public static function Crypto($text, $cipher, $key, $isEncrypt)
{
switch ($cipher) {
case 'DES':
$crypt = new Crypt_DES(CRYPT_DES_MODE_CBC);
$crypt->setKey($key);
$crypt->setIV($key);
if ($isEncrypt) {
return strtoupper(bin2hex($crypt->encrypt($text)));
} else {
return $crypt->decrypt(CryptoUtil::hex2bin($text));
}
break;
case 'AES-256':
$crypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_ECB);
$crypt->setKey($key);
if ($isEncrypt) {
return strtoupper(bin2hex($crypt->encrypt($text)));
} else {
return $crypt->decrypt(CryptoUtil::hex2bin($text));
}
break;
default:
break;
}
return "ERROR";
}
function rijndael_decrypt_file($file, $key)
{
require_once dirname(__FILE__) . '/includes/phpseclib/Crypt/Rijndael.php';
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
$ciphertext = file_get_contents($file);
print $rijndael->decrypt($ciphertext);
}
/**
* @param null|string $input
* @return string
*/
public function generateKey($input = NULL)
{
$text = $input === NULL ? $this->username . ';' . date('d/m/Y H:i:s') . ';' . $this->ip : $input;
$cipher = new \Crypt_Rijndael();
$cipher->setKeyLength(256);
$cipher->setBlockLength(128);
$cipher->setKey(base64_decode($this->key));
$cipher->setIV(base64_decode($this->iv));
return base64_encode($cipher->encrypt($text));
}
/**
* @group github451
*/
public function testKeyPaddingRijndael()
{
// this test case is from the following URL:
// https://web.archive.org/web/20070209120224/http://fp.gladman.plus.com/cryptography_technology/rijndael/aesdvec.zip
$aes = new Crypt_Rijndael();
$aes->disablePadding();
$aes->setKey(pack('H*', '2b7e151628aed2a6abf7158809cf4f3c762e7160'));
// 160-bit key. Valid in Rijndael.
$ciphertext = $aes->encrypt(pack('H*', '3243f6a8885a308d313198a2e0370734'));
$this->assertEquals($ciphertext, pack('H*', '231d844639b31b412211cfe93712b880'));
}
/**
* Initilizes cryptographic scheme
*/
private static function init()
{
if (is_null(self::$cryptographicScheme)) {
$key = KeyHandler::readKey();
$mysqlKey = "";
for ($a = 0; $a < strlen($key); $a++) {
$mysqlKey[$a % 16] = chr(ord($mysqlKey[$a % 16]) ^ ord($key[$a]));
}
$aes = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_ECB);
$aes->setKeyLength(128);
$aes->setBlockLength(128);
$aes->setKey($mysqlKey);
self::$cryptographicScheme = $aes;
}
}
/**
* This method returns instance of cipher. In case you need to use other than the default cipher,
* you can override it from model
*
* @return Initialized instance of cipher
*/
private function getCipher()
{
static $cipher = null;
if ($cipher == null) {
$cipher = new \Crypt_Rijndael();
$key = $this->getEncryptionKey();
if (strlen($key)) {
$cipher->setKey($key);
} else {
$cipher = null;
return null;
}
$cipher->setBlockLength(224);
}
return $cipher;
}
/**
* Decrypt the ciphertext
* @param string $cipherText
* @return object \stdClass Unserialized token
*/
public function decrypt($cipherText)
{
// Decryption: prefer mcrypt, if available (since it can decrypt data encrypted by either mcrypt or phpseclib)
$cipherText = base64_decode($cipherText);
$iv = substr($cipherText, 0, self::IV_SIZE);
$cipherText = substr($cipherText, self::IV_SIZE);
if (function_exists('mcrypt_decrypt')) {
$token = @mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $cipherText, MCRYPT_MODE_CBC, $iv);
} else {
global $updraftplus;
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($this->key);
$rijndael->setIV($iv);
$token = $rijndael->decrypt($cipherText);
}
return $token;
}
function decrypt_message($message, $asym_key)
{
$rsa = new Crypt_RSA();
$rij = new Crypt_Rijndael();
// Extract the Symmetric Key
$len = substr($message, 0, 3);
$len = hexdec($len);
$sym_key = substr($message, 0, $len);
//Extract the encrypted message
$message = substr($message, 3);
$ciphertext = substr($message, $len);
$ciphertext = base64_decode($ciphertext);
// Decrypt the encrypted symmetric key
$rsa->loadKey($asym_key);
$sym_key = base64_decode($sym_key);
$sym_key = $rsa->decrypt($sym_key);
// Decrypt the message
$rij->setKey($sym_key);
$plaintext = $rij->decrypt($ciphertext);
return $message;
}
public function decrypt($fullpath, $key, $ciphertext = false)
