public function seeMessageInResponse($message)
{
$response = $this->getModule('REST')->response;
$response = json_decode($response);
$data = base64_url_decode($response->data);
$data = $this->aes->decrypt($data);
file_put_contents('./dump.txt', $data);
$data = json_decode($data);
$this->assertEquals($message, $data->message);
}
public function get_message($message)
{
$key = $this->key;
if ($message) {
$message = @base64_decode($message);
if ($message) {
$message = @unserialize($message);
if ($message) {
$cipher = new \Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setPassword($key, 'pbkdf2', 'sha256', $message['s'], 1000);
if (@gmmktime() - $message['t'] > self::MAX_AGE) {
return false;
}
$message = $cipher->decrypt($message['p']);
if ($message) {
$message = @unserialize($message);
if ($message) {
return $message;
}
}
}
}
}
return false;
}
/**
* Decrypts AES encrypted data
* @param String $data Data to decrypt
* @return String
*/
public function symmetricDecrypt($data)
{
if (!$this->isAesInitialized) {
$this->initSymmetric();
}
return $this->aes->decrypt($data);
}
function AESDecrypt($ciphertext, $key, $IV)
{
$aes = new Crypt_AES(CRYPT_MODE_ECB);
$aes->setKey(characet($key));
$aes->setIV(characet($IV));
return $aes->decrypt(hex2bin($ciphertext));
}
function _pugpig_bbappworld_decrypt($base64_encrypted, $password)
{
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
// keys are null-padded to the closest valid size
// longer than the longest key and it's truncated
$cipher->setKey($password);
return $cipher->decrypt(base64_decode($base64_encrypted));
}
protected function decodeResponse($received)
{
$aes = new Crypt_AES();
$aes->setKey($this->key);
$data = $aes->decrypt(base64_decode(substr($received, 28)));
$decoder = new XmlrpcDecoder();
return $decoder->decodeResponse($data);
}
/**
* Decrypt the provided data using AES cryptography with the provided key and IV
*
* @param string $data Data to decrypt
* @param string $key Cipher key used to encrypt the data
* @param string $iv IV used to encrypt the data
* @param bool $base64Encoded Is the provided data Base64 encoded (defaults to true)
* @return string Unencrypted data
*/
public function decryptAES($data, $key, $iv, $base64Encoded = true)
{
$data = $base64Encoded ? base64_decode($data) : $data;
$cipher = new \Crypt_AES();
$cipher->setKey($key);
$cipher->setIV($iv);
$cipher->disablePadding();
$decrypted = rtrim($cipher->decrypt($data));
return $decrypted;
}
/**
* @dataProvider continuousBufferCombos
*/
public function testEncryptDecryptWithContinuousBuffer($mode, $plaintext, $iv, $key)
{
$aes = new Crypt_AES(constant($mode));
$aes->enableContinuousBuffer();
$aes->setIV($iv);
$aes->setKey($key);
$actual = '';
for ($i = 0, $strlen = strlen($plaintext); $i < $strlen; ++$i) {
$actual .= $aes->decrypt($aes->encrypt($plaintext[$i]));
}
$this->assertEquals($plaintext, $actual);
}
public static function decrypt($secret, $password, ApiKeyEncryptionOptions $options)
{
$decodedSecret = self::base64url_decode($secret);
$salt = self::base64url_decode($options->getEncryptionKeySalt());
$iterations = $options->getEncryptionKeyIterations();
$keyLengthBits = $options->getEncryptionKeySize();
$iv = substr($decodedSecret, 0, 16);
$aes = new \Crypt_AES();
$aes->setPassword($password, 'pbkdf2', 'sha1', $salt, $iterations, $keyLengthBits / 8);
$aes->setKeyLength($keyLengthBits);
$aes->setIV($iv);
return $aes->decrypt(substr($decodedSecret, 16));
}
function fileRead($key)
{
$file = fopen("data.php", "r");
$aes = new Crypt_AES();
$aes->setKey($key);
$tempdata = "";
if ($file) {
$tempdata = file_get_contents("data.php");
$tempdata = substr($tempdata, strlen($GLOBALS["fileStart"]));
$tempdata = $aes->decrypt(substr($tempdata, 0, -strlen($GLOBALS["fileEnd"])));
}
fclose($file);
return $tempdata;
}
/**
* Process the launchkey option to prepare for usage within the plugin. The option will have encrypted attributes
* decrypted as well as set default values for any missing or unset attributes.
