WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

phpseclib 1.0.2

This commit is contained in:
Roland Gruber 2016-05-10 18:14:55 +02:00
parent 88b7a32187
commit c4075de648
15 changed files with 20634 additions and 20515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

394
lam/lib/3rdParty/phpseclib/Crypt/AES.php vendored
View File

@ -1,197 +1,197 @@
<?php <?php
/** /**
* Pure-PHP implementation of AES. * Pure-PHP implementation of AES.
* *
* Uses mcrypt, if available/possible, and an internal implementation, otherwise. * Uses mcrypt, if available/possible, and an internal implementation, otherwise.
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* NOTE: Since AES.php is (for compatibility and phpseclib-historical reasons) virtually * NOTE: Since AES.php is (for compatibility and phpseclib-historical reasons) virtually
* just a wrapper to Rijndael.php you may consider using Rijndael.php instead of * just a wrapper to Rijndael.php you may consider using Rijndael.php instead of
* to save one include_once(). * to save one include_once().
* *
* If {@link self::setKeyLength() setKeyLength()} isn't called, it'll be calculated from * If {@link self::setKeyLength() setKeyLength()} isn't called, it'll be calculated from
* {@link self::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's 136-bits * {@link self::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's 136-bits
* it'll be null-padded to 192-bits and 192 bits will be the key length until {@link self::setKey() setKey()} * it'll be null-padded to 192-bits and 192 bits will be the key length until {@link self::setKey() setKey()}
* is called, again, at which point, it'll be recalculated. * is called, again, at which point, it'll be recalculated.
* *
* Since Crypt_AES extends Crypt_Rijndael, some functions are available to be called that, in the context of AES, don't * Since Crypt_AES extends Crypt_Rijndael, some functions are available to be called that, in the context of AES, don't
* make a whole lot of sense. {@link self::setBlockLength() setBlockLength()}, for instance. Calling that function, * make a whole lot of sense. {@link self::setBlockLength() setBlockLength()}, for instance. Calling that function,
* however possible, won't do anything (AES has a fixed block length whereas Rijndael has a variable one). * however possible, won't do anything (AES has a fixed block length whereas Rijndael has a variable one).
* *
* Here's a short example of how to use this library: * Here's a short example of how to use this library:
* <code> * <code>
* <?php * <?php
* include 'Crypt/AES.php'; * include 'Crypt/AES.php';
* *
* $aes = new Crypt_AES(); * $aes = new Crypt_AES();
* *
* $aes->setKey('abcdefghijklmnop'); * $aes->setKey('abcdefghijklmnop');
* *
* $size = 10 * 1024; * $size = 10 * 1024;
* $plaintext = ''; * $plaintext = '';
* for ($i = 0; $i < $size; $i++) { * for ($i = 0; $i < $size; $i++) {
* $plaintext.= 'a'; * $plaintext.= 'a';
* } * }
* *
* echo $aes->decrypt($aes->encrypt($plaintext)); * echo $aes->decrypt($aes->encrypt($plaintext));
* ?> * ?>
* </code> * </code>
* *
* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE. * THE SOFTWARE.
* *
* @category Crypt * @category Crypt
* @package Crypt_AES * @package Crypt_AES
* @author Jim Wigginton <terrafrost@php.net> * @author Jim Wigginton <terrafrost@php.net>
* @copyright 2008 Jim Wigginton * @copyright 2008 Jim Wigginton
* @license http://www.opensource.org/licenses/mit-license.html MIT License * @license http://www.opensource.org/licenses/mit-license.html MIT License
* @link http://phpseclib.sourceforge.net * @link http://phpseclib.sourceforge.net
*/ */
/** /**
* Include Crypt_Rijndael * Include Crypt_Rijndael
*/ */
if (!class_exists('Crypt_Rijndael')) { if (!class_exists('Crypt_Rijndael')) {
include_once 'Rijndael.php'; include_once 'Rijndael.php';
} }
/**#@+ /**#@+
* @access public * @access public
* @see self::encrypt() * @see self::encrypt()
* @see self::decrypt() * @see self::decrypt()
*/ */
/** /**
* Encrypt / decrypt using the Counter mode. * Encrypt / decrypt using the Counter mode.
* *
* Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode.
* *
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29
*/ */
define('CRYPT_AES_MODE_CTR', CRYPT_MODE_CTR); define('CRYPT_AES_MODE_CTR', CRYPT_MODE_CTR);
/** /**
* Encrypt / decrypt using the Electronic Code Book mode. * Encrypt / decrypt using the Electronic Code Book mode.
* *
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
*/ */
define('CRYPT_AES_MODE_ECB', CRYPT_MODE_ECB); define('CRYPT_AES_MODE_ECB', CRYPT_MODE_ECB);
/** /**
* Encrypt / decrypt using the Code Book Chaining mode. * Encrypt / decrypt using the Code Book Chaining mode.
* *
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29
*/ */
define('CRYPT_AES_MODE_CBC', CRYPT_MODE_CBC); define('CRYPT_AES_MODE_CBC', CRYPT_MODE_CBC);
/** /**
* Encrypt / decrypt using the Cipher Feedback mode. * Encrypt / decrypt using the Cipher Feedback mode.
* *
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29
*/ */
define('CRYPT_AES_MODE_CFB', CRYPT_MODE_CFB); define('CRYPT_AES_MODE_CFB', CRYPT_MODE_CFB);
/** /**
* Encrypt / decrypt using the Cipher Feedback mode. * Encrypt / decrypt using the Cipher Feedback mode.
* *
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29
*/ */
define('CRYPT_AES_MODE_OFB', CRYPT_MODE_OFB); define('CRYPT_AES_MODE_OFB', CRYPT_MODE_OFB);
/**#@-*/ /**#@-*/
/** /**
* Pure-PHP implementation of AES. * Pure-PHP implementation of AES.
* *
* @package Crypt_AES * @package Crypt_AES
* @author Jim Wigginton <terrafrost@php.net> * @author Jim Wigginton <terrafrost@php.net>
* @access public * @access public
*/ */
class Crypt_AES extends Crypt_Rijndael class Crypt_AES extends Crypt_Rijndael
{ {
/** /**
* The namespace used by the cipher for its constants. * The namespace used by the cipher for its constants.
* *
* @see Crypt_Base::const_namespace * @see Crypt_Base::const_namespace
* @var string * @var string
* @access private * @access private
*/ */
var $const_namespace = 'AES'; var $const_namespace = 'AES';
/** /**
* Dummy function * Dummy function
* *
* Since Crypt_AES extends Crypt_Rijndael, this function is, technically, available, but it doesn't do anything. * Since Crypt_AES extends Crypt_Rijndael, this function is, technically, available, but it doesn't do anything.
* *
* @see Crypt_Rijndael::setBlockLength() * @see Crypt_Rijndael::setBlockLength()
* @access public * @access public
* @param int $length * @param int $length
*/ */
function setBlockLength($length) function setBlockLength($length)
{ {
return; return;
} }
/** /**
* Sets the key length * Sets the key length
* *
* Valid key lengths are 128, 192, and 256. If the length is less than 128, it will be rounded up to * Valid key lengths are 128, 192, and 256. If the length is less than 128, it will be rounded up to
* 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount. * 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount.
* *
* @see Crypt_Rijndael:setKeyLength() * @see Crypt_Rijndael:setKeyLength()
* @access public * @access public
* @param int $length * @param int $length
*/ */
function setKeyLength($length) function setKeyLength($length)
{ {
switch ($length) { switch ($length) {
case 160: case 160:
$length = 192; $length = 192;
break; break;
case 224: case 224:
$length = 256; $length = 256;
} }
parent::setKeyLength($length); parent::setKeyLength($length);
} }
/** /**
* Sets the key. * Sets the key.
* *
* Rijndael supports five different key lengths, AES only supports three. * Rijndael supports five different key lengths, AES only supports three.
* *
* @see Crypt_Rijndael:setKey() * @see Crypt_Rijndael:setKey()
* @see setKeyLength() * @see setKeyLength()
* @access public * @access public
* @param string $key * @param string $key
*/ */
function setKey($key) function setKey($key)
{ {
parent::setKey($key); parent::setKey($key);
if (!$this->explicit_key_length) { if (!$this->explicit_key_length) {
$length = strlen($key); $length = strlen($key);
switch (true) { switch (true) {
case $length <= 16: case $length <= 16:
$this->key_length = 16; $this->key_length = 16;
break; break;
case $length <= 24: case $length <= 24:
$this->key_length = 24; $this->key_length = 24;
break; break;
default: default:
$this->key_length = 32; $this->key_length = 32;
} }
$this->_setEngine(); $this->_setEngine();
} }
} }
} }

