Файловый менеджер

Файловый менеджер - Редактировать - /home/lmsyaran/public_html/pusher/Crypt.tar

Назад
Cipher/BlowfishCipher.php��0000644��00000001716�15116742200�0011402 0��ustar�00��<?php /** * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; /* * Crypt cipher for Blowfish encryption, decryption and key generation. * * @since 3.0.0 * @deprecated 4.0 Without replacement use CryptoCipher / class BlowfishCipher extends McryptCipher { /* * @var integer The mcrypt cipher constant. * @link https://www.php.net/manual/en/mcrypt.ciphers.php * @since 3.0.0 / protected $type = MCRYPT_BLOWFISH; /* * @var integer The mcrypt block cipher mode. * @link https://www.php.net/manual/en/mcrypt.constants.php * @since 3.0.0 / protected $mode = MCRYPT_MODE_CBC; /* * @var string The JCrypt key type for validation. * @since 3.0.0 / protected $keyType = 'blowfish'; } ��Cipher/CryptoCipher.php��0000644��00000006176�15116742200�0011112 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\CipherInterface; use Joomla\CMS\Crypt\Key; /* * Crypt cipher for encryption, decryption and key generation via the php-encryption library. * * @since 3.5 / class CryptoCipher implements CipherInterface { /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param Key $key The key object to use for decryption. * * @return string The decrypted data string. * * @since 3.5 * @throws \RuntimeException / public function decrypt($data, Key $key) { // Validate key. if ($key->type != 'crypto') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected crypto.'); } // Decrypt the data. try { return \Crypto::Decrypt($data, $key->public); } catch (\InvalidCiphertextException $ex) { throw new \RuntimeException('DANGER! DANGER! The ciphertext has been tampered with!', $ex->getCode(), $ex); } catch (\CryptoTestFailedException $ex) { throw new \RuntimeException('Cannot safely perform decryption', $ex->getCode(), $ex); } catch (\CannotPerformOperationException $ex) { throw new \RuntimeException('Cannot safely perform decryption', $ex->getCode(), $ex); } } /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * @param Key $key The key object to use for encryption. * * @return string The encrypted data string. * * @since 3.5 * @throws \RuntimeException / public function encrypt($data, Key $key) { // Validate key. if ($key->type != 'crypto') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected crypto.'); } // Encrypt the data. try { return \Crypto::Encrypt($data, $key->public); } catch (\CryptoTestFailedException $ex) { throw new \RuntimeException('Cannot safely perform encryption', $ex->getCode(), $ex); } catch (\CannotPerformOperationException $ex) { throw new \RuntimeException('Cannot safely perform encryption', $ex->getCode(), $ex); } } /* * Method to generate a new encryption key object. * * @param array $options Key generation options. * * @return Key * * @since 3.5 * @throws \RuntimeException / public function generateKey(array $options = array()) { // Create the new encryption key object. $key = new Key('crypto'); // Generate the encryption key. try { $key->public = \Crypto::CreateNewRandomKey(); } catch (\CryptoTestFailedException $ex) { throw new \RuntimeException('Cannot safely create a key', $ex->getCode(), $ex); } catch (\CannotPerformOperationException $ex) { throw new \RuntimeException('Cannot safely create a key', $ex->getCode(), $ex); } // Explicitly flag the private as unused in this cipher. $key->private = 'unused'; return $key; } } ��Cipher/McryptCipher.php��0000644��00000010730�15116742200�0011077 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\CipherInterface; use Joomla\CMS\Crypt\Crypt; use Joomla\CMS\Crypt\Key; /* * Crypt cipher for mcrypt algorithm encryption, decryption and key generation. * * @since 3.0.0 * @deprecated 4.0 Without replacement use CryptoCipher / abstract class McryptCipher implements CipherInterface { /* * @var integer The mcrypt cipher constant. * @link https://www.php.net/manual/en/mcrypt.ciphers.php * @since 3.0.0 / protected $type; /* * @var integer The mcrypt block cipher mode. * @link https://www.php.net/manual/en/mcrypt.constants.php * @since 3.0.0 / protected $mode; /* * @var string The Crypt key type for validation. * @since 3.0.0 / protected $keyType; /* * Constructor. * * @since 3.0.0 * @throws \RuntimeException / public function __construct() { if (!is_callable('mcrypt_encrypt')) { throw new \RuntimeException('The mcrypt