Joomla Platform  13.1
Documentation des API du framework Joomla Platform
 Tout Classes Espaces de nommage Fichiers Fonctions Variables Pages
Fonctions membres publiques | Fonctions membres publiques statiques | Attributs privés
Référence de la classe JCrypt

Liste de tous les membres

Fonctions membres publiques

 __construct (JCryptCipher $cipher=null, JCryptKey $key=null)
 decrypt ($data)
 encrypt ($data)
 generateKey (array $options=array())
 setKey (JCryptKey $key)

Fonctions membres publiques statiques

static genRandomBytes ($length=16)
static timingSafeCompare ($known, $unknown)
static hasStrongPasswordSupport ()

Attributs privés

 $_cipher
 $_key

Description détaillée

Définition à la ligne 19 du fichier crypt.php.

Documentation des constructeurs et destructeur

JCrypt::__construct ( JCryptCipher  $cipher = null,
JCryptKey  $key = null 
)

Object Constructor takes an optional key to be used for encryption/decryption. If no key is given then the secret word from the configuration object is used.

Paramètres:
JCryptCipher$cipherThe encryption cipher object.
JCryptKey$keyThe encryption key[/pair)].
Depuis:
12.1

Définition à la ligne 42 du fichier crypt.php.

{
// Set the encryption key[/pair)].
$this->_key = $key;
// Set the encryption cipher.
$this->_cipher = isset($cipher) ? $cipher : new JCryptCipherSimple;
}

Documentation des fonctions membres

JCrypt::decrypt (   $data)

Method to decrypt a data string.

Paramètres:
string$dataThe encrypted string to decrypt.
Renvoie:
string The decrypted data string.
Depuis:
12.1
Exceptions:
InvalidArgumentException

Définition à la ligne 61 du fichier crypt.php.

Références JCryptCipherSimple\decrypt().

{
try
{
return $this->_cipher->decrypt($data, $this->_key);
}
catch (InvalidArgumentException $e)
{
return false;
}
}

+ Voici le graphe d'appel pour cette fonction :

JCrypt::encrypt (   $data)

Method to encrypt a data string.

Paramètres:
string$dataThe data string to encrypt.
Renvoie:
string The encrypted data string.
Depuis:
12.1

Définition à la ligne 82 du fichier crypt.php.

{
return $this->_cipher->encrypt($data, $this->_key);
}
JCrypt::generateKey ( array  $options = array())

Method to generate a new encryption key[/pair] object.

Paramètres:
array$optionsKey generation options.
Renvoie:
JCryptKey
Depuis:
12.1

Définition à la ligne 96 du fichier crypt.php.

{
return $this->_cipher->generateKey($options);
}
static JCrypt::genRandomBytes (   $length = 16)
static

Generate random bytes.

Paramètres:
integer$lengthLength of the random data to generate
Renvoie:
string Random binary data
Depuis:
12.1

Définition à la ligne 126 du fichier crypt.php.

Référencé par JUserHelper\genRandomPassword(), et JCryptPasswordSimple\getSalt().

