primo commit

2024-12-17 17:34:10 +01:00
commit e650f8df99
16435 changed files with 2451012 additions and 0 deletions
--- a/libraries/fof30/Encrypt/AesAdapter/AbstractAdapter.php
+++ b/libraries/fof30/Encrypt/AesAdapter/AbstractAdapter.php
@ -0,0 +1,88 @@
+<?php
+/**
+ * @package   FOF
+ * @copyright Copyright (c)2010-2021 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 2, or later
+ */
+
+namespace FOF30\Encrypt\AesAdapter;
+
+defined('_JEXEC') || die;
+
+/**
+ * Abstract AES encryption class
+ */
+abstract class AbstractAdapter
+{
+	/**
+	 * Trims or zero-pads a key / IV
+	 *
+	 * @param   string  $key   The key or IV to treat
+	 * @param   int     $size  The block size of the currently used algorithm
+	 *
+	 * @return  null|string  Null if $key is null, treated string of $size byte length otherwise
+	 */
+	public function resizeKey($key, $size)
+	{
+		if (empty($key))
+		{
+			return null;
+		}
+
+		$keyLength = strlen($key);
+
+		if (function_exists('mb_strlen'))
+		{
+			$keyLength = mb_strlen($key, 'ASCII');
+		}
+
+		if ($keyLength == $size)
+		{
+			return $key;
+		}
+
+		if ($keyLength > $size)
+		{
+			if (function_exists('mb_substr'))
+			{
+				return mb_substr($key, 0, $size, 'ASCII');
+			}
+
+			return substr($key, 0, $size);
+		}
+
+		return $key . str_repeat("\0", ($size - $keyLength));
+	}
+
+	/**
+	 * Returns null bytes to append to the string so that it's zero padded to the specified block size
+	 *
+	 * @param   string  $string     The binary string which will be zero padded
+	 * @param   int     $blockSize  The block size
+	 *
+	 * @return  string  The zero bytes to append to the string to zero pad it to $blockSize
+	 */
+	protected function getZeroPadding($string, $blockSize)
+	{
+		$stringSize = strlen($string);
+
+		if (function_exists('mb_strlen'))
+		{
+			$stringSize = mb_strlen($string, 'ASCII');
+		}
+
+		if ($stringSize == $blockSize)
+		{
+			return '';
+		}
+
+		if ($stringSize < $blockSize)
+		{
+			return str_repeat("\0", $blockSize - $stringSize);
+		}
+
+		$paddingBytes = $stringSize % $blockSize;
+
+		return str_repeat("\0", $blockSize - $paddingBytes);
+	}
+}
--- a/libraries/fof30/Encrypt/AesAdapter/AdapterInterface.php
+++ b/libraries/fof30/Encrypt/AesAdapter/AdapterInterface.php
@ -0,0 +1,78 @@
+<?php
+/**
+ * @package   FOF
+ * @copyright Copyright (c)2010-2021 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 2, or later
+ */
+
+namespace FOF30\Encrypt\AesAdapter;
+
+defined('_JEXEC') || die;
+
+use FOF30\Utils\Phpfunc;
+
+/**
+ * Interface for AES encryption adapters
+ */
+interface AdapterInterface
+{
+	/**
+	 * Sets the AES encryption mode.
+	 *
+	 * WARNING: The strength parameter is deprecated since FOF 3.1 and has no effect.
+	 *
+	 * @param   string  $mode      Choose between CBC (recommended) or ECB
+	 * @param   int     $strength  DEPRECATED AND UNUSED.
+	 *
+	 * @return  mixed
+	 */
+	public function setEncryptionMode($mode = 'cbc', $strength = 128);
+
+	/**
+	 * Encrypts a string. Returns the raw binary ciphertext.
+	 *
+	 * WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the
+	 * plaintext and trim the string to that length upon decryption.
+	 *
+	 * @param   string       $plainText  The plaintext to encrypt
+	 * @param   string       $key        The raw binary key (will be zero-padded or chopped if its size is different
+	 *                                   than the block size)
+	 * @param   null|string  $iv         The initialization vector (for CBC mode algorithms)
+	 *
+	 * @return  string  The raw encrypted binary string.
+	 */
+	public function encrypt($plainText, $key, $iv = null);
+
+	/**
+	 * Decrypts a string. Returns the raw binary plaintext.
+	 *
+	 * $ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is
+	 * dropped in EBC mode since there is no concept of IV in EBC).
+	 *
+	 * WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised
+	 * to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds
+	 * appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not
+	 * just padding!).
+	 *
+	 * @param   string  $cipherText  The ciphertext to encrypt
+	 * @param   string  $key         The raw binary key (will be zero-padded or chopped if its size is different than
+	 *                               the block size)
+	 *
+	 * @return  string  The raw unencrypted binary string.
+	 */
+	public function decrypt($cipherText, $key);
+
+	/**
+	 * Returns the encryption block size in bytes
+	 *
+	 * @return  int
+	 */
+	public function getBlockSize();
+
+	/**
+	 * Is this adapter supported?
