||
|
{
|
||||||
|
if (function_exists('mb_substr'))
|
||||||
|
{
|
||||||
|
// mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
|
||||||
|
// 5.3, so we have to find the length ourselves.
|
||||||
|
if (!isset($length)) {
|
||||||
|
if ($start >= 0) {
|
||||||
|
$length = self::our_strlen($str) - $start;
|
||||||
|
} else {
|
||||||
|
$length = -$start;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return mb_substr($str, $start, $length, '8bit');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Unlike mb_substr(), substr() doesn't accept NULL for length
|
||||||
|
if (isset($length)) {
|
||||||
|
return substr($str, $start, $length);
|
||||||
|
} else {
|
||||||
|
return substr($str, $start);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We want to catch all uncaught exceptions that come from the Crypto class,
|
||||||
|
* since by default, PHP will leak the key in the stack trace from an uncaught
|
||||||
|
* exception. This is a really ugly hack, but I think it's justified.
|
||||||
|
*
|
||||||
|
* Everything up to handler() getting called should be reliable, so this should
|
||||||
|
* reliably suppress the stack traces. The rest is just a bonus so that we don't
|
||||||
|
* make it impossible to debug other exceptions.
|
||||||
|
*
|
||||||
|
* This bit of code was adapted from: http://stackoverflow.com/a/7939492
|
||||||
|
*/
|
||||||
|
|
||||||
|
class CryptoExceptionHandler
|
||||||
|
{
|
||||||
|
private $rethrow = NULL;
|
||||||
|
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
set_exception_handler(array($this, "handler"));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function handler($ex)
|
||||||
|
{
|
||||||
|
if (
|
||||||
|
$ex instanceof InvalidCiphertextException ||
|
||||||
|
$ex instanceof CannotPerformOperationException ||
|
||||||
|
$ex instanceof CryptoTestFailedException
|
||||||
|
) {
|
||||||
|
echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
|
||||||
|
} else {
|
||||||
|
/* Re-throw the exception in the destructor. */
|
||||||
|
$this->rethrow = $ex;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __destruct() {
|
||||||
|
if ($this->rethrow) {
|
||||||
|
throw $this->rethrow;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();
|
||||||
|
|
79
library/defuse/php-encryption-1.2.1/README.md
Normal file
79
library/defuse/php-encryption-1.2.1/README.md
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
php-encryption
|
||||||
|
===============
|
||||||
|
|
||||||
|
This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
|
||||||
|
|
||||||
|
[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
|
||||||
|
|
||||||
|
Implementation
|
||||||
|
--------------
|
||||||
|
|
||||||
|
Messages are encrypted with AES-128 in CBC mode and are authenticated with
|
||||||
|
HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
|
||||||
|
a multiple of the block size. HKDF is used to split the user-provided key into
|
||||||
|
two keys: one for encryption, and the other for authentication. It is
|
||||||
|
implemented using the `openssl_` and `hash_hmac` functions.
|
||||||
|
|
||||||
|
Warning
|
||||||
|
--------
|
||||||
|
|
||||||
|
This is new code, and it hasn't received much review by experts. I have spent
|
||||||
|
many hours making it as secure as possible (extensive runtime tests, secure
|
||||||
|
coding practices), and auditing it for problems, but I may have missed some
|
||||||
|
issues. So be careful. Don't trust it with your life. Check out the open GitHub
|
||||||
|
issues for a list of known issues. If you find a problem with this library,
|
||||||
|
please report it by opening a GitHub issue.
|
||||||
|
|
||||||
|
That said, you're probably much better off using this library than any other
|
||||||
|
encryption library written in PHP.
|
||||||
|
|
||||||
|
Philosophy
|
||||||
|
-----------
|
||||||
|
|
||||||
|
This library was created after noticing how much insecure PHP encryption code
|
||||||
|
there is. I once did a Google search for "php encryption" and found insecure
|
||||||
|
code or advice on 9 of the top 10 results.
|
||||||
|
|
||||||
|
Encryption is becoming an essential component of modern websites. This library
|
||||||
|
aims to fulfil a subset of that need: Authenticated symmetric encryption of
|
||||||
|
short strings, given a random key.
|
||||||
|
|
||||||
|
This library is developed around several core values:
|
||||||
|
|
||||||
|
- Rule #1: Security is prioritized over everything else.