{
$length = (int) $length;
$sslStr = '';
/*
* If a secure randomness generator exists and we don't
* have a buggy PHP version use it.
*/
if (function_exists('openssl_random_pseudo_bytes')
&& (version_compare(PHP_VERSION, '5.3.4') >= 0 || IS_WIN))
{
$sslStr = openssl_random_pseudo_bytes($length, $strong);
if ($strong)
{
return $sslStr;
}
}
/*
* Collect any entropy available in the system along with a number
* of time measurements of operating system randomness.
*/
$bitsPerRound = 2;
$maxTimeMicro = 400;
$shaHashLength = 20;
$randomStr = '';
$total = $length;
// Check if we can use /dev/urandom.
$urandom = false;
$handle = null;
// This is PHP 5.3.3 and up
if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom'))
{
$handle = @fopen('/dev/urandom', 'rb');
if ($handle)
{
$urandom = true;
}
}
while ($length > strlen($randomStr))
{
$bytes = ($total > $shaHashLength)? $shaHashLength : $total;
$total -= $bytes;
/*
* Collect any entropy available from the PHP system and filesystem.
* If we have ssl data that isn't strong, we use it once.
*/
$entropy = rand() . uniqid(mt_rand(), true) . $sslStr;
$entropy .= implode('', @fstat(fopen(__FILE__, 'r')));
$entropy .= memory_get_usage();
$sslStr = '';
if ($urandom)
{
stream_set_read_buffer($handle, 0);
$entropy .= @fread($handle, $bytes);
}
else
{
/*
* There is no external source of entropy so we repeat calls
* to mt_rand until we are assured there's real randomness in
* the result.
*
* Measure the time that the operations will take on average.
*/
$samples = 3;
$duration = 0;
for ($pass = 0; $pass < $samples; ++$pass)
{
$microStart = microtime(true) * 1000000;
$hash = sha1(mt_rand(), true);
for ($count = 0; $count < 50; ++$count)
{
$hash = sha1($hash, true);
}
$microEnd = microtime(true) * 1000000;
$entropy .= $microStart . $microEnd;
if ($microStart >= $microEnd)
{
$microEnd += 1000000;
}
$duration += $microEnd - $microStart;
}
$duration = $duration / $samples;
/*
* Based on the average time, determine the total rounds so that
* the total running time is bounded to a reasonable number.
*/
$rounds = (int) (($maxTimeMicro / $duration) * 50);
/*
* Take additional measurements. On average we can expect
* at least $bitsPerRound bits of entropy from each measurement.
*/
$iter = $bytes * (int) ceil(8 / $bitsPerRound);
for ($pass = 0; $pass < $iter; ++$pass)
{
$microStart = microtime(true);
$hash = sha1(mt_rand(), true);
for ($count = 0; $count < $rounds; ++$count)
{
$hash = sha1($hash, true);
}
$entropy .= $microStart . microtime(true);
}
}
$randomStr .= sha1($entropy, true);
}
if ($urandom)
{
@fclose($handle);
}
return substr($randomStr, 0, $length);
}

+ Voici le graphe des appelants de cette fonction :

static JCrypt::hasStrongPasswordSupport ( )
static

Tests for the availability of updated crypt(). Based on a method by Anthony Ferrera

Renvoie:
boolean True if updated crypt() is available.
Note:
To be removed when PHP 5.3.7 or higher is the minimum supported version.
Voir également:
https://github.com/ircmaxell/password_compat/blob/master/version-test.php
Depuis:
3.2

Définition à la ligne 306 du fichier crypt.php.

Références jimport(), et version_test\version_test().

Référencé par JCryptPasswordSimple\create(), JUserHelper\getCryptedPassword(), et JCryptPasswordSimple\verify().

{
static $pass = null;
if (is_null($pass))
{
// Check to see whether crypt() is supported.
if (version_compare(PHP_VERSION, '5.3.7', '>=') === true)
{
// We have safe PHP version.
$pass = true;
}
else
{
// We need to test if we have patched PHP version.
jimport('compat.password.lib.version_test');
$test = new version_test;
$pass = $test->version_test();
}
if ($pass && !defined('PASSWORD_DEFAULT'))
{
// Always make sure that the password hashing API has been defined.
include_once JPATH_ROOT . '/libraries/compat/password/lib/password.php';
}
}
return $pass;
}

+ Voici le graphe d'appel pour cette fonction :

+ Voici le graphe des appelants de cette fonction :

JCrypt::setKey ( JCryptKey  $key)

Method to set the encryption key[/pair] object.

Paramètres:
JCryptKey$keyThe key object to set.
Renvoie:
JCrypt
Depuis:
12.1

Définition à la ligne 110 du fichier crypt.php.

{
$this->_key = $key;
return $this;
}
static JCrypt::timingSafeCompare (   $known,
  $unknown 
)
static

A timing safe comparison method. This defeats hacking attempts that use timing based attack vectors.

Paramètres:
string$knownA known string to check against.
string$unknownAn unknown string to check.
Renvoie:
boolean True if the two strings are exactly the same.
Depuis:
3.2

Définition à la ligne 273 du fichier crypt.php.

{
// Prevent issues if string length is 0
$known .= chr(0);
$unknown .= chr(0);
$knownLength = strlen($known);
$unknownLength = strlen($unknown);
// Set the result to the difference between the lengths
$result = $knownLength - $unknownLength;
// Note that we ALWAYS iterate over the user-supplied length to prevent leaking length info.
for ($i = 0; $i < $unknownLength; $i++)
{
// Using % here is a trick to prevent notices. It's safe, since if the lengths are different, $result is already non-0
$result |= (ord($known[$i % $knownLength]) ^ ord($unknown[$i]));
}
// They are only identical strings if $result is exactly 0...
return $result === 0;
}

Documentation des données membres

JCrypt::$_cipher
private

Définition à la ligne 25 du fichier crypt.php.

JCrypt::$_key
private

Définition à la ligne 31 du fichier crypt.php.

La documentation de cette classe a été générée à partir du fichier suivant :