Update dependencies
This commit is contained in:
parent
7b2b9c3315
commit
ab4cdca18a
|
@ -4,7 +4,9 @@
|
|||
"type": "project",
|
||||
"require": {
|
||||
"danog/phpstruct": "^1.1",
|
||||
"phpseclib/phpseclib": "^2.0"
|
||||
"phpseclib/phpseclib": "^2.0",
|
||||
"paragonie/constant_time_encoding": "^2.0",
|
||||
"paragonie/random_compat": "^2.0"
|
||||
},
|
||||
"license": "MIT",
|
||||
"authors": [
|
||||
|
|
113
composer.lock
generated
113
composer.lock
generated
|
@ -4,8 +4,8 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"hash": "f60c705a31a0dc3e563a1cb78ce2bef9",
|
||||
"content-hash": "018ac32ece19a237770fd6102396f9b3",
|
||||
"hash": "bf8a060cc0075e345a7c0e8cc3d99ad5",
|
||||
"content-hash": "2f241cb7dbf8d3d67d17fbead159145b",
|
||||
"packages": [
|
||||
{
|
||||
"name": "danog/phpstruct",
|
||||
|
@ -55,6 +55,115 @@
|
|||
],
|
||||
"time": "2016-07-29 15:13:54"
|
||||
},
|
||||
{
|
||||
"name": "paragonie/constant_time_encoding",
|
||||
"version": "v2.0.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/constant_time_encoding.git",
|
||||
"reference": "e085e08c939de49707dbf64315d178d90fbc708d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/e085e08c939de49707dbf64315d178d90fbc708d",
|
||||
"reference": "e085e08c939de49707dbf64315d178d90fbc708d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"ParagonIE\\ConstantTime\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com",
|
||||
"role": "Maintainer"
|
||||
},
|
||||
{
|
||||
"name": "Steve 'Sc00bz' Thomas",
|
||||
"email": "steve@tobtu.com",
|
||||
"homepage": "https://www.tobtu.com",
|
||||
"role": "Original Developer"
|
||||
}
|
||||
],
|
||||
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
|
||||
"keywords": [
|
||||
"base16",
|
||||
"base32",
|
||||
"base32_decode",
|
||||
"base32_encode",
|
||||
"base64",
|
||||
"base64_decode",
|
||||
"base64_encode",
|
||||
"bin2hex",
|
||||
"encoding",
|
||||
"hex",
|
||||
"hex2bin",
|
||||
"rfc4648"
|
||||
],
|
||||
"time": "2016-07-11 20:32:06"
|
||||
},
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
],
|
||||
"time": "2016-04-03 06:00:07"
|
||||
},
|
||||
{
|
||||
"name": "phpseclib/phpseclib",
|
||||
"version": "2.0.2",
|
||||
|
|
|
@ -93,24 +93,25 @@ class PrimeModule
|
|||
while ($g->equals($one)) {
|
||||
$x = $y;
|
||||
$params = ["y" => $y, "two" => $two, "c" => $c, "one" => $one, "n" => $n];
|
||||
$r->foreach(function ($i, $params) {
|
||||
$r->loopforeach(function ($i, $params) {
|
||||
$params["y"] = $params["y"]->powMod($params["two"], $params["n"])->add($params["c"])->powMod($params["one"], $params["n"]);
|
||||
}, $params);
|
||||
each($params, EXTR_OVERWRITE);
|
||||
each($params);
|
||||
$k = $zero;
|
||||
while ($k->compare($r) == -1 && $g->equals($one)) {
|
||||
$ys = $y;
|
||||
$params = ["x" => $x, "y" => $y, "two" => $two, "c" => $c, "one" => $one, "n" => $n, "q" => $q];
|
||||
$m->min($r->subtract($k))->foreach(function ($i, $params) {
|
||||
$m->min($r->subtract($k))->loopforeach(function ($i, $params) {
|
||||
$params["y"] = $params["y"]->powMod($params["two"], $params["n"])->add($params["c"])->powMod($params["one"], $params["n"]);
|
||||
$params["q"] = $params["q"]->multiply($params["x"]->subtract($params["y"])->abs())->powMod($params["one"], $params["n"]);
|
||||
}, $params);
|
||||
each($params, EXTR_OVERWRITE);
|
||||
each($params);
|
||||
$g = $q->gcd($n);
|
||||
$k = $k->add($m);
|
||||
}
|
||||
$r = $r->multiply($two);
|
||||
}
|
||||
die;
|
||||
if ($g->equals($n)) {
|
||||
while (true) {
|
||||
$ys = $ys->powMod($two, $n)->add($c)->powMod($one, $n);
|
||||
|
|
1
prime.py
1
prime.py
|
@ -67,7 +67,6 @@ def pollard_brent(n):
|
|||
k = 0
|
||||
while k < r and g==1:
|
||||
ys = y
|
||||
print(min(m, r-k))
|
||||
for i in range(min(m, r-k)):
|
||||
y = (pow(y, 2, n) + c) % n
|
||||
q = q * abs(x-y) % n
|
||||
|
|
1
vendor/composer/autoload_files.php
vendored
1
vendor/composer/autoload_files.php
vendored
|
@ -7,4 +7,5 @@ $baseDir = dirname($vendorDir);
|
|||
|
||||
return array(
|
||||
'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
|
||||
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
|
||||
);
|
||||
|
|
1
vendor/composer/autoload_psr4.php
vendored
1
vendor/composer/autoload_psr4.php
vendored
|
@ -7,4 +7,5 @@ $baseDir = dirname($vendorDir);
|
|||
|
||||
return array(
|
||||
'phpseclib\\' => array($vendorDir . '/phpseclib/phpseclib/phpseclib'),
|
||||
'ParagonIE\\ConstantTime\\' => array($vendorDir . '/paragonie/constant_time_encoding/src'),
|
||||
);
|
||||
|
|
9
vendor/composer/autoload_static.php
vendored
9
vendor/composer/autoload_static.php
vendored
|
@ -8,6 +8,7 @@ class ComposerStaticInitbd69ed7fd0aebb6b1ba64b36dad1b458
|
|||
{
|
||||
public static $files = array (
|
||||
'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
|
||||
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
|
||||
);
|
||||
|
||||
public static $prefixLengthsPsr4 = array (
|
||||
|
@ -15,6 +16,10 @@ class ComposerStaticInitbd69ed7fd0aebb6b1ba64b36dad1b458
|
|||
array (
|
||||
'phpseclib\\' => 10,
|
||||
),
|
||||
'P' =>
|
||||
array (
|
||||
'ParagonIE\\ConstantTime\\' => 23,
|
||||
),
|
||||
);
|
||||
|
||||
public static $prefixDirsPsr4 = array (
|
||||
|
@ -22,6 +27,10 @@ class ComposerStaticInitbd69ed7fd0aebb6b1ba64b36dad1b458
|
|||
array (
|
||||
0 => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib',
|
||||
),
|
||||
'ParagonIE\\ConstantTime\\' =>
|
||||
array (
|
||||
0 => __DIR__ . '/..' . '/paragonie/constant_time_encoding/src',
|
||||
),
|
||||
);
|
||||
|
||||
public static $prefixesPsr0 = array (
|
||||
|
|
113
vendor/composer/installed.json
vendored
113
vendor/composer/installed.json
vendored
|
@ -142,5 +142,118 @@
|
|||
"struct",
|
||||
"unpack"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "paragonie/constant_time_encoding",
|
||||
"version": "v2.0.3",
|
||||
"version_normalized": "2.0.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/constant_time_encoding.git",
|
||||
"reference": "e085e08c939de49707dbf64315d178d90fbc708d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/e085e08c939de49707dbf64315d178d90fbc708d",
|
||||
"reference": "e085e08c939de49707dbf64315d178d90fbc708d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"time": "2016-07-11 20:32:06",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"ParagonIE\\ConstantTime\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com",
|
||||
"role": "Maintainer"
|
||||
},
|
||||
{
|
||||
"name": "Steve 'Sc00bz' Thomas",
|
||||
"email": "steve@tobtu.com",
|
||||
"homepage": "https://www.tobtu.com",
|
||||
"role": "Original Developer"
|
||||
}
|
||||
],
|
||||
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
|
||||
"keywords": [
|
||||
"base16",
|
||||
"base32",
|
||||
"base32_decode",
|
||||
"base32_encode",
|
||||
"base64",
|
||||
"base64_decode",
|
||||
"base64_encode",
|
||||
"bin2hex",
|
||||
"encoding",
|
||||
"hex",
|
||||
"hex2bin",
|
||||
"rfc4648"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.2",
|
||||
"version_normalized": "2.0.2.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"time": "2016-04-03 06:00:07",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
2
vendor/paragonie/constant_time_encoding/.gitignore
vendored
Normal file
2
vendor/paragonie/constant_time_encoding/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
.idea/
|
||||
vendor/
|
15
vendor/paragonie/constant_time_encoding/.travis.yml
vendored
Normal file
15
vendor/paragonie/constant_time_encoding/.travis.yml
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
language: php
|
||||
sudo: false
|
||||
|
||||
php:
|
||||
- "7.0"
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
|
||||
install:
|
||||
- composer self-update
|
||||
- composer update
|
||||
|
||||
script:
|
||||
- vendor/bin/phpunit
|
48
vendor/paragonie/constant_time_encoding/LICENSE.txt
vendored
Normal file
48
vendor/paragonie/constant_time_encoding/LICENSE.txt
vendored
Normal file
|
@ -0,0 +1,48 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Paragon Initiative Enterprises
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
This library was based on the work of Steve "Sc00bz" Thomas.
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2014 Steve Thomas
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
75
vendor/paragonie/constant_time_encoding/README.md
vendored
Normal file
75
vendor/paragonie/constant_time_encoding/README.md
vendored
Normal file
|
@ -0,0 +1,75 @@
|
|||
# Constant-Time Encoding
|
||||
|
||||
[![Build Status](https://travis-ci.org/paragonie/constant_time_encoding.svg?branch=master)](https://travis-ci.org/paragonie/constant_time_encoding)
|
||||
|
||||
Based on the [constant-time base64 implementation made by Steve "Sc00bz" Thomas](https://github.com/Sc00bz/ConstTimeEncoding),
|
||||
this library aims to offer character encoding functions that do not leak
|
||||
information about what you are encoding/decoding via processor cache
|
||||
misses. Further reading on [cache-timing attacks](http://blog.ircmaxell.com/2014/11/its-all-about-time.html).
|
||||
|
||||
Our fork offers the following enchancements:
|
||||
|
||||
* `mbstring.func_overload` resistance
|
||||
* Unit tests
|
||||
* Composer- and Packagist-ready
|
||||
* Base16 encoding
|
||||
* Base32 encoding
|
||||
* Uses `pack()` and `unpack()` instead of `chr()` and `ord()`
|
||||
|
||||
## PHP Version Requirements
|
||||
|
||||
Version 2 of this library should work on **PHP 7** or newer. For PHP 5
|
||||
support, see [the v1.x branch](https://github.com/paragonie/constant_time_encoding/tree/v1.x).
|
||||
|
||||
If you are adding this as a dependency to a project intended to work on both PHP 5 and PHP 7, please set the required version to `^1|^2` instead of just `^1` or `^2`.
|
||||
|
||||
## How to Install
|
||||
|
||||
```sh
|
||||
composer require paragonie/constant_time_encoding
|
||||
```
|
||||
|
||||
## How to Use
|
||||
|
||||
```php
|
||||
use \ParagonIE\ConstantTime\Encoding;
|
||||
|
||||
// possibly (if applicable):
|
||||
// require 'vendor/autoload.php';
|
||||
|
||||
$data = random_bytes(32);
|
||||
echo Encoding::base64Encode($data), "\n";
|
||||
echo Encoding::base32EncodeUpper($data), "\n";
|
||||
echo Encoding::base32Encode($data), "\n";
|
||||
echo Encoding::hexEncode($data), "\n";
|
||||
echo Encoding::hexEncodeUpper($data), "\n";
|
||||
```
|
||||
|
||||
Example output:
|
||||
|
||||
```
|
||||
1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
|
||||
2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ====
|
||||
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
|
||||
d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1
|
||||
D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1
|
||||
```
|
||||
|
||||
If you only need a particular variant, you can just reference the
|
||||
required class like so:
|
||||
|
||||
```php
|
||||
use \ParagonIE\ConstantTime\Base64;
|
||||
use \ParagonIE\ConstantTime\Base32;
|
||||
|
||||
$data = random_bytes(32);
|
||||
echo Base64::encode($data), "\n";
|
||||
echo Base32::encode($data), "\n";
|
||||
```
|
||||
|
||||
Example output:
|
||||
|
||||
```
|
||||
1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
|
||||
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
|
||||
```
|
39
vendor/paragonie/constant_time_encoding/composer.json
vendored
Normal file
39
vendor/paragonie/constant_time_encoding/composer.json
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
{
|
||||
"name": "paragonie/constant_time_encoding",
|
||||
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
|
||||
"keywords": [
|
||||
"base64", "encoding", "rfc4648", "base32", "base16", "hex", "bin2hex", "hex2bin", "base64_encode", "base64_decode", "base32_encode", "base32_decode"
|
||||
],
|
||||
"license": "MIT",
|
||||
"type": "library",
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com",
|
||||
"role": "Maintainer"
|
||||
},
|
||||
{
|
||||
"name": "Steve 'Sc00bz' Thomas",
|
||||
"email": "steve@tobtu.com",
|
||||
"homepage": "https://www.tobtu.com",
|
||||
"role": "Original Developer"
|
||||
}
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/paragonie/constant_time_encoding/issues",
|
||||
"email": "info@paragonie.com",
|
||||
"source": "https://github.com/paragonie/constant_time_encoding"
|
||||
},
|
||||
"require": {
|
||||
"php": "^7"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"ParagonIE\\ConstantTime\\": "src/"
|
||||
}
|
||||
}
|
||||
}
|
29
vendor/paragonie/constant_time_encoding/phpunit.xml.dist
vendored
Normal file
29
vendor/paragonie/constant_time_encoding/phpunit.xml.dist
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit backupGlobals="true"
|
||||
backupStaticAttributes="false"
|
||||
bootstrap="vendor/autoload.php"
|
||||
colors="true"
|
||||
convertErrorsToExceptions="true"
|
||||
convertNoticesToExceptions="true"
|
||||
convertWarningsToExceptions="true"
|
||||
processIsolation="false"
|
||||
stopOnError="false"
|
||||
stopOnFailure="false"
|
||||
syntaxCheck="true"
|
||||
>
|
||||
<testsuites>
|
||||
<testsuite name="Unit">
|
||||
<directory>tests</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<testsuites>
|
||||
<testsuite name="Constant Time Encoding Test Suite">
|
||||
<directory suffix="Test.php">./tests</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<filter>
|
||||
<whitelist processUncoveredFilesFromWhitelist="true">
|
||||
<directory suffix=".php">./src</directory>
|
||||
</whitelist>
|
||||
</filter>
|
||||
</phpunit>
|
396
vendor/paragonie/constant_time_encoding/src/Base32.php
vendored
Normal file
396
vendor/paragonie/constant_time_encoding/src/Base32.php
vendored
Normal file
|
@ -0,0 +1,396 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base32
|
||||
* [A-Z][2-7]
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base32 implements EncoderInterface
|
||||
{
|
||||
/**
|
||||
* Decode a Base32-encoded string into raw binary
|
||||
*
|
||||
* @param string $src
|
||||
* @return string
|
||||
*/
|
||||
public static function decode(string $src, bool $strictPadding = false): string
|
||||
{
|
||||
return static::doDecode($src, false, $strictPadding);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decode an uppercase Base32-encoded string into raw binary
|
||||
*
|
||||
* @param string $src
|
||||
* @return string
|
||||
*/
|
||||
public static function decodeUpper(string $src, bool $strictPadding = false): string
|
||||
{
|
||||
return static::doDecode($src, true, $strictPadding);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encode into Base32 (RFC 4648)
|
||||
*
|
||||
* @param string $src
|
||||
* @return string
|
||||
*/
|
||||
public static function encode(string $src): string
|
||||
{
|
||||
return static::doEncode($src, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encode into uppercase Base32 (RFC 4648)
|
||||
*
|
||||
* @param string $src
|
||||
* @return string
|
||||
*/
|
||||
public static function encodeUpper(string $src): string
|
||||
{
|
||||
return static::doEncode($src, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 5-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode5Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 96 && $src < 123) $ret += $src - 97 + 1; // -64
|
||||
$ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 96);
|
||||
|
||||
// if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23
|
||||
$ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 5-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* Uppercase variant.
