/** * Is Libsodium set up correctly? Use this to verify that you can use the * newer versions of Halite correctly. * * @param bool $echo * @return bool */ public static function isLibsodiumSetupCorrectly(bool $echo = false) : bool { // Require libsodium 1.0.9 $major = \Sodium\library_version_major(); $minor = \Sodium\library_version_minor(); if ($major < 9 || $major === 9 && $minor < 2) { if ($echo) { echo 'Halite needs libsodium 1.0.9 or higher. You have: ', \Sodium\version_string(), "\n"; } return false; } // Added in version 1.0.3 of the PHP extension if (!\is_callable('\\Sodium\\crypto_pwhash_str')) { if ($echo) { echo 'Halite needs version 1.0.6 or higher of the PHP extension installed.', "\n"; } return false; } if (!\is_callable('\\Sodium\\crypto_box_seal')) { if ($echo) { echo 'crypto_box_seal() is not available.', "\n"; } return false; } return true; }
public function testSealFail() { if (\Sodium\library_version_major() < 7 || \Sodium\library_version_major() == 7 && \Sodium\library_version_minor() < 5) { $this->markTestSkipped("Your version of libsodium is too old"); } $alice = KeyFactory::generateEncryptionKeyPair(); $message = 'This is for your eyes only'; $sealed = Asymmetric::seal($message, $alice->getPublicKey(), true); // Let's flip one bit, randomly: $r = \Sodium\randombytes_uniform(\mb_strlen($sealed, '8bit')); $amt = 1 << \Sodium\randombytes_uniform(8); $sealed[$r] = \chr(\ord($sealed[$r]) ^ $amt); // This should throw an exception try { $opened = Asymmetric::unseal($sealed, $alice->getSecretKey(), true); $this->assertEquals($opened, $message); $this->fail('This should have thrown an InvalidMessage exception!'); } catch (CryptoException\InvalidKey $e) { $this->assertTrue($e instanceof CryptoException\InvalidKey); } catch (CryptoException\InvalidMessage $e) { $this->assertTrue($e instanceof CryptoException\InvalidMessage); } }
/** * @route help */ public function helpPage() { if ($this->isLoggedIn()) { $this->storeLensVar('showmenu', true); // $cabins = $this->getCabinNamespaces(); // Get debug information. $helpInfo = ['cabins' => [], 'cabin_names' => \array_values($cabins), 'gears' => [], 'universal' => []]; /** * This might reveal "sensitive" information. By default, it's * locked out of non-administrator users. You can grant access to * other users/groups via the Permissions menu. */ if ($this->can('read')) { $state = State::instance(); if (\is_readable(ROOT . '/config/gadgets.json')) { $helpInfo['universal']['gadgets'] = \Airship\loadJSON(ROOT . '/config/gadgets.json'); } if (\is_readable(ROOT . '/config/content_security_policy.json')) { $helpInfo['universal']['content_security_policy'] = \Airship\loadJSON(ROOT . '/config/content_security_policy.json'); } foreach ($cabins as $cabin) { $cabinData = ['config' => \Airship\loadJSON(ROOT . '/Cabin/' . $cabin . '/manifest.json'), 'content_security_policy' => [], 'gadgets' => [], 'motifs' => [], 'user_motifs' => \Airship\LensFunctions\user_motif($this->getActiveUserId(), $cabin)]; $prefix = ROOT . '/Cabin/' . $cabin . '/config/'; if (\is_readable($prefix . 'gadgets.json')) { $cabinData['gadgets'] = \Airship\loadJSON($prefix . 'gadgets.json'); } if (\is_readable($prefix . 'motifs.json')) { $cabinData['motifs'] = \Airship\loadJSON($prefix . 'motifs.json'); } if (\is_readable($prefix . 'content_security_policy.json')) { $cabinData['content_security_policy'] = \Airship\loadJSON($prefix . 'content_security_policy.json'); } $helpInfo['cabins'][$cabin] = $cabinData; } $helpInfo['gears'] = []; foreach ($state->gears as $gear => $latestGear) { $helpInfo['gears'][$gear] = \Airship\get_ancestors($latestGear); } // Only grab data likely to be pertinent to common issues: $keys = ['airship', 'auto-update', 'debug', 'guzzle', 'notary', 'rate-limiting', 'session_config', 'tor-only', 'twig_cache']; $helpInfo['universal']['config'] = \Airship\keySlice($state->universal, $keys); $helpInfo['php'] = ['halite' => Halite::VERSION, 'libsodium' => ['major' => \Sodium\library_version_major(), 'minor' => \Sodium\library_version_minor(), 'version' => \Sodium\version_string()], 'version' => \PHP_VERSION, 'versionid' => \PHP_VERSION_ID]; } $this->lens('help', ['active_link' => 'bridge-link-help', 'airship' => \AIRSHIP_VERSION, 'helpInfo' => $helpInfo]); } else { // Not a registered user? Go read the docs. No info leaks for you! \Airship\redirect('https://github.com/paragonie/airship-docs'); } }
<?php // Libsodium PECL test echo "\nlibsodium major and minor version: "; var_dump([\Sodium\library_version_major(), \Sodium\library_version_minor(), \Sodium\version_string()]); echo "\ncurrent version of the sodium library: "; var_dump([\Sodium\version_string()]); // Libsodium password hashing tests: // https://download.libsodium.org/doc/password_hashing/index.html // https://paragonie.com/book/pecl-libsodium/read/07-password-hashing.md echo "\nCurrent hash keybytes: " . \Sodium\CRYPTO_GENERICHASH_KEYBYTES; echo "\nCurrent salt keybytes: " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES; echo "\nOPSLIMIT: " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE; echo "\nMEMLIMIT (bytes): " . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE; // Predis. A PHP binding for Redis database. echo "\n";