Beispiel #1
0
 /**
  * Is Libsodium set up correctly? Use this to verify that you can use the
  * newer versions of Halite correctly.
  *
  * @param bool $echo
  * @return bool
  */
 public static function isLibsodiumSetupCorrectly(bool $echo = false) : bool
 {
     // Require libsodium 1.0.9
     $major = \Sodium\library_version_major();
     $minor = \Sodium\library_version_minor();
     if ($major < 9 || $major === 9 && $minor < 2) {
         if ($echo) {
             echo 'Halite needs libsodium 1.0.9 or higher. You have: ', \Sodium\version_string(), "\n";
         }
         return false;
     }
     // Added in version 1.0.3 of the PHP extension
     if (!\is_callable('\\Sodium\\crypto_pwhash_str')) {
         if ($echo) {
             echo 'Halite needs version 1.0.6 or higher of the PHP extension installed.', "\n";
         }
         return false;
     }
     if (!\is_callable('\\Sodium\\crypto_box_seal')) {
         if ($echo) {
             echo 'crypto_box_seal() is not available.', "\n";
         }
         return false;
     }
     return true;
 }
 public function testSealFail()
 {
     if (\Sodium\library_version_major() < 7 || \Sodium\library_version_major() == 7 && \Sodium\library_version_minor() < 5) {
         $this->markTestSkipped("Your version of libsodium is too old");
     }
     $alice = KeyFactory::generateEncryptionKeyPair();
     $message = 'This is for your eyes only';
     $sealed = Asymmetric::seal($message, $alice->getPublicKey(), true);
     // Let's flip one bit, randomly:
     $r = \Sodium\randombytes_uniform(\mb_strlen($sealed, '8bit'));
     $amt = 1 << \Sodium\randombytes_uniform(8);
     $sealed[$r] = \chr(\ord($sealed[$r]) ^ $amt);
     // This should throw an exception
     try {
         $opened = Asymmetric::unseal($sealed, $alice->getSecretKey(), true);
         $this->assertEquals($opened, $message);
         $this->fail('This should have thrown an InvalidMessage exception!');
     } catch (CryptoException\InvalidKey $e) {
         $this->assertTrue($e instanceof CryptoException\InvalidKey);
     } catch (CryptoException\InvalidMessage $e) {
         $this->assertTrue($e instanceof CryptoException\InvalidMessage);
     }
 }
Beispiel #3
0
 /**
  * @route help
  */
 public function helpPage()
 {
     if ($this->isLoggedIn()) {
         $this->storeLensVar('showmenu', true);
         //
         $cabins = $this->getCabinNamespaces();
         // Get debug information.
         $helpInfo = ['cabins' => [], 'cabin_names' => \array_values($cabins), 'gears' => [], 'universal' => []];
         /**
          * This might reveal "sensitive" information. By default, it's
          * locked out of non-administrator users. You can grant access to
          * other users/groups via the Permissions menu.
          */
         if ($this->can('read')) {
             $state = State::instance();
             if (\is_readable(ROOT . '/config/gadgets.json')) {
                 $helpInfo['universal']['gadgets'] = \Airship\loadJSON(ROOT . '/config/gadgets.json');
             }
             if (\is_readable(ROOT . '/config/content_security_policy.json')) {
                 $helpInfo['universal']['content_security_policy'] = \Airship\loadJSON(ROOT . '/config/content_security_policy.json');
             }
             foreach ($cabins as $cabin) {
                 $cabinData = ['config' => \Airship\loadJSON(ROOT . '/Cabin/' . $cabin . '/manifest.json'), 'content_security_policy' => [], 'gadgets' => [], 'motifs' => [], 'user_motifs' => \Airship\LensFunctions\user_motif($this->getActiveUserId(), $cabin)];
                 $prefix = ROOT . '/Cabin/' . $cabin . '/config/';
                 if (\is_readable($prefix . 'gadgets.json')) {
                     $cabinData['gadgets'] = \Airship\loadJSON($prefix . 'gadgets.json');
                 }
                 if (\is_readable($prefix . 'motifs.json')) {
                     $cabinData['motifs'] = \Airship\loadJSON($prefix . 'motifs.json');
                 }
                 if (\is_readable($prefix . 'content_security_policy.json')) {
                     $cabinData['content_security_policy'] = \Airship\loadJSON($prefix . 'content_security_policy.json');
                 }
                 $helpInfo['cabins'][$cabin] = $cabinData;
             }
             $helpInfo['gears'] = [];
             foreach ($state->gears as $gear => $latestGear) {
                 $helpInfo['gears'][$gear] = \Airship\get_ancestors($latestGear);
             }
             // Only grab data likely to be pertinent to common issues:
             $keys = ['airship', 'auto-update', 'debug', 'guzzle', 'notary', 'rate-limiting', 'session_config', 'tor-only', 'twig_cache'];
             $helpInfo['universal']['config'] = \Airship\keySlice($state->universal, $keys);
             $helpInfo['php'] = ['halite' => Halite::VERSION, 'libsodium' => ['major' => \Sodium\library_version_major(), 'minor' => \Sodium\library_version_minor(), 'version' => \Sodium\version_string()], 'version' => \PHP_VERSION, 'versionid' => \PHP_VERSION_ID];
         }
         $this->lens('help', ['active_link' => 'bridge-link-help', 'airship' => \AIRSHIP_VERSION, 'helpInfo' => $helpInfo]);
     } else {
         // Not a registered user? Go read the docs. No info leaks for you!
         \Airship\redirect('https://github.com/paragonie/airship-docs');
     }
 }
Beispiel #4
0
<?php

// Libsodium PECL test
echo "\nlibsodium major and minor version: ";
var_dump([\Sodium\library_version_major(), \Sodium\library_version_minor(), \Sodium\version_string()]);
echo "\ncurrent version of the sodium library: ";
var_dump([\Sodium\version_string()]);
// Libsodium password hashing tests:
// https://download.libsodium.org/doc/password_hashing/index.html
// https://paragonie.com/book/pecl-libsodium/read/07-password-hashing.md
echo "\nCurrent hash keybytes: " . \Sodium\CRYPTO_GENERICHASH_KEYBYTES;
echo "\nCurrent salt keybytes: " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES;
echo "\nOPSLIMIT: " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE;
echo "\nMEMLIMIT (bytes): " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE;
// Predis. A PHP binding for Redis database.
echo "\n";