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode5BitsUpper(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 64 && $src < 91) $ret += $src - 65 + 1; // -64
|
||||
$ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64);
|
||||
|
||||
// if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23
|
||||
$ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 5-bit integers.
|
||||
*
|
||||
* @param $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode5Bits(int $src): string
|
||||
{
|
||||
$diff = 0x61;
|
||||
|
||||
// if ($src > 25) $ret -= 72;
|
||||
$diff -= ((25 - $src) >> 8) & 73;
|
||||
|
||||
return \pack('C', $src + $diff);
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 5-bit integers.
|
||||
*
|
||||
* Uppercase variant.
|
||||
*
|
||||
* @param $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode5BitsUpper(int $src): string
|
||||
{
|
||||
$diff = 0x41;
|
||||
|
||||
// if ($src > 25) $ret -= 40;
|
||||
$diff -= ((25 - $src) >> 8) & 41;
|
||||
|
||||
return \pack('C', $src + $diff);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Base32 decoding
|
||||
*
|
||||
* @param string $src
|
||||
* @param bool $upper
|
||||
* @param bool $strictPadding
|
||||
* @return string
|
||||
*/
|
||||
protected static function doDecode(string $src, bool $upper = false, bool $strictPadding = false): string
|
||||
{
|
||||
// We do this to reduce code duplication:
|
||||
$method = $upper
|
||||
? 'decode5BitsUpper'
|
||||
: 'decode5Bits';
|
||||
|
||||
// Remove padding
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
if ($srcLen === 0) {
|
||||
return '';
|
||||
}
|
||||
if ($strictPadding) {
|
||||
if (($srcLen & 7) === 0) {
|
||||
for ($j = 0; $j < 7; ++$j) {
|
||||
if ($src[$srcLen - 1] === '=') {
|
||||
$srcLen--;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (($srcLen & 7) === 1) {
|
||||
throw new \RangeException(
|
||||
'Incorrect padding'
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$src = \rtrim($src, '=');
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
}
|
||||
|
||||
$err = 0;
|
||||
$dest = '';
|
||||
// Main loop (no padding):
|
||||
for ($i = 0; $i + 8 <= $srcLen; $i += 8) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, 8));
|
||||
$c0 = static::$method($chunk[1]);
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
$c3 = static::$method($chunk[4]);
|
||||
$c4 = static::$method($chunk[5]);
|
||||
$c5 = static::$method($chunk[6]);
|
||||
$c6 = static::$method($chunk[7]);
|
||||
$c7 = static::$method($chunk[8]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CCCCC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
|
||||
(($c3 << 4) | ($c4 >> 1) ) & 0xff,
|
||||
(($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff,
|
||||
(($c6 << 5) | ($c7 ) ) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6 | $c7) >> 8;
|
||||
}
|
||||
// The last chunk, which may have padding:
|
||||
if ($i < $srcLen) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
|
||||
$c0 = static::$method($chunk[1]);
|
||||
|
||||
if ($i + 6 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
$c3 = static::$method($chunk[4]);
|
||||
$c4 = static::$method($chunk[5]);
|
||||
$c5 = static::$method($chunk[6]);
|
||||
$c6 = static::$method($chunk[7]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CCCC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
|
||||
(($c3 << 4) | ($c4 >> 1) ) & 0xff,
|
||||
(($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6) >> 8;
|
||||
} elseif ($i + 5 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
$c3 = static::$method($chunk[4]);
|
||||
$c4 = static::$method($chunk[5]);
|
||||
$c5 = static::$method($chunk[6]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CCCC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
|
||||
(($c3 << 4) | ($c4 >> 1) ) & 0xff,
|
||||
(($c4 << 7) | ($c5 << 2) ) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5) >> 8;
|
||||
} elseif ($i + 4 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
$c3 = static::$method($chunk[4]);
|
||||
$c4 = static::$method($chunk[5]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CCC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
|
||||
(($c3 << 4) | ($c4 >> 1) ) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3 | $c4) >> 8;
|
||||
} elseif ($i + 3 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
$c3 = static::$method($chunk[4]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3) >> 8;
|
||||
} elseif ($i + 2 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
$c2 = static::$method($chunk[3]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CC',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff,
|
||||
(($c1 << 6) | ($c2 << 1) ) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2) >> 8;
|
||||
} elseif ($i + 1 < $srcLen) {
|
||||
$c1 = static::$method($chunk[2]);
|
||||
|
||||
$dest .= \pack(
|
||||
'C',
|
||||
(($c0 << 3) | ($c1 >> 2) ) & 0xff
|
||||
);
|
||||
$err |= ($c0 | $c1) >> 8;
|
||||
} else {
|
||||
$dest .= \pack(
|
||||
'C',
|
||||
(($c0 << 3) ) & 0xff
|
||||
);
|
||||
$err |= ($c0) >> 8;
|
||||
}
|
||||
}
|
||||
if ($err !== 0) {
|
||||
throw new \RangeException(
|
||||
'Base32::doDecode() only expects characters in the correct base32 alphabet'
|
||||
);
|
||||
}
|
||||
return $dest;
|
||||
}
|
||||
|
||||
/**
|
||||
* Base32 Decoding
|
||||
*
|
||||
* @param string $src
|
||||
* @param bool $upper
|
||||
* @return string
|
||||
*/
|
||||
protected static function doEncode(string $src, bool $upper = false): string
|
||||
{
|
||||
// We do this to reduce code duplication:
|
||||
$method = $upper
|
||||
? 'encode5BitsUpper'
|
||||
: 'encode5Bits';
|
||||
|
||||
$dest = '';
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
|
||||
// Main loop (no padding):
|
||||
for ($i = 0; $i + 5 <= $srcLen; $i += 5) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, 5));
|
||||
$b0 = $chunk[1];
|
||||
$b1 = $chunk[2];
|
||||
$b2 = $chunk[3];
|
||||
$b3 = $chunk[4];
|
||||
$b4 = $chunk[5];
|
||||
$dest .=
|
||||
static::$method( ($b0 >> 3) & 31) .
|
||||
static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
|
||||
static::$method((($b1 >> 1) ) & 31) .
|
||||
static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
|
||||
static::$method((($b2 << 1) | ($b3 >> 7)) & 31) .
|
||||
static::$method((($b3 >> 2) ) & 31) .
|
||||
static::$method((($b3 << 3) | ($b4 >> 5)) & 31) .
|
||||
static::$method( $b4 & 31);
|
||||
}
|
||||
// The last chunk, which may have padding:
|
||||
if ($i < $srcLen) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
|
||||
$b0 = $chunk[1];
|
||||
if ($i + 3 < $srcLen) {
|
||||
$b1 = $chunk[2];
|
||||
$b2 = $chunk[3];
|
||||
$b3 = $chunk[4];
|
||||
$dest .=
|
||||
static::$method( ($b0 >> 3) & 31) .
|
||||
static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
|
||||
static::$method((($b1 >> 1) ) & 31) .
|
||||
static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
|
||||
static::$method((($b2 << 1) | ($b3 >> 7)) & 31) .
|
||||
static::$method((($b3 >> 2) ) & 31) .
|
||||
static::$method((($b3 << 3) ) & 31) .
|
||||
'=';
|
||||
} elseif ($i + 2 < $srcLen) {
|
||||
$b1 = $chunk[2];
|
||||
$b2 = $chunk[3];
|
||||
$dest .=
|
||||
static::$method( ($b0 >> 3) & 31) .
|
||||
static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
|
||||
static::$method((($b1 >> 1) ) & 31) .
|
||||
static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
|
||||
static::$method((($b2 << 1) ) & 31) .
|
||||
'===';
|
||||
} elseif ($i + 1 < $srcLen) {
|
||||
$b1 = $chunk[2];
|
||||
$dest .=
|
||||
static::$method( ($b0 >> 3) & 31) .
|
||||
static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
|
||||
static::$method((($b1 >> 1) ) & 31) .
|
||||
static::$method((($b1 << 4) ) & 31) .
|
||||
'====';
|
||||
} else {
|
||||
$dest .=
|
||||
static::$method( ($b0 >> 3) & 31) .
|
||||
static::$method( ($b0 << 2) & 31) .
|
||||
'======';
|
||||
}
|
||||
}
|
||||
return $dest;
|
||||
}
|
||||
}
|
111
vendor/paragonie/constant_time_encoding/src/Base32Hex.php
vendored
Normal file
111
vendor/paragonie/constant_time_encoding/src/Base32Hex.php
vendored
Normal file
|
@ -0,0 +1,111 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base32Hex
|
||||
* [0-9][A-V]
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base32Hex extends Base32
|
||||
{
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 5-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode5Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x30 && $src < 0x3a) ret += $src - 0x2e + 1; // -47
|
||||
$ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src - 47);
|
||||
|
||||
// if ($src > 0x60 && $src < 0x77) ret += $src - 0x61 + 10 + 1; // -86
|
||||
$ret += (((0x60 - $src) & ($src - 0x77)) >> 8) & ($src - 86);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 5-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode5BitsUpper(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x30 && $src < 0x3a) ret += $src - 0x2e + 1; // -47
|
||||
$ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src - 47);
|
||||
|
||||
// if ($src > 0x40 && $src < 0x57) ret += $src - 0x41 + 10 + 1; // -54
|
||||
$ret += (((0x40 - $src) & ($src - 0x57)) >> 8) & ($src - 54);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 5-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode5Bits(int $src): string
|
||||
{
|
||||
$src += 0x30;
|
||||
|
||||
// if ($src > 0x39) $src += 0x61 - 0x3a; // 39
|
||||
$src += ((0x39 - $src) >> 8) & 39;
|
||||
|
||||
return \pack('C', $src);
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 5-bit integers.
|
||||
*
|
||||
* Uppercase variant.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode5BitsUpper(int $src): string
|
||||
{
|
||||
$src += 0x30;
|
||||
|
||||
// if ($src > 0x39) $src += 0x41 - 0x3a; // 7
|
||||
$src += ((0x39 - $src) >> 8) & 7;
|
||||
|
||||
return \pack('C', $src);
|
||||
}
|
||||
}
|
231
vendor/paragonie/constant_time_encoding/src/Base64.php
vendored
Normal file
231
vendor/paragonie/constant_time_encoding/src/Base64.php
vendored
Normal file
|
@ -0,0 +1,231 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base64
|
||||
* [A-Z][a-z][0-9]+/
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base64 implements EncoderInterface
|
||||
{
|
||||
/**
|
||||
* Encode into Base64
|
||||
*
|
||||
* Base64 character set "[A-Z][a-z][0-9]+/"
|
||||
*
|
||||
* @param string $src
|
||||
* @return string
|
||||
*/
|
||||
public static function encode(string $src): string
|
||||
{
|
||||
$dest = '';
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
// Main loop (no padding):
|
||||
for ($i = 0; $i + 3 <= $srcLen; $i += 3) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, 3));
|
||||
$b0 = $chunk[1];
|
||||
$b1 = $chunk[2];
|
||||
$b2 = $chunk[3];
|
||||
|
||||
$dest .=
|
||||
static::encode6Bits( $b0 >> 2 ) .
|
||||
static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) .
|
||||
static::encode6Bits((($b1 << 2) | ($b2 >> 6)) & 63) .
|
||||
static::encode6Bits( $b2 & 63);
|
||||
}
|
||||
// The last chunk, which may have padding:
|
||||
if ($i < $srcLen) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
|
||||
$b0 = $chunk[1];
|
||||
if ($i + 1 < $srcLen) {
|
||||
$b1 = $chunk[2];
|
||||
$dest .=
|
||||
static::encode6Bits( $b0 >> 2 ) .
|
||||
static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) .
|
||||
static::encode6Bits( ($b1 << 2) & 63) . '=';
|
||||
} else {
|
||||
$dest .=
|
||||
static::encode6Bits( $b0 >> 2) .
|
||||
static::encode6Bits(($b0 << 4) & 63) . '==';
|
||||
}
|
||||
}
|
||||
return $dest;
|
||||
}
|
||||
|
||||
/**
|
||||
* decode from base64 into binary
|
||||
*
|
||||
* Base64 character set "./[A-Z][a-z][0-9]"
|
||||
*
|
||||
* @param string $src
|
||||
* @param bool $strictPadding
|
||||
* @return string|bool
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public static function decode(string $src, bool $strictPadding = false): string
|
||||
{
|
||||
// Remove padding
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
if ($srcLen === 0) {
|
||||
return '';
|
||||
}
|
||||
|
||||
if ($strictPadding) {
|
||||
if (($srcLen & 3) === 0) {
|
||||
if ($src[$srcLen - 1] === '=') {
|
||||
$srcLen--;
|
||||
if ($src[$srcLen - 1] === '=') {
|
||||
$srcLen--;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (($srcLen & 3) === 1) {
|
||||
throw new \RangeException(
|
||||
'Incorrect padding'
|
||||
);
|
||||
}
|
||||
if ($src[$srcLen - 1] === '=') {
|
||||
throw new \RangeException(
|
||||
'Incorrect padding'
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$src = \rtrim($src, '=');
|
||||
$srcLen = Binary::safeStrlen($src);
|
||||
}
|
||||
|
||||
$err = 0;
|
||||
$dest = '';
|
||||
// Main loop (no padding):
|
||||
for ($i = 0; $i + 4 <= $srcLen; $i += 4) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, 4));
|
||||
$c0 = static::decode6Bits($chunk[1]);
|
||||
$c1 = static::decode6Bits($chunk[2]);
|
||||
$c2 = static::decode6Bits($chunk[3]);
|
||||
$c3 = static::decode6Bits($chunk[4]);
|
||||
|
||||
$dest .= \pack(
|
||||
'CCC',
|
||||
((($c0 << 2) | ($c1 >> 4)) & 0xff),
|
||||
((($c1 << 4) | ($c2 >> 2)) & 0xff),
|
||||
((($c2 << 6) | $c3 ) & 0xff)
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2 | $c3) >> 8;
|
||||
}
|
||||
// The last chunk, which may have padding:
|
||||
if ($i < $srcLen) {
|
||||
$chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
|
||||
$c0 = static::decode6Bits($chunk[1]);
|
||||
|
||||
if ($i + 2 < $srcLen) {
|
||||
$c1 = static::decode6Bits($chunk[2]);
|
||||
$c2 = static::decode6Bits($chunk[3]);
|
||||
$dest .= \pack(
|
||||
'CC',
|
||||
((($c0 << 2) | ($c1 >> 4)) & 0xff),
|
||||
((($c1 << 4) | ($c2 >> 2)) & 0xff)
|
||||
);
|
||||
$err |= ($c0 | $c1 | $c2) >> 8;
|
||||
} elseif ($i + 1 < $srcLen) {
|
||||
$c1 = static::decode6Bits($chunk[2]);
|
||||
$dest .= \pack(
|
||||
'C',
|
||||
((($c0 << 2) | ($c1 >> 4)) & 0xff)
|
||||
);
|
||||
$err |= ($c0 | $c1) >> 8;
|
||||
} elseif ($i < $srcLen && $strictPadding) {
|
||||
$err |= 1;
|
||||
}
|
||||
}
|
||||
if ($err !== 0) {
|
||||
throw new \RangeException(
|
||||
'Base64::decode() only expects characters in the correct base64 alphabet'
|
||||
);
|
||||
}
|
||||
return $dest;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 6-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* Base64 character set:
|
||||
* [A-Z] [a-z] [0-9] + /
|
||||
* 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2f
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode6Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x40 && $src < 0x5b) $ret += $src - 0x41 + 1; // -64
|
||||
$ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64);
|
||||
|
||||
// if ($src > 0x60 && $src < 0x7b) $ret += $src - 0x61 + 26 + 1; // -70
|
||||
$ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 70);
|
||||
|
||||
// if ($src > 0x2f && $src < 0x3a) $ret += $src - 0x30 + 52 + 1; // 5
|
||||
$ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 5);
|
||||
|
||||
// if ($src == 0x2b) $ret += 62 + 1;
|
||||
$ret += (((0x2a - $src) & ($src - 0x2c)) >> 8) & 63;
|
||||
|
||||
// if ($src == 0x2f) ret += 63 + 1;
|
||||
$ret += (((0x2e - $src) & ($src - 0x30)) >> 8) & 64;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 6-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode6Bits(int $src): string
|
||||
{
|
||||
$diff = 0x41;
|
||||
|
||||
// if ($src > 25) $diff += 0x61 - 0x41 - 26; // 6
|
||||
$diff += ((25 - $src) >> 8) & 6;
|
||||
|
||||
// if ($src > 51) $diff += 0x30 - 0x61 - 26; // -75
|
||||
$diff -= ((51 - $src) >> 8) & 75;
|
||||
|
||||
// if ($src > 61) $diff += 0x2b - 0x30 - 10; // -15
|
||||
$diff -= ((61 - $src) >> 8) & 15;
|
||||
|
||||
// if ($src > 62) $diff += 0x2f - 0x2b - 1; // 3
|
||||
$diff += ((62 - $src) >> 8) & 3;
|
||||
|
||||
return \pack('C', $src + $diff);
|
||||
}
|
||||
}
|
88
vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php
vendored
Normal file
88
vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php
vendored
Normal file
|
@ -0,0 +1,88 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base64DotSlash
|
||||
* ./[A-Z][a-z][0-9]
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base64DotSlash extends Base64
|
||||
{
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 6-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* Base64 character set:
|
||||
* ./ [A-Z] [a-z] [0-9]
|
||||
* 0x2e-0x2f, 0x41-0x5a, 0x61-0x7a, 0x30-0x39
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode6Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x2d && $src < 0x30) ret += $src - 0x2e + 1; // -45
|
||||
$ret += (((0x2d - $src) & ($src - 0x30)) >> 8) & ($src - 45);
|
||||
|
||||
// if ($src > 0x40 && $src < 0x5b) ret += $src - 0x41 + 2 + 1; // -62
|
||||
$ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 62);
|
||||
|
||||
// if ($src > 0x60 && $src < 0x7b) ret += $src - 0x61 + 28 + 1; // -68
|
||||
$ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 68);
|
||||
|
||||
// if ($src > 0x2f && $src < 0x3a) ret += $src - 0x30 + 54 + 1; // 7
|
||||
$ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 7);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 6-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode6Bits(int $src): string
|
||||
{
|
||||
$src += 0x2e;
|
||||
|
||||
// if ($src > 0x2f) $src += 0x41 - 0x30; // 17
|
||||
$src += ((0x2f - $src) >> 8) & 17;
|
||||
|
||||
// if ($src > 0x5a) $src += 0x61 - 0x5b; // 6
|
||||
$src += ((0x5a - $src) >> 8) & 6;
|
||||
|
||||
// if ($src > 0x7a) $src += 0x30 - 0x7b; // -75
|
||||
$src -= ((0x7a - $src) >> 8) & 75;
|
||||
|
||||
return \pack('C', $src);
|
||||
}
|
||||
}
|
82
vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php
vendored
Normal file
82
vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php
vendored
Normal file
|
@ -0,0 +1,82 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base64DotSlashOrdered
|
||||
* ./[0-9][A-Z][a-z]
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base64DotSlashOrdered extends Base64
|
||||
{
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 6-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* Base64 character set:
|
||||
* [.-9] [A-Z] [a-z]
|
||||
* 0x2e-0x39, 0x41-0x5a, 0x61-0x7a
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode6Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x2d && $src < 0x3a) ret += $src - 0x2e + 1; // -45
|
||||
$ret += (((0x2d - $src) & ($src - 0x3a)) >> 8) & ($src - 45);
|
||||
|
||||
// if ($src > 0x40 && $src < 0x5b) ret += $src - 0x41 + 12 + 1; // -52
|
||||
$ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 52);
|
||||
|
||||
// if ($src > 0x60 && $src < 0x7b) ret += $src - 0x61 + 38 + 1; // -58
|
||||
$ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 58);
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 6-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode6Bits(int $src): string
|
||||
{
|
||||
$src += 0x2e;
|
||||
|
||||
// if ($src > 0x39) $src += 0x41 - 0x3a; // 7
|
||||
$src += ((0x39 - $src) >> 8) & 7;
|
||||
|
||||
// if ($src > 0x5a) $src += 0x61 - 0x5b; // 6
|
||||
$src += ((0x5a - $src) >> 8) & 6;
|
||||
|
||||
return \pack('C', $src);
|
||||
}
|
||||
}
|
95
vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php
vendored
Normal file
95
vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php
vendored
Normal file
|
@ -0,0 +1,95 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Base64DotSlash
|
||||
* ./[A-Z][a-z][0-9]
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Base64UrlSafe extends Base64
|
||||
{
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 6-bit integers
|
||||
* into 8-bit integers.