{
$this->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
if (defined('UPDRAFTPLUS_DECRYPTION_ENGINE')) {
if ('openssl' == UPDRAFTPLUS_DECRYPTION_ENGINE) {
$rijndael->setPreferredEngine(CRYPT_ENGINE_OPENSSL);
} elseif ('mcrypt' == UPDRAFTPLUS_DECRYPTION_ENGINE) {
$rijndael->setPreferredEngine(CRYPT_ENGINE_MCRYPT);
} elseif ('internal' == UPDRAFTPLUS_DECRYPTION_ENGINE) {
$rijndael->setPreferredEngine(CRYPT_ENGINE_INTERNAL);
}
}
$rijndael->setKey($key);
return false == $ciphertext ? $rijndael->decrypt(file_get_contents($fullpath)) : $rijndael->decrypt($ciphertext);
}
private function encrypt($fullpath, $key, $rformat = 'inline')
{
global $updraftplus;
if (!function_exists('mcrypt_encrypt')) {
$updraftplus->log(sprintf(__('Your web-server does not have the %s module installed.', 'updraftplus'), 'PHP/mcrypt') . ' ' . __('Without it, encryption will be a lot slower.', 'updraftplus'), 'warning', 'nomcrypt');
}
$updraftplus->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
if ('inline' === $rformat) {
return $rijndael->encrypt(file_get_contents($fullpath));
}
return false;
}
public function decrypt_message($message)
{
if (!$this->key_local) {
throw new Exception('No decryption key has been set');
}
$this->ensure_crypto_loaded();
$rsa = new Crypt_RSA();
$rij = new Crypt_Rijndael();
// Extract the Symmetric Key
$len = substr($message, 0, 3);
$len = hexdec($len);
$sym_key = substr($message, 3, $len);
// Extract the encrypted message
$cipherlen = substr($message, $len + 3, 16);
$cipherlen = hexdec($cipherlen);
$ciphertext = substr($message, $len + 19, $cipherlen);
$ciphertext = base64_decode($ciphertext);
// Decrypt the encrypted symmetric key
$rsa->loadKey($this->key_local);
$sym_key = base64_decode($sym_key);
$sym_key = $rsa->decrypt($sym_key);
// Decrypt the message
$rij->setKey($sym_key);
return $rij->decrypt($ciphertext);
}
/**
*
* Encrypts given value, with given key, and hex encodes it before
* returning.
*
* Compatible with mysql: "hex(aes_encrypt($val, $key))
*
* @param string $val - value to encrypt
* @param string $ky - key
* @return string encrypted value
*/
public function encrypt($val, $key)
{
if (empty($val)) {
return $val;
}
$mysqlKey = "";
for ($a = 0; $a < strlen($key); $a++) {
$mysqlKey[$a % 16] = chr(ord($mysqlKey[$a % 16]) ^ ord($key[$a]));
}
$aes = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_ECB);
$aes->setKeyLength(128);
$aes->setBlockLength(128);
$aes->setKey($mysqlKey);
$encrypt = $aes->encrypt($val);
$encrypt = strtoupper(bin2hex($encrypt));
return $encrypt;
}
function analyse_db_file($timestamp, $res)
{
global $updraftplus;
$backup = $updraftplus->get_backup_history($timestamp);
if (!isset($backup['nonce']) || !isset($backup['db'])) {
return;
}
$updraft_dir = $updraftplus->backups_dir_location();
$db_file = $updraft_dir . '/' . $backup['db'];
if (!is_readable($db_file)) {
return;
}
// Encrypted - decrypt it
if ($updraftplus->is_db_encrypted($db_file)) {
$encryption = UpdraftPlus_Options::get_updraft_option('updraft_encryptionphrase');
if (!$encryption) {
echo sprintf(__('Error: %s', 'updraftplus'), __('Decryption failed. The database file is encrypted, but you have no encryption key entered.', 'updraftplus'));
return;
}
require_once UPDRAFTPLUS_DIR . '/includes/phpseclib/Crypt/Rijndael.php';
$rijndael = new Crypt_Rijndael();
// Get decryption key
$rijndael->setKey($encryption);
$ciphertext = $rijndael->decrypt(file_get_contents($db_file));
if ($ciphertext) {
$new_db_file = $updraft_dir . '/' . basename($db_file, '.crypt');
if (!file_put_contents($new_db_file, $ciphertext)) {
echo sprintf(__('Error: %s', 'updraftplus'), __('Failed to write out the decrypted database to the filesystem.', 'updraftplus'));
return false;
}
$db_file = $new_db_file;
} else {
echo sprintf(__('Error: %s', 'updraftplus'), __('Decryption failed. The most likely cause is that you used the wrong key.', 'updraftplus'));
return false;
}
}
$dbhandle = gzopen($db_file, 'r');
if (!$dbhandle) {
echo sprintf(__('Error: %s', 'updraftplus'), __('Failed to open database file.', 'updraftplus'));
return false;
