Replaced random_bytes with new Random getBytes method.

3 years ago · 127a31958d
parent bacc3323d5
commit 127a31958d
9 changed files with 51 additions and 35 deletions
--- a/documents/folders.txt
+++ b/documents/folders.txt
@ -24,7 +24,7 @@ tts_framework/src
 │   ├── bb_code_parser.php (Take BB code and display output as HTML)
 │   ├── console_app.php (Detects if running PHP from Command Line)
 │   ├── contracts
-│   │   ├── http_request_options.php
+│   │   ├── http_request_options.php (Used by http_curl_request)
 │   │   └── sessions_interface.php
 │   ├── database
 │   │   ├── dummy_data.php (Populates a DB w/ Dummy Data you give it bu # Rows wanted)
@ -45,6 +45,7 @@ tts_framework/src
 │   ├── memory_usage.php (Displays PHP Memory Usage, when debug is set)
 │   ├── misc.php (create a short url from get_url, post_var, misc. filter FNs)
 │   ├── page_not_found.php (CLI or tts built in views/404 page not found error)
+│   ├── random_engine.php (random bytes/numbers/array shuffle)
 │   ├── router.php (router::get/post, etc... used to setup PHP routes)
 │   ├── safer_sql.php (Play-Testing SQL filter)
 │   ├── security.php (hasing, csrf_token\session_hijacking_functions)
@ -91,4 +92,4 @@ tts_framework/src
    │   └── broken.php (Debug Trace)
    └── errors.php (when Live, this: Sorry, we had an error... Page is used)

-~72 files
+~73 files
--- a/src/classes/database/dummy_data.php
+++ b/src/classes/database/dummy_data.php
@ -13,9 +13,11 @@ namespace tts\database;
 final class dummy_data {

  private $pdo;
+  private $random_engine;
 
  public function __construct($pdo) {
    $this->pdo = $pdo;
+    $this->random_engine = new \tts\random_engine();
  }

  /*
@ -30,7 +32,7 @@ final class dummy_data {
    foreach ($data as $field => $array_values) {
      $array_count = \bs_tts\common::get_count($array_values);
      if ($array_count) {
-        $ret[$field] = $array_values[rand(0, $array_count - 1)];
+        $ret[$field] = $array_values[$this->random_engine->get_int(0, $array_count - 1)];
      }
    }
    return $ret;
--- a/src/classes/random_engine.php
+++ b/src/classes/random_engine.php
@ -20,7 +20,7 @@ class random_engine {

    private $engine = false;

-    public function __construct(): string {
+    public function __construct() {
        $version = (float) phpversion();
        if ($version > 8.1) {
            $this->engine = new \Random\Randomizer();
--- a/src/classes/services/obsolete/crypto.php
+++ b/src/classes/services/obsolete/crypto.php
@ -12,20 +12,17 @@ declare(strict_types=1);
 * NOTICE: This file is just for PLAY, not for PRODUCTION system!
 */

-namespace tts\services;
+namespace tts\services\obsolete;

 class crypto {

-  /**
-   * @var string
-   */
-  private $nonce;
+  private string $nonce;
+  private $random_engine;

  /**
   * Method to construct instance of Crypto
   *
   * @param string $nonce Nonce to crypt string
-   * @return void
   */
  public function __construct($nonce = '') {
    if (is_array($nonce)) {
@ -33,6 +30,7 @@ class crypto {
    } else {
      $this->nonce = !empty($nonce) ? base64_decode($nonce) : $this->generateNonce();
    }
+    $this->random_engine = new \tts\random_engine();
  }