|
||||||
|
|
||||||
|
> Whenever there is a conflict between security and some other property,
|
||||||
|
> security will be favored. For example, the library has runtime tests,
|
||||||
|
> which make it slower, but will hopefully stop it from encrypting stuff
|
||||||
|
> if the platform it's running on is broken.
|
||||||
|
|
||||||
|
- Rule #2: It should be difficult to misuse the library.
|
||||||
|
|
||||||
|
> We assume the developers using this library have no experience with
|
||||||
|
> cryptography. We only assume that they know that the "key" is something
|
||||||
|
> you need to encrypt and decrypt the messages, and that it must be
|
||||||
|
> protected. Whenever possible, the library should refuse to encrypt or
|
||||||
|
> decrypt messages when it is not being used correctly.
|
||||||
|
|
||||||
|
- Rule #3: The library aims only to be compatible with itself.
|
||||||
|
|
||||||
|
> Other PHP encryption libraries try to support every possible type of
|
||||||
|
> encryption, even the insecure ones (e.g. ECB mode). Because there are so
|
||||||
|
> many options, inexperienced developers must make decisions between
|
||||||
|
> things like "CBC" mode and "ECB" mode, knowing nothing about either one,
|
||||||
|
> which inevitably creates vulnerabilities.
|
||||||
|
|
||||||
|
> This library will only support one secure mode. A developer using this
|
||||||
|
> library will call "encrypt" and "decrypt" not caring about how they are
|
||||||
|
> implemented.
|
||||||
|
|
||||||
|
- Rule #4: The library should consist of a single PHP file and nothing more.
|
||||||
|
|
||||||
|
> Some PHP encryption libraries, like libsodium-php [1], are not
|
||||||
|
> straightforward to install and cannot packaged with "just download and
|
||||||
|
> extract" applications. This library will always be just one PHP file
|
||||||
|
> that you can put in your source tree and require().
|
||||||
|
|
||||||
|
References:
|
||||||
|
|
||||||
|
[1] https://github.com/jedisct1/libsodium-php
|
42
library/defuse/php-encryption-1.2.1/benchmark.php
Normal file
42
library/defuse/php-encryption-1.2.1/benchmark.php
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require_once('Crypto.php');
|
||||||
|
|
||||||
|
// Note: By default, the runtime tests are "cached" and not re-executed for
|
||||||
|
// every call. To disable this, look at the RuntimeTest() function.
|
||||||
|
|
||||||
|
$start = microtime(true);
|
||||||
|
for ($i = 0; $i < 1000; $i++) {
|
||||||
|
$key = Crypto::CreateNewRandomKey();
|
||||||
|
}
|
||||||
|
$end = microtime(true);
|
||||||
|
showResults("CreateNewRandomKey()", $start, $end, 1000);
|
||||||
|
|
||||||
|
$start = microtime(true);
|
||||||
|
for ($i = 0; $i < 100; $i++) {
|
||||||
|
$ciphertext = Crypto::Encrypt(
|
||||||
|
str_repeat("A", 1024*1024),
|
||||||
|
str_repeat("B", 16)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$end = microtime(true);
|
||||||
|
showResults("Encrypt(1MB)", $start, $end, 100);
|
||||||
|
|
||||||
|
$start = microtime(true);
|
||||||
|
for ($i = 0; $i < 1000; $i++) {
|
||||||
|
$ciphertext = Crypto::Encrypt(
|
||||||
|
str_repeat("A", 1024),
|
||||||
|
str_repeat("B", 16)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$end = microtime(true);
|
||||||
|
showResults("Encrypt(1KB)", $start, $end, 1000);
|
||||||
|
|
||||||
|
function showResults($type, $start, $end, $count)
|
||||||
|
{
|
||||||
|
$time = $end - $start;
|
||||||
|
$rate = $count / $time;
|
||||||
|
echo "$type: $rate calls/s\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
20
library/defuse/php-encryption-1.2.1/composer.json
Normal file
20
library/defuse/php-encryption-1.2.1/composer.json
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
"name": "defuse/php-encryption",
|
||||||
|
"description": "Secure PHP Encryption Library",
|
||||||
|
"license": "MIT",
|
||||||
|
"keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Taylor Hornby",
|
||||||
|
"email": "havoc@defuse.ca"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"autoload": {
|
||||||
|
"files": ["Crypto.php"]
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.4.0",
|
||||||
|
"ext-openssl": "*",
|
||||||
|
"ext-mcrypt": "*"
|
||||||
|
}
|
||||||
|
}
|
36
library/defuse/php-encryption-1.2.1/example.php
Normal file
36
library/defuse/php-encryption-1.2.1/example.php
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
<?php
|
||||||
|
require_once('Crypto.php');
|
||||||
|
try {
|
||||||
|
$key = Crypto::CreateNewRandomKey();
|
||||||
|
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
|
||||||
|
// they may leak the key to the attacker through side channels.
