From 127a31958d88af82d4d14107269b964bb3e85ea0 Mon Sep 17 00:00:00 2001 From: Robert Date: Sun, 25 Dec 2022 10:33:59 -0500 Subject: [PATCH] Replaced random_bytes with new Random getBytes method. --- documents/folders.txt | 5 ++-- src/classes/database/dummy_data.php | 4 ++- src/classes/random_engine.php | 2 +- src/classes/services/obsolete/crypto.php | 30 +++++++------------ src/classes/services/obsolete/encryption.php | 12 ++++++-- .../services/obsolete/http_socket_request.php | 6 ++++ .../services/paragon_crypto/crypto.php | 6 ++-- .../paragon_crypto/password_storage.php | 11 +++++-- .../paragon_crypto/sodium_storage.php | 10 +++++-- 9 files changed, 51 insertions(+), 35 deletions(-) diff --git a/documents/folders.txt b/documents/folders.txt index 22e2717..5a4c469 100644 --- a/documents/folders.txt +++ b/documents/folders.txt @@ -24,7 +24,7 @@ tts_framework/src │   ├── bb_code_parser.php (Take BB code and display output as HTML) │   ├── console_app.php (Detects if running PHP from Command Line) │   ├── contracts -│   │   ├── http_request_options.php +│   │   ├── http_request_options.php (Used by http_curl_request) │   │   └── sessions_interface.php │   ├── database │   │   ├── dummy_data.php (Populates a DB w/ Dummy Data you give it bu # Rows wanted) @@ -45,6 +45,7 @@ tts_framework/src │   ├── memory_usage.php (Displays PHP Memory Usage, when debug is set) │   ├── misc.php (create a short url from get_url, post_var, misc. filter FNs) │   ├── page_not_found.php (CLI or tts built in views/404 page not found error) +│   ├── random_engine.php (random bytes/numbers/array shuffle) │   ├── router.php (router::get/post, etc... used to setup PHP routes) │   ├── safer_sql.php (Play-Testing SQL filter) │   ├── security.php (hasing, csrf_token\session_hijacking_functions) @@ -91,4 +92,4 @@ tts_framework/src │   └── broken.php (Debug Trace) └── errors.php (when Live, this: Sorry, we had an error... Page is used) -~72 files +~73 files diff --git a/src/classes/database/dummy_data.php b/src/classes/database/dummy_data.php index 2c3f6e2..7853728 100644 --- a/src/classes/database/dummy_data.php +++ b/src/classes/database/dummy_data.php @@ -13,9 +13,11 @@ namespace tts\database; final class dummy_data { private $pdo; + private $random_engine; public function __construct($pdo) { $this->pdo = $pdo; + $this->random_engine = new \tts\random_engine(); } /* @@ -30,7 +32,7 @@ final class dummy_data { foreach ($data as $field => $array_values) { $array_count = \bs_tts\common::get_count($array_values); if ($array_count) { - $ret[$field] = $array_values[rand(0, $array_count - 1)]; + $ret[$field] = $array_values[$this->random_engine->get_int(0, $array_count - 1)]; } } return $ret; diff --git a/src/classes/random_engine.php b/src/classes/random_engine.php index f2e849e..718d019 100644 --- a/src/classes/random_engine.php +++ b/src/classes/random_engine.php @@ -20,7 +20,7 @@ class random_engine { private $engine = false; - public function __construct(): string { + public function __construct() { $version = (float) phpversion(); if ($version > 8.1) { $this->engine = new \Random\Randomizer(); diff --git a/src/classes/services/obsolete/crypto.php b/src/classes/services/obsolete/crypto.php index e62681b..a95f7e3 100644 --- a/src/classes/services/obsolete/crypto.php +++ b/src/classes/services/obsolete/crypto.php @@ -12,20 +12,17 @@ declare(strict_types=1); * NOTICE: This file is just for PLAY, not for PRODUCTION system! */ -namespace tts\services; +namespace tts\services\obsolete; class crypto { - /** - * @var string - */ - private $nonce; + private string $nonce; + private $random_engine; /** * Method to construct instance of Crypto * * @param string $nonce Nonce to crypt string - * @return void */ public function __construct($nonce = '') { if (is_array($nonce)) { @@ -33,6 +30,7 @@ class crypto { } else { $this->nonce = !empty($nonce) ? base64_decode($nonce) : $this->generateNonce(); } + $this->random_engine = new \tts\random_engine(); } /** @@ -54,9 +52,8 @@ class crypto { * * @param string $key Key to decode * @param string $input String to decode - * @return mixed */ - public function decode(string $key, string $input) { + public function decode(string $key, string $input): mixed { $keyDecode = base64_decode($key); $keypair1_public = $this->getPublic($keyDecode); $keypair1_secret = $this->getSecret($keyDecode); @@ -87,7 +84,7 @@ class crypto { * @return string */ public function generateNonce(): string { - return random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); + return $this->random_engine->get_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); } public function getNonce(): string { @@ -104,9 +101,8 @@ class crypto { * @param string $input Input to decode * @param string $keyPublic Key public * @param string $keySecret Key secret - * @return string */ - private function _decode(string $input, string $keyPublic, string $keySecret) { + private function _decode(string $input, string $keyPublic, string $keySecret): false|string { $decryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode($keySecret), base64_decode($keyPublic)); return sodium_crypto_box_open(base64_decode($input), $this->nonce, $decryption_key); } @@ -119,28 +115,22 @@ class crypto { * @param string $keySecret Key secret * @return string */ - private function _encode(string $input, string $keyPublic, string $keySecret) { + private function _encode(string $input, string $keyPublic, string $keySecret): string { $encryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode($keySecret), base64_decode($keyPublic)); return base64_encode(sodium_crypto_box($input, $this->nonce, $encryption_key)); } /** * Method to return secret of key - * - * @param string $key - * @return string */ - private function getSecret(string $key) { + private function getSecret(string $key): string { return base64_encode(sodium_crypto_box_secretkey($key)); } /** * Method to return public of key - * - * @param string $key - * @return string */ - private function getPublic(string $key) { + private function getPublic(string $key): string { return base64_encode(sodium_crypto_box_publickey($key)); } diff --git a/src/classes/services/obsolete/encryption.php b/src/classes/services/obsolete/encryption.php index bbaeea2..6e88183 100644 --- a/src/classes/services/obsolete/encryption.php +++ b/src/classes/services/obsolete/encryption.php @@ -8,7 +8,7 @@ declare(strict_types=1); * @license https://mit-license.org/ */ -namespace tts\services; +namespace tts\services\obsolete; /* * NOTICE: This file is just for PLAY, not for PRODUCTION system! @@ -23,12 +23,18 @@ final class encryption { const raw = true; // When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. const key_bits = 32; // 256 bit encryption key + private $random_engine; private $binary = false; private $url_encode = false; private $method = 'AES-256-CBC'; private $default_hash = 'sha256'; // should be sha256 or higher private $_iterations = self::iterations, $_length=self::length, $_raw=self::raw, $_key_bits=self::key_bits; + public function __construct() { + $this->random_engine = new \tts\random_engine(); + } + + public function change_security_level(string $level): bool { switch (strtolower($level)) { case 'blaze': @@ -147,7 +153,7 @@ final class encryption { public function encrypt(string $key, string $text, bool $validate = true): string { $key = ($validate) ? $this->get_valid_key($key) : $key; $ivsize = openssl_cipher_iv_length($this->method); - $iv = random_bytes($ivsize); // Requires PHP 7 + $iv = $this->random_engine->get_bytes($ivsize); // Requires PHP 7 // Encryption key generated by PBKDF2 (since PHP 5.5) $keys = hash_pbkdf2($this->default_hash, $key, $iv, $this->_iterations, $this->_length, $this->_raw); $encKey = substr($keys, 0, $this->_key_bits); // X bit encryption key @@ -230,7 +236,7 @@ final class encryption { */ public function generate_valid_key(): string { $ivsize = openssl_cipher_iv_length($this->method); - return bin2hex(random_bytes($ivsize)); + return bin2hex($this->random_engine->get_bytes($ivsize)); } } diff --git a/src/classes/services/obsolete/http_socket_request.php b/src/classes/services/obsolete/http_socket_request.php index ce5a219..468944a 100644 --- a/src/classes/services/obsolete/http_socket_request.php +++ b/src/classes/services/obsolete/http_socket_request.php @@ -2,6 +2,12 @@ declare(strict_types=1); +/** + * @author Robert Strutts + * @copyright Copyright (c) 2022, Robert Strutts. + * @license https://mit-license.org/ + */ + namespace tts\services\obsolete\http_requests; use \tts\contacts\http_request_options as HTTP_Requests; diff --git a/src/classes/services/paragon_crypto/crypto.php b/src/classes/services/paragon_crypto/crypto.php index 44816e7..8dcabb1 100644 --- a/src/classes/services/paragon_crypto/crypto.php +++ b/src/classes/services/paragon_crypto/crypto.php @@ -19,7 +19,8 @@ class crypto { string $key, bool $key_usage = self::single_key ): string { - $nonce = random_bytes( + $rnd = new \tts\random_engine(); + $nonce = $rnd->get_bytes( SODIUM_CRYPTO_SECRETBOX_NONCEBYTES ); $fn = ($key_usage == self::single_key) ? "sodium_crypto_secretbox" : "sodium_crypto_box"; @@ -134,7 +135,8 @@ class crypto { } public static function a_single_key_maker(): string { - return base64_encode(random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES)); + $rnd = new \tts\random_engine(); + return base64_encode($rnd->get_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES)); } /* * Extract the public key from the secret key diff --git a/src/classes/services/paragon_crypto/password_storage.php b/src/classes/services/paragon_crypto/password_storage.php index cb4d2fd..995cd0d 100644 --- a/src/classes/services/paragon_crypto/password_storage.php +++ b/src/classes/services/paragon_crypto/password_storage.php @@ -13,6 +13,11 @@ namespace tts\services\paragon_crypto; class password_storage { const SALT_SIZE_IN_BYTES = 16; + private $random_engine; + + public function __construct() { + $this->random_engine = new \tts\random_engine(); + } /** * Hash then encrypt a password @@ -28,10 +33,10 @@ class password_storage { SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE ); - $salt = random_bytes(self::SALT_SIZE_IN_BYTES); + $salt = $this->random_engine->get_bytes(self::SALT_SIZE_IN_BYTES); list ($enc_key, $auth_key) = $this->split_keys($secret_key, sodium_bin2hex($salt)); sodium_memzero($secret_key); - $nonce = random_bytes( + $nonce = $this->random_engine->get_bytes( SODIUM_CRYPTO_STREAM_NONCEBYTES ); $cipher_text = sodium_crypto_stream_xor( @@ -99,7 +104,7 @@ class password_storage { /** * @return array(2) [encryption key, authentication key] */ - private function split_keys(string $secret_key, string $salt) { + private function split_keys(string $secret_key, string $salt): array { $enc_key = hash_hkdf('sha256', $secret_key, SODIUM_CRYPTO_STREAM_KEYBYTES, 'encryption', $salt); $auth_key = hash_hkdf('sha256', $secret_key, SODIUM_CRYPTO_AUTH_KEYBYTES, 'authentication', $salt); return [$enc_key, $auth_key]; diff --git a/src/classes/services/paragon_crypto/sodium_storage.php b/src/classes/services/paragon_crypto/sodium_storage.php index cff574d..6b0cfa7 100644 --- a/src/classes/services/paragon_crypto/sodium_storage.php +++ b/src/classes/services/paragon_crypto/sodium_storage.php @@ -21,18 +21,22 @@ declare(strict_types=1); namespace tts\services\paragon_crypto; class sodium_storage { + private $random_engine; + const SALT_SIZE_IN_BYTES = 16; /** * Sets the encryption key */ - public function __construct(private string $key) { } + public function __construct(private string $key) { + $this->random_engine = new \tts\random_engine(); + } public function encode(string $item_name, string $plain_text): string { - $nonce = random_bytes( + $nonce = $this->random_engine->get_bytes( SODIUM_CRYPTO_STREAM_NONCEBYTES ); - $salt = random_bytes(self::SALT_SIZE_IN_BYTES); + $salt = $this->random_engine->get_bytes(self::SALT_SIZE_IN_BYTES); list ($enc_key, $auth_key) = $this->split_keys($item_name, sodium_bin2hex($salt)); $cipher_text = sodium_crypto_stream_xor( $plain_text,