extension is not available.'); } } /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param Key $key The key object to use for decryption. * * @return string The decrypted data string. * * @since 3.0.0 * @throws \InvalidArgumentException / public function decrypt($data, Key $key) { // Validate key. if ($key->type != $this->keyType) { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected ' . $this->keyType . '.'); } // Decrypt the data. $decrypted = trim(mcrypt_decrypt($this->type, $key->private, $data, $this->mode, $key->public)); return $decrypted; } /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * @param Key $key The key object to use for encryption. * * @return string The encrypted data string. * * @since 3.0.0 * @throws \InvalidArgumentException / public function encrypt($data, Key $key) { // Validate key. if ($key->type != $this->keyType) { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected ' . $this->keyType . '.'); } // Encrypt the data. $encrypted = mcrypt_encrypt($this->type, $key->private, $data, $this->mode, $key->public); return $encrypted; } /* * Method to generate a new encryption key object. * * @param array $options Key generation options. * * @return Key * * @since 3.0.0 * @throws \InvalidArgumentException / public function generateKey(array $options = array()) { // Create the new encryption key object. $key = new Key($this->keyType); // Generate an initialisation vector based on the algorithm. $key->public = mcrypt_create_iv(mcrypt_get_iv_size($this->type, $this->mode), MCRYPT_DEV_URANDOM); // Get the salt and password setup. $salt = (isset($options['salt'])) ? $options['salt'] : substr(pack('h', md5(Crypt::genRandomBytes())), 0, 16); if (!isset($options['password'])) { throw new \InvalidArgumentException('Password is not set.'); } // Generate the derived key. $key->private = $this->pbkdf2($options['password'], $salt, mcrypt_get_key_size($this->type, $this->mode)); return $key; } /** * PBKDF2 Implementation for deriving keys. * * @param string $p Password * @param string $s Salt * @param integer $kl Key length * @param integer $c Iteration count * @param string $a Hash algorithm * * @return string The derived key. * * @link https://en.wikipedia.org/wiki/PBKDF2 * @link http://www.ietf.org/rfc/rfc2898.txt * @since 3.0.0 / public function pbkdf2($p, $s, $kl, $c = 10000, $a = 'sha256') { // Hash length. $hl = strlen(hash($a, null, true)); // Key blocks to compute. $kb = ceil($kl / $hl); // Derived key. $dk = ''; // Create the key. for ($block = 1; $block <= $kb; $block++) { // Initial hash for this block. $ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true); // Perform block iterations. for ($i = 1; $i < $c; $i++) { $ib ^= ($b = hash_hmac($a, $b, $p, true)); } // Append the iterated block. $dk .= $ib; } // Return derived key of correct length. return substr($dk, 0, $kl); } } ��Cipher/Rijndael256Cipher.php��0000644��00000001734�15116742200�0011612 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; /* * Crypt cipher for Rijndael 256 encryption, decryption and key generation. * * @since 3.0.0 * @deprecated 4.0 Without replacement use CryptoCipher / class Rijndael256Cipher extends McryptCipher { /* * @var integer The mcrypt cipher constant. * @link https://www.php.net/manual/en/mcrypt.ciphers.php * @since 3.0.0 / protected $type = MCRYPT_RIJNDAEL_256; /* * @var integer The mcrypt block cipher mode. * @link https://www.php.net/manual/en/mcrypt.constants.php * @since 3.0.0 / protected $mode = MCRYPT_MODE_CBC; /* * @var string The JCrypt key type for validation. * @since 3.0.0 / protected $keyType = 'rijndael256'; } ��Cipher/SimpleCipher.php��0000644��00000012376�15116742200�0011062 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\CipherInterface; use Joomla\CMS\Crypt\Crypt; use Joomla\CMS\Crypt\Key; /* * Crypt cipher for Simple encryption, decryption and key generation. * * @since 3.0.0 * @deprecated 4.0 (CMS) / class SimpleCipher implements CipherInterface { /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param Key $key The key[/pair] object to use for decryption. * * @return string The decrypted data string. * * @since 3.0.0 * @throws \InvalidArgumentException / public function decrypt($data, Key $key) { // Validate key. if ($key->type != 'simple') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected simple.'); } $decrypted = ''; $tmp = $key->public; // Convert the HEX input into an array of integers and get the number of characters. $chars = $this->_hexToIntArray($data); $charCount = count($chars); // Repeat the key as many times as necessary to ensure that the key is at least as long as the input. for ($i = 0; $i < $charCount; $i = strlen($tmp)) { $tmp = $tmp . $tmp; } // Get the XOR values between the ASCII values of the input and key characters for all input offsets. for ($i = 0; $i < $charCount; $i++) { $decrypted .