/**
* Chunk here is an encrypted piece of file
* until delimiter.
*
* @see PMF_Attachment_Filesystem_File#getChunk()
*/
public function getChunk()
{
$readEnd = false;
$chunk = '';
$chunkDelimLen = strlen(self::chunkDelimiter);
while (!$readEnd && !$this->eof()) {
$chunk .= fread($this->handle, 1);
$readEnd = self::chunkDelimiter == substr($chunk, -$chunkDelimLen);
}
$chunk = substr($chunk, 0, -$chunkDelimLen);
return empty($chunk) ? '' : $this->aes->decrypt($chunk);
}
/**
* Get the specified cookie
*
* @param string $cookie Cookie's name
* @param mixed $default Default value if the specified cookie does not exists
* @return mixed
*/
public function get($cookie, $default = null)
{
if (isset($_COOKIE[$cookie])) {
$raw = $this->decryptCookie($_COOKIE[$cookie]);
$value = $this->cipher->decrypt($raw['value']);
$hash = $this->cipher->decrypt($raw['hash']);
if ($this->cipher->match($value, $hash)) {
return $value;
}
}
return $default;
}
/**
* Decrypts an encrypted string
*
* The value was padded with NUL characters when encrypted. You may
* need to trim the result or cast its type.
*
* @param string $cipherText the binary string to decrypt
* @return string|PEAR_Error Returns plain text on success, PEAR_Error on failure
* @access public
*/
function decrypt($cipherText)
{
return $this->_crypt->decrypt($cipherText);
}
/**
* Gets Binary Packets
*
* See '6. Binary Packet Protocol' of rfc4253 for more info.
*
* @see \phpseclib\Net\SSH2::_send_binary_packet()
* @return string
* @throws \RuntimeException on connection errors
* @access private
*/
function _get_binary_packet()
{
if (!is_resource($this->fsock) || feof($this->fsock)) {
$this->bitmap = 0;
throw new \RuntimeException('Connection closed prematurely');
}
$start = microtime(true);
$raw = fread($this->fsock, $this->decrypt_block_size);
if (!strlen($raw)) {
return '';
}
if ($this->decrypt !== false) {
$raw = $this->decrypt->decrypt($raw);
}
if ($raw === false) {
throw new \RuntimeException('Unable to decrypt content');
}
extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
$remaining_length = $packet_length + 4 - $this->decrypt_block_size;
// quoting <http://tools.ietf.org/html/rfc4253#section-6.1>,
// "implementations SHOULD check that the packet length is reasonable"
// PuTTY uses 0x9000 as the actual max packet size and so to shall we
if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
throw new \RuntimeException('Invalid size');
}
$buffer = '';
while ($remaining_length > 0) {
$temp = fread($this->fsock, $remaining_length);
if ($temp === false || feof($this->fsock)) {
$this->bitmap = 0;
throw new \RuntimeException('Error reading from socket');
}
$buffer .= $temp;
$remaining_length -= strlen($temp);
}
$stop = microtime(true);
if (strlen($buffer)) {
$raw .= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
}
$payload = $this->_string_shift($raw, $packet_length - $padding_length - 1);
$padding = $this->_string_shift($raw, $padding_length);
// should leave $raw empty
if ($this->hmac_check !== false) {
$hmac = fread($this->fsock, $this->hmac_size);
if ($hmac === false || strlen($hmac) != $this->hmac_size) {
$this->bitmap = 0;
throw new \RuntimeException('Error reading socket');
} elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
throw new \RuntimeException('Invalid HMAC');
}
}
//if ($this->decompress) {
// $payload = gzinflate(substr($payload, 2));
//}
$this->get_seq_no++;
if (defined('NET_SSH2_LOGGING')) {
$current = microtime(true);
$message_number = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN (' . ord($payload[0]) . ')';
$message_number = '<- ' . $message_number . ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)';
$this->_append_log($message_number, $payload);
$this->last_packet = $current;
}
return $this->_filter($payload);
}
/**
* Gets Binary Packets
*
* See 'The Binary Packet Protocol' of protocol-1.5.txt for more info.
