1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
--- adminer/include/xxtea.inc.php.orig 2025-11-14 10:44:16 UTC
+++ adminer/include/xxtea.inc.php
@@ -45,6 +45,11 @@
return int32((($z >> 5 & 0x7FFFFFF) ^ $y << 2) + (($y >> 3 & 0x1FFFFFFF) ^ $z << 4)) ^ int32(($sum ^ $y) + ($k ^ $z));
}
+const AES256_NAME = 'aes-256-gcm';
+const AES256_KEY_BYTES = 32;
+const AES256_NONCE_BYTES = 12;
+const AES256_TAG_BYTES = 16;
+
/** Cipher
* @param string $str plain-text password
* @return string binary cipher
@@ -53,6 +58,20 @@
if ($str == "") {
return "";
}
+ $key = hash_hkdf('sha256', $key, AES256_KEY_BYTES, AES256_NAME);
+ $nonce = random_bytes(AES256_NONCE_BYTES);
+ $cipherText = openssl_encrypt(
+ $str,
+ AES256_NAME,
+ $key,
+ OPENSSL_RAW_DATA,
+ $nonce,
+ $tag,
+ '',
+ AES256_TAG_BYTES
+ );
+ return $nonce . $tag . $cipherText;
+/*
$key = array_values(unpack("V*", pack("H*", md5($key))));
$v = str2long($str, true);
$n = count($v) - 1;
@@ -75,6 +94,7 @@
$v[$n] = $z;
}
return long2str($v, false);
+*/
}
/** Decipher
@@ -88,6 +108,20 @@
if (!$key) {
return false;
}
+ $key = hash_hkdf('sha256', $key, AES256_KEY_BYTES, AES256_NAME);
+ $nonce = substr($str, 0, AES256_NONCE_BYTES);
+ $tag = substr($str, AES256_NONCE_BYTES, AES256_TAG_BYTES);
+ $cipherText = substr($str, AES256_NONCE_BYTES + AES256_TAG_BYTES);
+ return openssl_decrypt(
+ $cipherText,
+ AES256_NAME,
+ $key,
+ OPENSSL_RAW_DATA,
+ $nonce,
+ $tag,
+ ''
+ );
+/*
$key = array_values(unpack("V*", pack("H*", md5($key))));
$v = str2long($str, false);
$n = count($v) - 1;
@@ -110,4 +144,5 @@
$sum = int32($sum - 0x9E3779B9);
}
return long2str($v, true);
+*/
}
|