*
* @since 1.0.0
*
* @param $input
*
* @return array
*/
public function post_get_option_filter($input)
{
// Define the defaults for attributes
$defaults = static::get_defaults();
// If the input is empty (null) set it to an empty array
$input ?: array();
// Merge the input array over the defaults array to set any know data to the response
$output = array_merge($defaults, $input);
// If the secret key attribute is not empty, decrypt it
if (!empty($input[LaunchKey_WP_Options::OPTION_SECRET_KEY])) {
$key = md5($input[LaunchKey_WP_Options::OPTION_SECRET_KEY]);
if (empty($this->cache[$key])) {
/**
* Use the rocket key as the IV. If null, use the static value.
* @link https://docs.launchkey.com/glossary.html#term-iv
*/
$iv = empty($output[LaunchKey_WP_Options::OPTION_ROCKET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_ROCKET_KEY];
$this->crypt_aes->setIV($iv);
/**
* Decrypt the Base64 decoded string and set it as the output value
* @link https://docs.launchkey.com/glossary.html#term-base64
*/
$this->cache[$key] = $this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_SECRET_KEY]));
}
$output[LaunchKey_WP_Options::OPTION_SECRET_KEY] = $this->cache[$key];
}
// If the private key attribute is not empty, decrypt it
if (!empty($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY])) {
$key = md5($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY]);
if (empty($this->cache[$key])) {
/**
* Use the decrypted secret key as the IV. If null, use the static value.
* @link https://docs.launchkey.com/glossary.html#term-iv
*/
$iv = empty($output[LaunchKey_WP_Options::OPTION_SECRET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_SECRET_KEY];
$this->crypt_aes->setIV($iv);
/**
* Decrypt the Base64 decoded string and set it as the output value
* @link https://docs.launchkey.com/glossary.html#term-base64
*
* We are suppressing errors as
*/
$this->cache[$key] = @$this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY]));
}
$output[LaunchKey_WP_Options::OPTION_PRIVATE_KEY] = $this->cache[$key];
}
return $output;
}
public function pac_message_receiver()
{
$content = Req::post("content");
if (!isset($content)) {
$this->returnXML("false", "S09", "返回报文为空");
}
$signature = Req::post("data_digest");
if (!isset($signature)) {
$this->returnXML("false", "S09", "返回报文为空");
}
Tiny::log("异步审批结果回执信息【content:" . $content . "】data_digest【" . $signature . "】");
// 测试密钥
$aeskey = base64_decode($this->jkf['aes_key']);
//AES解密,采用ECB模式
$aes = new Crypt_AES(CRYPT_MODE_ECB);
//设置AES密钥
$aes->setKey($aeskey);
//解密AES密文
$plaintext = $aes->decrypt(base64_decode($content));
//测试rsa公钥
$publickey = $this->jkf['public_key'];
$rsa = new Crypt_RSA();
//设置RSA签名模式 CRYPT_RSA_SIGNATURE_PSS or CRYPT_RSA_SIGNATURE_PKCS1
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
//使用RSA公钥验证签名
$rsa->loadKey(base64_decode($publickey));
//签名通过
if ($rsa->verify($plaintext, base64_decode($signature))) {
$contentXML = simplexml_load_string($plaintext);
$businessType = (string) $contentXML->head->businessType;
$model = new GatewayModel();
if ($businessType == "RESULT") {
$model->insertResult($contentXML, "1");
} else {
if ($businessType == "PRODUCT_RECORD") {
$model->insertExamineResult($contentXML);
}
}
$this->returnXML();
} else {
$this->returnXML("false", "S02", "非法的数字签名");
}
}
/**
* Decryption using blowfish algorithm (mcrypt)
* or phpseclib's AES if mcrypt not available
*
* @param string $encdata encrypted data
* @param string $secret the secret
*
* @return string original data
*/
public function blowfishDecrypt($encdata, $secret)
{
global $iv;
if (!function_exists('mcrypt_encrypt')) {
include_once "./libraries/phpseclib/Crypt/AES.php";
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKey($secret);