= chr($chars[$i] ^ ord($tmp[$i])); } return $decrypted; } /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * @param Key $key The key[/pair] object to use for encryption. * * @return string The encrypted data string. * * @since 3.0.0 * @throws \InvalidArgumentException / public function encrypt($data, Key $key) { // Validate key. if ($key->type != 'simple') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected simple.'); } $encrypted = ''; $tmp = $key->private; // Split up the input into a character array and get the number of characters. $chars = preg_split('//', $data, -1, PREG_SPLIT_NO_EMPTY); $charCount = count($chars); // Repeat the key as many times as necessary to ensure that the key is at least as long as the input. for ($i = 0; $i < $charCount; $i = strlen($tmp)) { $tmp = $tmp . $tmp; } // Get the XOR values between the ASCII values of the input and key characters for all input offsets. for ($i = 0; $i < $charCount; $i++) { $encrypted .= $this->_intToHex(ord($tmp[$i]) ^ ord($chars[$i])); } return $encrypted; } /* * Method to generate a new encryption key[/pair] object. * * @param array $options Key generation options. * * @return Key * * @since 3.0.0 / public function generateKey(array $options = array()) { // Create the new encryption key[/pair] object. $key = new Key('simple'); // Just a random key of a given length. $key->private = Crypt::genRandomBytes(256); $key->public = $key->private; return $key; } /* * Convert hex to an integer * * @param string $s The hex string to convert. * @param integer $i The offset? * * @return integer * * @since 1.7.0 / private function _hexToInt($s, $i) { $j = (int) $i 2; $k = 0; $s1 = (string) $s; // Get the character at position $j. $c = substr($s1, $j, 1); // Get the character at position $j + 1. $c1 = substr($s1, $j + 1, 1); switch ($c) { case 'A': $k += 160; break; case 'B': $k += 176; break; case 'C': $k += 192; break; case 'D': $k += 208; break; case 'E': $k += 224; break; case 'F': $k += 240; break; case ' ': $k += 0; break; default: (int) $k = $k + (16 * (int) $c); break; } switch ($c1) { case 'A': $k += 10; break; case 'B': $k += 11; break; case 'C': $k += 12; break; case 'D': $k += 13; break; case 'E': $k += 14; break; case 'F': $k += 15; break; case ' ': $k += 0; break; default: $k += (int) $c1; break; } return $k; } /** * Convert hex to an array of integers * * @param string $hex The hex string to convert to an integer array. * * @return array An array of integers. * * @since 1.7.0 / private function _hexToIntArray($hex) { $array = array(); $j = (int) strlen($hex) / 2; for ($i = 0; $i < $j; $i++) { $array[$i] = (int) $this->_hexToInt($hex, $i); } return $array; } /* * Convert an integer to a hexadecimal string. * * @param integer $i An integer value to convert to a hex string. * * @return string * * @since 1.7.0 / private function _intToHex($i) { // Sanitize the input. $i = (int) $i; // Get the first character of the hexadecimal string if there is one. $j = (int) ($i / 16); if ($j === 0) { $s = ' '; } else { $s = strtoupper(dechex($j)); } // Get the second character of the hexadecimal string. $k = $i - $j 16; $s = $s . strtoupper(dechex($k)); return $s; } } ��Cipher/SodiumCipher.php��0000644��00000005743�15116742200�0011071 0��ustar�00��<?php /** * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\CipherInterface; use Joomla\CMS\Crypt\Key; use ParagonIE\Sodium\Compat; /* * JCrypt cipher for sodium algorithm encryption, decryption and key generation. * * @since 3.8.0 / class SodiumCipher implements CipherInterface { /* * The message nonce to be used with encryption/decryption * * @var string * @since 3.8.0 / private $nonce; /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param Key $key The key object to use for decryption. * * @return string The decrypted data string. * * @since 3.8.0 * @throws \RuntimeException / public function decrypt($data, Key $key) { // Validate key. if ($key->type !