}
# Analyse the file, print the results.
$line = 0;
$old_siteurl = '';
$old_table_prefix = '';
$old_siteinfo = array();
$gathering_siteinfo = true;
while (!gzeof($dbhandle) && $line < 100) {
$line++;
// Up to 1Mb
$buffer = rtrim(gzgets($dbhandle, 1048576));
// Comments are what we are interested in
if (substr($buffer, 0, 1) == '#') {
// TODO: More information - e.g. WordPress version. Warn if importing new into old.
if ('' == $old_siteurl && preg_match('/^\\# Backup of: (http(.*))$/', $buffer, $matches)) {
$old_siteurl = $matches[1];
echo __('Backup of:', 'updraftplus') . ' ' . htmlspecialchars($old_siteurl) . '<br>';
// Check for should-be migration
if ($old_siteurl != site_url()) {
echo apply_filters('updraftplus_dbscan_urlchange', sprintf(__('Error: %s', 'updraftplus'), '<a href="http://updraftplus.com/shop/migrator/">' . __('This backup set is from a different site - this is not a restoration, but a migration. You need the Migrator add-on in order to make this work.', 'updraftplus') . '</a>'), $old_siteurl, $res);
}
} elseif ('' == $old_table_prefix && preg_match('/^\\# Table prefix: (\\S+)$/', $buffer, $matches)) {
$old_table_prefix = $matches[1];
// echo '<strong>'.__('Old table prefix:', 'updraftplus').'</strong> '.htmlspecialchars($old_table_prefix).'<br>';
} elseif ($gathering_siteinfo && preg_match('/^\\# Site info: (\\S+)$/', $buffer, $matches)) {
if ('end' == $matches[1]) {
$gathering_siteinfo = false;
// Sanity checks
if (isset($old_siteinfo['multisite']) && !$old_siteinfo['multisite'] && is_multisite()) {
// Just need to check that you're crazy
if (!defined('UPDRAFTPLUS_EXPERIMENTAL_IMPORTINTOMULTISITE') || UPDRAFTPLUS_EXPERIMENTAL_IMPORTINTOMULTISITE != true) {
echo sprintf(__('Error: %s', 'updraftplus'), __('You are running on WordPress multisite - but your backup is not of a multisite site.', 'updraftplus'));
return false;
}
// Got the needed code?
if (!class_exists('UpdraftPlusAddOn_MultiSite') || !class_exists('UpdraftPlus_Addons_Migrator')) {
echo sprintf(__('Error: %s', 'updraftplus'), __('To import an ordinary WordPress site into a multisite installation requires both the multisite and migrator add-ons.', 'updraftplus'));
return false;
}
}
} elseif (preg_match('/^([^=]+)=(.*)$/', $matches[1], $kvmatches)) {
$key = $kvmatches[1];
$val = $kvmatches[2];
if ('multisite' == $key && $val) {
echo '<strong>' . __('Site information:', 'updraftplus') . '</strong>' . ' is a WordPress Network<br>';
}
$old_siteinfo[$key] = $val;
}
}
}
}
@gzclose($dbhandle);
}
function unpack_package($package, $delete_package = true)
{
global $wp_filesystem, $updraftplus;
$updraft_dir = $updraftplus->backups_dir_location();
// If not database, then it is a zip - unpack in the usual way
if (!preg_match('/db\\.gz(\\.crypt)?$/i', $package)) {
return parent::unpack_package($updraft_dir . '/' . $package, $delete_package);
}
$backup_dir = $wp_filesystem->find_folder($updraft_dir);
// Unpack a database. The general shape of the following is copied from class-wp-upgrader.php
@set_time_limit(1800);
$this->skin->feedback('unpack_package');
$upgrade_folder = $wp_filesystem->wp_content_dir() . 'upgrade/';
@$wp_filesystem->mkdir($upgrade_folder, 0775);
//Clean up contents of upgrade directory beforehand.
