/** * Chunk here is an encrypted piece of file * until delimiter. * * @see PMF_Attachment_Filesystem_File#getChunk() */ public function getChunk() { $readEnd = false; $chunk = ''; $chunkDelimLen = strlen(self::chunkDelimiter); while (!$readEnd && !$this->eof()) { $chunk .= fread($this->handle, 1); $readEnd = self::chunkDelimiter == substr($chunk, -$chunkDelimLen); } $chunk = substr($chunk, 0, -$chunkDelimLen); return empty($chunk) ? '' : $this->aes->decrypt($chunk); }
/** * Get the specified cookie * * @param string $cookie Cookie's name * @param mixed $default Default value if the specified cookie does not exists * @return mixed */ public function get($cookie, $default = null) { if (isset($_COOKIE[$cookie])) { $raw = $this->decryptCookie($_COOKIE[$cookie]); $value = $this->cipher->decrypt($raw['value']); $hash = $this->cipher->decrypt($raw['hash']); if ($this->cipher->match($value, $hash)) { return $value; } } return $default; }
/** * Decrypts an encrypted string * * The value was padded with NUL characters when encrypted. You may * need to trim the result or cast its type. * * @param string $cipherText the binary string to decrypt * @return string|PEAR_Error Returns plain text on success, PEAR_Error on failure * @access public */ function decrypt($cipherText) { return $this->_crypt->decrypt($cipherText); }
/** * Gets Binary Packets * * See '6. Binary Packet Protocol' of rfc4253 for more info. * * @see \phpseclib\Net\SSH2::_send_binary_packet() * @return string * @throws \RuntimeException on connection errors * @access private */ function _get_binary_packet() { if (!is_resource($this->fsock) || feof($this->fsock)) { $this->bitmap = 0; throw new \RuntimeException('Connection closed prematurely'); } $start = microtime(true); $raw = fread($this->fsock, $this->decrypt_block_size); if (!strlen($raw)) { return ''; } if ($this->decrypt !== false) { $raw = $this->decrypt->decrypt($raw); } if ($raw === false) { throw new \RuntimeException('Unable to decrypt content'); } extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5))); $remaining_length = $packet_length + 4 - $this->decrypt_block_size; // quoting <http://tools.ietf.org/html/rfc4253#section-6.1>, // "implementations SHOULD check that the packet length is reasonable" // PuTTY uses 0x9000 as the actual max packet size and so to shall we if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) { throw new \RuntimeException('Invalid size'); } $buffer = ''; while ($remaining_length > 0) { $temp = fread($this->fsock, $remaining_length); if ($temp === false || feof($this->fsock)) { $this->bitmap = 0; throw new \RuntimeException('Error reading from socket'); } $buffer .= $temp; $remaining_length -= strlen($temp); } $stop = microtime(true); if (strlen($buffer)) { $raw .= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer; } $payload = $this->_string_shift($raw, $packet_length - $padding_length - 1); $padding = $this->_string_shift($raw, $padding_length); // should leave $raw empty if ($this->hmac_check !== false) { $hmac = fread($this->fsock, $this->hmac_size); if ($hmac === false || strlen($hmac) != $this->hmac_size) { $this->bitmap = 0; throw new \RuntimeException('Error reading socket'); } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) { throw new \RuntimeException('Invalid HMAC'); } } //if ($this->decompress) { // $payload = gzinflate(substr($payload, 2)); //} $this->get_seq_no++; if (defined('NET_SSH2_LOGGING')) { $current = microtime(true); $message_number = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN (' . ord($payload[0]) . ')'; $message_number = '<- ' . $message_number . ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)'; $this->_append_log($message_number, $payload); $this->last_packet = $current; } return $this->_filter($payload); }
/** * Gets Binary Packets * * See 'The Binary Packet Protocol' of protocol-1.5.txt for more info. * * Also, this function could be improved upon by adding detection for the following exploit: * http://www.securiteam.com/securitynews/5LP042K3FY.html * * @see self::_send_binary_packet() * @return array * @access private */ function _get_binary_packet() { if (feof($this->fsock)) { //user_error('connection closed prematurely'); return false; } if ($this->curTimeout) { $read = array($this->fsock); $write = $except = null; $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 $sec = floor($this->curTimeout); $usec = 1000000 * ($this->curTimeout - $sec); // on windows this returns a "Warning: Invalid CRT parameters detected" error if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) { //$this->_disconnect('Timeout'); return true; } $elapsed = strtok(microtime(), ' ') + strtok('') - $start; $this->curTimeout -= $elapsed; } $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 $temp = unpack('Nlength', fread($this->fsock, 4)); $padding_length = 8 - ($temp['length'] & 7); $length = $temp['length'] + $padding_length; $raw = ''; while ($length > 0) { $temp = fread($this->fsock, $length); $raw .