== 'sodium') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected sodium.'); } if (!$this->nonce) { throw new \RuntimeException('Missing nonce to decrypt data'); } $decrypted = Compat::crypto_box_open( $data, $this->nonce, Compat::crypto_box_keypair_from_secretkey_and_publickey($key->private, $key->public) ); if ($decrypted === false) { throw new \RuntimeException('Malformed message or invalid MAC'); } return $decrypted; } /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * @param Key $key The key object to use for encryption. * * @return string The encrypted data string. * * @since 3.8.0 * @throws \RuntimeException / public function encrypt($data, Key $key) { // Validate key. if ($key->type !== 'sodium') { throw new \InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected sodium.'); } if (!$this->nonce) { throw new \RuntimeException('Missing nonce to decrypt data'); } return Compat::crypto_box( $data, $this->nonce, Compat::crypto_box_keypair_from_secretkey_and_publickey($key->private, $key->public) ); } /* * Method to generate a new encryption key object. * * @param array $options Key generation options. * * @return Key * * @since 3.8.0 * @throws RuntimeException / public function generateKey(array $options = array()) { // Create the new encryption key object. $key = new Key('sodium'); // Generate the encryption key. $pair = Compat::crypto_box_keypair(); $key->public = Compat::crypto_box_publickey($pair); $key->private = Compat::crypto_box_secretkey($pair); return $key; } /* * Set the nonce to use for encrypting/decrypting messages * * @param string $nonce The message nonce * * @return void * * @since 3.8.0 / public function setNonce($nonce) { $this->nonce = $nonce; } } ��Cipher/TripleDesCipher.php��0000644��00000001711�15116742200�0011513 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Cipher; defined('JPATH_PLATFORM') or die; /* * JCrypt cipher for Triple DES encryption, decryption and key generation. * * @since 3.0.0 * @deprecated 4.0 Without replacement use CryptoCipher / class TripleDesCipher extends McryptCipher { /* * @var integer The mcrypt cipher constant. * @link https://www.php.net/manual/en/mcrypt.ciphers.php * @since 3.0.0 / protected $type = MCRYPT_3DES; /* * @var integer The mcrypt block cipher mode. * @link https://www.php.net/manual/en/mcrypt.constants.php * @since 3.0.0 / protected $mode = MCRYPT_MODE_CBC; /* * @var string The Crypt key type for validation. * @since 3.0.0 / protected $keyType = '3des'; } ��CipherInterface.php��0000644��00000002260�15116742200�0010306 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt; defined('JPATH_PLATFORM') or die; /* * Crypt cipher interface. * * @since 3.0.0 / interface CipherInterface { /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param Key $key The key[/pair] object to use for decryption. * * @return string The decrypted data string. * * @since 3.0.0 / public function decrypt($data, Key $key); /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * @param Key $key The key[/pair] object to use for encryption. * * @return string The encrypted data string. * * @since 3.0.0 / public function encrypt($data, Key $key); /* * Method to generate a new encryption key[/pair] object. * * @param array $options Key generation options. * * @return Key * * @since 3.0.0 / public function generateKey(array $options = array()); } ��Crypt.php��0000644��00000013372�15116742200�0006362 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\Cipher\SimpleCipher; use Joomla\CMS\Log\Log; /* * Crypt is a Joomla Platform class for handling basic encryption/decryption of data. * * @since 3.0.0 / class Crypt { /* * @var CipherInterface The encryption cipher object. * @since 3.0.0 / private $_cipher; /* * @var Key The encryption key[/pair)]. * @since 3.0.0 / private $_key; /* * Object Constructor takes an optional key to be used for encryption/decryption. If no key is given then the * secret word from the configuration object is used. * * @param CipherInterface $cipher The encryption cipher object. * @param Key $key The encryption key[/pair)]. * * @since 3.0.0 / public function __construct(CipherInterface $cipher = null, Key $key = null) { // Set the encryption key[/pair)]. $this->_key = $key; // Set the encryption cipher. $this->_cipher = isset($cipher) ? $cipher : new SimpleCipher; } /* * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * * @return string The decrypted data string. * * @since 