/**
* Uses Defuse\Crypto\Crypto.hexToBin to convert a self.friendly value back to raw value
*
* @param $friendlyValue - value returned from 'friendly' function
*
* @return string - maybe unfriendly value
*/
protected function unfriendly($friendlyValue)
{
return $friendlyValue ? Crypto::hexToBin($friendlyValue) : null;
}
<?php
require_once \dirname(__DIR__) . '/autoload.php';
use Defuse\Crypto\Crypto;
$status = 0;
for ($i = 0; $i < 100; ++$i) {
$random = \openssl_random_pseudo_bytes(32);
$encode_a = Crypto::binToHex($random);
$encode_b = \bin2hex($random);
if ($encode_a !== $encode_b) {
$status = 1;
\var_dump([$encode_a, $encode_b]);
}
// echo "\t", $encode_a, "\t", $encode_b, "\n";
$decode_a = Crypto::hexToBin($encode_b);
$decode_b = \hex2bin($encode_a);
if ($decode_a !== $decode_b) {
$status = 1;
\var_dump([\base64_encode($decode_a), \base64_decode($decode_b)]);
}
}
if ($status < 0) {
echo 'Encoded successfully!', "\n";
}
exit($status);
\var_dump(Crypto::binToHex("ABJA"));
\var_dump(Crypto::hexToBin('41424a41'));
/**
* Decrypt something
*
* @param string $ciphertext The hexadecimal string
* @return string cleartext string
*/
public function decrypt($ciphertext)
{
return Crypto::decrypt(Crypto::hexToBin($ciphertext), $this->getSecretKey());
}
$errors = true;
response(VALIDATION_TOO_MANY_ATTEMPTS, $errors);
}
// Validation: check if this is a brute force attempt
$past = strtotime("-5 min") * 1000;
$events->search('value.action:failed AND @path.timestamp:[' . $past . ' TO ' . $now . ']');
$fail_total = $events->getTotalCount();
if ($fail_total >= 3) {
$item->event('log')->post(['action' => 'disabled']);
$errors = true;
response(VALIDATION_TOO_MANY_ATTEMPTS, $errors);
}
// If all of the above validation checks pass, continue on
if (!$errors) {
$salt = Crypto::hexToBin($item->salt);
$data_encrypted = Crypto::hexToBin($item->secret);
// Create decryption key
$length = 16;
$iterations = PASSWORD_ITERATIONS;
$key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length);
// Decrypt data, reference: https://github.com/defuse/php-encryption/
try {
$data_decrypted = Crypto::Decrypt($data_encrypted, $key);
} catch (Ex\InvalidCiphertextException $ex) {
// VERY IMPORTANT
// Log event
$item->event('log')->post(['action' => 'failed']);
response(DECRYPTION_PASSWORD_WRONG, true);
} catch (Ex\CryptoTestFailedException $ex) {
response(ENCRYPTION_UNSAFE, true);
} catch (Ex\CannotPerformOperationException $ex) {
public function decrypt_password()
{
if ($this->logged_in !== true) {
$this->debug->error("Not logged in!");
}
if (empty($_COOKIE['nextpass_password']) or empty($_SESSION['nextpass']['key'])) {
$this->debug->error("Password is not stored in Cookie or Session!");
}
require_once 'php-encryption/autoload.php';
$encrypted_password = $_COOKIE['nextpass_password'];
$encrypted_password = Crypto::hexToBin($encrypted_password);
$key = $_SESSION['nextpass']['key'];
try {
$password = Crypto::decrypt($encrypted_password, $key);
} catch (Ex\InvalidCiphertextException $ex) {
// Either:
// 1. The ciphertext was modified by the attacker,
// 2. The key is wrong, or
// 3. $ciphertext is not a valid ciphertext or was corrupted.
// Assume the worst.
die('DANGER! DANGER! The ciphertext has been tampered with!');
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely perform decryption');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely perform decryption');
}
return $password;
}
