<?php
class wfCrypt {
private static function getPubKey(){
#Command to generate our keypair was: openssl req -x509 -newkey rsa:2048 -keyout mycert.key -out mycert.pem -nodes -subj "/C=US/ST=Washington/L=Seattle/O=Wordfence/OU=IT/CN=wordfence.com" -days 7300
#This is a 2048 bit key using SHA256 with RSA.
$key = <<<ENDKEY
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAIg6Va5tcvwyMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRIw
EAYDVQQKDAlXb3JkZmVuY2UxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA13b3JkZmVu
Y2UuY29tMB4XDTE1MDMxMjA1NTIzMFoXDTM1MDMwNzA1NTIzMFowbTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEjAQ
BgNVBAoMCVdvcmRmZW5jZTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXdvcmRmZW5j
ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9Ogj1PIQsuZu
dTUNWlG0zaDNWpeY1ZiB/6oBS/YXkGFuG8R/nZ/kYsRmBm6yRp/3jC/HiPjg+7Zc
bA/CKoHdUlNjFZ+10DmS369wVX+c0oV9f720b/a0xN0qeKxJTiN2NsAl5szYv2CQ
Bvzjeb5VfKgrfV9tgYr38swudxvexponYaK0OlDL3u/Xca4SLRKmB+ZYCcZJttoG
SNFsQMlLHWWmM0FJH9qZ3x8MtRM5KsNEWO+/op511Rr36ZnLJdzUnETsaxHKwuCv
0+D9b0mwk8K/c67l63v4+zywXNkdYIslgo7Aeeyb6t0lyyfruXutEyMinmApACT2
sDMAbYk7AgMBAAGjUDBOMB0GA1UdDgQWBBTstr/AoPQyLLIt4/peFSjj0FFXHzAf
BgNVHSMEGDAWgBTstr/AoPQyLLIt4/peFSjj0FFXHzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQA9HsK+XdZh2MGP2SDdggA+MxkNBCCFBtcsmQrpiLUW
67xt59FPRMwTgSA9Lt8uqcWaXoHXiaTnXTRtN/BKZR0F71HQfiV6zy511blIRlk2
nV+vYzwLUENCZ31hQEZsY+uYqBSTiHecUKohn8A9pOOEpis2YEn2zVo4cobdyGa1
zCnaAN99KT8s9lOO0UW0J52qZhvv4y8YhELtrXKBsFatGEsVIM0NFI+ZDsNpMnSQ
cmUtLiIJtk5hxNbOaIz2vzbOkbzJ3ehzODJ1X5rya7X0v2akLLhwP9jqz5ua6ttP
duLv4Q6v3LY6pwDoyKQMDqNNxVjaFmx5HyFWRPofpu/T
-----END CERTIFICATE-----
ENDKEY;
return $key;
}
public static function makeSymHexKey($length){
return bin2hex(wfWAFUtils::random_bytes($length / 2));
}
public static function pubCrypt($symKey){ //encrypts a symmetric key and returns it base64
openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), OPENSSL_PKCS1_OAEP_PADDING); //The default OPENSSL_PKCS1_PADDING is deprecated.
return base64_encode($encSymKey);
}
/**
* Returns the payload symmetrically encrypted and signed by the noc1 public key. The payload is converted to JSON,
* encrypted using a randomly-generated symmetric key, and then hashed and signed with the noc1 public key.
*
* This is NOT cryptographically secure for verifying that this server sent or was aware of the context of the
* message, rather it is intended to be used in tandem with verification via another method (e.g., a call that
* validates due to the site URL matching the license key or noc1 does a call itself to the server to retrieve the
* encrypted payload). It is solely a means to provide data to noc1 that only it can read.
*
* @param array $payload
* @return array The encrypted and signed payload in the form array('message' => <encrypted message in hex>, 'signature' => <signature in hex>).