return $cipher->decrypt(base64_decode($encdata));
} else {
$data = base64_decode($encdata);
$decrypted = mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv);
return trim($decrypted);
}
}
/**
* Decryption using blowfish algorithm (mcrypt)
* or phpseclib's AES if mcrypt not available
*
* @param string $encdata encrypted data
* @param string $secret the secret
*
* @return string original data
*/
public function blowfishDecrypt($encdata, $secret)
{
if (is_null($this->_blowfish_iv)) {
$this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true);
}
if (!function_exists('mcrypt_encrypt')) {
include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php';
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKey($secret);
return $cipher->decrypt(base64_decode($encdata));
} else {
$data = base64_decode($encdata);
$decrypted = mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $this->_blowfish_iv);
return trim($decrypted);
}
}
/**
* Decrypt the given AES ciphertext
*
* The mode is CBC, the key is derived using pbkdf2
*
* @param string $ciphertext The encrypted data
* @param string $secret The secret/password that shall be used
* @return string The decrypted data
*/
function auth_decrypt($ciphertext, $secret)
{
$iv = substr($ciphertext, 0, 16);
$cipher = new Crypt_AES();
$cipher->setPassword($secret);
$cipher->setIV($iv);
return $cipher->decrypt(substr($ciphertext, 16));
}
$oldPassphrase = 'isEmpty = TRUE;';
$newPassphrase = hash('sha512', md5(str_shuffle(time())));
if (is_writable("../.ssh/passphrase")) {
$handle = fopen('../.ssh/passphrase', 'w');
fwrite($handle, $newPassphrase);
fclose($handle);
}
//---------------------------------------------------------+
require_once "../libs/phpseclib/Crypt/AES.php";
$aes = new Crypt_AES();
$aes->setKeyLength(256);
//---------------------------------------------------------+
$boxes = mysql_query("SELECT `boxid`, `password` FROM `" . DBPREFIX . "box`");
while ($rowsBoxes = mysql_fetch_assoc($boxes)) {
$aes->setKey($oldPassphrase);
$password = $aes->decrypt($rowsBoxes['password']);
$aes->setKey($newPassphrase);
$password = $aes->encrypt($password);
query_basic("UPDATE `" . DBPREFIX . "box` SET `password` = '" . mysql_real_escape_string($password) . "' WHERE `boxid` = '" . $rowsBoxes['boxid'] . "'");
unset($password);
}
unset($boxes);
}
unset($line);
//---------------------------------------------------------+
//Updating structure for table "log"
query_basic("ALTER TABLE `" . DBPREFIX . "log` ADD `scriptid` int(8) UNSIGNED NULL");
//---------------------------------------------------------+
//Updating structure for table "script"
query_basic("ALTER TABLE `" . DBPREFIX . "script` CHANGE `daemon` `type` int(1) NOT NULL ");
//Updating data for table "config"
function mmb_parse_request()
{
global $mmb_core, $wp_db_version, $_wp_using_ext_object_cache, $_mwp_data, $_mwp_auth;
$_wp_using_ext_object_cache = false;
@set_time_limit(1200);
if (isset($_mwp_data['setting'])) {
if (array_key_exists("dataown", $_mwp_data['setting'])) {
$oldconfiguration = array("dataown" => $_mwp_data['setting']['dataown']);
$mmb_core->save_options($oldconfiguration);
unset($_mwp_data['setting']['dataown']);
}
$configurationService = new MWP_Configuration_Service();
$configuration = new MWP_Configuration_Conf($_mwp_data['setting']);
$configurationService->saveConfiguration($configuration);
}
if ($_mwp_data['action'] === 'add_site') {
mmb_add_site($_mwp_data['params']);
mmb_response('You should never see this.', false);
}
/* in case database upgrade required, do database backup and perform upgrade ( wordpress wp_upgrade() function ) */
if (strlen(trim($wp_db_version)) && !defined('ACX_PLUGIN_DIR')) {
if (get_option('db_version') != $wp_db_version) {