3.0.0 * @throws \InvalidArgumentException / public function decrypt($data) { try { return $this->_cipher->decrypt($data, $this->_key); } catch (\InvalidArgumentException $e) { return false; } } /* * Method to encrypt a data string. * * @param string $data The data string to encrypt. * * @return string The encrypted data string. * * @since 3.0.0 / public function encrypt($data) { return $this->_cipher->encrypt($data, $this->_key); } /* * Method to generate a new encryption key[/pair] object. * * @param array $options Key generation options. * * @return Key * * @since 3.0.0 / public function generateKey(array $options = array()) { return $this->_cipher->generateKey($options); } /* * Method to set the encryption key[/pair] object. * * @param Key $key The key object to set. * * @return Crypt * * @since 3.0.0 / public function setKey(Key $key) { $this->_key = $key; return $this; } /* * Generate random bytes. * * @param integer $length Length of the random data to generate * * @return string Random binary data * * @since 3.0.0 / public static function genRandomBytes($length = 16) { return random_bytes($length); } /* * A timing safe comparison method. * * This defeats hacking attempts that use timing based attack vectors. * * NOTE: Length will leak. * * @param string $known A known string to check against. * @param string $unknown An unknown string to check. * * @return boolean True if the two strings are exactly the same. * * @since 3.2 / public static function timingSafeCompare($known, $unknown) { // This function is native in PHP as of 5.6 and backported via the symfony/polyfill-56 library return hash_equals((string) $known, (string) $unknown); } /* * Tests for the availability of updated crypt(). * Based on a method by Anthony Ferrera * * @return boolean Always returns true since 3.3 * * @note To be removed when PHP 5.3.7 or higher is the minimum supported version. * @link https://github.com/ircmaxell/password_compat/blob/master/version-test.php * @since 3.2 * @deprecated 4.0 / public static function hasStrongPasswordSupport() { // Log usage of deprecated function Log::add(__METHOD__ . '() is deprecated without replacement.', Log::WARNING, 'deprecated'); if (!defined('PASSWORD_DEFAULT')) { // Always make sure that the password hashing API has been defined. include_once JPATH_ROOT . '/vendor/ircmaxell/password-compat/lib/password.php'; } return true; } /* * Safely detect a string's length * * This method is derived from \ParagonIE\Halite\Util::safeStrlen() * * @param string $str String to check the length of * * @return integer * * @since 3.5 * @ref mbstring.func_overload * @throws \RuntimeException / public static function safeStrlen($str) { static $exists = null; if ($exists === null) { $exists = function_exists('mb_strlen'); } if ($exists) { $length = mb_strlen($str, '8bit'); if ($length === false) { throw new \RuntimeException('mb_strlen() failed unexpectedly'); } return $length; } // If we reached here, we can rely on strlen to count bytes: return \strlen($str); } /* * Safely extract a substring * * This method is derived from \ParagonIE\Halite\Util::safeSubstr() * * @param string $str The string to extract the substring from * @param integer $start The starting position to extract from * @param integer $length The length of the string to return * * @return string * * @since 3.5 / public static function safeSubstr($str, $start, $length = null) { static $exists = null; if ($exists === null) { $exists = function_exists('mb_substr'); } if ($exists) { // In PHP 5.3 mb_substr($str, 0, NULL, '8bit') returns an empty string, so we have to find the length ourselves. if ($length === null) { if ($start >= 0) { $length = static::safeStrlen($str) - $start; } else { $length = -$start; } } return mb_substr($str, $start, $length, '8bit'); } // Unlike mb_substr(), substr() doesn't accept NULL for length if ($length !