|
||||||
|
} catch (CryptoTestFailedException $ex) {
|
||||||
|
die('Cannot safely create a key');
|
||||||
|
} catch (CannotPerformOperationException $ex) {
|
||||||
|
die('Cannot safely create a key');
|
||||||
|
}
|
||||||
|
|
||||||
|
$message = "ATTACK AT DAWN";
|
||||||
|
try {
|
||||||
|
$ciphertext = Crypto::Encrypt($message, $key);
|
||||||
|
} catch (CryptoTestFailedException $ex) {
|
||||||
|
die('Cannot safely perform encryption');
|
||||||
|
} catch (CannotPerformOperationException $ex) {
|
||||||
|
die('Cannot safely perform decryption');
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$decrypted = Crypto::Decrypt($ciphertext, $key);
|
||||||
|
} catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
|
||||||
|
// Either:
|
||||||
|
// 1. The ciphertext was modified by the attacker,
|
||||||
|
// 2. The key is wrong, or
|
||||||
|
// 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||||
|
// Assume the worst.
|
||||||
|
die('DANGER! DANGER! The ciphertext has been tampered with!');
|
||||||
|
} catch (CryptoTestFailedException $ex) {
|
||||||
|
die('Cannot safely perform encryption');
|
||||||
|
} catch (CannotPerformOperationException $ex) {
|
||||||
|
die('Cannot safely perform decryption');
|
||||||
|
}
|
||||||
|
?>
|
30
library/defuse/php-encryption-1.2.1/test.sh
Normal file
30
library/defuse/php-encryption-1.2.1/test.sh
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Normal"
|
||||||
|
echo "--------------------------------------------------"
|
||||||
|
php -d mbstring.func_overload=0 tests/runtime.php
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "FAIL."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "--------------------------------------------------"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Multibyte"
|
||||||
|
echo "--------------------------------------------------"
|
||||||
|
php -d mbstring.func_overload=7 tests/runtime.php
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "FAIL."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "--------------------------------------------------"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
if [ -z "$(php Crypto.php)" ]; then
|
||||||
|
echo "PASS: Crypto.php output is empty."
|
||||||
|
else
|
||||||
|
echo "FAIL: Crypto.php output is not empty."
|
||||||
|
exit 1
|
||||||
|
fi
|
32
library/defuse/php-encryption-1.2.1/tests/runtime.php
Normal file
32
library/defuse/php-encryption-1.2.1/tests/runtime.php
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
// Set the encoding to something more "challenging."
|
||||||
|
$ret = mb_internal_encoding('UTF-8');
|
||||||
|
if ($ret === FALSE) {
|
||||||
|
echo "Couldn't set encoding.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Dump out the settings / encoding for future reference.
|
||||||
|
$val = ini_get("mbstring.func_overload");
|
||||||
|
echo "Settings: \n";
|
||||||
|
echo " func_overload: " . $val . "\n";
|
||||||
|
echo " mb_internal_encoding(): " . mb_internal_encoding() . "\n";
|
||||||
|
|
||||||
|
// Perform the tests.