= $temp; $length -= strlen($temp); } $stop = strtok(microtime(), ' ') + strtok(''); if (strlen($raw) && $this->crypto !== false) { $raw = $this->crypto->decrypt($raw); } $padding = substr($raw, 0, $padding_length); $type = $raw[$padding_length]; $data = substr($raw, $padding_length + 1, -4); $temp = unpack('Ncrc', substr($raw, -4)); //if ( $temp['crc'] != $this->_crc($padding . $type . $data) ) { // user_error('Bad CRC in packet from server'); // return false; //} $type = ord($type); if (defined('NET_SSH1_LOGGING')) { $temp = isset($this->protocol_flags[$type]) ? $this->protocol_flags[$type] : 'UNKNOWN'; $temp = '<- ' . $temp . ' (' . round($stop - $start, 4) . 's)'; $this->_append_log($temp, $data); } return array(self::RESPONSE_TYPE => $type, self::RESPONSE_DATA => $data); }
/** * Login process with remember data * * @return bool|array */ protected static function loginFromRemember() { $rememberConf = static::$constants->remember; if ($rememberConf['enabled'] === true) { $cookieName = $rememberConf['cookieName']; if (static::$cooker->has($cookieName)) { $userData = static::$crypt->decrypt(static::$cooker->get($cookieName), static::$constants->secret); $userDataArr = json_decode($userData, true); if (!json_last_error() && isset($userDataArr[$rememberConf['field']])) { $token = $userDataArr[$rememberConf['field']]; $tokenDecrypted = static::$crypt->decrypt($token, static::$constants->secret); if (intval($tokenDecrypted) >= static::currentTime()) { static::setRemember($userDataArr); static::$user = static::resolveDbResult($userDataArr); $result = static::setUserRepository(static::$user); return $result; } } } } return false; }
/** * Called when applying the filter * * This method is called whenever data is read from or written to the attached stream * (such as with fread() or fwrite()). * * @param resource $in * @param resource $out * @param int $consumed * @param bool $closing * @link http://php.net/manual/en/php-user-filter.filter.php * @return int * @access public */ function filter($in, $out, &$consumed, $closing) { $newlen = 0; $block_mode = $this->cipher->mode == Base::MODE_CBC || $this->cipher->mode == Base::MODE_ECB; while ($bucket = stream_bucket_make_writeable($in)) { if ($block_mode) { $bucket->data = $this->buffer . $bucket->data; $extra = strlen($bucket->data) % $this->block_length; if ($extra) { $this->buffer = substr($bucket->data, -$extra); $bucket->data = substr($bucket->data, 0, -$extra); } } $bucket->data = $this->op ? $this->cipher->encrypt($bucket->data) : $this->cipher->decrypt($bucket->data); $newlen += strlen($bucket->data); $consumed += $bucket->datalen; stream_bucket_append($out, $bucket); } return $block_mode && $newlen < $this->block_length ? PSFS_FEED_ME : PSFS_PASS_ON; }
/** * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @return string The decrypted data string. */ public function decrypt($data) { return $this->cipher->decrypt($data, $this->key); }
/** * Decrypting data (URL safe) * * @param string $data * @return string or false on error */ public function decrypt($data) { return $this->object->decrypt($data); }
/** * decrypt a string value, optionally with a custom key * * @param string value to decrypt * @param string optional custom key to be used for this encryption * @param int optional key length * @access public * @return string encrypted value */ protected function decode($value, $key = false, $keylength = false) { if (!$key) { $key = static::safe_b64decode($this->config['crypto_key']); // Used for backwards compatibility with encrypted data prior // to FuelPHP 1.7.2, when phpseclib was updated, and became a // bit smarter about figuring out key lengths. $keylength = 128; } if ($keylength) { $this->crypter->setKeyLength($keylength); } $this->crypter->setKey($key); $this->crypter->setIV(static::safe_b64decode($this->config['crypto_iv'])); $value = static::safe_b64decode($value); if ($value = $this->validate_hmac($value)) { return $this->crypter->decrypt($value); } else { return false; } }
/** * Decrypts an encrypted string * * The value was padded with NUL characters when encrypted. You may * need to trim the result or cast its type. * * @param string $cipherText the binary string to decrypt * @return string|PEAR_Error Returns plain text on success, PEAR_Error on failure * @access public */ function decrypt($cipherText) { $result = $this->_crypt->decrypt(base64_decode($cipherText)); return $result; }