$upgrade_files = $wp_filesystem->dirlist($upgrade_folder);
if (!empty($upgrade_files)) {
foreach ($upgrade_files as $file) {
$wp_filesystem->delete($upgrade_folder . $file['name'], true);
}
}
//We need a working directory
$working_dir = $upgrade_folder . basename($package, '.crypt');
# $working_dir_filesystem = WP_CONTENT_DIR.'/upgrade/'. basename($package, '.crypt');
// Clean up working directory
if ($wp_filesystem->is_dir($working_dir)) {
$wp_filesystem->delete($working_dir, true);
}
if (!$wp_filesystem->mkdir($working_dir, 0775)) {
return new WP_Error('mkdir_failed', __('Failed to create a temporary directory', 'updraftplus') . ' (' . $working_dir . ')');
}
// Unpack package to working directory
if ($updraftplus->is_db_encrypted($package)) {
$this->skin->feedback('decrypt_database');
$encryption = UpdraftPlus_Options::get_updraft_option('updraft_encryptionphrase');
if (!$encryption) {
return new WP_Error('no_encryption_key', __('Decryption failed. The database file is encrypted, but you have no encryption key entered.', 'updraftplus'));
}
// Encrypted - decrypt it
require_once UPDRAFTPLUS_DIR . '/includes/phpseclib/Crypt/Rijndael.php';
$rijndael = new Crypt_Rijndael();
// Get decryption key
$rijndael->setKey($encryption);
$ciphertext = $rijndael->decrypt($wp_filesystem->get_contents($backup_dir . $package));
if ($ciphertext) {
$this->skin->feedback('decrypted_database');
if (!$wp_filesystem->put_contents($working_dir . '/backup.db.gz', $ciphertext)) {
return new WP_Error('write_failed', __('Failed to write out the decrypted database to the filesystem', 'updraftplus'));
}
} else {
return new WP_Error('decryption_failed', __('Decryption failed. The most likely cause is that you used the wrong key.', 'updraftplus'));
}
} else {
if (!$wp_filesystem->copy($backup_dir . $package, $working_dir . '/backup.db.gz')) {
if ($wp_filesystem->errors->get_error_code()) {
foreach ($wp_filesystem->errors->get_error_messages() as $message) {
show_message($message);
}
}
return new WP_Error('copy_failed', $this->strings['copy_failed']);
}
}
// Once extracted, delete the package if required (non-recursive, is a file)
if ($delete_package) {
$wp_filesystem->delete($backup_dir . $package, false, true);
}
return $working_dir;
}
function encrypt($fullpath, $key, $rformat = 'inline')
{
if (!function_exists('mcrypt_encrypt')) {
$this->log(sprintf(__('Your web-server does not have the %s module installed.', 'updraftplus'), 'mcrypt') . ' ' . __('Without it, encryption will be a lot slower.', 'updraftplus'), 'warning', 'nomcrypt');
}
if ($this->have_addons < 10) {
$this->log(__("A future release of UpdraftPlus will move the encryption feature into an add-on (and add more features to it).", 'updraftplus') . ' ' . sprintf(__('See: %s', 'updraftplus'), 'http://updraftplus.com/next-updraftplus-release-ready-testing/'), 'warning', 'needpremiumforcrypt');
}
$this->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
if ('inline' === $rformat) {
return $rijndael->encrypt(file_get_contents($fullpath));
}
}
public function decrypt_message($message)
{
if (!$this->key_local) {
throw new Exception('No decryption key has been set');
}
$this->ensure_crypto_loaded();
$rsa = new Crypt_RSA();
if (defined('UDRPC_PHPSECLIB_ENCRYPTION_MODE')) {
$rsa->setEncryptionMode(UDRPC_PHPSECLIB_ENCRYPTION_MODE);
}
// Defaults to CRYPT_AES_MODE_CBC
$rij = new Crypt_Rijndael();
// Extract the Symmetric Key
$len = substr($message, 0, 3);
$len = hexdec($len);
$sym_key = substr($message, 3, $len);
// Extract the encrypted message
$cipherlen = substr($message, $len + 3, 16);
$cipherlen = hexdec($cipherlen);
$ciphertext = substr($message, $len + 19, $cipherlen);
$ciphertext = base64_decode($ciphertext);
// Decrypt the encrypted symmetric key
$rsa->loadKey($this->key_local);
$sym_key = base64_decode($sym_key);
$sym_key = $rsa->decrypt($sym_key);
// Decrypt the message
$rij->setKey($sym_key);
return $rij->decrypt($ciphertext);
}
/**
* Sets the key.