10
lam/lib/3rdParty/phpseclib/Crypt/Base.php vendored
View File

@ -746,10 +746,13 @@ class Crypt_Base
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result; return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
case CRYPT_MODE_CBC: case CRYPT_MODE_CBC:
$result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV); $result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV);
if (!defined('OPENSSL_RAW_DATA')) {
$result = substr($result, 0, -$this->block_size);
}
if ($this->continuousBuffer) { if ($this->continuousBuffer) {
$this->encryptIV = substr($result, -$this->block_size); $this->encryptIV = substr($result, -$this->block_size);
} }
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result; return $result;
case CRYPT_MODE_CTR: case CRYPT_MODE_CTR:
return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer); return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer);
case CRYPT_MODE_CFB: case CRYPT_MODE_CFB:
@ -1052,10 +1055,13 @@ class Crypt_Base
if (!defined('OPENSSL_RAW_DATA')) { if (!defined('OPENSSL_RAW_DATA')) {
$padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size); $padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size);
$ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size); $ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size);
$offset = 2 * $this->block_size;
} else {
$offset = $this->block_size;
} }
$plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV); $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV);
if ($this->continuousBuffer) { if ($this->continuousBuffer) {
$this->decryptIV = substr($ciphertext, -$this->block_size); $this->decryptIV = substr($ciphertext, -$offset, $this->block_size);
} }
break; break;
case CRYPT_MODE_CTR: case CRYPT_MODE_CTR:

3032
lam/lib/3rdParty/phpseclib/Crypt/DES.php vendored
View File

File diff suppressed because it is too large Load Diff

1686
lam/lib/3rdParty/phpseclib/Crypt/Hash.php vendored
View File

File diff suppressed because it is too large Load Diff

15
lam/lib/3rdParty/phpseclib/Crypt/RC2.php vendored
View File

@ -387,7 +387,7 @@ class Crypt_RC2 extends Crypt_Base
/** /**
* Sets the key length. * Sets the key length.
* *
* Valid key lengths are 1 to 1024. * Valid key lengths are 8 to 1024.
* Calling this function after setting the key has no effect until the next * Calling this function after setting the key has no effect until the next
* Crypt_RC2::setKey() call. * Crypt_RC2::setKey() call.
* *
@ -396,9 +396,16 @@ class Crypt_RC2 extends Crypt_Base
*/ */
function setKeyLength($length) function setKeyLength($length)
{ {
if ($length >= 1 && $length <= 1024) { if ($length < 8) {
$this->default_key_length = 8;
} elseif ($length > 1024) {
$this->default_key_length = 128;
} else {
$this->default_key_length = $length; $this->default_key_length = $length;
} }
$this->current_key_length = $this->default_key_length;
parent::setKeyLength($length);
} }
/** /**
@ -415,7 +422,7 @@ class Crypt_RC2 extends Crypt_Base
/** /**
* Sets the key. * Sets the key.
* *
* Keys can be of any length. RC2, itself, uses 1 to 1024 bit keys (eg. * Keys can be of any length. RC2, itself, uses 8 to 1024 bit keys (eg.
* strlen($key) <= 128), however, we only use the first 128 bytes if $key * strlen($key) <= 128), however, we only use the first 128 bytes if $key
* has more then 128 bytes in it, and set $key to a single null byte if * has more then 128 bytes in it, and set $key to a single null byte if
* it is empty. * it is empty.
@ -514,7 +521,7 @@ class Crypt_RC2 extends Crypt_Base
return $result; return $result;
} }
return parent::encrypt($ciphertext); return parent::decrypt($ciphertext);
} }
/** /**