+	 *
+	 * @return  bool
+	 */
+	public function isSupported(Phpfunc $phpfunc = null);
+}
--- a/libraries/fof30/Encrypt/AesAdapter/OpenSSL.php
+++ b/libraries/fof30/Encrypt/AesAdapter/OpenSSL.php
@ -0,0 +1,192 @@
+<?php
+/**
+ * @package   FOF
+ * @copyright Copyright (c)2010-2021 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 2, or later
+ */
+
+namespace FOF30\Encrypt\AesAdapter;
+
+defined('_JEXEC') || die;
+
+use FOF30\Encrypt\Randval;
+use FOF30\Utils\Phpfunc;
+
+class OpenSSL extends AbstractAdapter implements AdapterInterface
+{
+	/**
+	 * The OpenSSL options for encryption / decryption
+	 *
+	 * PHP 5.3 does not have the constants OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING. In fact, the parameter
+	 * is called $raw_data and is a boolean. Since integer 1 is equivalent to boolean TRUE in PHP we can get
+	 * away with initializing this parameter with the integer 1.
+	 *
+	 * @var  int
+	 */
+	protected $openSSLOptions = 1;
+
+	/**
+	 * The encryption method to use
+	 *
+	 * @var  string
+	 */
+	protected $method = 'aes-128-cbc';
+
+	public function __construct()
+	{
+		/**
+		 * PHP 5.4 and later replaced the $raw_data parameter with the $options parameter. Instead of a boolean we need
+		 * to pass some flags. Here you go.
+		 *
+		 * Since PHP 5.3 does NOT have the relevant constants we must NOT run this bit of code under PHP 5.3.
+		 *
+		 * See http://stackoverflow.com/questions/24707007/using-openssl-raw-data-param-in-openssl-decrypt-with-php-5-3#24707117
+		 */
+		if (version_compare(PHP_VERSION, '5.4.0', 'ge'))
+		{
+			$this->openSSLOptions = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;
+		}
+	}
+
+	public function setEncryptionMode($mode = 'cbc', $strength = 128)
+	{
+		static $availableAlgorithms = null;
+		static $defaultAlgo = 'aes-128-cbc';
+
+		if (!is_array($availableAlgorithms))
+		{
+			$availableAlgorithms = openssl_get_cipher_methods();
+
+			foreach ([
+				         'aes-256-cbc', 'aes-256-ecb', 'aes-192-cbc',
+				         'aes-192-ecb', 'aes-128-cbc', 'aes-128-ecb',
+			         ] as $algo)
+			{
+				if (in_array($algo, $availableAlgorithms))
+				{
+					$defaultAlgo = $algo;
+					break;
+				}
+			}
+		}
+
+		$strength = (int) $strength;
+		$mode     = strtolower($mode);
+
+		if (!in_array($strength, [128, 192, 256]))
+		{
+			$strength = 256;
+		}
+
+		if (!in_array($mode, ['cbc', 'ebc']))
+		{
+			$mode = 'cbc';
+		}
+
+		$algo = 'aes-' . $strength . '-' . $mode;
+
+		if (!in_array($algo, $availableAlgorithms))
+		{
+			$algo = $defaultAlgo;
+		}
+
+		$this->method = $algo;
+	}
+
+	public function encrypt($plainText, $key, $iv = null)
+	{
+		$iv_size = $this->getBlockSize();
+		$key     = $this->resizeKey($key, $iv_size);
+		$iv      = $this->resizeKey($iv, $iv_size);
+
+		if (empty($iv))
+		{
+			$randVal = new Randval();
+			$iv      = $randVal->generate($iv_size);
+		}
+
+		$plainText  .= $this->getZeroPadding($plainText, $iv_size);
+		$cipherText = openssl_encrypt($plainText, $this->method, $key, $this->openSSLOptions, $iv);
+		$cipherText = $iv . $cipherText;
+
+		return $cipherText;
+	}
+
+	public function decrypt($cipherText, $key)
+	{
+		$iv_size    = $this->getBlockSize();
+		$key        = $this->resizeKey($key, $iv_size);
+		$iv         = substr($cipherText, 0, $iv_size);
+		$cipherText = substr($cipherText, $iv_size);
+		$plainText  = openssl_decrypt($cipherText, $this->method, $key, $this->openSSLOptions, $iv);
+
+		return $plainText;
+	}
+
+	public function isSupported(Phpfunc $phpfunc = null)
+	{
+		if (!is_object($phpfunc) || !($phpfunc instanceof $phpfunc))
+		{
+			$phpfunc = new Phpfunc();
+		}
+
+		if (!$phpfunc->function_exists('openssl_get_cipher_methods'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('openssl_random_pseudo_bytes'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('openssl_cipher_iv_length'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('openssl_encrypt'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('openssl_decrypt'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('hash'))
+		{
+			return false;
+		}
+
+		if (!$phpfunc->function_exists('hash_algos'))
+		{
+			return false;
+		}
+
+		$algorightms = $phpfunc->openssl_get_cipher_methods();
+
+		if (!in_array('aes-128-cbc', $algorightms))
+		{
+			return false;
+		}
+
+		$algorightms = $phpfunc->hash_algos();
+
+		if (!in_array('sha256', $algorightms))
+		{
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getBlockSize()
+	{
+		return openssl_cipher_iv_length($this->method);
+	}
+}