*
* Rijndael supports five different key lengths, AES only supports three.
*
* @see Crypt_Rijndael:setKey()
* @see setKeyLength()
* @access public
* @param String $key
*/
function setKey($key)
{
parent::setKey($key);
if (!$this->explicit_key_length) {
$length = strlen($key);
switch (true) {
case $length <= 16:
$this->key_size = 16;
break;
case $length <= 24:
$this->key_size = 24;
break;
default:
$this->key_size = 32;
}
$this->_setupEngine();
}
}
function spool_file($type, $fullpath, $encryption = "")
{
@set_time_limit(900);
if (file_exists($fullpath)) {
$file = basename($fullpath);
$len = filesize($fullpath);
$filearr = explode('.', $file);
// //we've only got zip and gz...for now
$file_ext = array_pop($filearr);
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
// Date in the past
header("Content-Length: {$len};");
if ($file_ext == 'crypt') {
if ($encryption == "") {
$encryption = UpdraftPlus_Options::get_updraft_option('updraft_encryptionphrase');
}
if ($encryption == "") {
header('Content-type: text/plain');
_e("Decryption failed. The database file is encrypted, but you have no encryption key entered.", 'updraftplus');
$this->log('Decryption of database failed: the database file is encrypted, but you have no encryption key entered.', 'error');
} else {
if (!class_exists('Crypt_Rijndael')) {
require_once UPDRAFTPLUS_DIR . '/includes/phpseclib/Crypt/Rijndael.php';
}
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($encryption);
$ciphertext = $rijndael->decrypt(file_get_contents($fullpath));
if ($ciphertext) {
header('Content-type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"" . substr($file, 0, -6) . "\";");
print $ciphertext;
} else {
header('Content-type: text/plain');
echo __("Decryption failed. The most likely cause is that you used the wrong key.", 'updraftplus') . " " . __('The decryption key used:', 'updraftplus') . ' ' . $encryption;
}
}
} else {
if ($file_ext == 'zip') {
header('Content-type: application/zip');
} else {
header('Content-type: application/octet-stream');
}
header("Content-Disposition: attachment; filename=\"{$file}\";");
# Prevent the file being read into memory
@ob_end_flush();
readfile($fullpath);
}
// $this->delete_local($file);
} else {
echo __('File not found', 'updraftplus');
}
}
public function decrypt($fullpath, $key, $ciphertext = false)
{
$this->ensure_phpseclib('Crypt_Rijndael', 'Crypt/Rijndael');
$rijndael = new Crypt_Rijndael();
$rijndael->setKey($key);
return false == $ciphertext ? $rijndael->decrypt(file_get_contents($fullpath)) : $rijndael->decrypt($ciphertext);
}
function osc_decrypt_alert($string) {
$key = hash("sha256", osc_get_alert_private_key(), true);
if(function_exists('mcrypt_module_open')) {
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$cipherText = '';
if (mcrypt_generic_init($cipher, $key, $key) != -1) {
$cipherText = mdecrypt_generic($cipher, $string);
mcrypt_generic_deinit($cipher);
}
return trim(substr($cipherText, 32));
};
require_once LIB_PATH . 'phpseclib/Crypt/Rijndael.php';
$cipher = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CBC);
$cipher->disablePadding();
$cipher->setBlockLength(256);
$cipher->setKey($key);
$cipher->setIV($key);
return trim(substr($cipher->decrypt($string), 32));
}