*
* Also, this function could be improved upon by adding detection for the following exploit:
* http://www.securiteam.com/securitynews/5LP042K3FY.html
*
* @see self::_send_binary_packet()
* @return array
* @access private
*/
function _get_binary_packet()
{
if (feof($this->fsock)) {
//user_error('connection closed prematurely');
return false;
}
if ($this->curTimeout) {
$read = array($this->fsock);
$write = $except = null;
$start = strtok(microtime(), ' ') + strtok('');
// http://php.net/microtime#61838
$sec = floor($this->curTimeout);
$usec = 1000000 * ($this->curTimeout - $sec);
// on windows this returns a "Warning: Invalid CRT parameters detected" error
if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) {
//$this->_disconnect('Timeout');
return true;
}
$elapsed = strtok(microtime(), ' ') + strtok('') - $start;
$this->curTimeout -= $elapsed;
}
$start = strtok(microtime(), ' ') + strtok('');
// http://php.net/microtime#61838
$temp = unpack('Nlength', fread($this->fsock, 4));
$padding_length = 8 - ($temp['length'] & 7);
$length = $temp['length'] + $padding_length;
$raw = '';
while ($length > 0) {
$temp = fread($this->fsock, $length);
$raw .= $temp;
$length -= strlen($temp);
}
$stop = strtok(microtime(), ' ') + strtok('');
if (strlen($raw) && $this->crypto !== false) {
$raw = $this->crypto->decrypt($raw);
}
$padding = substr($raw, 0, $padding_length);
$type = $raw[$padding_length];
$data = substr($raw, $padding_length + 1, -4);
$temp = unpack('Ncrc', substr($raw, -4));
//if ( $temp['crc'] != $this->_crc($padding . $type . $data) ) {
// user_error('Bad CRC in packet from server');
// return false;
//}
$type = ord($type);
if (defined('NET_SSH1_LOGGING')) {
$temp = isset($this->protocol_flags[$type]) ? $this->protocol_flags[$type] : 'UNKNOWN';
$temp = '<- ' . $temp . ' (' . round($stop - $start, 4) . 's)';
$this->_append_log($temp, $data);
}
return array(self::RESPONSE_TYPE => $type, self::RESPONSE_DATA => $data);
}
/**
* Login process with remember data
*
* @return bool|array
*/
protected static function loginFromRemember()
{
$rememberConf = static::$constants->remember;
if ($rememberConf['enabled'] === true) {
$cookieName = $rememberConf['cookieName'];
if (static::$cooker->has($cookieName)) {
$userData = static::$crypt->decrypt(static::$cooker->get($cookieName), static::$constants->secret);
$userDataArr = json_decode($userData, true);
if (!json_last_error() && isset($userDataArr[$rememberConf['field']])) {
$token = $userDataArr[$rememberConf['field']];
$tokenDecrypted = static::$crypt->decrypt($token, static::$constants->secret);
if (intval($tokenDecrypted) >= static::currentTime()) {
static::setRemember($userDataArr);
static::$user = static::resolveDbResult($userDataArr);
$result = static::setUserRepository(static::$user);
return $result;
}
}
}
}
return false;
}
/**
* Called when applying the filter
*
* This method is called whenever data is read from or written to the attached stream
* (such as with fread() or fwrite()).
*
* @param resource $in
* @param resource $out
* @param int $consumed
* @param bool $closing
* @link http://php.net/manual/en/php-user-filter.filter.php
* @return int
* @access public
*/
function filter($in, $out, &$consumed, $closing)
{
$newlen = 0;
$block_mode = $this->cipher->mode == Base::MODE_CBC || $this->cipher->mode == Base::MODE_ECB;
while ($bucket = stream_bucket_make_writeable($in)) {
if ($block_mode) {
$bucket->data = $this->buffer . $bucket->data;
$extra = strlen($bucket->data) % $this->block_length;
if ($extra) {
$this->buffer = substr($bucket->data, -$extra);
$bucket->data = substr($bucket->data, 0, -$extra);
}
}
$bucket->data = $this->op ? $this->cipher->encrypt($bucket->data) : $this->cipher->decrypt($bucket->data);
$newlen += strlen($bucket->data);
$consumed += $bucket->datalen;
stream_bucket_append($out, $bucket);
}
return $block_mode && $newlen < $this->block_length ? PSFS_FEED_ME : PSFS_PASS_ON;
}
/**
* Method to decrypt a data string.
*
* @param string $data The encrypted string to decrypt.
* @return string The decrypted data string.
*/
public function decrypt($data)
{
return $this->cipher->decrypt($data, $this->key);
}
/**
* Decrypting data (URL safe)
*
* @param string $data
* @return string or false on error
*/
public function decrypt($data)
{
return $this->object->decrypt($data);
}
/**
* decrypt a string value, optionally with a custom key
*
* @param string value to decrypt
* @param string optional custom key to be used for this encryption
* @param int optional key length
* @access public
* @return string encrypted value
*/
protected function decode($value, $key = false, $keylength = false)
{
if (!$key) {
$key = static::safe_b64decode($this->config['crypto_key']);
// Used for backwards compatibility with encrypted data prior
// to FuelPHP 1.7.2, when phpseclib was updated, and became a
// bit smarter about figuring out key lengths.
$keylength = 128;
}
if ($keylength) {
$this->crypter->setKeyLength($keylength);
}
$this->crypter->setKey($key);
$this->crypter->setIV(static::safe_b64decode($this->config['crypto_iv']));
$value = static::safe_b64decode($value);
if ($value = $this->validate_hmac($value)) {
return $this->crypter->decrypt($value);
} else {
return false;
}
}
/**
* Decrypts an encrypted string
*
* The value was padded with NUL characters when encrypted. You may
* need to trim the result or cast its type.
*
* @param string $cipherText the binary string to decrypt
* @return string|PEAR_Error Returns plain text on success, PEAR_Error on failure
* @access public
*/
function decrypt($cipherText)
{
$result = $this->_crypt->decrypt(base64_decode($cipherText));
return $result;
}