  /**
@ -54,9 +52,8 @@ class crypto {
   *
   * @param string $key Key to decode
   * @param string $input String to decode
-   * @return mixed
   */
-  public function decode(string $key, string $input) {
+  public function decode(string $key, string $input): mixed {
    $keyDecode = base64_decode($key);
    $keypair1_public = $this->getPublic($keyDecode);
    $keypair1_secret = $this->getSecret($keyDecode);
@ -87,7 +84,7 @@ class crypto {
   * @return string
   */
  public function generateNonce(): string {
-    return random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES);
+    return $this->random_engine->get_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES);
  }

  public function getNonce(): string {
@ -104,9 +101,8 @@ class crypto {
   * @param string $input Input to decode
   * @param string $keyPublic Key public
   * @param string $keySecret Key secret
-   * @return string
   */
-  private function _decode(string $input, string $keyPublic, string $keySecret) {
+  private function _decode(string $input, string $keyPublic, string $keySecret): false|string {
    $decryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode($keySecret), base64_decode($keyPublic));
    return sodium_crypto_box_open(base64_decode($input), $this->nonce, $decryption_key);
  }
@ -119,28 +115,22 @@ class crypto {
   * @param string $keySecret Key secret
   * @return string
   */
-  private function _encode(string $input, string $keyPublic, string $keySecret) {
+  private function _encode(string $input, string $keyPublic, string $keySecret): string {
    $encryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode($keySecret), base64_decode($keyPublic));
    return base64_encode(sodium_crypto_box($input, $this->nonce, $encryption_key));
  }

  /**
   * Method to return secret of key
-   *
-   * @param string $key
-   * @return string
   */
-  private function getSecret(string $key) {
+  private function getSecret(string $key): string  {
    return base64_encode(sodium_crypto_box_secretkey($key));
  }

  /**
   * Method to return public of key
-   *
-   * @param string $key
-   * @return string
   */
-  private function getPublic(string $key) {
+  private function getPublic(string $key): string {
    return base64_encode(sodium_crypto_box_publickey($key));
  }
  
--- a/src/classes/services/obsolete/encryption.php
+++ b/src/classes/services/obsolete/encryption.php
@ -8,7 +8,7 @@ declare(strict_types=1);
 * @license https://mit-license.org/
 */

-namespace tts\services;
+namespace tts\services\obsolete;

 /*
 * NOTICE: This file is just for PLAY, not for PRODUCTION system!
@ -23,12 +23,18 @@ final class encryption {
  const raw = true; // When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
  const key_bits = 32; // 256 bit encryption key
  
+  private $random_engine;
  private $binary = false;
  private $url_encode = false;
  private $method = 'AES-256-CBC';
  private $default_hash = 'sha256'; // should be sha256 or higher
  private $_iterations = self::iterations, $_length=self::length, $_raw=self::raw, $_key_bits=self::key_bits;

+  public function __construct() {
+      $this->random_engine = new \tts\random_engine();
+  }
+
+
  public function change_security_level(string $level): bool {
    switch (strtolower($level)) {
      case 'blaze':  
@ -147,7 +153,7 @@ final class encryption {
  public function encrypt(string $key, string $text, bool $validate = true): string {
    $key = ($validate) ? $this->get_valid_key($key) : $key;
    $ivsize = openssl_cipher_iv_length($this->method);
-    $iv     = random_bytes($ivsize); // Requires PHP 7
+    $iv     = $this->random_engine->get_bytes($ivsize); // Requires PHP 7
    // Encryption key generated by PBKDF2 (since PHP 5.5)
    $keys    = hash_pbkdf2($this->default_hash, $key, $iv, $this->_iterations, $this->_length, $this->_raw);
    $encKey  = substr($keys, 0, $this->_key_bits); // X bit encryption key
@ -230,7 +236,7 @@ final class encryption {
   */
  public function generate_valid_key(): string {
    $ivsize = openssl_cipher_iv_length($this->method);
-    return bin2hex(random_bytes($ivsize));
+    return bin2hex($this->random_engine->get_bytes($ivsize));
  }
  
 }
--- a/src/classes/services/obsolete/http_socket_request.php
+++ b/src/classes/services/obsolete/http_socket_request.php
@ -2,6 +2,12 @@

 declare(strict_types=1);