704
lam/lib/3rdParty/phpseclib/Crypt/RC4.php vendored
View File

@ -1,352 +1,352 @@
<?php <?php
/** /**
* Pure-PHP implementation of RC4. * Pure-PHP implementation of RC4.
* *
* Uses mcrypt, if available, and an internal implementation, otherwise. * Uses mcrypt, if available, and an internal implementation, otherwise.
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* Useful resources are as follows: * Useful resources are as follows:
* *
* - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm} * - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm}
* - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4} * - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4}
* *
* RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not * RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not
* ARCFOUR or ARC4 because RC4 is how it is referred to in the SSH1 specification. * ARCFOUR or ARC4 because RC4 is how it is referred to in the SSH1 specification.
* *
* Here's a short example of how to use this library: * Here's a short example of how to use this library:
* <code> * <code>
* <?php * <?php
* include 'Crypt/RC4.php'; * include 'Crypt/RC4.php';
* *
* $rc4 = new Crypt_RC4(); * $rc4 = new Crypt_RC4();
* *
* $rc4->setKey('abcdefgh'); * $rc4->setKey('abcdefgh');
* *
* $size = 10 * 1024; * $size = 10 * 1024;
* $plaintext = ''; * $plaintext = '';
* for ($i = 0; $i < $size; $i++) { * for ($i = 0; $i < $size; $i++) {
* $plaintext.= 'a'; * $plaintext.= 'a';
* } * }
* *
* echo $rc4->decrypt($rc4->encrypt($plaintext)); * echo $rc4->decrypt($rc4->encrypt($plaintext));
* ?> * ?>
* </code> * </code>
* *
* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE. * THE SOFTWARE.
* *
* @category Crypt * @category Crypt
* @package Crypt_RC4 * @package Crypt_RC4
* @author Jim Wigginton <terrafrost@php.net> * @author Jim Wigginton <terrafrost@php.net>
* @copyright 2007 Jim Wigginton * @copyright 2007 Jim Wigginton
* @license http://www.opensource.org/licenses/mit-license.html MIT License * @license http://www.opensource.org/licenses/mit-license.html MIT License
* @link http://phpseclib.sourceforge.net * @link http://phpseclib.sourceforge.net
*/ */
/** /**
* Include Crypt_Base * Include Crypt_Base
* *
* Base cipher class * Base cipher class
*/ */
if (!class_exists('Crypt_Base')) { if (!class_exists('Crypt_Base')) {
include_once 'Base.php'; include_once 'Base.php';
} }
/**#@+ /**#@+
* @access private * @access private
* @see self::_crypt() * @see self::_crypt()
*/ */
define('CRYPT_RC4_ENCRYPT', 0); define('CRYPT_RC4_ENCRYPT', 0);
define('CRYPT_RC4_DECRYPT', 1); define('CRYPT_RC4_DECRYPT', 1);
/**#@-*/ /**#@-*/
/** /**
* Pure-PHP implementation of RC4. * Pure-PHP implementation of RC4.
* *
* @package Crypt_RC4 * @package Crypt_RC4
* @author Jim Wigginton <terrafrost@php.net> * @author Jim Wigginton <terrafrost@php.net>
* @access public * @access public
*/ */
class Crypt_RC4 extends Crypt_Base class Crypt_RC4 extends Crypt_Base
{ {
/** /**
* Block Length of the cipher * Block Length of the cipher
* *
* RC4 is a stream cipher * RC4 is a stream cipher
* so we the block_size to 0 * so we the block_size to 0
* *
* @see Crypt_Base::block_size * @see Crypt_Base::block_size
* @var int * @var int
* @access private * @access private
*/ */
var $block_size = 0; var $block_size = 0;
/** /**
* Key Length (in bytes) * Key Length (in bytes)
* *
* @see Crypt_RC4::setKeyLength() * @see Crypt_RC4::setKeyLength()
* @var int * @var int
* @access private * @access private
*/ */
var $key_length = 128; // = 1024 bits var $key_length = 128; // = 1024 bits
/** /**
* The namespace used by the cipher for its constants. * The namespace used by the cipher for its constants.
* *
* @see Crypt_Base::const_namespace * @see Crypt_Base::const_namespace
* @var string * @var string
* @access private * @access private
*/ */
var $const_namespace = 'RC4'; var $const_namespace = 'RC4';
/** /**
* The mcrypt specific name of the cipher * The mcrypt specific name of the cipher
* *
* @see Crypt_Base::cipher_name_mcrypt * @see Crypt_Base::cipher_name_mcrypt
* @var string * @var string
* @access private * @access private
*/ */
var $cipher_name_mcrypt = 'arcfour'; var $cipher_name_mcrypt = 'arcfour';
/** /**
* Holds whether performance-optimized $inline_crypt() can/should be used. * Holds whether performance-optimized $inline_crypt() can/should be used.
* *
* @see Crypt_Base::inline_crypt * @see Crypt_Base::inline_crypt
* @var mixed * @var mixed
* @access private * @access private
*/ */
var $use_inline_crypt = false; // currently not available var $use_inline_crypt = false; // currently not available
/** /**
* The Key * The Key
* *
* @see self::setKey() * @see self::setKey()
* @var string * @var string
* @access private * @access private
*/ */
var $key = "\0"; var $key = "\0";
/** /**
* The Key Stream for decryption and encryption * The Key Stream for decryption and encryption
* *
* @see self::setKey() * @see self::setKey()
* @var array * @var array
* @access private * @access private
*/ */
var $stream; var $stream;
/** /**
* Default Constructor. * Default Constructor.
* *
* Determines whether or not the mcrypt extension should be used. * Determines whether or not the mcrypt extension should be used.
* *
* @see Crypt_Base::Crypt_Base() * @see Crypt_Base::Crypt_Base()
* @return Crypt_RC4 * @return Crypt_RC4
* @access public * @access public
*/ */
function Crypt_RC4() function Crypt_RC4()
{ {
parent::Crypt_Base(CRYPT_MODE_STREAM); parent::Crypt_Base(CRYPT_MODE_STREAM);
} }
/** /**
* Test for engine validity * Test for engine validity
* *
* This is mainly just a wrapper to set things up for Crypt_Base::isValidEngine() * This is mainly just a wrapper to set things up for Crypt_Base::isValidEngine()
* *
* @see Crypt_Base::Crypt_Base() * @see Crypt_Base::Crypt_Base()
* @param int $engine * @param int $engine
* @access public * @access public
* @return bool * @return bool
*/ */
function isValidEngine($engine) function isValidEngine($engine)
{ {
switch ($engine) { switch ($engine) {
case CRYPT_ENGINE_OPENSSL: case CRYPT_ENGINE_OPENSSL:
switch (strlen($this->key)) { switch (strlen($this->key)) {
case 5: case 5:
$this->cipher_name_openssl = 'rc4-40'; $this->cipher_name_openssl = 'rc4-40';
break; break;
case 8: case 8:
$this->cipher_name_openssl = 'rc4-64'; $this->cipher_name_openssl = 'rc4-64';
break; break;
case 16: case 16:
$this->cipher_name_openssl = 'rc4'; $this->cipher_name_openssl = 'rc4';
break; break;
default: default:
return false; return false;
} }
} }
return parent::isValidEngine($engine); return parent::isValidEngine($engine);
} }
/** /**
* Dummy function. * Dummy function.
* *
* Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1]. * Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1].
* If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before * If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before
* calling setKey(). * calling setKey().
* *
* [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol, * [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol,
* the IV's are relatively easy to predict, an attack described by * the IV's are relatively easy to predict, an attack described by
* {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir} * {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir}
* can be used to quickly guess at the rest of the key. The following links elaborate: * can be used to quickly guess at the rest of the key. The following links elaborate:
* *
* {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009} * {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009}
* {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack} * {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack}
* *
* @param string $iv * @param string $iv
* @see self::setKey() * @see self::setKey()
* @access public * @access public
*/ */
function setIV($iv) function setIV($iv)
{ {
} }
/** /**
* Sets the key length * Sets the key length
* *
* Keys can be between 1 and 256 bytes long. * Keys can be between 1 and 256 bytes long.
* *
* @access public * @access public
* @param int $length * @param int $length
*/ */
function setKeyLength($length) function setKeyLength($length)
{ {
if ($length < 8) { if ($length < 8) {
$this->key_length = 1; $this->key_length = 1;
} elseif ($length > 2048) { } elseif ($length > 2048) {
$this->key_length = 248; $this->key_length = 256;
} else { } else {
$this->key_length = $length >> 3; $this->key_length = $length >> 3;
} }
parent::setKeyLength($length); parent::setKeyLength($length);
} }
/** /**
* Encrypts a message. * Encrypts a message.
* *
* @see Crypt_Base::decrypt() * @see Crypt_Base::decrypt()
* @see self::_crypt() * @see self::_crypt()
* @access public * @access public
* @param string $plaintext * @param string $plaintext
* @return string $ciphertext * @return string $ciphertext
*/ */
function encrypt($plaintext) function encrypt($plaintext)
{ {
if ($this->engine != CRYPT_ENGINE_INTERNAL) { if ($this->engine != CRYPT_ENGINE_INTERNAL) {
return parent::encrypt($plaintext); return parent::encrypt($plaintext);
} }
return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT); return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT);
} }
/** /**
* Decrypts a message. * Decrypts a message.
* *
* $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)).
* At least if the continuous buffer is disabled. * At least if the continuous buffer is disabled.
* *
* @see Crypt_Base::encrypt() * @see Crypt_Base::encrypt()
* @see self::_crypt() * @see self::_crypt()
* @access public * @access public
* @param string $ciphertext * @param string $ciphertext
* @return string $plaintext * @return string $plaintext
*/ */
function decrypt($ciphertext) function decrypt($ciphertext)
{ {
if ($this->engine != CRYPT_ENGINE_INTERNAL) { if ($this->engine != CRYPT_ENGINE_INTERNAL) {
return parent::decrypt($ciphertext); return parent::decrypt($ciphertext);
} }
return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT); return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT);
} }
/** /**
* Setup the key (expansion) * Setup the key (expansion)
* *
* @see Crypt_Base::_setupKey() * @see Crypt_Base::_setupKey()
* @access private * @access private
*/ */
function _setupKey() function _setupKey()
{ {
$key = $this->key; $key = $this->key;
$keyLength = strlen($key); $keyLength = strlen($key);
$keyStream = range(0, 255); $keyStream = range(0, 255);
$j = 0; $j = 0;
for ($i = 0; $i < 256; $i++) { for ($i = 0; $i < 256; $i++) {
$j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255; $j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255;
$temp = $keyStream[$i]; $temp = $keyStream[$i];
$keyStream[$i] = $keyStream[$j]; $keyStream[$i] = $keyStream[$j];
$keyStream[$j] = $temp; $keyStream[$j] = $temp;
} }
$this->stream = array(); $this->stream = array();
$this->stream[CRYPT_RC4_DECRYPT] = $this->stream[CRYPT_RC4_ENCRYPT] = array( $this->stream[CRYPT_RC4_DECRYPT] = $this->stream[CRYPT_RC4_ENCRYPT] = array(
0, // index $i 0, // index $i
0, // index $j 0, // index $j
$keyStream $keyStream
); );
} }
/** /**
* Encrypts or decrypts a message. * Encrypts or decrypts a message.
* *
* @see self::encrypt() * @see self::encrypt()
* @see self::decrypt() * @see self::decrypt()
* @access private * @access private
* @param string $text * @param string $text
* @param int $mode * @param int $mode
* @return string $text * @return string $text
*/ */
function _crypt($text, $mode) function _crypt($text, $mode)
{ {
if ($this->changed) { if ($this->changed) {
$this->_setup(); $this->_setup();
$this->changed = false; $this->changed = false;
} }
$stream = &$this->stream[$mode]; $stream = &$this->stream[$mode];
if ($this->continuousBuffer) { if ($this->continuousBuffer) {
$i = &$stream[0]; $i = &$stream[0];
$j = &$stream[1]; $j = &$stream[1];
$keyStream = &$stream[2]; $keyStream = &$stream[2];
} else { } else {
$i = $stream[0]; $i = $stream[0];
$j = $stream[1]; $j = $stream[1];
$keyStream = $stream[2]; $keyStream = $stream[2];
} }
$len = strlen($text); $len = strlen($text);
for ($k = 0; $k < $len; ++$k) { for ($k = 0; $k < $len; ++$k) {
$i = ($i + 1) & 255; $i = ($i + 1) & 255;
$ksi = $keyStream[$i]; $ksi = $keyStream[$i];
$j = ($j + $ksi) & 255; $j = ($j + $ksi) & 255;
$ksj = $keyStream[$j]; $ksj = $keyStream[$j];
$keyStream[$i] = $ksj; $keyStream[$i] = $ksj;
$keyStream[$j] = $ksi; $keyStream[$j] = $ksi;
$text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]); $text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]);
} }
return $text; return $text;
} }
} }