/* in multisite network, please update database manualy */
if (!is_multisite()) {
if (!function_exists('wp_upgrade')) {
include_once ABSPATH . 'wp-admin/includes/upgrade.php';
}
ob_clean();
@wp_upgrade();
@do_action('after_db_upgrade');
ob_end_clean();
}
}
}
if (isset($_mwp_data['params']['secure'])) {
if (is_array($_mwp_data['params']['secure'])) {
$secureParams = $_mwp_data['params']['secure'];
foreach ($secureParams as $key => $value) {
$secureParams[$key] = base64_decode($value);
}
$_mwp_data['params']['secure'] = $secureParams;
} else {
$_mwp_data['params']['secure'] = base64_decode($_mwp_data['params']['secure']);
}
if ($decrypted = $mmb_core->_secure_data($_mwp_data['params']['secure'])) {
$decrypted = maybe_unserialize($decrypted);
if (is_array($decrypted)) {
foreach ($decrypted as $key => $val) {
if (!is_numeric($key)) {
$_mwp_data['params'][$key] = $val;
}
}
unset($_mwp_data['params']['secure']);
} else {
$_mwp_data['params']['secure'] = $decrypted;
}
}
if (!$decrypted && $mmb_core->get_random_signature() !== false) {
require_once dirname(__FILE__) . '/src/PHPSecLib/Crypt/AES.php';
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKey($mmb_core->get_random_signature());
$decrypted = $cipher->decrypt($_mwp_data['params']['secure']);
$_mwp_data['params']['account_info'] = json_decode($decrypted, true);
}
}
$logData = array('action' => $_mwp_data['action'], 'action_parameters' => $_mwp_data['params'], 'action_settings' => $_mwp_data['setting']);
if (!empty($_mwp_data['setting'])) {
$logData['settings'] = $_mwp_data['setting'];
}
mwp_logger()->debug('Master request: "{action}"', $logData);
}
public function decrypt_data($input_str, $key = SEC_STR)
{
$aes = new Crypt_AES();
$aes->setKey($key);
return $aes->decrypt($input_str);
}
function getPassword($pwd = null, $iv_field = "iv")
{
if (is_null($pwd)) {
$pwd = $this->password;
if (!$this->password) {
return "";
}
}
try {
$master_key_filepath = CAppUI::conf("master_key_filepath");
$master_key_filepath = rtrim($master_key_filepath, "/");
if (CExchangeSource::checkMasterKeyFile($master_key_filepath)) {
CAppUI::requireLibraryFile("phpseclib/phpseclib/Crypt/AES");
CAppUI::requireLibraryFile("phpseclib/phpseclib/Crypt/Random");
$cipher = new Crypt_AES(CRYPT_AES_MODE_CTR);
$cipher->setKeyLength(256);
$keyAB = file($master_key_filepath . "/.mediboard.key");
if (count($keyAB) == 2) {
$cipher->setKey($keyAB[0] . $keyAB[1]);
$ivToUse = $this->{$iv_field};
if (!$ivToUse) {
$clear = $pwd;
$this->store();
return $clear;
}
$cipher->setIV($ivToUse);
$decrypted = rtrim(base64_decode($pwd), "");
$decrypted = $cipher->decrypt($decrypted);
if ($decrypted) {
return $decrypted;
}
}
}
} catch (Exception $e) {
return $pwd;
}
return $pwd;
}
static function ExtractDataPacket($data, $key, $options = array())
{
$data = (string) $data;
if (!isset($options["mode"])) {
$options["mode"] = "ECB";
}
if ($options["mode"] != "ECB" && (!isset($options["iv"]) || $options["iv"] == "")) {
return false;
}
if (isset($options["key2"])) {
$options2 = $options;
if (isset($options["iv2"])) {
$options["iv"] = $options["iv2"];
} else {
unset($options["iv"]);
}
if (self::IsMcryptAvailable()) {
$data = self::McryptDecrypt($data, $options["key2"], $options);
} else {
if (class_exists("Crypt_AES")) {
$aes = new Crypt_AES($options["mode"] == "CBC" ? CRYPT_AES_MODE_CBC : CRYPT_AES_MODE_ECB);
$aes->setKey($options["key2"]);
if (isset($options["iv"])) {
$aes->setIV($options["iv"]);
}
$aes->disablePadding();
$data = $aes->decrypt($data);
} else {
return false;
}
}
$data = substr($data, 1) . substr($data, 0, 1);
$options = $options2;
}
if (self::IsMcryptAvailable()) {
$data = self::McryptDecrypt($data, $key, $options);
} else {
if (class_exists("Crypt_AES")) {
