surya/apimacro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commaaa2

Browse Source
This commit is contained in:
Paolo A
2024-08-13 13:44:16 +00:00
parent 1bbb23088d
commit e796d76612
4001 changed files with 30101 additions and 40075 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php vendored Normal file → Executable file
View File

@@ -5,9 +5,10 @@ namespace Illuminate\Encryption;
use Illuminate\Contracts\Encryption\DecryptException;
use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;
use Illuminate\Contracts\Encryption\EncryptException;
use Illuminate\Contracts\Encryption\StringEncrypter;
use RuntimeException;
class Encrypter implements EncrypterContract
class Encrypter implements EncrypterContract, StringEncrypter
{
/**
* The encryption key.
@@ -23,6 +24,18 @@ class Encrypter implements EncrypterContract
*/
protected $cipher;
/**
* The supported cipher algorithms and their properties.
*
* @var array
*/
private static $supportedCiphers = [
'aes-128-cbc' => ['size' => 16, 'aead' => false],
'aes-256-cbc' => ['size' => 32, 'aead' => false],
'aes-128-gcm' => ['size' => 16, 'aead' => true],
'aes-256-gcm' => ['size' => 32, 'aead' => true],
];
/**
* Create a new encrypter instance.
*
@@ -32,16 +45,18 @@ class Encrypter implements EncrypterContract
*
* @throws \RuntimeException
*/
public function __construct($key, $cipher = 'AES-128-CBC')
public function __construct($key, $cipher = 'aes-128-cbc')
{
$key = (string) $key;
if (static::supported($key, $cipher)) {
$this->key = $key;
$this->cipher = $cipher;
} else {
throw new RuntimeException('The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.');
if (! static::supported($key, $cipher)) {
$ciphers = implode(', ', array_keys(self::$supportedCiphers));
throw new RuntimeException("Unsupported cipher or incorrect key length. Supported ciphers are: {$ciphers}.");
}
$this->key = $key;
$this->cipher = $cipher;
}
/**
@@ -53,10 +68,11 @@ class Encrypter implements EncrypterContract
*/
public static function supported($key, $cipher)
{
$length = mb_strlen($key, '8bit');
if (! isset(self::$supportedCiphers[strtolower($cipher)])) {
return false;
}
return ($cipher === 'AES-128-CBC' && $length === 16) ||
($cipher === 'AES-256-CBC' && $length === 32);
return mb_strlen($key, '8bit') === self::$supportedCiphers[strtolower($cipher)]['size'];
}
/**
@@ -67,7 +83,7 @@ class Encrypter implements EncrypterContract
*/
public static function generateKey($cipher)
{
return random_bytes($cipher === 'AES-128-CBC' ? 16 : 32);
return random_bytes(self::$supportedCiphers[strtolower($cipher)]['size'] ?? 32);
}
/**
@@ -81,26 +97,32 @@ class Encrypter implements EncrypterContract
*/
public function encrypt($value, $serialize = true)
{
$iv = random_bytes(openssl_cipher_iv_length($this->cipher));
$iv = random_bytes(openssl_cipher_iv_length(strtolower($this->cipher)));
// First we will encrypt the value using OpenSSL. After this is encrypted we
// will proceed to calculating a MAC for the encrypted value so that this
// value can be verified later as not having been changed by the users.
$value = \openssl_encrypt(
$serialize ? serialize($value) : $value,
$this->cipher, $this->key, 0, $iv
);
$tag = '';
$value = self::$supportedCiphers[strtolower($this->cipher)]['aead']
? \openssl_encrypt(
$serialize ? serialize($value) : $value,
strtolower($this->cipher), $this->key, 0, $iv, $tag
)
: \openssl_encrypt(
$serialize ? serialize($value) : $value,
strtolower($this->cipher), $this->key, 0, $iv
);
if ($value === false) {
throw new EncryptException('Could not encrypt the data.');
}
// Once we get the encrypted value we'll go ahead and base64_encode the input
// vector and create the MAC for the encrypted value so we can then verify
// its authenticity. Then, we'll JSON the data into the "payload" array.
$mac = $this->hash($iv = base64_encode($iv), $value);
$iv = base64_encode($iv);
$tag = base64_encode($tag);
$json = json_encode(compact('iv', 'value', 'mac'), JSON_UNESCAPED_SLASHES);
$mac = self::$supportedCiphers[strtolower($this->cipher)]['aead']
? '' // For AEAD-algoritms, the tag / MAC is returned by openssl_encrypt...
: $this->hash($iv, $value);
$json = json_encode(compact('iv', 'value', 'mac', 'tag'), JSON_UNESCAPED_SLASHES);
if (json_last_error() !== JSON_ERROR_NONE) {
throw new EncryptException('Could not encrypt the data.');
@@ -137,11 +159,15 @@ class Encrypter implements EncrypterContract
$iv = base64_decode($payload['iv']);
$this->ensureTagIsValid(
$tag = empty($payload['tag']) ? null : base64_decode($payload['tag'])
);
// Here we will decrypt the value. If we are able to successfully decrypt it
// we will then unserialize it and return it out to the caller. If we are
// unable to decrypt this value we will throw out an exception message.
$decrypted = \openssl_decrypt(
$payload['value'], $this->cipher, $this->key, 0, $iv
$payload['value'], strtolower($this->cipher), $this->key, 0, $iv, $tag ?? ''
);
if ($decrypted === false) {
@@ -195,7 +221,7 @@ class Encrypter implements EncrypterContract
throw new DecryptException('The payload is invalid.');
}
if (! $this->validMac($payload)) {
if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && ! $this->validMac($payload)) {
throw new DecryptException('The MAC is invalid.');
}
@@ -211,7 +237,7 @@ class Encrypter implements EncrypterContract
protected function validPayload($payload)
{
return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&
strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);
strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length(strtolower($this->cipher));
}
/**
@@ -222,25 +248,26 @@ class Encrypter implements EncrypterContract
*/
protected function validMac(array $payload)
{
$calculated = $this->calculateMac($payload, $bytes = random_bytes(16));
return hash_equals(
hash_hmac('sha256', $payload['mac'], $bytes, true), $calculated
$this->hash($payload['iv'], $payload['value']), $payload['mac']
);
}
/**
* Calculate the hash of the given payload.
* Ensure the given tag is a valid tag given the selected cipher.
*
* @param array $payload
* @param string $bytes
* @return string
* @param string $tag
* @return void
*/
protected function calculateMac($payload, $bytes)
protected function ensureTagIsValid($tag)
{
return hash_hmac(
'sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true
);
if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) {
throw new DecryptException('Could not decrypt the data.');
}
if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) {
throw new DecryptException('Unable to use tag because the cipher algorithm does not support AEAD.');
}
}
/**