*/
public static function noc1_encrypt($payload) {
$payloadJSON = json_encode($payload);
$keyData = file_get_contents(dirname(__FILE__) . '/noc1.key');
$key = @openssl_get_publickey($keyData);
if ($key !== false) {
$symmetricKey = wfWAFUtils::random_bytes(32);
$iv = wfWAFUtils::random_bytes(16);
$encrypted = @openssl_encrypt($payloadJSON, 'aes-256-cbc', $symmetricKey, OPENSSL_RAW_DATA, $iv);
if ($encrypted !== false) {
$success = openssl_public_encrypt($symmetricKey, $symmetricKeyEncrypted, $key, OPENSSL_PKCS1_OAEP_PADDING);
if ($success) {
$message = $iv . $symmetricKeyEncrypted . $encrypted;
$signatureRaw = hash('sha256', $message, true);
$success = openssl_public_encrypt($signatureRaw, $signature, $key, OPENSSL_PKCS1_OAEP_PADDING);
if ($success) {
$package = array('message' => bin2hex($message), 'signature' => bin2hex($signature));
return $package;
}
}
}
}
return array();
}
/**
* Returns a SHA256 HMAC for $payload using the local long key.
*
* @param $payload
* @return false|string
*/
public static function local_sign($payload) {
return hash_hmac('sha256', $payload, wfConfig::get('longEncKey'));
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Diff | Folder | 0755 |
|
|
| audit-log | Folder | 0755 |
|
|
| dashboard | Folder | 0755 |
|
|
| rest-api | Folder | 0755 |
|
|
| .htaccess | File | 354 B | 0644 |
|
| Diff.php | File | 5.63 KB | 0644 |
|
| GeoLite2-Country.mmdb | File | 7.46 MB | 0644 |
|
| IPTraf.php | File | 1.17 KB | 0644 |
|
| IPTrafList.php | File | 2.98 KB | 0644 |
|
| WFLSPHP52Compatability.php | File | 1.27 KB | 0644 |
|
| compat.php | File | 425 B | 0644 |
|
| diffResult.php | File | 2.81 KB | 0644 |
|
| email_genericAlert.php | File | 1.39 KB | 0644 |
|
| email_newIssues.php | File | 8.82 KB | 0644 |
|
| email_unlockRequest.php | File | 2.34 KB | 0644 |
|
| email_unsubscribeRequest.php | File | 1.05 KB | 0644 |
|
| flags.php | File | 6.62 KB | 0644 |
|
| live_activity.php | File | 580 B | 0644 |
|
| menu_dashboard.php | File | 28 KB | 0644 |
|
| menu_dashboard_options.php | File | 15.21 KB | 0644 |
|
| menu_firewall.php | File | 2.12 KB | 0644 |
|
| menu_firewall_blocking.php | File | 10.25 KB | 0644 |
|
| menu_firewall_blocking_options.php | File | 4.63 KB | 0644 |
|
| menu_firewall_waf.php | File | 19.96 KB | 0644 |
|
| menu_firewall_waf_options.php | File | 11.09 KB | 0644 |
|
| menu_install.php | File | 1.73 KB | 0644 |
|
| menu_options.php | File | 24.7 KB | 0644 |
|
| menu_scanner.php | File | 21.53 KB | 0644 |
|
| menu_scanner_credentials.php | File | 2.77 KB | 0644 |
|
| menu_scanner_options.php | File | 8.41 KB | 0644 |
|
| menu_support.php | File | 17.82 KB | 0644 |
|
| menu_tools.php | File | 1.49 KB | 0644 |
|
| menu_tools_auditlog.php | File | 16.43 KB | 0644 |
|
| menu_tools_diagnostic.php | File | 49.35 KB | 0644 |
|
| menu_tools_importExport.php | File | 1.28 KB | 0644 |
|
| menu_tools_livetraffic.php | File | 39.43 KB | 0644 |
|
| menu_tools_twoFactor.php | File | 19.6 KB | 0644 |
|
| menu_tools_whois.php | File | 4.61 KB | 0644 |
|
| menu_wordfence_central.php | File | 9.66 KB | 0644 |
|
| noc1.key | File | 1.64 KB | 0644 |
|
| sodium_compat_fast.php | File | 185 B | 0644 |