$aes = new Crypt_AES($options["mode"] == "CBC" ? CRYPT_AES_MODE_CBC : CRYPT_AES_MODE_ECB);
$aes->setKey($key);
if (isset($options["iv"])) {
$aes->setIV($options["iv"]);
}
$aes->disablePadding();
$data = $aes->decrypt($data);
} else {
return false;
}
}
if ($data === false) {
return false;
}
$pos = strpos($data, "\n");
if ($pos === false) {
return false;
}
$data = substr($data, $pos + 1);
$pos = strpos($data, "\n");
if ($pos === false) {
return false;
}
$check = substr($data, 0, $pos);
$data = substr($data, $pos + 1);
$pos = strrpos($data, "\n");
if ($pos === false) {
return false;
}
$data = substr($data, 0, $pos);
if (!isset($options["lightweight"]) || !$options["lightweight"]) {
if ($check !== strtolower(sha1($data))) {
return false;
}
} else {
if ($check !== strtolower(dechex(crc32($data)))) {
return false;
}
}
return $data;
}
/**
* Decrypt Session Credentials
*
* @param none
* @return array
* @access private
*/
private function decryptSessionCredentials()
{
if (!empty($this->session) && array_key_exists('CREDENTIALS', $this->session)) {
switch (CONF_SEC_SESSION_METHOD) {
case 'aes256':
default:
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKeyLength(256);
$cipher->setKey($this->session_key);
$credentials = unserialize($cipher->decrypt($this->session['CREDENTIALS']));
break;
}
return $credentials;
}
return array();
}
global $backupjobs;
foreach ($backupjobs as $backupjob) {
if ($backupjob['id'] == $jobid) {
return $backupjob;
}
}
return false;
}
$backup = GetBackupDetails($_REQUEST['id']);
$backupjob = GetJobDetails($backup['id']);
header('Content-Disposition: attachment; filename="' . basename($_REQUEST['id']) . '"');
set_include_path($config['path'] . '/libs/phpseclib');
include 'Crypt/AES.php';
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKey($backupjob['encryptionkey']);
echo $cipher->decrypt(file_get_contents($config['path'] . '/files/' . $_REQUEST['id']));
logevent('User ' . $_SESSION['user'] . ' downloaded decrypted backup ' . $_REQUEST['id'], 'activity');
} else {
echo 'File not found';
}
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'backupdelete' && isset($_REQUEST['id'])) {
checkacl('deleteb');
if (file_exists($config['path'] . '/files/' . $_REQUEST['id'])) {
if (unlink($config['path'] . '/files/' . $_REQUEST['id'])) {
$backups = json_decode(file_get_contents($config['path'] . '/db/db-backups.json'), true);
foreach ($backups as $key => $backup) {
if ($backup['file'] == $_REQUEST['id']) {
unset($backups[$key]);
}
}
file_put_contents($config['path'] . '/db/db-backups.json', json_encode($backups));
function Encrypt($Cipher, $Val = false)
{
require_once "Crypt/AES.php";
$Cond = new Crypt_AES();
$Cond->setKey(AESKEY);
if ($Val) {
return $Cond->decrypt($Cipher);
} else {
return $Cond->encrypt($Cipher);
}
}
/**
* Decrypt data using Phorum's secret key.
* This is used to decrypt data that was encrypted by the
* {@link spamhurdles_encrypt()} function.
*
* @param $data
* The data to decrypt.
*
* @return mixed
* The decrypted data. This can be array data, if the original
* data that was passed to {@link spamhurdles_encrypt()} was an array.
*/
function spamhurdles_decrypt($data)
{
global $PHORUM;
$aes = new Crypt_AES();
$aes->setKey($PHORUM['private_key']);
// Don't splash decrypting and unpacking warnings all over the browser.
$decrypted = @$aes->decrypt(base64_decode($data));
$unpacked = @unserialize($decrypted);
if ($decrypted === FALSE || $unpacked === FALSE) {
trigger_error('Cannot decrypt the spam hurdles data. ' . 'This probably means that somebody or something tampered with ' . 'the crypted spam hurdles data string that was sent to the server.', E_USER_ERROR);
}
return $unpacked;
}
require "../configuration.php";
require "./include.php";
require_once "../includes/func.ssh2.inc.php";