31
vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php vendored Normal file → Executable file
View File

@@ -4,8 +4,8 @@ namespace Illuminate\Encryption;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Opis\Closure\SerializableClosure;
use RuntimeException;
use Laravel\SerializableClosure\SerializableClosure;
use Opis\Closure\SerializableClosure as OpisSerializableClosure;
class EncryptionServiceProvider extends ServiceProvider
{
@@ -18,6 +18,7 @@ class EncryptionServiceProvider extends ServiceProvider
{
$this->registerEncrypter();
$this->registerOpisSecurityKey();
$this->registerSerializableClosureSecurityKey();
}
/**
@@ -38,8 +39,28 @@ class EncryptionServiceProvider extends ServiceProvider
* Configure Opis Closure signing for security.
*
* @return void
*
* @deprecated Will be removed in a future Laravel version.
*/
protected function registerOpisSecurityKey()
{
if (\PHP_VERSION_ID < 80100) {
$config = $this->app->make('config')->get('app');
if (! class_exists(OpisSerializableClosure::class) || empty($config['key'])) {
return;
}
OpisSerializableClosure::setSecretKey($this->parseKey($config));
}
}
/**
* Configure Serializable Closure signing for security.
*
* @return void
*/
protected function registerSerializableClosureSecurityKey()
{
$config = $this->app->make('config')->get('app');
@@ -71,15 +92,13 @@ class EncryptionServiceProvider extends ServiceProvider
* @param array $config
* @return string
*
* @throws \RuntimeException
* @throws \Illuminate\Encryption\MissingAppKeyException
*/
protected function key(array $config)
{
return tap($config['key'], function ($key) {
if (empty($key)) {
throw new RuntimeException(
'No application encryption key has been specified.'
);
throw new MissingAppKeyException;
}
});
}

8
vendor/laravel/framework/src/Illuminate/Encryption/composer.json vendored
View File

@@ -14,12 +14,12 @@
}
],
"require": {
"php": "^7.2.5|^8.0",
"php": "^7.3|^8.0",
"ext-json": "*",
"ext-mbstring": "*",
"ext-openssl": "*",
"illuminate/contracts": "^7.0",
"illuminate/support": "^7.0"
"illuminate/contracts": "^8.0",
"illuminate/support": "^8.0"
},
"autoload": {
"psr-4": {
@@ -28,7 +28,7 @@
},
"extra": {
"branch-alias": {
"dev-master": "7.x-dev"
"dev-master": "8.x-dev"
}
},
"config": {