|
||||
*
|
||||
* Base64 character set:
|
||||
* [A-Z] [a-z] [0-9] - _
|
||||
* 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2d, 0x5f
|
||||
*
|
||||
* @param int $src
|
||||
* @return int
|
||||
*/
|
||||
protected static function decode6Bits(int $src): int
|
||||
{
|
||||
$ret = -1;
|
||||
|
||||
// if ($src > 0x40 && $src < 0x5b) $ret += $src - 0x41 + 1; // -64
|
||||
$ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64);
|
||||
|
||||
// if ($src > 0x60 && $src < 0x7b) $ret += $src - 0x61 + 26 + 1; // -70
|
||||
$ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 70);
|
||||
|
||||
// if ($src > 0x2f && $src < 0x3a) $ret += $src - 0x30 + 52 + 1; // 5
|
||||
$ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 5);
|
||||
|
||||
// if ($src == 0x2c) $ret += 62 + 1;
|
||||
$ret += (((0x2c - $src) & ($src - 0x2e)) >> 8) & 63;
|
||||
|
||||
// if ($src == 0x5f) ret += 63 + 1;
|
||||
$ret += (((0x5e - $src) & ($src - 0x60)) >> 8) & 64;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses bitwise operators instead of table-lookups to turn 8-bit integers
|
||||
* into 6-bit integers.
|
||||
*
|
||||
* @param int $src
|
||||
* @return string
|
||||
*/
|
||||
protected static function encode6Bits(int $src): string
|
||||
{
|
||||
$diff = 0x41;
|
||||
|
||||
// if ($src > 25) $diff += 0x61 - 0x41 - 26; // 6
|
||||
$diff += ((25 - $src) >> 8) & 6;
|
||||
|
||||
// if ($src > 51) $diff += 0x30 - 0x61 - 26; // -75
|
||||
$diff -= ((51 - $src) >> 8) & 75;
|
||||
|
||||
// if ($src > 61) $diff += 0x2d - 0x30 - 10; // -13
|
||||
$diff -= ((61 - $src) >> 8) & 13;
|
||||
|
||||
// if ($src > 62) $diff += 0x5f - 0x2b - 1; // 3
|
||||
$diff += ((62 - $src) >> 8) & 49;
|
||||
|
||||
return \pack('C', $src + $diff);
|
||||
}
|
||||
}
|
98
vendor/paragonie/constant_time_encoding/src/Binary.php
vendored
Normal file
98
vendor/paragonie/constant_time_encoding/src/Binary.php
vendored
Normal file
|
@ -0,0 +1,98 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Binary
|
||||
*
|
||||
* Binary string operators that don't choke on
|
||||
* mbstring.func_overload
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Binary
|
||||
{
|
||||
/**
|
||||
* Safe string length
|
||||
*
|
||||
* @ref mbstring.func_overload
|
||||
*
|
||||
* @param string $str
|
||||
* @return int
|
||||
*/
|
||||
public static function safeStrlen(string $str): int
|
||||
{
|
||||
if (\function_exists('mb_strlen')) {
|
||||
return \mb_strlen($str, '8bit');
|
||||
} else {
|
||||
return \strlen($str);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Safe substring
|
||||
*
|
||||
* @ref mbstring.func_overload
|
||||
*
|
||||
* @staticvar boolean $exists
|
||||
* @param string $str
|
||||
* @param int $start
|
||||
* @param int $length
|
||||
* @return string
|
||||
* @throws \TypeError
|
||||
*/
|
||||
public static function safeSubstr(
|
||||
string $str,
|
||||
int $start = 0,
|
||||
$length = null
|
||||
): string {
|
||||
if (\function_exists('mb_substr')) {
|
||||
// mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
|
||||
// 5.3, so we have to find the length ourselves.
|
||||
if ($length === null) {
|
||||
if ($start >= 0) {
|
||||
$length = self::safeStrlen($str) - $start;
|
||||
} else {
|
||||
$length = -$start;
|
||||
}
|
||||
}
|
||||
// $length calculation above might result in a 0-length string
|
||||
if ($length === 0) {
|
||||
return '';
|
||||
}
|
||||
return \mb_substr($str, $start, $length, '8bit');
|
||||
}
|
||||
if ($length === 0) {
|
||||
return '';
|
||||
}
|
||||
// Unlike mb_substr(), substr() doesn't accept NULL for length
|
||||
if ($length !== null) {
|
||||
return \substr($str, $start, $length);
|
||||
} else {
|
||||
return \substr($str, $start);
|
||||
}
|
||||
}
|
||||
}
|
52
vendor/paragonie/constant_time_encoding/src/EncoderInterface.php
vendored
Normal file
52
vendor/paragonie/constant_time_encoding/src/EncoderInterface.php
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Interface EncoderInterface
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
interface EncoderInterface
|
||||
{
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $binString (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function encode(string $binString): string;
|
||||
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $encodedString
|
||||
* @param bool $strictPadding Error on invalid padding
|
||||
* @return string (raw binary)
|
||||
*/
|
||||
public static function decode(string $encodedString, bool $strictPadding = false): string;
|
||||
}
|
245
vendor/paragonie/constant_time_encoding/src/Encoding.php
vendored
Normal file
245
vendor/paragonie/constant_time_encoding/src/Encoding.php
vendored
Normal file
|
@ -0,0 +1,245 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Encoding
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Encoding
|
||||
{
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32Encode(string $str): string
|
||||
{
|
||||
return Base32::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32EncodeUpper(string $str): string
|
||||
{
|
||||
return Base32::encodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 decoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32Decode(string $str): string
|
||||
{
|
||||
return Base32::decode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 decoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32DecodeUpper(string $str): string
|
||||
{
|
||||
return Base32::decodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32HexEncode(string $str): string
|
||||
{
|
||||
return Base32Hex::encode($str);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32HexEncodeUpper(string $str): string
|
||||
{
|
||||
return Base32Hex::encodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 decoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32HexDecode(string $str): string
|
||||
{
|
||||
return Base32Hex::decode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 decoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base32HexDecodeUpper(string $str): string
|
||||
{
|
||||
return Base32Hex::decodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base64 encoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base64Encode(string $str): string
|
||||
{
|
||||
return Base64::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 decoding
|
||||
*
|
||||
* @param $str
|
||||
* @return string
|
||||
*/
|
||||
public static function base64Decode(string $str): string
|
||||
{
|
||||
return Base64::decode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encode into Base64
|
||||
*
|
||||
* Base64 character set "./[A-Z][a-z][0-9]"
|
||||
* @param $src
|
||||
* @return string
|
||||
*/
|
||||
public static function base64EncodeDotSlash(string $str): string
|
||||
{
|
||||
return Base64DotSlash::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decode from base64 to raw binary
|
||||
*
|
||||
* Base64 character set "./[A-Z][a-z][0-9]"
|
||||
*
|
||||
* @param $src
|
||||
* @return bool|string
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public static function base64DecodeDotSlash(string $str): string
|
||||
{
|
||||
return Base64DotSlash::decode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encode into Base64
|
||||
*
|
||||
* Base64 character set "[.-9][A-Z][a-z]" or "./[0-9][A-Z][a-z]"
|
||||
* @param $src
|
||||
* @return string
|
||||
*/
|
||||
public static function base64EncodeDotSlashOrdered(string $str): string
|
||||
{
|
||||
return Base64DotSlashOrdered::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decode from base64 to raw binary
|
||||
*
|
||||
* Base64 character set "[.-9][A-Z][a-z]" or "./[0-9][A-Z][a-z]"
|
||||
*
|
||||
* @param $src
|
||||
* @return bool|string
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public static function base64DecodeDotSlashOrdered(string $str): string
|
||||
{
|
||||
return Base64DotSlashOrdered::decode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $bin_string (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function hexEncode(string $bin_string): string
|
||||
{
|
||||
return Hex::encode($bin_string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a hexadecimal string into a binary string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $hex_string
|
||||
* @return string (raw binary)
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public static function hexDecode(string $hex_string): string
|
||||
{
|
||||
return Hex::decode($hex_string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $bin_string (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function hexEncodeUpper(string $bin_string): string
|
||||
{
|
||||
return Hex::encodeUpper($bin_string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $bin_string (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function hexDecodeUpper(string $bin_string): string
|
||||
{
|
||||
return Hex::decode($bin_string);
|
||||
}
|
||||
}
|
132
vendor/paragonie/constant_time_encoding/src/Hex.php
vendored
Normal file
132
vendor/paragonie/constant_time_encoding/src/Hex.php
vendored
Normal file
|
@ -0,0 +1,132 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class Hex
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class Hex implements EncoderInterface
|
||||
{
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $bin_string (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function encode(string $bin_string): string
|
||||
{
|
||||
$hex = '';
|
||||
$len = Binary::safeStrlen($bin_string);
|
||||
for ($i = 0; $i < $len; ++$i) {
|
||||
$chunk = \unpack('C', Binary::safeSubstr($bin_string, $i, 2));
|
||||
$c = $chunk[1] & 0xf;
|
||||
$b = $chunk[1] >> 4;
|
||||
$hex .= pack(
|
||||
'CC',
|
||||
(87 + $b + ((($b - 10) >> 8) & ~38)),
|
||||
(87 + $c + ((($c - 10) >> 8) & ~38))
|
||||
);
|
||||
}
|
||||
return $hex;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a binary string into a hexadecimal string without cache-timing
|
||||
* leaks, returning uppercase letters (as per RFC 4648)
|
||||
*
|
||||
* @param string $bin_string (raw binary)
|
||||
* @return string
|
||||
*/
|
||||
public static function encodeUpper(string $bin_string): string
|
||||
{
|
||||
$hex = '';
|
||||
$len = Binary::safeStrlen($bin_string);
|
||||
for ($i = 0; $i < $len; ++$i) {
|
||||
$chunk = \unpack('C', Binary::safeSubstr($bin_string, $i, 2));
|
||||
$c = $chunk[1] & 0xf;
|
||||
$b = $chunk[1] >> 4;
|
||||
$hex .= pack(
|
||||
'CC',
|
||||
(55 + $b + ((($b - 10) >> 8) & ~6)),
|
||||
(55 + $c + ((($c - 10) >> 8) & ~6))
|
||||
);
|
||||
}
|
||||
return $hex;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a hexadecimal string into a binary string without cache-timing
|
||||
* leaks
|
||||
*
|
||||
* @param string $hex_string
|
||||
* @param bool $strictPadding
|
||||
* @return string (raw binary)
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public static function decode(string $hexString, bool $strictPadding = false): string
|
||||
{
|
||||
$hex_pos = 0;
|
||||
$bin = '';
|
||||
$c_acc = 0;
|
||||
$hex_len = Binary::safeStrlen($hexString);
|
||||
$state = 0;
|
||||
if (($hex_len & 1) !== 0) {
|
||||
if ($strictPadding) {
|
||||
throw new \RangeException(
|
||||
'Expected an even number of hexadecimal characters'
|
||||
);
|
||||
} else {
|
||||
$hexString = '0' . $hexString;
|
||||
++$hex_len;
|
||||
}
|
||||
}
|
||||
|
||||
$chunk = \unpack('C*', $hexString);
|
||||
while ($hex_pos < $hex_len) {
|
||||
++$hex_pos;
|
||||
$c = $chunk[$hex_pos];
|
||||
$c_num = $c ^ 48;
|
||||
$c_num0 = ($c_num - 10) >> 8;
|
||||
$c_alpha = ($c & ~32) - 55;
|
||||
$c_alpha0 = (($c_alpha - 10) ^ ($c_alpha - 16)) >> 8;
|
||||
if (($c_num0 | $c_alpha0) === 0) {
|
||||
throw new \RangeException(
|
||||
'hexEncode() only expects hexadecimal characters'
|
||||
);
|
||||
}
|
||||
$c_val = ($c_num0 & $c_num) | ($c_alpha & $c_alpha0);
|
||||
if ($state === 0) {
|
||||
$c_acc = $c_val * 16;
|
||||
} else {
|
||||
$bin .= \pack('C', $c_acc | $c_val);
|
||||
}
|
||||
$state ^= 1;
|
||||
}
|
||||
return $bin;
|
||||
}
|
||||
}
|
166
vendor/paragonie/constant_time_encoding/src/RFC4648.php
vendored
Normal file
166
vendor/paragonie/constant_time_encoding/src/RFC4648.php
vendored
Normal file
|
@ -0,0 +1,166 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace ParagonIE\ConstantTime;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2016 Paragon Initiative Enterprises.