require_once "../libs/phpseclib/Crypt/AES.php";
require_once "../libs/gameinstaller/gameinstaller.php";
$title = T_('Box Game File Repositories');
if (query_numrows("SELECT `name` FROM `" . DBPREFIX . "box` WHERE `boxid` = '" . $boxid . "'") == 0) {
exit('Error: BoxID is invalid.');
}
$rows = query_fetch_assoc("SELECT * FROM `" . DBPREFIX . "box` WHERE `boxid` = '" . $boxid . "' LIMIT 1");
$games = mysql_query("SELECT * FROM `" . DBPREFIX . "game` ORDER BY `game`");
$aes = new Crypt_AES();
$aes->setKeyLength(256);
$aes->setKey(CRYPT_KEY);
// Get SSH2 Object OR ERROR String
$ssh = newNetSSH2($rows['ip'], $rows['sshport'], $rows['login'], $aes->decrypt($rows['password']));
if (!is_object($ssh)) {
$_SESSION['msg1'] = T_('Connection Error!');
$_SESSION['msg2'] = $ssh;
$_SESSION['msg-type'] = 'error';
}
$gameInstaller = new GameInstaller($ssh);
include "./bootstrap/header.php";
/**
* Notifications
*/
include "./bootstrap/notifications.php";
?>
<ul class="nav nav-tabs">
<li><a href="boxsummary.php?id=<?php
echo $boxid;
/**
* Decryption using openssl's AES or phpseclib's AES
* (phpseclib uses mcrypt when it is available)
*
* @param string $encdata encrypted data
* @param string $secret the secret
*
* @return string original data
*/
public function cookieDecrypt($encdata, $secret)
{
if (is_null($this->_cookie_iv)) {
$this->_cookie_iv = base64_decode($_COOKIE['pma_iv-' . $GLOBALS['server']], true);
}
if (strlen($this->_cookie_iv) < $this->getIVSize()) {
$this->createIV();
}
if ($this->_useOpenSSL()) {
return openssl_decrypt($encdata, 'AES-128-CBC', $secret, 0, $this->_cookie_iv);
} else {
$cipher = new Crypt_AES(CRYPT_AES_MODE_CBC);
$cipher->setIV($this->_cookie_iv);
$cipher->setKey($secret);
return $cipher->decrypt(base64_decode($encdata));
}
}
/**
* Break a public or private key down into its constituant components
*
* @access private
* @see _convertPublicKey()
* @see _convertPrivateKey()
* @param String $key
* @param Integer $type
* @return Array
*/
function _parseKey($key, $type)
{
if ($type != CRYPT_RSA_PUBLIC_FORMAT_RAW && !is_string($key)) {
return false;
}
switch ($type) {
case CRYPT_RSA_PUBLIC_FORMAT_RAW:
if (!is_array($key)) {
return false;
}
$components = array();
switch (true) {
case isset($key['e']):
$components['publicExponent'] = $key['e']->copy();
break;
case isset($key['exponent']):
$components['publicExponent'] = $key['exponent']->copy();
break;
case isset($key['publicExponent']):
$components['publicExponent'] = $key['publicExponent']->copy();
break;
case isset($key[0]):
$components['publicExponent'] = $key[0]->copy();
}
switch (true) {
case isset($key['n']):
$components['modulus'] = $key['n']->copy();
break;
case isset($key['modulo']):
$components['modulus'] = $key['modulo']->copy();
break;
case isset($key['modulus']):
$components['modulus'] = $key['modulus']->copy();
break;
case isset($key[1]):
$components['modulus'] = $key[1]->copy();
}
return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false;
case CRYPT_RSA_PRIVATE_FORMAT_PKCS1:
case CRYPT_RSA_PUBLIC_FORMAT_PKCS1:
/* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is
"outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to
protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding
two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here:
http://tools.ietf.org/html/rfc1421#section-4.6.1.1
http://tools.ietf.org/html/rfc1421#section-4.6.1.3
DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell.
DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation
function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's
own implementation. ie. the implementation *is* the standard and any bugs that may exist in that
implementation are part of the standard, as well.
* OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */
if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) {
$iv = pack('H*', trim($matches[2]));
$symkey = pack('H*', md5($this->password . substr($iv, 0, 8)));
// symkey is short for symmetric key
$symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
$ciphertext = preg_replace('#.+(\\r|\\n|\\r\\n)\\1|[\\r\\n]|-.+-| #s', '', $key);
$ciphertext = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false;
if ($ciphertext === false) {
$ciphertext = $key;
}
switch ($matches[1]) {
case 'AES-128-CBC':
if (!class_exists('Crypt_AES')) {
require_once 'Crypt/AES.php';
}
$symkey = substr($symkey, 0, 16);
$crypto = new Crypt_AES();
break;
case 'DES-EDE3-CFB':
if (!class_exists('Crypt_TripleDES')) {
require_once 'Crypt/TripleDES.php';
}
$crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
break;
case 'DES-EDE3-CBC':
if (!class_exists('Crypt_TripleDES')) {
require_once 'Crypt/TripleDES.php';
}
$crypto = new Crypt_TripleDES();
break;
case 'DES-CBC':
if (!class_exists('Crypt_DES')) {
require_once 'Crypt/DES.php';
}
$crypto = new Crypt_DES();
break;
default:
return false;
}
$crypto->setKey($symkey);
$crypto->setIV($iv);
$decoded = $crypto->decrypt($ciphertext);
} else {
$decoded = preg_replace('#-.+-|[\\r\\n]| #', '', $key);
$decoded = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false;
}
if ($decoded !== false) {
$key = $decoded;
}
$components = array();
if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) {
return false;
}
if ($this->_decodeLength($key) != strlen($key)) {
return false;
}
$tag = ord($this->_string_shift($key));
/* intended for keys for which OpenSSL's asn1parse returns the following:
0:d=0 hl=4 l= 631 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l= 609 prim: OCTET STRING */
if ($tag == CRYPT_RSA_ASN1_INTEGER && substr($key, 0, 3) == "0") {
$this->_string_shift($key, 3);
$tag = CRYPT_RSA_ASN1_SEQUENCE;
}
if ($tag == CRYPT_RSA_ASN1_SEQUENCE) {
/* intended for keys for which OpenSSL's asn1parse returns the following:
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING */
$this->_string_shift($key, $this->_decodeLength($key));
$tag = ord($this->_string_shift($key));
// skip over the BIT STRING / OCTET STRING tag
$this->_decodeLength($key);
// skip over the BIT STRING / OCTET STRING length
// "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of
// unused bits in the final subsequent octet. The number shall be in the range zero to seven."
// -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2)
if ($tag == CRYPT_RSA_ASN1_BITSTRING) {
$this->_string_shift($key);
}
if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) {
return false;
}
if ($this->_decodeLength($key) != strlen($key)) {
return false;
}
$tag = ord($this->_string_shift($key));
}
if ($tag != CRYPT_RSA_ASN1_INTEGER) {
return false;
}
$length = $this->_decodeLength($key);
$temp = $this->_string_shift($key, $length);
if (strlen($temp) != 1 || ord($temp) > 2) {
$components['modulus'] = new Math_BigInteger($temp, 256);
$this->_string_shift($key);
// skip over CRYPT_RSA_ASN1_INTEGER
$length = $this->_decodeLength($key);
$components[$type == CRYPT_RSA_PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
return $components;
}
if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_INTEGER) {
return false;
}
$length = $this->_decodeLength($key);
$components['modulus'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['publicExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256));
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['exponents'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256));
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($key, $length), 256));
if (!empty($key)) {
if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) {
return false;
}
$this->_decodeLength($key);
while (!empty($key)) {
if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) {
return false;
}
$this->_decodeLength($key);
$key = substr($key, 1);
$length = $this->_decodeLength($key);
$components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
$this->_string_shift($key);
$length = $this->_decodeLength($key);
$components['coefficients'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
}
}
return $components;
case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH:
$key = base64_decode(preg_replace('#^ssh-rsa | .+$#', '', $key));
if ($key === false) {
return false;
}
$cleanup = substr($key, 0, 11) == "ssh-rsa";
if (strlen($key) <= 4) {
return false;
}
extract(unpack('Nlength', $this->_string_shift($key, 4)));
$publicExponent = new Math_BigInteger($this->_string_shift($key, $length), -256);
if (strlen($key) <= 4) {
return false;
}
extract(unpack('Nlength', $this->_string_shift($key, 4)));
$modulus = new Math_BigInteger($this->_string_shift($key, $length), -256);
if ($cleanup && strlen($key)) {
if (strlen($key) <= 4) {
return false;
}
extract(unpack('Nlength', $this->_string_shift($key, 4)));
$realModulus = new Math_BigInteger($this->_string_shift($key, $length), -256);
return strlen($key) ? false : array('modulus' => $realModulus, 'publicExponent' => $modulus);
} else {