6230
lam/lib/3rdParty/phpseclib/Crypt/RSA.php vendored
View File

File diff suppressed because it is too large Load Diff

633
lam/lib/3rdParty/phpseclib/Crypt/Random.php vendored
View File

@ -1,299 +1,334 @@
<?php <?php
/** /**
* Random Number Generator * Random Number Generator
* *
* The idea behind this function is that it can be easily replaced with your own crypt_random_string() * The idea behind this function is that it can be easily replaced with your own crypt_random_string()
* function. eg. maybe you have a better source of entropy for creating the initial states or whatever. * function. eg. maybe you have a better source of entropy for creating the initial states or whatever.
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* Here's a short example of how to use this library: * Here's a short example of how to use this library:
* <code> * <code>
* <?php * <?php
* include 'Crypt/Random.php'; * include 'Crypt/Random.php';
* *
* echo bin2hex(crypt_random_string(8)); * echo bin2hex(crypt_random_string(8));
* ?> * ?>
* </code> * </code>
* *
* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE. * THE SOFTWARE.
* *
* @category Crypt * @category Crypt
* @package Crypt_Random * @package Crypt_Random
* @author Jim Wigginton <terrafrost@php.net> * @author Jim Wigginton <terrafrost@php.net>
* @copyright 2007 Jim Wigginton * @copyright 2007 Jim Wigginton
* @license http://www.opensource.org/licenses/mit-license.html MIT License * @license http://www.opensource.org/licenses/mit-license.html MIT License
* @link http://phpseclib.sourceforge.net * @link http://phpseclib.sourceforge.net
*/ */
// laravel is a PHP framework that utilizes phpseclib. laravel workbenches may, independently, // laravel is a PHP framework that utilizes phpseclib. laravel workbenches may, independently,
// have phpseclib as a requirement as well. if you're developing such a program you may encounter // have phpseclib as a requirement as well. if you're developing such a program you may encounter
// a "Cannot redeclare crypt_random_string()" error. // a "Cannot redeclare crypt_random_string()" error.
if (!function_exists('crypt_random_string')) { if (!function_exists('crypt_random_string')) {
/** /**
* "Is Windows" test * "Is Windows" test
* *
* @access private * @access private
*/ */
define('CRYPT_RANDOM_IS_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'); define('CRYPT_RANDOM_IS_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');
/** /**
* Generate a random string. * Generate a random string.
* *
* Although microoptimizations are generally discouraged as they impair readability this function is ripe with * Although microoptimizations are generally discouraged as they impair readability this function is ripe with
* microoptimizations because this function has the potential of being called a huge number of times. * microoptimizations because this function has the potential of being called a huge number of times.
* eg. for RSA key generation. * eg. for RSA key generation.
* *
* @param int $length * @param int $length
* @return string * @return string
* @access public * @access public
*/ */
function crypt_random_string($length) function crypt_random_string($length)
{ {
if (CRYPT_RANDOM_IS_WINDOWS) { if (CRYPT_RANDOM_IS_WINDOWS) {
// method 1. prior to PHP 5.3, mcrypt_create_iv() would call rand() on windows // method 1. prior to PHP 5.3, mcrypt_create_iv() would call rand() on windows
if (extension_loaded('mcrypt') && version_compare(PHP_VERSION, '5.3.0', '>=')) { if (extension_loaded('mcrypt') && version_compare(PHP_VERSION, '5.3.0', '>=')) {
return mcrypt_create_iv($length); return mcrypt_create_iv($length);
} }
// method 2. openssl_random_pseudo_bytes was introduced in PHP 5.3.0 but prior to PHP 5.3.4 there was, // method 2. openssl_random_pseudo_bytes was introduced in PHP 5.3.0 but prior to PHP 5.3.4 there was,
// to quote <http://php.net/ChangeLog-5.php#5.3.4>, "possible blocking behavior". as of 5.3.4 // to quote <http://php.net/ChangeLog-5.php#5.3.4>, "possible blocking behavior". as of 5.3.4
// openssl_random_pseudo_bytes and mcrypt_create_iv do the exact same thing on Windows. ie. they both // openssl_random_pseudo_bytes and mcrypt_create_iv do the exact same thing on Windows. ie. they both
// call php_win32_get_random_bytes(): // call php_win32_get_random_bytes():
// //
// https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/openssl/openssl.c#L5008 // https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/openssl/openssl.c#L5008
// https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/mcrypt/mcrypt.c#L1392 // https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/mcrypt/mcrypt.c#L1392
// //
// php_win32_get_random_bytes() is defined thusly: // php_win32_get_random_bytes() is defined thusly:
// //
// https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/win32/winutil.c#L80 // https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/win32/winutil.c#L80
// //
// we're calling it, all the same, in the off chance that the mcrypt extension is not available // we're calling it, all the same, in the off chance that the mcrypt extension is not available
if (extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.4', '>=')) { if (extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.4', '>=')) {
return openssl_random_pseudo_bytes($length); return openssl_random_pseudo_bytes($length);
} }
} else { } else {
// method 1. the fastest // method 1. the fastest
if (extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.0', '>=')) { if (extension_loaded('openssl') && version_compare(PHP_VERSION, '5.3.0', '>=')) {
return openssl_random_pseudo_bytes($length); return openssl_random_pseudo_bytes($length);
} }
// method 2 // method 2
static $fp = true; static $fp = true;
if ($fp === true) { if ($fp === true) {
// warning's will be output unles the error suppression operator is used. errors such as // warning's will be output unles the error suppression operator is used. errors such as
// "open_basedir restriction in effect", "Permission denied", "No such file or directory", etc. // "open_basedir restriction in effect", "Permission denied", "No such file or directory", etc.
$fp = @fopen('/dev/urandom', 'rb'); $fp = @fopen('/dev/urandom', 'rb');
} }
if ($fp !== true && $fp !== false) { // surprisingly faster than !is_bool() or is_resource() if ($fp !== true && $fp !== false) { // surprisingly faster than !is_bool() or is_resource()
return fread($fp, $length); return fread($fp, $length);
} }
// method 3. pretty much does the same thing as method 2 per the following url: // method 3. pretty much does the same thing as method 2 per the following url:
// https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/mcrypt/mcrypt.c#L1391 // https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/mcrypt/mcrypt.c#L1391