|
||||
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class RFC4648
|
||||
*
|
||||
* This class conforms strictly to the RFC
|
||||
*
|
||||
* @package ParagonIE\ConstantTime
|
||||
*/
|
||||
abstract class RFC4648
|
||||
{
|
||||
/**
|
||||
* RFC 4648 Base64 encoding
|
||||
*
|
||||
* "foo" -> "Zm9v"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base64Encode(string $str): string
|
||||
{
|
||||
return Base64::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base64 decoding
|
||||
*
|
||||
* "Zm9v" -> "foo"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base64Decode(string $str): string
|
||||
{
|
||||
return Base64::decode($str, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base64 (URL Safe) encoding
|
||||
*
|
||||
* "foo" -> "Zm9v"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base64UrlSafeEncode(string $str): string
|
||||
{
|
||||
return Base64UrlSafe::encode($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base64 (URL Safe) decoding
|
||||
*
|
||||
* "Zm9v" -> "foo"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base64UrlSafeDecode(string $str): string
|
||||
{
|
||||
return Base64UrlSafe::decode($str, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* "foo" -> "MZXW6==="
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base32Encode(string $str): string
|
||||
{
|
||||
return Base32::encodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32 encoding
|
||||
*
|
||||
* "MZXW6===" -> "foo"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base32Decode(string $str): string
|
||||
{
|
||||
return Base32::decodeUpper($str, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32-Hex encoding
|
||||
*
|
||||
* "foo" -> "CPNMU==="
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base32HexEncode(string $str): string
|
||||
{
|
||||
return Base32::encodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base32-Hex decoding
|
||||
*
|
||||
* "CPNMU===" -> "foo"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base32HexDecode(string $str): string
|
||||
{
|
||||
return Base32::decodeUpper($str, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base16 decoding
|
||||
*
|
||||
* "foo" -> "666F6F"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base16Encode(string $str): string
|
||||
{
|
||||
return Hex::encodeUpper($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* RFC 4648 Base16 decoding
|
||||
*
|
||||
* "666F6F" -> "foo"
|
||||
*
|
||||
* @param string $str
|
||||
* @return string
|
||||
*/
|
||||
public function base16Decode(string $str): string
|
||||
{
|
||||
return Hex::decode($str, true);
|
||||
}
|
||||
}
|
32
vendor/paragonie/constant_time_encoding/tests/Base32HexTest.php
vendored
Normal file
32
vendor/paragonie/constant_time_encoding/tests/Base32HexTest.php
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base32Hex;
|
||||
|
||||
class Base32HexTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base32Hex::encode()
|
||||
* @covers Base32Hex::decode()
|
||||
* @covers Base32Hex::encodeUpper()
|
||||
* @covers Base32Hex::decodeUpper()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base32Hex::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base32Hex::decode($enc)
|
||||
);
|
||||
|
||||
$enc = Base32Hex::encodeUpper($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base32Hex::decodeUpper($enc)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
32
vendor/paragonie/constant_time_encoding/tests/Base32Test.php
vendored
Normal file
32
vendor/paragonie/constant_time_encoding/tests/Base32Test.php
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base32;
|
||||
|
||||
class Base32Test extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base32::encode()
|
||||
* @covers Base32::decode()
|
||||
* @covers Base32::encodeUpper()
|
||||
* @covers Base32::decodeUpper()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base32::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base32::decode($enc)
|
||||
);
|
||||
|
||||
$enc = Base32::encodeUpper($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base32::decodeUpper($enc)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
24
vendor/paragonie/constant_time_encoding/tests/Base64DotSlashOrderedTest.php
vendored
Normal file
24
vendor/paragonie/constant_time_encoding/tests/Base64DotSlashOrderedTest.php
vendored
Normal file
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base64DotSlashOrdered;
|
||||
|
||||
class Base64DotSlashOrderedTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base64DotSlashOrdered::encode()
|
||||
* @covers Base64DotSlashOrdered::decode()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base64DotSlashOrdered::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base64DotSlashOrdered::decode($enc)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
24
vendor/paragonie/constant_time_encoding/tests/Base64DotSlashTest.php
vendored
Normal file
24
vendor/paragonie/constant_time_encoding/tests/Base64DotSlashTest.php
vendored
Normal file
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base64DotSlash;
|
||||
|
||||
class Base64DotSlashTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base64DotSlash::encode()
|
||||
* @covers Base64DotSlash::decode()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base64DotSlash::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base64DotSlash::decode($enc)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
75
vendor/paragonie/constant_time_encoding/tests/Base64Test.php
vendored
Normal file
75
vendor/paragonie/constant_time_encoding/tests/Base64Test.php
vendored
Normal file
|
@ -0,0 +1,75 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base64;
|
||||
|
||||
class Base64Test extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base64::encode()
|
||||
* @covers Base64::decode()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base64::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base64::decode($enc)
|
||||
);
|
||||
$this->assertSame(
|
||||
\base64_encode($random),
|
||||
$enc
|
||||
);
|
||||
|
||||
$unpadded = \rtrim($enc, '=');
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base64::decode($unpadded)
|
||||
);
|
||||
}
|
||||
}
|
||||
$str = 'MIIFzzCCBLegAwIBAgIDAfdlMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNVBAYTAlBM' .
|
||||
'MSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMSQwIgYDVQQ' .
|
||||
'DDBtDT1BFIFNaQUZJUiAtIEt3YWxpZmlrb3dhbnkxFDASBgNVBAUTC05yIHdwaXN1Oi' .
|
||||
'A2MB4XDTExMTEwOTA2MDAwMFoXDTEzMTEwOTA2MDAwMFowgdkxCzAJBgNVBAYTAlBMM' .
|
||||
'RwwGgYDVQQKDBNVcnrEhWQgTWlhc3RhIEdkeW5pMRswGQYDVQQFExJQRVNFTDogNjEw' .
|
||||
'NjA2MDMxMTgxGTAXBgNVBAMMEEplcnp5IFByemV3b3Jza2kxTzBNBgNVBBAwRgwiQWw' .
|
||||
'uIE1hcnN6YcWCa2EgUGnFgnN1ZHNraWVnbyA1Mi81NAwNODEtMzgyIEdkeW5pYQwGUG' .
|
||||
'9sc2thDAlwb21vcnNraWUxDjAMBgNVBCoMBUplcnp5MRMwEQYDVQQEDApQcnpld29yc' .
|
||||
'2tpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMm5vjGqHPthJCMqKpqssSISRo' .
|
||||
's0PYDTcEQzyyurfX67EJWKtZj6HNwuDMEGJ02iBNZfjUl7r8dIi28bSKhNlsfycXZKY' .
|
||||
'RcIjp0+r5RqtR2auo9GQ6veKb61DEAGIqaR+uLLcJVTHCu0w9oXLGbRlGth5eNoj03C' .
|
||||
'xXVAH2IfhbNwIDAQABo4IChzCCAoMwDAYDVR0TAQH/BAIwADCCAUgGA1UdIAEB/wSCA' .
|
||||
'TwwggE4MIIBNAYJKoRoAYb3IwEBMIIBJTCB3QYIKwYBBQUHAgIwgdAMgc1EZWtsYXJh' .
|
||||
'Y2phIHRhIGplc3Qgb8Wbd2lhZGN6ZW5pZW0gd3lkYXdjeSwgxbxlIHRlbiBjZXJ0eWZ' .
|
||||
'pa2F0IHpvc3RhxYIgd3lkYW55IGpha28gY2VydHlmaWthdCBrd2FsaWZpa293YW55IH' .
|
||||
'pnb2RuaWUgeiB3eW1hZ2FuaWFtaSB1c3Rhd3kgbyBwb2RwaXNpZSBlbGVrdHJvbmlje' .
|
||||
'm55bSBvcmF6IHRvd2FyenlzesSFY3ltaSBqZWogcm96cG9yesSFZHplbmlhbWkuMEMG' .
|
||||
'CCsGAQUFBwIBFjdodHRwOi8vd3d3Lmtpci5jb20ucGwvY2VydHlmaWthY2phX2tsdWN' .
|
||||
'6eS9wb2xpdHlrYS5odG1sMAkGA1UdCQQCMAAwIQYDVR0RBBowGIEWai5wcnpld29yc2' .
|
||||
'tpQGdkeW5pYS5wbDAOBgNVHQ8BAf8EBAMCBkAwgZ4GA1UdIwSBljCBk4AU3TGldJXip' .
|
||||
'N4oGS3ZYmnBDMFs8gKhd6R1MHMxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dh' .
|
||||
'IEl6YmEgUm96bGljemVuaW93YSBTLkEuMSQwIgYDVQQDDBtDT1BFIFNaQUZJUiAtIEt' .
|
||||
'3YWxpZmlrb3dhbnkxFDASBgNVBAUTC05yIHdwaXN1OiA2ggJb9jBIBgNVHR8EQTA/MD' .
|
||||
'2gO6A5hjdodHRwOi8vd3d3Lmtpci5jb20ucGwvY2VydHlmaWthY2phX2tsdWN6eS9DU' .
|
||||
'kxfT1pLMzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBYPIqnAreyeql7/opJjcar/qWZ' .
|
||||
'y9ruhB2q0lZFsJOhwgMnbQXzp/4vv93YJqcHGAXdHP6EO8FQX47mjo2ZKQmi+cIHJHL' .
|
||||
'ONdX/3Im+M17V0iNAh7Z1lOSfTRT+iiwe/F8phcEaD5q2RmvYusR7zXZq/cLL0If0hX' .
|
||||
'oPZ/EHQxjN8pxzxiUx6bJAgturnIMEfRNesxwghdr1dkUjOhGLf3kHVzgM6j3VAM7oF' .
|
||||
'mMUb5y5s96Bzl10DodWitjOEH0vvnIcsppSxH1C1dCAi0o9f/1y2XuLNhBNHMAyTqpY' .
|
||||
'PX8Yvav1c+Z50OMaSXHAnTa20zv8UtiHbaAhwlifCelUMj93S';
|
||||
|
||||
try {
|
||||
Base64::decode($str, true);
|
||||
$this->fail('Strict padding not enforced');
|
||||
} catch (\Exception $ex) {
|
||||
|
||||
$this->assertSame(
|
||||
Base64::decode($str),
|
||||
\base64_decode($str)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
29
vendor/paragonie/constant_time_encoding/tests/Base64UrlSafeTest.php
vendored
Normal file
29
vendor/paragonie/constant_time_encoding/tests/Base64UrlSafeTest.php
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base64UrlSafe;
|
||||
|
||||
class Base64UrlSafeTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Base64UrlSafe::encode()
|
||||
* @covers Base64UrlSafe::decode()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Base64UrlSafe::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Base64UrlSafe::decode($enc)
|
||||
);
|
||||
$this->assertSame(
|
||||
\strtr(\base64_encode($random), '+/', '-_'),
|
||||
$enc
|
||||
);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
307
vendor/paragonie/constant_time_encoding/tests/EncodingTest.php
vendored
Normal file
307
vendor/paragonie/constant_time_encoding/tests/EncodingTest.php
vendored
Normal file
|
@ -0,0 +1,307 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base32;
|
||||
use \ParagonIE\ConstantTime\Base32Hex;
|
||||
use \ParagonIE\ConstantTime\Base64;
|
||||
use \ParagonIE\ConstantTime\Base64DotSlash;
|
||||
use \ParagonIE\ConstantTime\Base64DotSlashOrdered;
|
||||
use \ParagonIE\ConstantTime\Base64UrlSafe;
|
||||
use \ParagonIE\ConstantTime\Encoding;
|
||||
use \ParagonIE\ConstantTime\Hex;
|
||||
|
||||
class EncodingTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testBase32Encode()
|
||||
{
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00"),
|
||||
'aa======'
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00\x00"),
|
||||
'aaaa===='
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00\x00\x00"),
|
||||
'aaaaa==='
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00\x00\x00\x00"),
|
||||
'aaaaaaa='
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00\x00\x00\x00\x00"),
|
||||
'aaaaaaaa'
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\x00\x00\x0F\xFF\xFF"),
|
||||
'aaaa7777'
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\xFF\xFF\xF0\x00\x00"),
|
||||
'7777aaaa'
|
||||
);
|
||||
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\xce\x73\x9c\xe7\x39"),
|
||||
'zzzzzzzz'
|
||||
);
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode("\xd6\xb5\xad\x6b\x5a"),
|
||||
'22222222'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00"),
|
||||
'AA======'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00\x00"),
|
||||
'AAAA===='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00\x00\x00"),
|
||||
'AAAAA==='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00\x00\x00\x00"),
|
||||
'AAAAAAA='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00\x00\x00\x00\x00"),
|
||||
'AAAAAAAA'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\x00\x00\x0F\xFF\xFF"),
|
||||
'AAAA7777'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\xFF\xFF\xF0\x00\x00"),
|
||||
'7777AAAA'
|
||||
);
|
||||
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\xce\x73\x9c\xe7\x39"),
|
||||
'ZZZZZZZZ'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32::encodeUpper("\xd6\xb5\xad\x6b\x5a"),
|
||||
'22222222'
|
||||
);
|
||||
}
|
||||
|
||||
public function testBase32Hex()
|
||||
{
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00"),
|
||||
'00======'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00\x00"),
|
||||
'0000===='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00\x00\x00"),
|
||||
'00000==='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00\x00\x00\x00"),
|
||||
'0000000='
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00\x00\x00\x00\x00"),
|
||||
'00000000'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\x00\x00\x0F\xFF\xFF"),
|
||||
'0000vvvv'
|
||||
);
|
||||
$this->assertSame(
|
||||
Base32Hex::encode("\xFF\xFF\xF0\x00\x00"),
|
||||
'vvvv0000'
|
||||
);
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Based on test vectors from RFC 4648
|
||||
*/
|
||||
public function testBase32Decode()
|
||||
{
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaaaa======')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaaaaaa====')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaaaaaaa===')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaaaaaaaaa=')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaaaaaaaaaa')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00",
|
||||
Encoding::base32Decode('aa======')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00",
|
||||
Encoding::base32Decode('aaaa====')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaa===')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaa=')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x00\x00\x00",
|
||||
Encoding::base32Decode('aaaaaaaa')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\x00\x00\x0F\xFF\xFF",
|
||||
Encoding::base32Decode('aaaa7777')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\xFF\xFF\xF0\x00\x00",
|
||||
Encoding::base32Decode('7777aaaa')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\xce\x73\x9c\xe7\x39",
|
||||
Encoding::base32Decode('zzzzzzzz')
|
||||
);
|
||||
$this->assertSame(
|
||||
"\xd6\xb5\xad\x6b\x5a",
|
||||
Encoding::base32Decode('22222222')
|
||||
);
|
||||
$this->assertSame(
|
||||
'foobar',
|
||||
Encoding::base32Decode('mzxw6ytboi======')
|
||||
);
|
||||
|
||||
$rand = random_bytes(9);
|
||||
$enc = Encoding::base32Encode($rand);
|
||||
|
||||
$this->assertSame(
|
||||
Encoding::base32Encode($rand),
|
||||
Encoding::base32Encode(Encoding::base32Decode($enc))
|
||||
);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base32Decode($enc)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @covers Encoding::hexDecode()
|
||||
* @covers Encoding::hexEncode()
|
||||
* @covers Encoding::base32Decode()
|
||||
* @covers Encoding::base32Encode()
|
||||
* @covers Encoding::base64Decode()
|
||||
* @covers Encoding::base64Encode()
|
||||
* @covers Encoding::base64DotSlashDecode()
|
||||
* @covers Encoding::base64DotSlashEncode()
|
||||
* @covers Encoding::base64DotSlashOrderedDecode()
|
||||
* @covers Encoding::base64DotSlashOrderedEncode()
|
||||
*/
|
||||
public function testBasicEncoding()
|
||||
{
|
||||