+/** 
+ * @author Robert Strutts <Robert@TryingToScale.com>
+ * @copyright Copyright (c) 2022, Robert Strutts.
+ * @license https://mit-license.org/
+ */
+
 namespace tts\services\obsolete\http_requests;

 use \tts\contacts\http_request_options as HTTP_Requests;
--- a/src/classes/services/paragon_crypto/crypto.php
+++ b/src/classes/services/paragon_crypto/crypto.php
@ -19,7 +19,8 @@ class crypto {
            string $key,
            bool $key_usage = self::single_key
        ): string {
-        $nonce = random_bytes(
+        $rnd = new \tts\random_engine();
+        $nonce = $rnd->get_bytes(
                SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
        );
        $fn = ($key_usage == self::single_key) ? "sodium_crypto_secretbox" : "sodium_crypto_box";
@ -134,7 +135,8 @@ class crypto {
    }

    public static function a_single_key_maker(): string {
-        return base64_encode(random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES));
+        $rnd = new \tts\random_engine();
+        return base64_encode($rnd->get_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES));
    }
    /*
     * Extract the public key from the secret key
--- a/src/classes/services/paragon_crypto/password_storage.php
+++ b/src/classes/services/paragon_crypto/password_storage.php
@ -13,6 +13,11 @@ namespace tts\services\paragon_crypto;
 class password_storage {
    
    const SALT_SIZE_IN_BYTES = 16;
+    private $random_engine;
+    
+    public function __construct() {
+        $this->random_engine = new \tts\random_engine();
+    }

    /**
     * Hash then encrypt a password
@ -28,10 +33,10 @@ class password_storage {
                SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE,
                SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
        );
-        $salt = random_bytes(self::SALT_SIZE_IN_BYTES);
+        $salt = $this->random_engine->get_bytes(self::SALT_SIZE_IN_BYTES);
        list ($enc_key, $auth_key) = $this->split_keys($secret_key, sodium_bin2hex($salt));
        sodium_memzero($secret_key);
-        $nonce = random_bytes(
+        $nonce = $this->random_engine->get_bytes(
                SODIUM_CRYPTO_STREAM_NONCEBYTES
        );
        $cipher_text = sodium_crypto_stream_xor(
@ -99,7 +104,7 @@ class password_storage {
    /**
     * @return array(2) [encryption key, authentication key]
     */
-    private function split_keys(string $secret_key, string $salt) {
+    private function split_keys(string $secret_key, string $salt): array {
        $enc_key  = hash_hkdf('sha256', $secret_key, SODIUM_CRYPTO_STREAM_KEYBYTES, 'encryption', $salt);
        $auth_key = hash_hkdf('sha256', $secret_key, SODIUM_CRYPTO_AUTH_KEYBYTES, 'authentication', $salt);
        return [$enc_key, $auth_key];
--- a/src/classes/services/paragon_crypto/sodium_storage.php
+++ b/src/classes/services/paragon_crypto/sodium_storage.php
@ -21,18 +21,22 @@ declare(strict_types=1);
 namespace tts\services\paragon_crypto;

 class sodium_storage {
+    private $random_engine;
+    
    const SALT_SIZE_IN_BYTES = 16;
    
    /**
     * Sets the encryption key
     */
-    public function __construct(private string $key) { }
+    public function __construct(private string $key) { 
+        $this->random_engine = new \tts\random_engine();
+    }

    public function encode(string $item_name, string $plain_text): string {
-        $nonce = random_bytes(
+        $nonce = $this->random_engine->get_bytes(
                SODIUM_CRYPTO_STREAM_NONCEBYTES
        );
-        $salt = random_bytes(self::SALT_SIZE_IN_BYTES);
+        $salt = $this->random_engine->get_bytes(self::SALT_SIZE_IN_BYTES);
        list ($enc_key, $auth_key) = $this->split_keys($item_name, sodium_bin2hex($salt));
        $cipher_text = sodium_crypto_stream_xor(
                $plain_text,