// surprisingly slower than method 2. maybe that's because mcrypt_create_iv does a bunch of error checking that we're // surprisingly slower than method 2. maybe that's because mcrypt_create_iv does a bunch of error checking that we're
// not doing. regardless, this'll only be called if this PHP script couldn't open /dev/urandom due to open_basedir // not doing. regardless, this'll only be called if this PHP script couldn't open /dev/urandom due to open_basedir
// restrictions or some such // restrictions or some such
if (extension_loaded('mcrypt')) { if (extension_loaded('mcrypt')) {
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
} }
} }
// at this point we have no choice but to use a pure-PHP CSPRNG // at this point we have no choice but to use a pure-PHP CSPRNG
// cascade entropy across multiple PHP instances by fixing the session and collecting all // cascade entropy across multiple PHP instances by fixing the session and collecting all
// environmental variables, including the previous session data and the current session // environmental variables, including the previous session data and the current session
// data. // data.
// //
// mt_rand seeds itself by looking at the PID and the time, both of which are (relatively) // mt_rand seeds itself by looking at the PID and the time, both of which are (relatively)
// easy to guess at. linux uses mouse clicks, keyboard timings, etc, as entropy sources, but // easy to guess at. linux uses mouse clicks, keyboard timings, etc, as entropy sources, but
// PHP isn't low level to be able to use those as sources and on a web server there's not likely // PHP isn't low level to be able to use those as sources and on a web server there's not likely
// going to be a ton of keyboard or mouse action. web servers do have one thing that we can use // going to be a ton of keyboard or mouse action. web servers do have one thing that we can use
// however, a ton of people visiting the website. obviously you don't want to base your seeding // however, a ton of people visiting the website. obviously you don't want to base your seeding
// soley on parameters a potential attacker sends but (1) not everything in $_SERVER is controlled // soley on parameters a potential attacker sends but (1) not everything in $_SERVER is controlled
// by the user and (2) this isn't just looking at the data sent by the current user - it's based // by the user and (2) this isn't just looking at the data sent by the current user - it's based
// on the data sent by all users. one user requests the page and a hash of their info is saved. // on the data sent by all users. one user requests the page and a hash of their info is saved.
// another user visits the page and the serialization of their data is utilized along with the // another user visits the page and the serialization of their data is utilized along with the
// server envirnment stuff and a hash of the previous http request data (which itself utilizes // server envirnment stuff and a hash of the previous http request data (which itself utilizes
// a hash of the session data before that). certainly an attacker should be assumed to have // a hash of the session data before that). certainly an attacker should be assumed to have
// full control over his own http requests. he, however, is not going to have control over // full control over his own http requests. he, however, is not going to have control over
// everyone's http requests. // everyone's http requests.
static $crypto = false, $v; static $crypto = false, $v;
if ($crypto === false) { if ($crypto === false) {
// save old session data // save old session data
$old_session_id = session_id(); $old_session_id = session_id();
$old_use_cookies = ini_get('session.use_cookies'); $old_use_cookies = ini_get('session.use_cookies');
$old_session_cache_limiter = session_cache_limiter(); $old_session_cache_limiter = session_cache_limiter();
$_OLD_SESSION = isset($_SESSION) ? $_SESSION : false; $_OLD_SESSION = isset($_SESSION) ? $_SESSION : false;
if ($old_session_id != '') { if ($old_session_id != '') {
session_write_close(); session_write_close();
} }
session_id(1); session_id(1);
ini_set('session.use_cookies', 0); ini_set('session.use_cookies', 0);
session_cache_limiter(''); session_cache_limiter('');
session_start(); session_start();
$v = $seed = $_SESSION['seed'] = pack('H*', sha1( $v = $seed = $_SESSION['seed'] = pack('H*', sha1(
serialize($_SERVER) . (isset($_SERVER) ? phpseclib_safe_serialize($_SERVER) : '') .
serialize($_POST) . (isset($_POST) ? phpseclib_safe_serialize($_POST) : '') .
serialize($_GET) . (isset($_GET) ? phpseclib_safe_serialize($_GET) : '') .
serialize($_COOKIE) . (isset($_COOKIE) ? phpseclib_safe_serialize($_COOKIE) : '') .
serialize($GLOBALS) . phpseclib_safe_serialize($GLOBALS) .
serialize($_SESSION) . phpseclib_safe_serialize($_SESSION) .
serialize($_OLD_SESSION) phpseclib_safe_serialize($_OLD_SESSION)
)); ));
if (!isset($_SESSION['count'])) { if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0; $_SESSION['count'] = 0;
} }
$_SESSION['count']++; $_SESSION['count']++;
session_write_close(); session_write_close();
// restore old session data // restore old session data
if ($old_session_id != '') { if ($old_session_id != '') {
session_id($old_session_id); session_id($old_session_id);
session_start(); session_start();
ini_set('session.use_cookies', $old_use_cookies); ini_set('session.use_cookies', $old_use_cookies);
session_cache_limiter($old_session_cache_limiter); session_cache_limiter($old_session_cache_limiter);
} else { } else {
if ($_OLD_SESSION !== false) { if ($_OLD_SESSION !== false) {
$_SESSION = $_OLD_SESSION; $_SESSION = $_OLD_SESSION;
unset($_OLD_SESSION); unset($_OLD_SESSION);
} else { } else {
unset($_SESSION); unset($_SESSION);
} }
} }
// in SSH2 a shared secret and an exchange hash are generated through the key exchange process. // in SSH2 a shared secret and an exchange hash are generated through the key exchange process.
// the IV client to server is the hash of that "nonce" with the letter A and for the encryption key it's the letter C. // the IV client to server is the hash of that "nonce" with the letter A and for the encryption key it's the letter C.
// if the hash doesn't produce enough a key or an IV that's long enough concat successive hashes of the // if the hash doesn't produce enough a key or an IV that's long enough concat successive hashes of the
// original hash and the current hash. we'll be emulating that. for more info see the following URL: // original hash and the current hash. we'll be emulating that. for more info see the following URL:
// //
// http://tools.ietf.org/html/rfc4253#section-7.2 // http://tools.ietf.org/html/rfc4253#section-7.2
// //
// see the is_string($crypto) part for an example of how to expand the keys // see the is_string($crypto) part for an example of how to expand the keys
$key = pack('H*', sha1($seed . 'A')); $key = pack('H*', sha1($seed . 'A'));