|
||||||
|
require_once('Crypto.php');
|
||||||
|
try {
|
||||||
|
Crypto::RuntimeTest();
|
||||||
|
echo "TEST PASSED!\n";
|
||||||
|
exit(0);
|
||||||
|
} catch (CryptoTestFailedException $ex) {
|
||||||
|
echo "TEST FAILED!\n";
|
||||||
|
var_dump($ex);
|
||||||
|
exit(1);
|
||||||
|
} catch (CannotPerformOperationException $ex) {
|
||||||
|
echo "TEST FAILED\n";
|
||||||
|
var_dump($ex);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
|
@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc');
|
||||||
require_once('include/items.php');
|
require_once('include/items.php');
|
||||||
require_once('include/event.php');
|
require_once('include/event.php');
|
||||||
|
|
||||||
|
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
|
||||||
|
|
||||||
function dfrn_notify_post(&$a) {
|
function dfrn_notify_post(&$a) {
|
||||||
logger(__function__, LOGGER_TRACE);
|
logger(__function__, LOGGER_TRACE);
|
||||||
|
@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) {
|
||||||
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
|
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
|
||||||
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
|
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
|
||||||
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
||||||
|
$rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
|
||||||
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
|
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
|
||||||
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
|
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
|
||||||
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
|
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
|
||||||
|
@ -130,7 +132,7 @@ function dfrn_notify_post(&$a) {
|
||||||
if($importer['page-flags'] == PAGE_SOAPBOX)
|
if($importer['page-flags'] == PAGE_SOAPBOX)
|
||||||
xml_status(0);
|
xml_status(0);
|
||||||
|
|
||||||
/** disable rino
|
|
||||||
if(strlen($key)) {
|
if(strlen($key)) {
|
||||||
$rawkey = hex2bin(trim($key));
|
$rawkey = hex2bin(trim($key));
|
||||||
logger('rino: md5 raw key: ' . md5($rawkey));
|
logger('rino: md5 raw key: ' . md5($rawkey));
|
||||||
|
@ -153,11 +155,42 @@ function dfrn_notify_post(&$a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logger('rino: received key : ' . $final_key);
|
#logger('rino: received key : ' . $final_key);
|
||||||
$data = aes_decrypt(hex2bin($data),$final_key);
|
|
||||||
|
switch($rino_remote) {
|
||||||
|
case 0:
|
||||||
|
case 1:
|
||||||
|
// we got a key. old code send only the key, without RINO version.
|
||||||
|
// we assume RINO 1 if key and no RINO version
|
||||||
|
$data = aes_decrypt(hex2bin($data),$final_key);
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
try {
|
||||||
|
$data = Crypto::decrypt(hex2bin($data),$final_key);
|
||||||
|
} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
|
||||||
|
// Either:
|
||||||
|
// 1. The ciphertext was modified by the attacker,
|
||||||
|
// 2. The key is wrong, or
|
||||||
|
// 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||||
|
// Assume the worst.
|
||||||
|
logger('The ciphertext has been tampered with!');
|
||||||
|
xml_status(0,'The ciphertext has been tampered with!');
|
||||||
|
} catch (Ex\CryptoTestFailed $ex) {
|
||||||
|
logger('Cannot safely perform dencryption');
|
||||||
|
xml_status(0,'CryptoTestFailed');
|
||||||
|
} catch (Ex\CannotPerformOperation $ex) {
|
||||||
|
logger('Cannot safely perform decryption');
|
||||||
|
xml_status(0,'Cannot safely perform decryption');
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
logger("rino: invalid sent verision '$rino_remote'");
|
||||||
|
xml_status(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
||||||
}
|
}
|
||||||
**/
|
|
||||||
|
|
||||||
$ret = local_delivery($importer,$data);
|
$ret = local_delivery($importer,$data);
|
||||||
xml_status($ret);
|
xml_status($ret);
|
||||||
|
@ -253,16 +286,14 @@ function dfrn_notify_content(&$a) {
|
||||||
$challenge = bin2hex($challenge);
|
$challenge = bin2hex($challenge);
|
||||||
$encrypted_id = bin2hex($encrypted_id);
|
$encrypted_id = bin2hex($encrypted_id);
|
||||||
|
|
||||||
/**
|
|
||||||
* disable rino.
|
|
||||||
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
|
|
||||||
|
|
||||||
$rino_enable = get_config('system','rino_encrypt');
|
$rino = get_config('system','rino_encrypt');
|
||||||
|
|
||||||
if(! $rino_enable)
|
if(! $rino){
|
||||||
$rino = 0;
|
$rino = 0;
|
||||||
**/
|
} else {
|
||||||
$rino = 0; $rino_enable = 0;
|
$rino = 2;
|
||||||
|
}
|
||||||
|
|
||||||
if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
|
if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
|
||||||
$perm = 'rw';
|
$perm = 'rw';
|
||||||
|
|
Loading…
Reference in a new issue