// Re-run the test at least 3 times for each length
|
||||
for ($j = 0; $j < 3; ++$j) {
|
||||
for ($i = 1; $i < 84; ++$i) {
|
||||
$rand = random_bytes($i);
|
||||
$enc = Encoding::hexEncode($rand);
|
||||
$this->assertSame(
|
||||
\bin2hex($rand),
|
||||
$enc,
|
||||
"Hex Encoding - Length: " . $i
|
||||
);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::hexDecode($enc),
|
||||
"Hex Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
// Uppercase variant:
|
||||
$enc = Hex::encodeUpper($rand);
|
||||
$this->assertSame(
|
||||
\strtoupper(\bin2hex($rand)),
|
||||
$enc,
|
||||
"Hex Encoding - Length: " . $i
|
||||
);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Hex::decode($enc),
|
||||
"HexUpper Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base32Encode($rand);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base32Decode($enc),
|
||||
"Base32 Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base32EncodeUpper($rand);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base32DecodeUpper($enc),
|
||||
"Base32Upper Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base32HexEncode($rand);
|
||||
$this->assertSame(
|
||||
bin2hex($rand),
|
||||
bin2hex(Encoding::base32HexDecode($enc)),
|
||||
"Base32Hex Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base32HexEncodeUpper($rand);
|
||||
$this->assertSame(
|
||||
bin2hex($rand),
|
||||
bin2hex(Encoding::base32HexDecodeUpper($enc)),
|
||||
"Base32HexUpper Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base64Encode($rand);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base64Decode($enc),
|
||||
"Base64 Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Encoding::base64EncodeDotSlash($rand);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base64DecodeDotSlash($enc),
|
||||
"Base64 DotSlash Encoding - Length: " . $i
|
||||
);
|
||||
$enc = Encoding::base64EncodeDotSlashOrdered($rand);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Encoding::base64DecodeDotSlashOrdered($enc),
|
||||
"Base64 Ordered DotSlash Encoding - Length: " . $i
|
||||
);
|
||||
|
||||
$enc = Base64UrlSafe::encode($rand);
|
||||
$this->assertSame(
|
||||
\strtr(\base64_encode($rand), '+/', '-_'),
|
||||
$enc
|
||||
);
|
||||
$this->assertSame(
|
||||
$rand,
|
||||
Base64UrlSafe::decode($enc)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
39
vendor/paragonie/constant_time_encoding/tests/HexTest.php
vendored
Normal file
39
vendor/paragonie/constant_time_encoding/tests/HexTest.php
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Hex;
|
||||
|
||||
class HexTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* @covers Hex::encode()
|
||||
* @covers Hex::decode()
|
||||
* @covers Hex::encodeUpper()
|
||||
*/
|
||||
public function testRandom()
|
||||
{
|
||||
for ($i = 1; $i < 32; ++$i) {
|
||||
for ($j = 0; $j < 50; ++$j) {
|
||||
$random = \random_bytes($i);
|
||||
|
||||
$enc = Hex::encode($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Hex::decode($enc)
|
||||
);
|
||||
$this->assertSame(
|
||||
\bin2hex($random),
|
||||
$enc
|
||||
);
|
||||
|
||||
$enc = Hex::encodeUpper($random);
|
||||
$this->assertSame(
|
||||
$random,
|
||||
Hex::decode($enc)
|
||||
);
|
||||
$this->assertSame(
|
||||
\strtoupper(\bin2hex($random)),
|
||||
$enc
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
84
vendor/paragonie/constant_time_encoding/tests/RFC4648Test.php
vendored
Normal file
84
vendor/paragonie/constant_time_encoding/tests/RFC4648Test.php
vendored
Normal file
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
use \ParagonIE\ConstantTime\Base32;
|
||||
use \ParagonIE\ConstantTime\Base32Hex;
|
||||
use \ParagonIE\ConstantTime\Base64;
|
||||
use \ParagonIE\ConstantTime\Base64DotSlash;
|
||||
use \ParagonIE\ConstantTime\Base64DotSlashOrdered;
|
||||
use \ParagonIE\ConstantTime\Encoding;
|
||||
use \ParagonIE\ConstantTime\Hex;
|
||||
|
||||
/**
|
||||
* Class RFC4648Test
|
||||
*
|
||||
* @ref https://tools.ietf.org/html/rfc4648#section-10
|
||||
*/
|
||||
class RFC4648Test extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testVectorBase64()
|
||||
{
|
||||
$this->assertSame(Base64::encode(''), '');
|
||||
$this->assertSame(Base64::encode('f'), 'Zg==');
|
||||
$this->assertSame(Base64::encode('fo'), 'Zm8=');
|
||||
$this->assertSame(Base64::encode('foo'), 'Zm9v');
|
||||
$this->assertSame(Base64::encode('foob'), 'Zm9vYg==');
|
||||
$this->assertSame(Base64::encode('fooba'), 'Zm9vYmE=');
|
||||
$this->assertSame(Base64::encode('foobar'), 'Zm9vYmFy');
|
||||
}
|
||||
|
||||
public function testVectorBase32()
|
||||
{
|
||||
$this->assertSame(Base32::encode(''), '');
|
||||
$this->assertSame(Base32::encode('f'), 'my======');
|
||||
$this->assertSame(Base32::encode('fo'), 'mzxq====');
|
||||
$this->assertSame(Base32::encode('foo'), 'mzxw6===');
|
||||
$this->assertSame(Base32::encode('foob'), 'mzxw6yq=');
|
||||
$this->assertSame(Base32::encode('fooba'), 'mzxw6ytb');
|
||||
$this->assertSame(Base32::encode('foobar'), 'mzxw6ytboi======');
|
||||
|
||||
$this->assertSame(Base32::encodeUpper(''), '');
|
||||
$this->assertSame(Base32::encodeUpper('f'), 'MY======');
|
||||
$this->assertSame(Base32::encodeUpper('fo'), 'MZXQ====');
|
||||
$this->assertSame(Base32::encodeUpper('foo'), 'MZXW6===');
|
||||
$this->assertSame(Base32::encodeUpper('foob'), 'MZXW6YQ=');
|
||||
$this->assertSame(Base32::encodeUpper('fooba'), 'MZXW6YTB');
|
||||
$this->assertSame(Base32::encodeUpper('foobar'), 'MZXW6YTBOI======');
|
||||
}
|
||||
|
||||
public function testVectorBase32Hex()
|
||||
{
|
||||
$this->assertSame(Base32Hex::encode(''), '');
|
||||
$this->assertSame(Base32Hex::encode('f'), 'co======');
|
||||
$this->assertSame(Base32Hex::encode('fo'), 'cpng====');
|
||||
$this->assertSame(Base32Hex::encode('foo'), 'cpnmu===');
|
||||
$this->assertSame(Base32Hex::encode('foob'), 'cpnmuog=');
|
||||
$this->assertSame(Base32Hex::encode('fooba'), 'cpnmuoj1');
|
||||
$this->assertSame(Base32Hex::encode('foobar'), 'cpnmuoj1e8======');
|
||||
|
||||
$this->assertSame(Base32Hex::encodeUpper(''), '');
|
||||
$this->assertSame(Base32Hex::encodeUpper('f'), 'CO======');
|
||||
$this->assertSame(Base32Hex::encodeUpper('fo'), 'CPNG====');
|
||||
$this->assertSame(Base32Hex::encodeUpper('foo'), 'CPNMU===');
|
||||
$this->assertSame(Base32Hex::encodeUpper('foob'), 'CPNMUOG=');
|
||||
$this->assertSame(Base32Hex::encodeUpper('fooba'), 'CPNMUOJ1');
|
||||
$this->assertSame(Base32Hex::encodeUpper('foobar'), 'CPNMUOJ1E8======');
|
||||
}
|
||||
|
||||
public function testVectorBase16()
|
||||
{
|
||||
$this->assertSame(Hex::encode(''), '');
|
||||
$this->assertSame(Hex::encode('f'), '66');
|
||||
$this->assertSame(Hex::encode('fo'), '666f');
|
||||
$this->assertSame(Hex::encode('foo'), '666f6f');
|
||||
$this->assertSame(Hex::encode('foob'), '666f6f62');
|
||||
$this->assertSame(Hex::encode('fooba'), '666f6f6261');
|
||||
$this->assertSame(Hex::encode('foobar'), '666f6f626172');
|
||||
|
||||
$this->assertSame(Hex::encodeUpper(''), '');
|
||||
$this->assertSame(Hex::encodeUpper('f'), '66');
|
||||
$this->assertSame(Hex::encodeUpper('fo'), '666F');
|
||||
$this->assertSame(Hex::encodeUpper('foo'), '666F6F');
|
||||
$this->assertSame(Hex::encodeUpper('foob'), '666F6F62');
|
||||
$this->assertSame(Hex::encodeUpper('fooba'), '666F6F6261');
|
||||
$this->assertSame(Hex::encodeUpper('foobar'), '666F6F626172');
|
||||
}
|
||||
}
|
260
vendor/paragonie/random_compat/CHANGELOG.md
vendored
Normal file
260
vendor/paragonie/random_compat/CHANGELOG.md
vendored
Normal file
|
@ -0,0 +1,260 @@
|
|||
### Version 2.0.2 - 2016-04-03
|
||||
|
||||
Added a consistency check (discovered by Taylor Hornby in his
|
||||
[PHP encryption library](https://github.com/defuse/php-encryption)). It
|
||||
wasn't likely causing any trouble for us.
|
||||
|
||||
### Version 2.0.1 - 2016-03-18
|
||||
|
||||
Update comment in random.php
|
||||
|
||||
### Version 2.0.0 - 2016-03-18
|
||||
|
||||
Due to downstream errors, the OpenSSL removal now belongs in version
|
||||
2.0.0.
|
||||
|
||||
### Version 1.3.1 - 2016-03-18
|
||||
|
||||
* Add more possible values to `open_baseir` check.
|
||||
|
||||
### Version 1.3.0 - 2016-03-17
|
||||
|
||||
* Removed `openssl_random_pseudo_bytes()` entirely. If you are using
|
||||
random_compat in PHP on a Unix-like OS but cannot access
|
||||
`/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to
|
||||
trust OpenSSL, feel free to write your own fallback code. e.g.
|
||||
|
||||
```php
|
||||
try {
|
||||
$bytes = random_bytes(32);
|
||||
} catch (Exception $ex) {
|
||||
$strong = false;
|
||||
$bytes = openssl_random_pseudo_bytes(32, $strong);
|
||||
if (!$strong) {
|
||||
throw $ex;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Version 1.2.2 - 2016-03-11
|
||||
|
||||
* To prevent applications from hanging, if `/dev/urandom` is not
|
||||
accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
|
||||
a chance and was morally equivalent to not offering OpenSSL at all).
|
||||
|
||||
### Version 1.2.1 - 2016-02-29
|
||||
|
||||
* PHP 5.6.10 - 5.6.12 will hang when mcrypt is used on Unix-based operating
|
||||
systems ([PHP bug 69833](https://bugs.php.net/bug.php?id=69833)). If you are
|
||||
running one of these versions, please upgrade (or make sure `/dev/urandom` is
|
||||
readable) otherwise you're relying on OpenSSL.
|
||||
|
||||
### Version 1.2.0 - 2016-02-05
|
||||
|
||||
* Whitespace and other cosmetic changes
|
||||
* Added a changelog.
|
||||
* We now ship with a command line utility to build a PHP Archive from the
|
||||
command line.
|
||||
|
||||
Every time we publish a new release, we will also upload a .phar
|
||||
to Github. Our public key is signed by our GPG key.
|
||||
|
||||
### Version 1.1.6 - 2016-01-29
|
||||
|
||||
* Eliminate `open_basedir` warnings by detecting this configuration setting.
|
||||
(Thanks [@oucil](https://github.com/oucil) for reporting this.)
|
||||
* Added install instructions to the README.
|
||||
* Documentation cleanup (there is, in fact, no `MCRYPT_CREATE_IV` constant, I
|
||||
meant to write `MCRYPT_DEV_URANDOM`)
|
||||
|
||||
### Version 1.1.5 - 2016-01-06
|
||||
|
||||
Prevent fatal errors on platforms with older versions of libsodium.
|
||||
|
||||
### Version 1.1.4 - 2015-12-10
|
||||
|
||||
Thanks [@narfbg](https://github.com/narfbg) for [critiquing the previous patch](https://github.com/paragonie/random_compat/issues/79#issuecomment-163590589)
|
||||
and suggesting a fix.
|
||||
|
||||
### Version 1.1.3 - 2015-12-09
|
||||
|
||||
The test for COM in disabled_classes is now case-insensitive.
|
||||
|
||||
### Version 1.1.2 - 2015-12-09
|
||||
|
||||
Don't instantiate COM if it's a disabled class. Removes the E_WARNING on Windows.
|
||||
|
||||
### Version 1.1.1 - 2015-11-30
|
||||
|
||||
Fix a performance issue with `/dev/urandom` buffering.
|
||||
|
||||
### Version 1.1.0 - 2015-11-09
|
||||
|
||||
Fix performance issues with ancient versions of PHP on Windows, but dropped
|
||||
support for PHP < 5.4.1 without mcrypt on Windows 7+ in the process. Since this
|
||||
is a BC break, semver dictates a minor version bump.
|
||||
|
||||
### Version 1.0.10 - 2015-10-23
|
||||
|
||||
* Avoid a performance killer with OpenSSL on Windows PHP 5.3.0 - 5.3.3 that was
|
||||
affecting [WordPress users](https://core.trac.wordpress.org/ticket/34409).
|
||||
* Use `$var = null` instead of `unset($var)` to avoid triggering the garbage
|
||||
collector and slowing things down.
|
||||
|
||||
### Version 1.0.9 - 2015-10-20
|
||||
|
||||
There is an outstanding issue `mcrypt_create_iv()` and PHP 7's `random_bytes()`
|
||||
on Windows reported by [@nicolas-grekas](https://github.com/nicolas-grekas) caused by `proc_open()` and environment
|
||||
variable handling (discovered by Appveyor when developing Symfony).
|
||||
|
||||
Since the break is consistent, it's not our responsibility to fix it, but we
|
||||
should fail the same way PHP 7 will (i.e. throw an `Exception` rather than raise
|
||||
an error and then throw an `Exception`).
|
||||
|
||||
### Version 1.0.8 - 2015-10-18
|
||||
|
||||
* Fix usability issues with Windows (`new COM('CAPICOM.Utilities.1')` is not
|
||||
always available).
|
||||
* You can now test all the possible drivers by running `phpunit.sh each` in the
|
||||
`tests` directory.
|
||||
|
||||
### Version 1.0.7 - 2015-10-16
|
||||
|
||||
Several large integer handling bugfixes were contributed by [@oittaa](https://github.com/oittaa).
|
||||
|
||||
### Version 1.0.6 - 2015-10-15
|
||||
|
||||
Don't let the version number fool you, this was a pretty significant change.
|
||||
|
||||
1. Added support for ext-libsodium, if it exists on the system. This is morally
|
||||
equivalent to adding `getrandom(2)` support without having to expose the
|
||||
syscall interface in PHP-land.
|
||||
2. Relaxed open_basedir restrictions. In previous versions, if open_basedir was
|
||||
set, PHP wouldn't even try to read from `/dev/urandom`. Now it will still do
|
||||
so if you can.
|
||||
3. Fixed integer casting inconsistencies between random_compat and PHP 7.
|
||||
4. Handle edge cases where an integer overflow turns one of the parameters into
|
||||
a float.
|
||||
|
||||
One change that we discussed was making `random_bytes()` and `random_int()`
|
||||
strict typed; meaning you could *only* pass integers to either function. While
|
||||
most veteran programmers are probably only doing this already (we strongly
|
||||
encourage it), it wouldn't be consistent with how these functions behave in PHP
|
||||
7. Please use these functions responsibly.
|
||||
|
||||
We've had even more of the PHP community involved in this release; the
|
||||
contributors list has been updated. If I forgot anybody, I promise you it's not
|
||||
because your contributions (either code or ideas) aren't valued, it's because
|
||||
I'm a bit overloaded with information at the moment. Please let me know
|
||||
immediately and I will correct my oversight.
|
||||
|
||||
Thanks everyone for helping make random_compat better.
|
||||
|
||||
### Version 1.0.5 - 2015-10-08
|
||||
|
||||
Got rid of the methods in the `Throwable` interface, which was causing problems
|
||||
on PHP 5.2. While we would normally not care about 5.2 (since [5.4 and earlier are EOL'd](https://secure.php.net/supported-versions.php)),
|
||||
we do want to encourage widespread adoption (e.g. [Wordpress](https://core.trac.wordpress.org/ticket/28633)).
|
||||
|
||||
### Version 1.0.4 - 2015-10-02
|
||||
|
||||
Removed redundant `if()` checks, since `lib/random.php` is the entrypoint people
|
||||
should use.
|
||||
|
||||
### Version 1.0.3 - 2015-10-02
|
||||
|
||||
This release contains bug fixes contributed by the community.
|
||||
|
||||
* Avoid a PHP Notice when PHP is running without the mbstring extension
|
||||
* Use a compatible version of PHPUnit for testing on older versions of PHP
|
||||
|
||||
Although none of these bugs were outright security-affecting, updating ASAP is
|
||||
still strongly encouraged.