$iv = pack('H*', sha1($seed . 'C')); $iv = pack('H*', sha1($seed . 'C'));
// ciphers are used as per the nist.gov link below. also, see this link: // ciphers are used as per the nist.gov link below. also, see this link:
// //
// http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives // http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives
switch (true) { switch (true) {
case phpseclib_resolve_include_path('Crypt/AES.php'): case phpseclib_resolve_include_path('Crypt/AES.php'):
if (!class_exists('Crypt_AES')) { if (!class_exists('Crypt_AES')) {
include_once 'AES.php'; include_once 'AES.php';
} }
$crypto = new Crypt_AES(CRYPT_AES_MODE_CTR); $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR);
break; break;
case phpseclib_resolve_include_path('Crypt/Twofish.php'): case phpseclib_resolve_include_path('Crypt/Twofish.php'):
if (!class_exists('Crypt_Twofish')) { if (!class_exists('Crypt_Twofish')) {
include_once 'Twofish.php'; include_once 'Twofish.php';
} }
$crypto = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); $crypto = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR);
break; break;
case phpseclib_resolve_include_path('Crypt/Blowfish.php'): case phpseclib_resolve_include_path('Crypt/Blowfish.php'):
if (!class_exists('Crypt_Blowfish')) { if (!class_exists('Crypt_Blowfish')) {
include_once 'Blowfish.php'; include_once 'Blowfish.php';
} }
$crypto = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); $crypto = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR);
break; break;
case phpseclib_resolve_include_path('Crypt/TripleDES.php'): case phpseclib_resolve_include_path('Crypt/TripleDES.php'):
if (!class_exists('Crypt_TripleDES')) { if (!class_exists('Crypt_TripleDES')) {
include_once 'TripleDES.php'; include_once 'TripleDES.php';
} }
$crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
break; break;
case phpseclib_resolve_include_path('Crypt/DES.php'): case phpseclib_resolve_include_path('Crypt/DES.php'):
if (!class_exists('Crypt_DES')) { if (!class_exists('Crypt_DES')) {
include_once 'DES.php'; include_once 'DES.php';
} }
$crypto = new Crypt_DES(CRYPT_DES_MODE_CTR); $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR);
break; break;
case phpseclib_resolve_include_path('Crypt/RC4.php'): case phpseclib_resolve_include_path('Crypt/RC4.php'):
if (!class_exists('Crypt_RC4')) { if (!class_exists('Crypt_RC4')) {
include_once 'RC4.php'; include_once 'RC4.php';
} }
$crypto = new Crypt_RC4(); $crypto = new Crypt_RC4();
break; break;
default: default:
user_error('crypt_random_string requires at least one symmetric cipher be loaded'); user_error('crypt_random_string requires at least one symmetric cipher be loaded');
return false; return false;
} }
$crypto->setKey($key); $crypto->setKey($key);
$crypto->setIV($iv); $crypto->setIV($iv);
$crypto->enableContinuousBuffer(); $crypto->enableContinuousBuffer();
} }
//return $crypto->encrypt(str_repeat("\0", $length)); //return $crypto->encrypt(str_repeat("\0", $length));
// the following is based off of ANSI X9.31: // the following is based off of ANSI X9.31:
// //
// http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf // http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
// //
// OpenSSL uses that same standard for it's random numbers: // OpenSSL uses that same standard for it's random numbers:
// //
// http://www.opensource.apple.com/source/OpenSSL/OpenSSL-38/openssl/fips-1.0/rand/fips_rand.c // http://www.opensource.apple.com/source/OpenSSL/OpenSSL-38/openssl/fips-1.0/rand/fips_rand.c
// (do a search for "ANS X9.31 A.2.4") // (do a search for "ANS X9.31 A.2.4")
$result = ''; $result = '';
while (strlen($result) < $length) { while (strlen($result) < $length) {
$i = $crypto->encrypt(microtime()); // strlen(microtime()) == 21 $i = $crypto->encrypt(microtime()); // strlen(microtime()) == 21
$r = $crypto->encrypt($i ^ $v); // strlen($v) == 20 $r = $crypto->encrypt($i ^ $v); // strlen($v) == 20
$v = $crypto->encrypt($r ^ $i); // strlen($r) == 20 $v = $crypto->encrypt($r ^ $i); // strlen($r) == 20
$result.= $r; $result.= $r;
} }
return substr($result, 0, $length); return substr($result, 0, $length);
} }
} }
if (!function_exists('phpseclib_resolve_include_path')) { if (!function_exists('phpseclib_safe_serialize')) {
/** /**
* Resolve filename against the include path. * Safely serialize variables
* *
* Wrapper around stream_resolve_include_path() (which was introduced in * If a class has a private __sleep() method it'll give a fatal error on PHP 5.2 and earlier.
* PHP 5.3.2) with fallback implementation for earlier PHP versions. * PHP 5.3 will emit a warning.
* *
* @param string $filename * @param mixed $arr
* @return string|false * @access public
* @access public */
*/ function phpseclib_safe_serialize(&$arr)
function phpseclib_resolve_include_path($filename) {
{ if (is_object($arr)) {
if (function_exists('stream_resolve_include_path')) { return '';
return stream_resolve_include_path($filename); }
} if (!is_array($arr)) {
return serialize($arr);
// handle non-relative paths }
if (file_exists($filename)) { // prevent circular array recursion
return realpath($filename); if (isset($arr['__phpseclib_marker'])) {
} return '';
}
$paths = PATH_SEPARATOR == ':' ? $safearr = array();
preg_split('#(?<!phar):#', get_include_path()) : $arr['__phpseclib_marker'] = true;
explode(PATH_SEPARATOR, get_include_path()); foreach (array_keys($arr) as $key) {
foreach ($paths as $prefix) { // do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage
// path's specified in include_path don't always end in / if ($key !== '__phpseclib_marker') {
$ds = substr($prefix, -1) == DIRECTORY_SEPARATOR ? '' : DIRECTORY_SEPARATOR; $safearr[$key] = phpseclib_safe_serialize($arr[$key]);
$file = $prefix . $ds . $filename; }
if (file_exists($file)) { }
return realpath($file); unset($arr['__phpseclib_marker']);
} return serialize($safearr);
} }
}
return false;
} if (!function_exists('phpseclib_resolve_include_path')) {
} /**
* Resolve filename against the include path.
*
* Wrapper around stream_resolve_include_path() (which was introduced in
* PHP 5.3.2) with fallback implementation for earlier PHP versions.
*
* @param string $filename
* @return string|false
* @access public
*/
function phpseclib_resolve_include_path($filename)
{
if (function_exists('stream_resolve_include_path')) {
return stream_resolve_include_path($filename);
}
// handle non-relative paths
if (file_exists($filename)) {
return realpath($filename);
}
$paths = PATH_SEPARATOR == ':' ?
preg_split('#(?<!phar):#', get_include_path()) :
explode(PATH_SEPARATOR, get_include_path());
foreach ($paths as $prefix) {
// path's specified in include_path don't always end in /
$ds = substr($prefix, -1) == DIRECTORY_SEPARATOR ? '' : DIRECTORY_SEPARATOR;
$file = $prefix . $ds . $filename;
if (file_exists($file)) {
return realpath($file);
}
}
return false;
}
}