return strlen($key) ? false : array('modulus' => $modulus, 'publicExponent' => $publicExponent);
}
// http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
// http://en.wikipedia.org/wiki/XML_Signature
// http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
// http://en.wikipedia.org/wiki/XML_Signature
case CRYPT_RSA_PRIVATE_FORMAT_XML:
case CRYPT_RSA_PUBLIC_FORMAT_XML:
$this->components = array();
$xml = xml_parser_create('UTF-8');
xml_set_object($xml, $this);
xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler');
xml_set_character_data_handler($xml, '_data_handler');
if (!xml_parse($xml, $key)) {
return false;
}
return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false;
// from PuTTY's SSHPUBK.C
// from PuTTY's SSHPUBK.C
case CRYPT_RSA_PRIVATE_FORMAT_PUTTY:
$components = array();
$key = preg_split('#\\r\\n|\\r|\\n#', $key);
$type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0]));
if ($type != 'ssh-rsa') {
return false;
}
$encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
$publicLength = trim(preg_replace('#Public-Lines: (\\d+)#', '$1', $key[3]));
$public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
$public = substr($public, 11);
extract(unpack('Nlength', $this->_string_shift($public, 4)));
$components['publicExponent'] = new Math_BigInteger($this->_string_shift($public, $length), -256);
extract(unpack('Nlength', $this->_string_shift($public, 4)));
$components['modulus'] = new Math_BigInteger($this->_string_shift($public, $length), -256);
$privateLength = trim(preg_replace('#Private-Lines: (\\d+)#', '$1', $key[$publicLength + 4]));
$private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
switch ($encryption) {
case 'aes256-cbc':
if (!class_exists('Crypt_AES')) {
require_once 'Crypt/AES.php';
}
$symkey = '';
$sequence = 0;
while (strlen($symkey) < 32) {
$temp = pack('Na*', $sequence++, $this->password);
$symkey .= pack('H*', sha1($temp));
}
$symkey = substr($symkey, 0, 32);
$crypto = new Crypt_AES();
}
if ($encryption != 'none') {
$crypto->setKey($symkey);
$crypto->disablePadding();
$private = $crypto->decrypt($private);
if ($private === false) {
return false;
}
}
extract(unpack('Nlength', $this->_string_shift($private, 4)));
if (strlen($private) < $length) {
return false;
}
$components['privateExponent'] = new Math_BigInteger($this->_string_shift($private, $length), -256);
extract(unpack('Nlength', $this->_string_shift($private, 4)));
if (strlen($private) < $length) {
return false;
}
$components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($private, $length), -256));
extract(unpack('Nlength', $this->_string_shift($private, 4)));
if (strlen($private) < $length) {
return false;
}
$components['primes'][] = new Math_BigInteger($this->_string_shift($private, $length), -256);
$temp = $components['primes'][1]->subtract($this->one);
$components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp));
$temp = $components['primes'][2]->subtract($this->one);
$components['exponents'][] = $components['publicExponent']->modInverse($temp);
extract(unpack('Nlength', $this->_string_shift($private, 4)));
if (strlen($private) < $length) {
return false;
}
$components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($private, $length), -256));
return $components;
}
}
// загружаем сами тр-ии
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'data=' . urlencode($encrypted_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$encrypted_tx_set = curl_exec($ch);
curl_close($ch);
debug_print('$encrypted_tx_set=' . $encrypted_tx_set, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__);
debug_print('$my_key=' . $my_key, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__);
$aes = new Crypt_AES();
$aes->setKey($my_key);
// теперь в $binary_tx будут обычные тр-ии
$binary_tx = $aes->decrypt($encrypted_tx_set);
unset($aes);
debug_print('$binary_tx=' . $binary_tx, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__);
// разберем полученные тр-ии
do {
$tx_size = ParseData::decode_length($binary_tx);
$tx_binary_data = ParseData::string_shift($binary_tx, $tx_size);
debug_print('$tx_binary_data=' . $tx_binary_data, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__);
list(, $tx_hex) = unpack("H*", $tx_binary_data);
if (!$tx_binary_data) {
continue;
}
// проверим размер
if (strlen($tx_binary_data) > $variables['max_tx_size']) {
debug_print('strlen($binary_tx) > $variables[max_tx_size]', __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__);
die("error tx size");
<?php
$rootPath = realpath(__DIR__ . '/../');
set_include_path(get_include_path() . PATH_SEPARATOR . $rootPath . '/source/php/libs/phpseclib/');
include 'Crypt/AES.php';
$plaintext = 'This is the plain text to encrypt';
$aes = new Crypt_AES();
$aes->setKey('abcdefghijklmnop');
$ciphertext = $aes->encrypt($plaintext);
echo $aes->decrypt($ciphertext);
function decryptFile($filename, $key)
{
include_once CL_ROOT . "/include/phpseclib/Crypt/AES.php";
$cipher = new Crypt_AES();
// could use CRYPT_AES_MODE_CBC
$cipher->setPassword($key);
$ciphertext = file_get_contents($filename);
//echo $cipher->decrypt($cipher->encrypt($plaintext));
return $cipher->decrypt($ciphertext);
}