|
||||
|
||||
### Version 1.0.2 - 2015-09-23
|
||||
|
||||
Less strict input validation on `random_int()` parameters. PHP 7's `random_int()`
|
||||
accepts strings and floats that look like numbers, so we should too.
|
||||
|
||||
Thanks [@dd32](https://github.com/@dd32) for correcting this oversight.
|
||||
|
||||
### Version 1.0.1 - 2015-09-10
|
||||
|
||||
Instead of throwing an Exception immediately on insecure platforms, only do so
|
||||
when `random_bytes()` is invoked.
|
||||
|
||||
### Version 1.0.0 - 2015-09-07
|
||||
|
||||
Our API is now stable and forward-compatible with the CSPRNG features in PHP 7
|
||||
(as of 7.0.0 RC3).
|
||||
|
||||
A lot of great people have contributed their time and expertise to make this
|
||||
compatibility library possible. That this library has reached a stable release
|
||||
is more a reflection on the community than it is on PIE.
|
||||
|
||||
We are confident that random_compat will serve as the simplest and most secure
|
||||
CSPRNG interface available for PHP5 projects.
|
||||
|
||||
### Version 0.9.7 (pre-release) - 2015-09-01
|
||||
|
||||
An attempt to achieve compatibility with Error/TypeError in the RFC.
|
||||
|
||||
This should be identical to 1.0.0 sans any last-minute changes or performance enhancements.
|
||||
|
||||
### Version 0.9.6 (pre-release) - 2015-08-06
|
||||
|
||||
* Split the implementations into their own file (for ease of auditing)
|
||||
* Corrected the file type check after `/dev/urandom` has been opened (thanks
|
||||
[@narfbg](https://github.com/narfbg) and [@jedisct1](https://github.com/jedisct1))
|
||||
|
||||
### Version 0.9.5 (pre-release) - 2015-07-31
|
||||
|
||||
* Validate that `/dev/urandom` is a character device
|
||||
* Reported by [@lokdnet](https://twitter.com/lokdnet)
|
||||
* Investigated by [@narfbg](https://github.com/narfbg) and [frymaster](http://stackoverflow.com/users/1226810/frymaster) on [StackOverflow](http://stackoverflow.com/q/31631066/2224584)
|
||||
* Remove support for `/dev/arandom` which is an old OpenBSD feature, thanks [@jedisct1](https://github.com/jedisct1)
|
||||
* Prevent race conditions on the `filetype()` check, thanks [@jedisct1](https://github.com/jedisct1)
|
||||
* Buffer file reads to 8 bytes (performance optimization; PHP defaults to 8192 bytes)
|
||||
|
||||
### Version 0.9.4 (pre-release) - 2015-07-27
|
||||
|
||||
* Add logic to verify that `/dev/arandom` and `/dev/urandom` are actually devices.
|
||||
* Some clean-up in the comments
|
||||
|
||||
### Version 0.9.3 (pre-release) - 2015-07-22
|
||||
|
||||
Unless the Exceptions change to PHP 7 fails, this should be the last pre-release
|
||||
version. If need be, we'll make one more pre-release version with compatible
|
||||
behavior.
|
||||
|
||||
Changes since 0.9.2:
|
||||
|
||||
* Prioritize `/dev/arandom` and `/dev/urandom` over mcrypt.
|
||||
[@oittaa](https://github.com/oittaa) removed the -1 and +1 juggling on `$range` calculations for `random_int()`
|
||||
* Whitespace and comment clean-up, plus better variable names
|
||||
* Actually put a description in the composer.json file...
|
||||
|
||||
### Version 0.9.2 (pre-release) - 2015-07-16
|
||||
|
||||
* Consolidated `$range > PHP_INT_MAX` logic with `$range <= PHP_INT_MAX` (thanks
|
||||
[@oittaa](https://github.com/oittaa) and [@CodesInChaos](https://github.com/CodesInChaos))
|
||||
* `tests/phpunit.sh` now also runs the tests with `mbstring.func_overload` and
|
||||
`open_basedir`
|
||||
* Style consistency, whitespace cleanup, more meaningful variable names
|
||||
|
||||
### Version 0.9.1 (pre-release) - 2015-07-09
|
||||
|
||||
* Return random values on integer ranges > `PHP_INT_MAX` (thanks [@CodesInChaos](https://github.com/CodesInChaos))
|
||||
* Determined CSPRNG preference:
|
||||
1. `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM`
|
||||
2. `/dev/arandom`
|
||||
3. `/dev/urandom`
|
||||
4. `openssl_random_pseudo_bytes()`
|
||||
* Optimized backend selection (thanks [@lt](https://github.com/lt))
|
||||
* Fix #3 (thanks [@scottchiefbaker](https://github.com/scottchiefbaker))
|
||||
|
||||
### Version 0.9.0 (pre-release) - 2015-07-07
|
||||
|
||||
This should be a sane polyfill for PHP 7's `random_bytes()` and `random_int()`.
|
||||
We hesitate to call it production ready until it has received sufficient third
|
||||
party review.
|
34
vendor/paragonie/random_compat/ERRATA.md
vendored
Normal file
34
vendor/paragonie/random_compat/ERRATA.md
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
## Errata (Design Decisions)
|
||||
|
||||
### Reasoning Behind the Order of Preferred Random Data Sources
|
||||
|
||||
The order is:
|
||||
|
||||
1. `libsodium if available`
|
||||
2. `fread() /dev/urandom if available`
|
||||
3. `mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)`
|
||||
4. `COM('CAPICOM.Utilities.1')->GetRandom()`
|
||||
|
||||
If libsodium is available, we get random data from it. This is the preferred
|
||||
method on all OSes, but libsodium is not very widely installed, so other
|
||||
fallbacks are available.
|
||||
|
||||
Next, we read `/dev/urandom` (if it exists). This is the preferred file to read
|
||||
for random data for cryptographic purposes for BSD and Linux.
|
||||
|
||||
Despite [strongly urging people not to use mcrypt in their projects](https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong),
|
||||
because libmcrypt is abandonware and the API puts too much responsibility on the
|
||||
implementor, we prioritize `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM` above
|
||||
the remaining implementations.
|
||||
|
||||
The reason is simple: `mcrypt_create_iv()` is part of PHP's `ext/mcrypt` code,
|
||||
and is not part `libmcrypt`. It actually does the right thing:
|
||||
|
||||
* On Unix-based operating systems, it reads from `/dev/urandom`, which unlike `/dev/random`
|
||||
is the sane and correct thing to do.
|
||||
* On Windows, it reads from `CryptGenRandom`, which is an exclusively Windows
|
||||
way to get random bytes.
|
||||
|
||||
If we're on Windows and don't have access to `mcrypt`, we use `CAPICOM.Utilities.1`.
|
||||
|
||||
As of random_compat 1.3, we no longer fall through to OpenSSL.
|
22
vendor/paragonie/random_compat/LICENSE
vendored
Normal file
22
vendor/paragonie/random_compat/LICENSE
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
176
vendor/paragonie/random_compat/README.md
vendored
Normal file
176
vendor/paragonie/random_compat/README.md
vendored
Normal file
|
@ -0,0 +1,176 @@
|
|||
# random_compat
|
||||
|
||||
[![Build Status](https://travis-ci.org/paragonie/random_compat.svg?branch=master)](https://travis-ci.org/paragonie/random_compat)
|
||||
[![Scrutinizer](https://scrutinizer-ci.com/g/paragonie/random_compat/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/paragonie/random_compat)
|
||||
|
||||
PHP 5.x polyfill for `random_bytes()` and `random_int()` created and maintained
|
||||
by [Paragon Initiative Enterprises](https://paragonie.com).
|
||||
|
||||
Although this library *should* function in earlier versions of PHP, we will only
|
||||
consider issues relevant to [supported PHP versions](https://secure.php.net/supported-versions.php).
|
||||
**If you are using an unsupported version of PHP, please upgrade as soon as possible.**
|
||||
|
||||
## Important
|
||||
|
||||
Although this library has been examined by some security experts in the PHP
|
||||
community, there will always be a chance that we overlooked something. Please
|
||||
ask your favorite trusted hackers to hammer it for implementation errors and
|
||||
bugs before even thinking about deploying it in production.
|
||||
|
||||
**Do not use the master branch, use a [stable release](https://github.com/paragonie/random_compat/releases/latest).**
|
||||
|
||||
For the background of this library, please refer to our blog post on
|
||||
[Generating Random Integers and Strings in PHP](https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php).
|
||||
|
||||
### Usability Notice
|
||||
|
||||
If PHP cannot safely generate random data, this library will throw an `Exception`.
|
||||
It will never fall back to insecure random data. If this keeps happening, upgrade
|
||||
to a newer version of PHP immediately.
|
||||
|
||||
## Installing
|
||||
|
||||
**With [Composer](https://getcomposer.org):**
|
||||
|
||||
composer require paragonie/random_compat
|
||||
|
||||
**Signed PHP Archive:**
|
||||
|
||||
As of version 1.2.0, we also ship an ECDSA-signed PHP Archive with each stable
|
||||
release on Github.
|
||||
|
||||
1. Download [the `.phar`, `.phar.pubkey`, and `.phar.pubkey.asc`](https://github.com/paragonie/random_compat/releases/latest) files.
|
||||
2. (**Recommended** but not required) Verify the PGP signature of `.phar.pubkey`
|
||||
(contained within the `.asc` file) using the [PGP public key for Paragon Initiative Enterprises](https://paragonie.com/static/gpg-public-key.txt).
|
||||
3. Extract both `.phar` and `.phar.pubkey` files to the same directory.
|
||||
4. `require_once "/path/to/random_compat.phar";`
|
||||
5. When a new version is released, you only need to replace the `.phar` file;
|
||||
the `.pubkey` will not change (unless our signing key is ever compromised).
|
||||
|
||||
**Manual Installation:**
|
||||
|
||||
1. Download [a stable release](https://github.com/paragonie/random_compat/releases/latest).
|
||||
2. Extract the files into your project.
|
||||
3. `require_once "/path/to/random_compat/lib/random.php";`
|
||||
|
||||
## Usage
|
||||
|
||||
This library exposes the [CSPRNG functions added in PHP 7](https://secure.php.net/manual/en/ref.csprng.php)
|
||||
for use in PHP 5 projects. Their behavior should be identical.
|
||||
|
||||
### Generate a string of random bytes
|
||||
|
||||
```php
|
||||
try {
|
||||
$string = random_bytes(32);
|
||||
} catch (TypeError $e) {
|
||||
// Well, it's an integer, so this IS unexpected.
|
||||
die("An unexpected error has occurred");
|
||||
} catch (Error $e) {
|
||||
// This is also unexpected because 32 is a reasonable integer.
|
||||
die("An unexpected error has occurred");
|
||||
} catch (Exception $e) {
|
||||
// If you get this message, the CSPRNG failed hard.
|
||||
die("Could not generate a random string. Is our OS secure?");
|
||||
}
|
||||
|
||||
var_dump(bin2hex($string));
|
||||
// string(64) "5787c41ae124b3b9363b7825104f8bc8cf27c4c3036573e5f0d4a91ad2eeac6f"
|
||||
```
|
||||
|
||||
### Generate a random integer between two given integers (inclusive)
|
||||
|
||||
```php
|
||||
try {
|
||||
$int = random_int(0,255);
|
||||
|
||||
} catch (TypeError $e) {
|
||||
// Well, it's an integer, so this IS unexpected.
|
||||
die("An unexpected error has occurred");
|
||||
} catch (Error $e) {
|
||||
// This is also unexpected because 0 and 255 are both reasonable integers.
|
||||
die("An unexpected error has occurred");
|
||||
} catch (Exception $e) {
|
||||
// If you get this message, the CSPRNG failed hard.
|
||||
die("Could not generate a random string. Is our OS secure?");
|
||||
}
|
||||
|
||||
var_dump($int);
|
||||
// int(47)
|
||||
```
|
||||
|
||||
### Exception handling
|
||||
|
||||
When handling exceptions and errors you must account for differences between
|
||||
PHP 5 and PHP7.
|
||||
|
||||
The differences:
|
||||
|
||||
* Catching `Error` works, so long as it is caught before `Exception`.
|
||||
* Catching `Exception` has different behavior, without previously catching `Error`.
|
||||
* There is *no* portable way to catch all errors/exceptions.
|
||||
|
||||
#### Our recommendation
|
||||
|
||||
**Always** catch `Error` before `Exception`.
|
||||
|
||||
#### Example
|
||||
|
||||
```php
|
||||
try {
|
||||
return random_int(1, $userInput);
|
||||
} catch (TypeError $e) {
|
||||
// This is okay, so long as `Error` is caught before `Exception`.
|
||||
throw new Exception('Please enter a number!');
|
||||
} catch (Error $e) {
|
||||
// This is required, if you do not need to do anything just rethrow.
|
||||
throw $e;
|
||||
} catch (Exception $e) {
|
||||
// This is optional and maybe omitted if you do not want to handle errors
|
||||
// during generation.
|
||||
throw new InternalServerErrorException(
|
||||
'Oops, our server is bust and cannot generate any random data.',
|
||||
500,
|
||||
$e
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
## Contributors
|
||||
|
||||
This project would not be anywhere near as excellent as it is today if it
|
||||
weren't for the contributions of the following individuals:
|
||||
|
||||
* [@AndrewCarterUK (Andrew Carter)](https://github.com/AndrewCarterUK)
|
||||
* [@asgrim (James Titcumb)](https://github.com/asgrim)
|
||||
* [@bcremer (Benjamin Cremer)](https://github.com/bcremer)
|
||||
* [@CodesInChaos (Christian Winnerlein)](https://github.com/CodesInChaos)
|
||||
* [@chriscct7 (Chris Christoff)](https://github.com/chriscct7)
|
||||
* [@cs278 (Chris Smith)](https://github.com/cs278)
|
||||
* [@cweagans (Cameron Eagans)](https://github.com/cweagans)
|
||||
* [@dd32 (Dion Hulse)](https://github.com/dd32)
|
||||
* [@geggleto (Glenn Eggleton)](https://github.com/geggleto)
|
||||
* [@ircmaxell (Anthony Ferrara)](https://github.com/ircmaxell)
|
||||
* [@jedisct1 (Frank Denis)](https://github.com/jedisct1)
|
||||
* [@juliangut (Julián Gutiérrez)](https://github.com/juliangut)
|
||||
* [@kelunik (Niklas Keller)](https://github.com/kelunik)
|
||||
* [@lt (Leigh)](https://github.com/lt)
|
||||
* [@MasonM (Mason Malone)](https://github.com/MasonM)
|
||||
* [@mmeyer2k (Michael M)](https://github.com/mmeyer2k)
|
||||
* [@narfbg (Andrey Andreev)](https://github.com/narfbg)
|
||||
* [@nicolas-grekas (Nicolas Grekas)](https://github.com/nicolas-grekas)
|
||||
* [@oittaa](https://github.com/oittaa)
|
||||
* [@oucil (Kevin Farley)](https://github.com/oucil)
|
||||
* [@redragonx (Stephen Chavez)](https://github.com/redragonx)
|
||||
* [@rchouinard (Ryan Chouinard)](https://github.com/rchouinard)
|
||||
* [@SammyK (Sammy Kaye Powers)](https://github.com/SammyK)
|
||||
* [@scottchiefbaker (Scott Baker)](https://github.com/scottchiefbaker)
|
||||
* [@skyosev (Stoyan Kyosev)](https://github.com/skyosev)
|
||||
* [@stof (Christophe Coevoet)](https://github.com/stof)
|
||||
* [@teohhanhui (Teoh Han Hui)](https://github.com/teohhanhui)
|
||||
* [@tom-- (Tom Worster)](https://github.com/tom--)
|
||||
* [@tsyr2ko](https://github.com/tsyr2ko)
|
||||
* [@trowski (Aaron Piotrowski)](https://github.com/trowski)
|
||||
* [@twistor (Chris Lepannen)](https://github.com/twistor)
|
||||
* [@voku (Lars Moelleken)](https://github.com/voku)
|
||||
* [@xabbuh (Christian Flothmann)](https://github.com/xabbuh)
|
108
vendor/paragonie/random_compat/SECURITY.md
vendored
Normal file
108
vendor/paragonie/random_compat/SECURITY.md
vendored
Normal file
|
@ -0,0 +1,108 @@
|
|||
# An Invitation to Security Researchers
|
||||
|
||||
Every company says they take security "very seriously." Rather than bore anyone
|
||||
with banal boilerplate, here are some quick answers followed by detailed
|
||||
elaboration. If you have any questions about our policies, please email them to
|
||||
`scott@paragonie.com`.