2156
lam/lib/3rdParty/phpseclib/Crypt/Rijndael.php vendored
View File

File diff suppressed because it is too large Load Diff

1010
lam/lib/3rdParty/phpseclib/Crypt/TripleDES.php vendored
View File

File diff suppressed because it is too large Load Diff

7580
lam/lib/3rdParty/phpseclib/Math/BigInteger.php vendored
View File

File diff suppressed because it is too large Load Diff

5840
lam/lib/3rdParty/phpseclib/Net/SFTP.php vendored
View File

File diff suppressed because it is too large Load Diff

3302
lam/lib/3rdParty/phpseclib/Net/SSH1.php vendored
View File

File diff suppressed because it is too large Load Diff

8552
lam/lib/3rdParty/phpseclib/Net/SSH2.php vendored
View File

File diff suppressed because it is too large Load Diff

5
lam/lib/3rdParty/phpseclib/System/SSH/Agent.php vendored
View File

@ -320,9 +320,10 @@ class System_SSH_Agent
for ($i = 0; $i < $keyCount; $i++) { for ($i = 0; $i < $keyCount; $i++) {
$length = current(unpack('N', fread($this->fsock, 4))); $length = current(unpack('N', fread($this->fsock, 4)));
$key_blob = fread($this->fsock, $length); $key_blob = fread($this->fsock, $length);
$key_str = 'ssh-rsa ' . base64_encode($key_blob);
$length = current(unpack('N', fread($this->fsock, 4))); $length = current(unpack('N', fread($this->fsock, 4)));
if ($length) { if ($length) {
$key_comment = fread($this->fsock, $length); $key_str.= ' ' . fread($this->fsock, $length);
} }
$length = current(unpack('N', substr($key_blob, 0, 4))); $length = current(unpack('N', substr($key_blob, 0, 4)));
$key_type = substr($key_blob, 4, $length); $key_type = substr($key_blob, 4, $length);
@ -332,7 +333,7 @@ class System_SSH_Agent
include_once 'Crypt/RSA.php'; include_once 'Crypt/RSA.php';
} }
$key = new Crypt_RSA(); $key = new Crypt_RSA();
$key->loadKey('ssh-rsa ' . base64_encode($key_blob) . ' ' . $key_comment); $key->loadKey($key_str);
break; break;
case 'ssh-dss': case 'ssh-dss':
// not currently supported // not currently supported