== null) { return substr($str, $start, $length); } return substr($str, $start); } } ��CryptPassword.php��0000644��00000003302�15116742200�0010075 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt; defined('JPATH_PLATFORM') or die; /* * Joomla Platform Password Hashing Interface * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / interface CryptPassword { const BLOWFISH = '$2y$'; const JOOMLA = 'Joomla'; const PBKDF = '$pbkdf$'; const MD5 = '$1$'; /* * Creates a password hash * * @param string $password The password to hash. * @param string $type The type of hash. This determines the prefix of the hashing function. * * @return string The hashed password. * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function create($password, $type = null); /* * Verifies a password hash * * @param string $password The password to verify. * @param string $hash The password hash to check. * * @return boolean True if the password is valid, false otherwise. * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function verify($password, $hash); /* * Sets a default prefix * * @param string $type The prefix to set as default * * @return void * * @since 3.1.4 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function setDefaultType($type); /* * Gets the default type * * @return void * * @since 3.1.4 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function getDefaultType(); } ��Key.php��0000644��00000003000�15116742200�0005774 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt; defined('JPATH_PLATFORM') or die; /* * Encryption key object for the Joomla Platform. * * @property-read string $type The key type. * * @since 3.0.0 / class Key { /* * @var string The private key. * @since 3.0.0 / public $private; /* * @var string The public key. * @since 3.0.0 / public $public; /* * @var string The key type. * @since 3.0.0 / protected $type; /* * Constructor. * * @param string $type The key type. * @param string $private The private key. * @param string $public The public key. * * @since 3.0.0 / public function __construct($type, $private = null, $public = null) { // Set the key type. $this->type = (string) $type; // Set the optional public/private key strings. $this->private = isset($private) ? (string) $private : null; $this->public = isset($public) ? (string) $public : null; } /* * Magic method to return some protected property values. * * @param string $name The name of the property to return. * * @return mixed * * @since 3.0.0 / public function __get($name) { if ($name == 'type') { return $this->type; } trigger_error('Cannot access property ' . __CLASS__ . '::' . $name, E_USER_WARNING); } } Password/SimpleCryptPassword.php��0000644��00000011156�15116742200�0013057 0��ustar�00��<?php /* * Joomla! Content Management System * * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt / namespace Joomla\CMS\Crypt\Password; defined('JPATH_PLATFORM') or die; use Joomla\CMS\Crypt\Crypt; use Joomla\CMS\Crypt\CryptPassword; /* * Joomla Platform Password Crypter * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / class SimpleCryptPassword implements CryptPassword { /* * @var integer The cost parameter for hashing algorithms. * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / protected $cost = 10; /* * @var string The default hash type * @since 3.1.4 * @deprecated 4.0 Use PHP 5.5's native password hashing API / protected $defaultType = '$2y$'; /* * Creates a password hash * * @param string $password The password to hash. * @param string $type The hash type. * * @return mixed The hashed password or false if the password is too long. * * @since 3.0.1 * @throws \InvalidArgumentException * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function create($password, $type = null) { if (empty($type)) { $type = $this->defaultType; } switch ($type) { case '$2a$': case CryptPassword::BLOWFISH: $type = '$2a$'; if (Crypt::hasStrongPasswordSupport()) { $type = '$2y$'; } $salt = $type . str_pad($this->cost, 2, '0', STR_PAD_LEFT) . '$' . $this->getSalt(22); return crypt($password, $salt); case CryptPassword::MD5: $salt = $this->getSalt(12); $salt = '$1$' . $salt; return crypt($password, $salt); case CryptPassword::JOOMLA: $salt = $this->getSalt(32); return md5($password . $salt) . ':' . $salt; default: throw new \InvalidArgumentException(sprintf('Hash type %s is not supported', $type)); break; } } /* * Sets the cost parameter for the generated hash for algorithms that use a cost factor. * * @param integer $cost The new cost value. * * @return void * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function setCost($cost) { $this->cost = $cost; } /* * Generates a salt of specified length. The salt consists of characters in the set [./0-9A-Za-z]. * * @param integer $length The number of characters to return. * * @return string The string of random characters. * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / protected function getSalt($length) { $bytes = ceil($length 6 / 