|
||||
|
||||
## Quick Answers
|
||||
|
||||
* There is no compulsion to disclose vulnerabilities privately, but we
|
||||
appreciate a head's up.
|
||||
* `security@paragonie.com` will get your reports to the right person. Our GPG
|
||||
fingerprint, should you decide to encrypt your report, is
|
||||
`7F52 D5C6 1D12 55C7 3136 2E82 6B97 A1C2 8264 04DA`.
|
||||
|
||||
* **YES**, we will reward security researchers who disclose vulnerabilities in
|
||||
our software.
|
||||
* In most cases, **No Proof-of-Concept Required.**
|
||||
|
||||
## How to Report a Security Bug to Paragon Initiative Enterprises
|
||||
|
||||
### There is no compulsion to disclose privately.
|
||||
|
||||
We believe vulnerability disclosure style is a personal choice and enjoy working
|
||||
with a diverse community. We understand and appreciate the importance of Full
|
||||
Disclosure in the history and practice of security research.
|
||||
|
||||
We would *like* to know about high-severity bugs before they become public
|
||||
knowledge, so we can fix them in a timely manner, but **we do not believe in
|
||||
threatening researchers or trying to enforce vulnerability embargoes**.
|
||||
|
||||
Ultimately, if you discover a security-affecting vulnerability, what you do with
|
||||
it is your choice. We would like to work with people, and to celebrate and
|
||||
reward their skill, experience, and dedication. We appreciate being informed of
|
||||
our mistakes so we can learn from them and build a better product. Our goal is
|
||||
to empower the community.
|
||||
|
||||
### Where to Send Security Vulnerabilities
|
||||
|
||||
Our security email address is `security@paragonie.com`. Also feel free to open a
|
||||
new issue on Github if you want to disclose publicly.
|
||||
|
||||
```
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG
|
||||
|
||||
mQENBFUgwRUBCADcIpqNwyYc5UmY/tpx1sF/rQ3knR1YNXYZThzFV+Gmqhp1fDH5
|
||||
qBs9foh1xwI6O7knWmQngnf/nBumI3x6xj7PuOdEZUh2FwCG/VWnglW8rKmoHzHA
|
||||
ivjiu9SLnPIPAgHSHeh2XD7q3Ndm3nenbjAiRFNl2iXcwA2cTQp9Mmfw9vVcw0G0
|
||||
z1o0G3s8cC8ZS6flFySIervvfSRWj7A1acI5eE3+AH/qXJRdEJ+9J8OB65p1JMfk
|
||||
6+fWgOB1XZxMpz70S0rW6IX38WDSRhEK2fXyZJAJjyt+YGuzjZySNSoQR/V6vNYn
|
||||
syrNPCJ2i5CgZQxAkyBBcr7koV9RIhPRzct/ABEBAAG0IVNlY3VyaXR5IDxzZWN1
|
||||
cml0eUBwYXJhZ29uaWUuY29tPokBOQQTAQIAIwUCVSDBFQIbAwcLCQgHAwIBBhUI
|
||||
AgkKCwQWAgMBAh4BAheAAAoJEGuXocKCZATat2YIAIoejNFEQ2c1iaOEtSuB7Pn/
|
||||
WLbsDsHNLDKOV+UnfaCjv/vL7D+5NMChFCi2frde/NQb2TsjqmIH+V+XbnJtlrXD
|
||||
Vj7yvMVal+Jqjwj7v4eOEWcKVcFZk+9cfUgh7t92T2BMX58RpgZF0IQZ6Z1R3FfC
|
||||
9Ub4X6ykW+te1q0/4CoRycniwmlQi6iGSr99LQ5pfJq2Qlmz/luTZ0UX0h575T7d
|
||||
cp2T1sX/zFRk/fHeANWSksipdDBjAXR7NMnYZgw2HghEdFk/xRDY7K1NRWNZBf05
|
||||
WrMHmh6AIVJiWZvI175URxEe268hh+wThBhXQHMhFNJM1qPIuzb4WogxM3UUD7m5
|
||||
AQ0EVSDBFQEIALNkpzSuJsHAHh79sc0AYWztdUe2MzyofQbbOnOCpWZebYsC3EXU
|
||||
335fIg59k0m6f+O7GmEZzzIv5v0i99GS1R8CJm6FvhGqtH8ZqmOGbc71WdJSiNVE
|
||||
0kpQoJlVzRbig6ZyyjzrggbM1eh5OXOk5pw4+23FFEdw7JWU0HJS2o71r1hwp05Z
|
||||
vy21kcUEobz/WWQQyGS0Neo7PJn+9KS6wOxXul/UE0jct/5f7KLMdWMJ1VgniQmm
|
||||
hjvkHLPSICteqCI04RfcmMseW9gueHQXeUu1SNIvsWa2MhxjeBej3pDnrZWszKwy
|
||||
gF45GO9/v4tkIXNMy5J1AtOyRgQ3IUMqp8EAEQEAAYkBHwQYAQIACQUCVSDBFQIb
|
||||
DAAKCRBrl6HCgmQE2jnIB/4/xFz8InpM7eybnBOAir3uGcYfs3DOmaKn7qWVtGzv
|
||||
rKpQPYnVtlU2i6Z5UO4c4jDLT/8Xm1UDz3Lxvqt4xCaDwJvBZexU5BMK8l5DvOzH
|
||||
6o6P2L1UDu6BvmPXpVZz7/qUhOnyf8VQg/dAtYF4/ax19giNUpI5j5o5mX5w80Rx
|
||||
qSXV9NdSL4fdjeG1g/xXv2luhoV53T1bsycI3wjk/x5tV+M2KVhZBvvuOm/zhJje
|
||||
oLWp0saaESkGXIXqurj6gZoujJvSvzl0n9F9VwqMEizDUfrXgtD1siQGhP0sVC6q
|
||||
ha+F/SAEJ0jEquM4TfKWWU2S5V5vgPPpIQSYRnhQW4b1
|
||||
=xJPW
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
||||
|
||||
### We Will Reward Security Researchers
|
||||
|
||||
**This process has not been formalized; nor have dollar amounts been
|
||||
discussed.**
|
||||
|
||||
However, if you report a valid security-affecting bug, we will compensate you
|
||||
for the time spent finding the vulnerability and reward you for being a good
|
||||
neighbor.
|
||||
|
||||
#### What does a "valid" bug mean?
|
||||
|
||||
There are two sides to this:
|
||||
|
||||
1. Some have spammed projects with invalid bug reports hoping to collect
|
||||
bounties for pressing a button and running an automated analysis tool. This
|
||||
is not cool.
|
||||
2. There is a potential for the developers of a project to declare all security
|
||||
bug reports as invalid to save money.
|
||||
|
||||
Our team members have an established history of reporting vulnerabilities to
|
||||
large open source projects. **We aren't in the business of ripping people off.**
|
||||
When in doubt, our policy is to err on the side of generosity.
|
||||
|
||||
### No Proof-of-Concept Required
|
||||
|
||||
We might ask for one if we feel we do not understand some of the details
|
||||
pertaining to a specific vulnerability. We certainly appreciate them if you
|
||||
include them in your report, but we believe **the burden lies with the developer
|
||||
to prove their software *is* secure** rather than with the researcher to prove
|
||||
that it isn't.
|
||||
|
||||
In our experience, most bugs are simpler to fix than they are to exploit.
|
||||
|
5
vendor/paragonie/random_compat/build-phar.sh
vendored
Executable file
5
vendor/paragonie/random_compat/build-phar.sh
vendored
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )
|
||||
|
||||
php -dphar.readonly=0 "$basedir/other/build_phar.php" $*
|
35
vendor/paragonie/random_compat/composer.json
vendored
Normal file
35
vendor/paragonie/random_compat/composer.json
vendored
Normal file
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"random",
|
||||
"pseudorandom"
|
||||
],
|
||||
"license": "MIT",
|
||||
"type": "library",
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/paragonie/random_compat/issues",
|
||||
"email": "info@paragonie.com",
|
||||
"source": "https://github.com/paragonie/random_compat"
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"autoload": {
|
||||
"files": ["lib/random.php"]
|
||||
}
|
||||
}
|
181
vendor/paragonie/random_compat/lib/byte_safe_strings.php
vendored
Normal file
181
vendor/paragonie/random_compat/lib/byte_safe_strings.php
vendored
Normal file
|
@ -0,0 +1,181 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!function_exists('RandomCompat_strlen')) {
|
||||
if (
|
||||
defined('MB_OVERLOAD_STRING') &&
|
||||
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||
) {
|
||||
/**
|
||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
* This version uses mb_strlen() in '8bit' mode to treat strings as raw
|
||||
* binary rather than UTF-8, ISO-8859-1, etc
|
||||
*
|
||||
* @param string $binary_string
|
||||
*
|
||||
* @throws TypeError
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
function RandomCompat_strlen($binary_string)
|
||||
{
|
||||
if (!is_string($binary_string)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_strlen() expects a string'
|
||||
);
|
||||
}
|
||||
|
||||
return mb_strlen($binary_string, '8bit');
|
||||
}
|
||||
|
||||
} else {
|
||||
/**
|
||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
* This version just used the default strlen()
|
||||
*
|
||||
* @param string $binary_string
|
||||
*
|
||||
* @throws TypeError
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
function RandomCompat_strlen($binary_string)
|
||||
{
|
||||
if (!is_string($binary_string)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_strlen() expects a string'
|
||||
);
|
||||
}
|
||||
return strlen($binary_string);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('RandomCompat_substr')) {
|
||||
|
||||
if (
|
||||
defined('MB_OVERLOAD_STRING')
|
||||
&&
|
||||
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||
) {
|
||||
/**
|
||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
* This version uses mb_substr() in '8bit' mode to treat strings as raw
|
||||
* binary rather than UTF-8, ISO-8859-1, etc
|
||||
*
|
||||
* @param string $binary_string
|
||||
* @param int $start
|
||||
* @param int $length (optional)
|
||||
*
|
||||
* @throws TypeError
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function RandomCompat_substr($binary_string, $start, $length = null)
|
||||
{
|
||||
if (!is_string($binary_string)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): First argument should be a string'
|
||||
);
|
||||
}
|
||||
|
||||
if (!is_int($start)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): Second argument should be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($length === null) {
|
||||
/**
|
||||
* mb_substr($str, 0, NULL, '8bit') returns an empty string on
|
||||
* PHP 5.3, so we have to find the length ourselves.
|
||||
*/
|
||||
$length = RandomCompat_strlen($length) - $start;
|
||||
} elseif (!is_int($length)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): Third argument should be an integer, or omitted'
|
||||
);
|
||||
}
|
||||
|
||||
// Consistency with PHP's behavior
|
||||
if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
|
||||
return '';
|
||||
}
|
||||
if ($start > RandomCompat_strlen($binary_string)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return mb_substr($binary_string, $start, $length, '8bit');
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
/**
|
||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
* This version just uses the default substr()
|
||||
*
|
||||
* @param string $binary_string
|
||||
* @param int $start
|
||||
* @param int $length (optional)
|
||||
*
|
||||
* @throws TypeError
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function RandomCompat_substr($binary_string, $start, $length = null)
|
||||
{
|
||||
if (!is_string($binary_string)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): First argument should be a string'
|
||||
);
|
||||
}
|
||||
|
||||
if (!is_int($start)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): Second argument should be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($length !== null) {
|
||||
if (!is_int($length)) {
|
||||
throw new TypeError(
|
||||
'RandomCompat_substr(): Third argument should be an integer, or omitted'
|
||||
);
|
||||
}
|
||||
|
||||
return substr($binary_string, $start, $length);
|
||||
}
|
||||
|
||||
return substr($binary_string, $start);
|
||||
}
|
||||
}
|
||||
}
|
71
vendor/paragonie/random_compat/lib/cast_to_int.php
vendored
Normal file
71
vendor/paragonie/random_compat/lib/cast_to_int.php
vendored
Normal file
|
@ -0,0 +1,71 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!function_exists('RandomCompat_intval')) {
|
||||
|
||||
/**
|
||||
* Cast to an integer if we can, safely.
|
||||
*
|
||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||
* lose precision, so the <= and => operators might accidentally let a float
|
||||
* through.
|
||||
*
|
||||
* @param int|float $number The number we want to convert to an int
|
||||
* @param boolean $fail_open Set to true to not throw an exception
|
||||
*
|
||||
* @return int (or float if $fail_open)
|
||||
*
|
||||
* @throws TypeError
|
||||
*/
|
||||
function RandomCompat_intval($number, $fail_open = false)
|
||||
{
|
||||
if (is_numeric($number)) {
|
||||
$number += 0;
|
||||
}
|
||||
|
||||
if (
|
||||
is_float($number)
|
||||
&&
|
||||
$number > ~PHP_INT_MAX
|
||||
&&
|
||||
$number < PHP_INT_MAX
|
||||
) {
|
||||
$number = (int) $number;
|
||||
}
|
||||
|
||||
if (is_int($number) || $fail_open) {
|
||||
return $number;
|
||||
}
|
||||
|
||||
throw new TypeError(
|
||||
'Expected an integer.'
|
||||
);
|
||||
}
|
||||
}
|
42
vendor/paragonie/random_compat/lib/error_polyfill.php
vendored
Normal file
42
vendor/paragonie/random_compat/lib/error_polyfill.php
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!class_exists('Error', false)) {
|
||||
// We can't really avoid making this extend Exception in PHP 5.
|
||||
class Error extends Exception
|
||||
{
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (!class_exists('TypeError', false)) {
|
||||
class TypeError extends Error
|
||||
{
|
||||
|
||||
}
|
||||
}
|
197
vendor/paragonie/random_compat/lib/random.php
vendored
Normal file
197
vendor/paragonie/random_compat/lib/random.php
vendored
Normal file
|
@ -0,0 +1,197 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* @version 2.0.2
|
||||
* @released 2016-04-03
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!defined('PHP_VERSION_ID')) {
|
||||
// This constant was introduced in PHP 5.2.7
|
||||
$RandomCompatversion = explode('.', PHP_VERSION);
|
||||
define(
|
||||
'PHP_VERSION_ID',
|
||||
$RandomCompatversion[0] * 10000
|
||||
+ $RandomCompatversion[1] * 100
|
||||
+ $RandomCompatversion[2]
|
||||
);
|
||||
$RandomCompatversion = null;
|
||||
}
|
||||
|
||||
if (PHP_VERSION_ID < 70000) {
|
||||
|
||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
||||
}
|
||||
|
||||
$RandomCompatDIR = dirname(__FILE__);
|
||||
|
||||
require_once $RandomCompatDIR.'/byte_safe_strings.php';
|
||||
require_once $RandomCompatDIR.'/cast_to_int.php';
|
||||
require_once $RandomCompatDIR.'/error_polyfill.php';
|
||||
|
||||
if (!function_exists('random_bytes')) {
|
||||
/**
|
||||
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
|
||||
*
|
||||
* We use conditional statements here to define the function in accordance
|
||||
* to the operating environment. It's a micro-optimization.
|
||||
*
|
||||
* In order of preference:
|
||||
* 1. Use libsodium if available.
|
||||
* 2. fread() /dev/urandom if available (never on Windows)
|
||||
* 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
|
||||
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
|
||||
* 5. openssl_random_pseudo_bytes() (absolute last resort)
|
||||
*
|
||||
* See ERRATA.md for our reasoning behind this particular order
|
||||
*/
|
||||
if (extension_loaded('libsodium')) {
|
||||
// See random_bytes_libsodium.php
|
||||
if (PHP_VERSION_ID >= 50300 && function_exists('\\Sodium\\randombytes_buf')) {
|
||||
require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
|
||||
} elseif (method_exists('Sodium', 'randombytes_buf')) {
|
||||
require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Reading directly from /dev/urandom:
|
||||
*/
|
||||
if (DIRECTORY_SEPARATOR === '/') {
|
||||
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
|
||||
// way to exclude Windows.
|
||||
$RandomCompatUrandom = true;
|
||||
$RandomCompat_basedir = ini_get('open_basedir');
|
||||
|
||||
if (!empty($RandomCompat_basedir)) {
|
||||
$RandomCompat_open_basedir = explode(
|
||||
PATH_SEPARATOR,
|
||||
strtolower($RandomCompat_basedir)
|
||||
);
|
||||
$RandomCompatUrandom = (array() !== array_intersect(
|
||||
array('/dev', '/dev/', '/dev/urandom'),
|
||||
$RandomCompat_open_basedir
|
||||
));
|
||||
$RandomCompat_open_basedir = null;
|
||||
}
|
||||
|
||||
if (
|
||||
!function_exists('random_bytes')
|
||||
&&
|
||||
$RandomCompatUrandom
|
||||
&&
|
||||
@is_readable('/dev/urandom')
|
||||
) {
|
||||
// Error suppression on is_readable() in case of an open_basedir
|
||||
// or safe_mode failure. All we care about is whether or not we
|
||||
// can read it at this point. If the PHP environment is going to
|
||||
// panic over trying to see if the file can be read in the first
|
||||
// place, that is not helpful to us here.
|
||||
|
||||
// See random_bytes_dev_urandom.php
|
||||
require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
|
||||
}
|
||||
// Unset variables after use
|
||||
$RandomCompat_basedir = null;
|
||||
} else {
|
||||
$RandomCompatUrandom = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* mcrypt_create_iv()
|
||||
*/
|
||||
if (
|
||||
!function_exists('random_bytes')
|
||||
&&
|
||||
PHP_VERSION_ID >= 50307
|
||||
&&
|
||||
extension_loaded('mcrypt')
|
||||
&&
|
||||
(DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
|
||||
) {
|
||||
// Prevent this code from hanging indefinitely on non-Windows;
|
||||
// see https://bugs.php.net/bug.php?id=69833
|
||||
if (
|
||||
DIRECTORY_SEPARATOR !== '/' ||
|
||||
(PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
|
||||
) {
|
||||
// See random_bytes_mcrypt.php
|
||||
require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
|
||||
}
|
||||
}
|
||||
$RandomCompatUrandom = null;
|
||||
|
||||
if (
|
||||
!function_exists('random_bytes')
|
||||
&&
|
||||
extension_loaded('com_dotnet')
|
||||
&&
|
||||
class_exists('COM')
|
||||
) {
|
||||
$RandomCompat_disabled_classes = preg_split(
|
||||
'#\s*,\s*#',
|
||||
strtolower(ini_get('disable_classes'))
|
||||
);
|
||||
|
||||
if (!in_array('com', $RandomCompat_disabled_classes)) {
|
||||
try {
|
||||
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
|
||||
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
|
||||
// See random_bytes_com_dotnet.php
|
||||
require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
|
||||
}
|
||||
} catch (com_exception $e) {
|
||||
// Don't try to use it.
|
||||
}
|
||||
}
|
||||
$RandomCompat_disabled_classes = null;
|
||||
$RandomCompatCOMtest = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* throw new Exception
|
||||
*/
|
||||
if (!function_exists('random_bytes')) {
|
||||
/**
|
||||
* We don't have any more options, so let's throw an exception right now
|
||||
* and hope the developer won't let it fail silently.
|
||||
*/
|
||||
function random_bytes($length)
|
||||
{
|
||||
throw new Exception(
|
||||
'There is no suitable CSPRNG installed on your system'
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('random_int')) {
|
||||
require_once $RandomCompatDIR.'/random_int.php';
|
||||
}
|
||||
|
||||
$RandomCompatDIR = null;
|
||||
}
|
81
vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
vendored
Normal file
81
vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
vendored
Normal file
|
@ -0,0 +1,81 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Windows with PHP < 5.3.0 will not have the function
|
||||
* openssl_random_pseudo_bytes() available, so let's use
|
||||
* CAPICOM to work around this deficiency.
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
|
||||
$buf = '';
|
||||
$util = new COM('CAPICOM.Utilities.1');
|
||||
$execCount = 0;
|
||||
|
||||
/**
|
||||
* Let's not let it loop forever. If we run N times and fail to
|
||||
* get N bytes of random data, then CAPICOM has failed us.
|
||||
*/
|
||||
do {
|
||||
$buf .= base64_decode($util->GetRandom($bytes, 0));
|
||||
if (RandomCompat_strlen($buf) >= $bytes) {
|
||||
/**
|
||||
* Return our random entropy buffer here:
|
||||
*/
|
||||
return RandomCompat_substr($buf, 0, $bytes);
|
||||
}
|
||||
++$execCount;
|
||||
} while ($execCount < $bytes);
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'Could not gather sufficient random data'
|
||||
);
|
||||
}
|
148
vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
vendored
Normal file
148
vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
vendored
Normal file
|
@ -0,0 +1,148 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unless open_basedir is enabled, use /dev/urandom for
|
||||
* random numbers in accordance with best practices
|
||||
*
|
||||
* Why we use /dev/urandom and not /dev/random
|
||||
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
static $fp = null;
|
||||
/**
|
||||
* This block should only be run once
|
||||
*/
|
||||
if (empty($fp)) {
|
||||
/**
|
||||
* We use /dev/urandom if it is a char device.
|
||||
* We never fall back to /dev/random
|
||||
*/
|
||||
$fp = fopen('/dev/urandom', 'rb');
|
||||
if (!empty($fp)) {
|
||||
$st = fstat($fp);
|
||||
if (($st['mode'] & 0170000) !== 020000) {
|
||||
fclose($fp);
|
||||
$fp = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($fp)) {
|
||||
/**
|
||||
* stream_set_read_buffer() does not exist in HHVM
|
||||
*
|
||||
* If we don't set the stream's read buffer to 0, PHP will
|
||||
* internally buffer 8192 bytes, which can waste entropy
|
||||
*
|
||||
* stream_set_read_buffer returns 0 on success
|
||||
*/
|
||||
if (function_exists('stream_set_read_buffer')) {
|
||||
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
|
||||
}
|
||||
if (function_exists('stream_set_chunk_size')) {
|
||||
stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* This if() block only runs if we managed to open a file handle
|
||||
*
|
||||
* It does not belong in an else {} block, because the above
|
||||
* if (empty($fp)) line is logic that should only be run once per
|
||||
* page load.
|
||||
*/
|
||||
if (!empty($fp)) {
|
||||
$remaining = $bytes;
|
||||
$buf = '';
|
||||
|
||||
/**
|
||||
* We use fread() in a loop to protect against partial reads
|
||||
*/
|
||||
do {
|
||||
$read = fread($fp, $remaining);
|
||||
if ($read === false) {
|
||||
/**
|
||||
* We cannot safely read from the file. Exit the
|
||||
* do-while loop and trigger the exception condition
|
||||
*/
|
||||
$buf = false;
|
||||
break;
|
||||
}
|
||||
/**
|
||||
* Decrease the number of bytes returned from remaining
|
||||
*/
|
||||
$remaining -= RandomCompat_strlen($read);
|
||||
$buf .= $read;
|
||||
} while ($remaining > 0);
|
||||
|
||||
/**
|
||||
* Is our result valid?
|
||||
*/
|
||||
if ($buf !== false) {
|
||||
if (RandomCompat_strlen($buf) === $bytes) {
|
||||
/**
|
||||
* Return our random entropy buffer here:
|
||||
*/
|
||||
return $buf;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'Error reading from source device'
|
||||
);
|
||||
}
|
86
vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
vendored
Normal file
86
vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
vendored
Normal file
|
@ -0,0 +1,86 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* If the libsodium PHP extension is loaded, we'll use it above any other
|
||||
* solution.
|
||||
*
|
||||
* libsodium-php project:
|
||||
* @ref https://github.com/jedisct1/libsodium-php
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
||||
* generated in one invocation.
|
||||
*/
|
||||
if ($bytes > 2147483647) {
|
||||
$buf = '';
|
||||
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
||||
$n = ($bytes - $i) > 1073741824
|
||||
? 1073741824
|
||||
: $bytes - $i;
|
||||
$buf .= \Sodium\randombytes_buf($n);
|
||||
}
|
||||
} else {
|
||||
$buf = \Sodium\randombytes_buf($bytes);
|
||||
}
|
||||
|
||||
if ($buf !== false) {
|
||||
if (RandomCompat_strlen($buf) === $bytes) {
|
||||
return $buf;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'Could not gather sufficient random data'
|
||||
);
|
||||
}
|
86
vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
vendored
Normal file
86
vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
vendored
Normal file
|
@ -0,0 +1,86 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* If the libsodium PHP extension is loaded, we'll use it above any other
|
||||
* solution.
|
||||
*
|
||||
* libsodium-php project:
|
||||
* @ref https://github.com/jedisct1/libsodium-php
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
||||
* generated in one invocation.
|
||||
*/
|
||||
if ($bytes > 2147483647) {
|
||||
$buf = '';
|
||||
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
||||
$n = ($bytes - $i) > 1073741824
|
||||
? 1073741824
|
||||
: $bytes - $i;
|
||||
$buf .= Sodium::randombytes_buf($n);
|
||||
}
|
||||
} else {
|
||||
$buf = Sodium::randombytes_buf($bytes);
|
||||
}
|
||||
|
||||
if ($buf !== false) {
|
||||
if (RandomCompat_strlen($buf) === $bytes) {
|
||||
return $buf;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'Could not gather sufficient random data'
|
||||
);
|
||||
}
|
76
vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
vendored
Normal file
76
vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
vendored
Normal file
|
@ -0,0 +1,76 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* Powered by ext/mcrypt (and thankfully NOT libmcrypt)
|
||||
*
|
||||
* @ref https://bugs.php.net/bug.php?id=55169
|
||||
* @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
|
||||
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
|
||||
if (
|
||||
$buf !== false
|
||||
&&
|
||||
RandomCompat_strlen($buf) === $bytes
|
||||
) {
|
||||
/**
|
||||
* Return our random entropy buffer here:
|
||||
*/
|
||||
return $buf;
|
||||
}
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'Could not gather sufficient random data'
|
||||
);
|
||||
}
|
191
vendor/paragonie/random_compat/lib/random_int.php
vendored
Normal file
191
vendor/paragonie/random_compat/lib/random_int.php
vendored
Normal file
|
@ -0,0 +1,191 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Fetch a random integer between $min and $max inclusive
|
||||
*
|
||||
* @param int $min
|
||||
* @param int $max
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
function random_int($min, $max)
|
||||
{
|
||||
/**
|
||||
* Type and input logic checks
|
||||
*
|
||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||
* lose precision, so the <= and => operators might accidentally let a float
|
||||
* through.
|
||||
*/
|
||||
|
||||
try {
|
||||
$min = RandomCompat_intval($min);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_int(): $min must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
$max = RandomCompat_intval($max);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_int(): $max must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Now that we've verified our weak typing system has given us an integer,
|
||||
* let's validate the logic then we can move forward with generating random
|
||||
* integers along a given range.
|
||||
*/
|
||||
if ($min > $max) {
|
||||
throw new Error(
|
||||
'Minimum value must be less than or equal to the maximum value'
|
||||
);
|
||||
}
|
||||
|
||||
if ($max === $min) {
|
||||
return $min;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize variables to 0
|
||||
*
|
||||
* We want to store:
|
||||
* $bytes => the number of random bytes we need
|
||||
* $mask => an integer bitmask (for use with the &) operator
|
||||
* so we can minimize the number of discards
|
||||
*/
|
||||
$attempts = $bits = $bytes = $mask = $valueShift = 0;
|
||||
|
||||
/**
|
||||
* At this point, $range is a positive number greater than 0. It might
|
||||
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
|
||||
* a float and we will lose some precision.
|
||||
*/
|
||||
$range = $max - $min;
|
||||
|
||||
/**
|
||||
* Test for integer overflow:
|
||||
*/
|
||||
if (!is_int($range)) {
|
||||
|
||||
/**
|
||||
* Still safely calculate wider ranges.
|
||||
* Provided by @CodesInChaos, @oittaa
|
||||
*
|
||||
* @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
|
||||
*
|
||||
* We use ~0 as a mask in this case because it generates all 1s
|
||||
*
|
||||
* @ref https://eval.in/400356 (32-bit)
|
||||
* @ref http://3v4l.org/XX9r5 (64-bit)
|
||||
*/
|
||||
$bytes = PHP_INT_SIZE;
|
||||
$mask = ~0;
|
||||
|
||||
} else {
|
||||
|
||||
/**
|
||||
* $bits is effectively ceil(log($range, 2)) without dealing with
|
||||
* type juggling
|
||||
*/
|
||||
while ($range > 0) {
|
||||
if ($bits % 8 === 0) {
|
||||
++$bytes;
|
||||
}
|
||||
++$bits;
|
||||
$range >>= 1;
|
||||
$mask = $mask << 1 | 1;
|
||||
}
|
||||
$valueShift = $min;
|
||||
}
|
||||
|
||||
/**
|
||||
* Now that we have our parameters set up, let's begin generating
|
||||
* random integers until one falls between $min and $max
|
||||
*/
|
||||
do {
|
||||
/**
|
||||
* The rejection probability is at most 0.5, so this corresponds
|
||||
* to a failure probability of 2^-128 for a working RNG
|
||||
*/
|
||||
if ($attempts > 128) {
|
||||
throw new Exception(
|
||||
'random_int: RNG is broken - too many rejections'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Let's grab the necessary number of random bytes
|
||||
*/
|
||||
$randomByteString = random_bytes($bytes);
|
||||
if ($randomByteString === false) {
|
||||
throw new Exception(
|
||||
'Random number generator failure'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Let's turn $randomByteString into an integer
|
||||
*
|
||||
* This uses bitwise operators (<< and |) to build an integer
|
||||
* out of the values extracted from ord()
|
||||
*
|
||||
* Example: [9F] | [6D] | [32] | [0C] =>
|
||||
* 159 + 27904 + 3276800 + 201326592 =>
|
||||
* 204631455
|
||||
*/
|
||||
$val = 0;
|
||||
for ($i = 0; $i < $bytes; ++$i) {
|
||||
$val |= ord($randomByteString[$i]) << ($i * 8);
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply mask
|
||||
*/
|
||||
$val &= $mask;
|
||||
$val += $valueShift;
|
||||
|
||||
++$attempts;
|
||||
/**
|
||||
* If $val overflows to a floating point number,
|
||||
* ... or is larger than $max,
|
||||
* ... or smaller than $min,
|
||||
* then try again.
|
||||
*/
|
||||
} while (!is_int($val) || $val > $max || $val < $min);
|
||||
|
||||
return (int) $val;
|
||||
}
|
57
vendor/paragonie/random_compat/other/build_phar.php
vendored
Normal file
57
vendor/paragonie/random_compat/other/build_phar.php
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
<?php
|
||||
$dist = dirname(__DIR__).'/dist';
|
||||
if (!is_dir($dist)) {
|
||||
mkdir($dist, 0755);
|
||||
}
|
||||
if (file_exists($dist.'/random_compat.phar')) {
|
||||
unlink($dist.'/random_compat.phar');
|
||||
}
|
||||
$phar = new Phar(
|
||||
$dist.'/random_compat.phar',
|
||||
FilesystemIterator::CURRENT_AS_FILEINFO | \FilesystemIterator::KEY_AS_FILENAME,
|
||||
'random_compat.phar'
|
||||
);
|
||||
rename(
|
||||
dirname(__DIR__).'/lib/random.php',
|
||||
dirname(__DIR__).'/lib/index.php'
|
||||
);
|
||||
$phar->buildFromDirectory(dirname(__DIR__).'/lib');
|
||||
rename(
|
||||
dirname(__DIR__).'/lib/index.php',
|
||||
dirname(__DIR__).'/lib/random.php'
|
||||
);
|
||||
|
||||
/**
|
||||
* If we pass an (optional) path to a private key as a second argument, we will
|
||||
* sign the Phar with OpenSSL.
|
||||
*
|
||||
* If you leave this out, it will produce an unsigned .phar!
|
||||
*/
|
||||
if ($argc > 1) {
|
||||
if (!@is_readable($argv[1])) {
|
||||
echo 'Could not read the private key file:', $argv[1], "\n";
|
||||
exit(255);
|
||||
}
|
||||
$pkeyFile = file_get_contents($argv[1]);
|
||||
|
||||
$private = openssl_get_privatekey($pkeyFile);
|
||||
if ($private !== false) {
|
||||
$pkey = '';
|
||||
openssl_pkey_export($private, $pkey);
|
||||
$phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
|
||||
|
||||
/**
|
||||
* Save the corresponding public key to the file
|
||||
*/
|
||||
if (!@is_readable($dist.'/random_compat.phar.pubkey')) {
|
||||
$details = openssl_pkey_get_details($private);
|
||||
file_put_contents(
|
||||
$dist.'/random_compat.phar.pubkey',
|
||||
$details['key']
|
||||
);
|
||||
}
|
||||
} else {
|
||||
echo 'An error occurred reading the private key from OpenSSL.', "\n";
|
||||
exit(255);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user