8); $randomData = str_replace('+', '.', base64_encode(Crypt::genRandomBytes($bytes))); return substr($randomData, 0, $length); } /** * Verifies a password hash * * @param string $password The password to verify. * @param string $hash The password hash to check. * * @return boolean True if the password is valid, false otherwise. * * @since 3.0.1 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function verify($password, $hash) { // Check if the hash is a blowfish hash. if (substr($hash, 0, 4) == '$2a$' \|\| substr($hash, 0, 4) == '$2y$') { $type = '$2a$'; if (Crypt::hasStrongPasswordSupport()) { $type = '$2y$'; } return password_verify($password, $hash); } // Check if the hash is an MD5 hash. if (substr($hash, 0, 3) == '$1$') { return Crypt::timingSafeCompare(crypt($password, $hash), $hash); } // Check if the hash is a Joomla hash. if (preg_match('#[a-z0-9]{32}:[A-Za-z0-9]{32}#', $hash) === 1) { // Check the password $parts = explode(':', $hash); $salt = @$parts[1]; // Compile the hash to compare // If the salt is empty AND there is a ':' in the original hash, we must append ':' at the end $testcrypt = md5($password . $salt) . ($salt ? ':' . $salt : (strpos($hash, ':') !== false ? ':' : '')); return Crypt::timingSafeCompare($hash, $testcrypt); } return false; } /* * Sets a default type * * @param string $type The value to set as default. * * @return void * * @since 3.1.4 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function setDefaultType($type) { if (!empty($type)) { $this->defaultType = $type; } } /* * Gets the default type * * @return string $type The default type * * @since 3.1.4 * @deprecated 4.0 Use PHP 5.5's native password hashing API / public function getDefaultType() { return $this->defaultType; } } ��README.md��0000644��00000005053�15116742200�0006024 0��ustar�00��# Important Security Information If you're going to use JCrypt in any of your extensions, make sure* you use CryptoCipher or SodiumCipher; These are the only two which are cryptographically secure. ```php use Joomla\CMS\Crypt\Cipher\SodiumCipher; $cipher = new SodiumCipher; $key = $cipher->generateKey(); $data = 'My encrypted data.'; $cipher->setNonce(\Sodium\randombytes_buf(\Sodium\CRYPTO_BOX_NONCEBYTES)); $encrypted = $cipher->encrypt($data, $key); $decrypted = $cipher->decrypt($encrypted, $key); if ($decrypted !== $data) { throw new RuntimeException('The data was not decrypted correctly.'); } ``` ```php use Joomla\CMS\Crypt\Cipher\CryptoCipher; $cipher = new CryptoCipher(); $key = $cipher->generateKey(); // Store this for long-term use $message = "We're all living on a yellow submarine!"; $ciphertext = $cipher->encrypt($message, $key); $decrypted = $cipher->decrypt($ciphertext, $key); ``` ## Avoid these Ciphers if Possible * `JCryptCipher3Des` * `JCryptCipherBlowfish` * `JCryptCipherMcrypt` * `JCryptCipherRijndael256` All of these ciphers are vulnerable to something called a [chosen-ciphertext attack](https://en.wikipedia.org/wiki/Chosen-ciphertext_attack). The only provable way to prevent chosen-ciphertext attacks is to [use authenticated encryption](https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly), preferrably in an [Encrypt-then-MAC construction](http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/). The only JCrypt cipher that meets the authenticated encryption criteria is `JCryptCipherCrypto`. ## Absolutely Avoid JCryptCipherSimple `JCryptCipherSimple` is deprecated and will be removed in Joomla 4. It's vulnerable to a known plaintext attack: If you know any information about the plaintext (e.g. the first character is '<'), an attacker can recover bits of the encryption key with ease. If an attacker can influence the message, they can actually steal your encryption key. Here's how: 1. Feed `str_repeat('A', 256)` into your application, towards `JCryptCipherSimple`. 2. Observe the output of the cipher (the ciphertext). 3. Run it through this code: ```php function recoverJcryptCipherSimpleKey($ciphertext, $knownPlaintext) { $key = ''; for ($i = 0; $i < strlen($knownPlaintext); ++$i) { $key.= chr(ord($ciphertext[$i]) ^ ord($knownPlaintext[$i])); } } $key = recoverJcryptCipherSimpleKey( $someEncryptedTextOutput, str_repeat('A', 256) ); ``` Given how trivial it is to steal the encryption key from this cipher, you absolutely should not use it. ��

| ver. 1.4 | Github | . | PHP 8.1.33 | Генерация страницы: 0 | proxy | phpinfo | Настройка