|
| sysinfo.php | File | 1.47 KB | 0644 |
|
| viewFullActivityLog.php | File | 1.47 KB | 0644 |
|
| wf503.php | File | 9.63 KB | 0644 |
|
| wfAPI.php | File | 9.73 KB | 0644 |
|
| wfActivityReport.php | File | 20.45 KB | 0644 |
|
| wfAdminNoticeQueue.php | File | 5.2 KB | 0644 |
|
| wfAlerts.php | File | 7.37 KB | 0644 |
|
| wfArray.php | File | 1.77 KB | 0644 |
|
| wfAuditLog.php | File | 47.13 KB | 0644 |
|
| wfBrowscap.php | File | 3.9 KB | 0644 |
|
| wfBrowscapCache.php | File | 256.83 KB | 0644 |
|
| wfBulkCountries.php | File | 9.77 KB | 0644 |
|
| wfCache.php | File | 6.02 KB | 0644 |
|
| wfCentralAPI.php | File | 25.8 KB | 0644 |
|
| wfConfig.php | File | 122.49 KB | 0644 |
|
| wfCrawl.php | File | 6.56 KB | 0644 |
|
| wfCredentialsController.php | File | 5.16 KB | 0644 |
|
| wfCrypt.php | File | 4.05 KB | 0644 |
|
| wfCurlInterceptor.php | File | 1.02 KB | 0644 |
|
| wfDB.php | File | 11.49 KB | 0644 |
|
| wfDashboard.php | File | 8.2 KB | 0644 |
|
| wfDateLocalization.php | File | 352.13 KB | 0644 |
|
| wfDeactivationOption.php | File | 2.13 KB | 0644 |
|
| wfDiagnostic.php | File | 66.87 KB | 0644 |
|
| wfDict.php | File | 738 B | 0644 |
|
| wfDirectoryIterator.php | File | 1.89 KB | 0644 |
|
| wfFileUtils.php | File | 2.72 KB | 0644 |
|
| wfHelperBin.php | File | 1.97 KB | 0644 |
|
| wfHelperString.php | File | 2.13 KB | 0644 |
|
| wfIPWhitelist.php | File | 1.56 KB | 0644 |
|
| wfImportExportController.php | File | 3.23 KB | 0644 |
|
| wfInaccessibleDirectoryException.php | File | 303 B | 0644 |
|
| wfInvalidPathException.php | File | 266 B | 0644 |
|
| wfIpLocation.php | File | 1.73 KB | 0644 |
|
| wfIpLocator.php | File | 2.74 KB | 0644 |
|
| wfIssues.php | File | 27.91 KB | 0644 |
|
| wfJWT.php | File | 5.33 KB | 0644 |
|
| wfLicense.php | File | 10.43 KB | 0644 |
|
| wfLockedOut.php | File | 9.73 KB | 0644 |
|
| wfLog.php | File | 57.1 KB | 0644 |
|
| wfMD5BloomFilter.php | File | 5.2 KB | 0644 |
|
| wfModuleController.php | File | 754 B | 0644 |
|
| wfNotification.php | File | 6.41 KB | 0644 |
|
| wfOnboardingController.php | File | 9.22 KB | 0644 |
|
| wfPersistenceController.php | File | 819 B | 0644 |
|
| wfRESTAPI.php | File | 377 B | 0644 |
|
| wfScan.php | File | 15.92 KB | 0644 |
|
| wfScanEngine.php | File | 133.31 KB | 0644 |
|
| wfScanEntrypoint.php | File | 1.04 KB | 0644 |
|
| wfScanFile.php | File | 1.01 KB | 0644 |
|
| wfScanFileLink.php | File | 403 B | 0644 |
|
| wfScanFileListItem.php | File | 408 B | 0644 |
|
| wfScanFileProperties.php | File | 1.07 KB | 0644 |
|
| wfScanMonitor.php | File | 4.05 KB | 0644 |
|
| wfScanPath.php | File | 1.77 KB | 0644 |
|
| wfSchema.php | File | 10.91 KB | 0644 |
|
| wfStyle.php | File | 1.21 KB | 0644 |
|
| wfSupportController.php | File | 24.18 KB | 0644 |
|
| wfUnlockMsg.php | File | 1.14 KB | 0644 |
|
| wfUpdateCheck.php | File | 27.23 KB | 0644 |
|
| wfUtils.php | File | 124.11 KB | 0644 |
|
| wfVersionCheckController.php | File | 19.27 KB | 0644 |
|
| wfVersionSupport.php | File | 535 B | 0644 |
|
| wfView.php | File | 2.22 KB | 0644 |
|
| wfViewResult.php | File | 1.42 KB | 0644 |
|
| wfWebsite.php | File | 1.75 KB | 0644 |
|
| wordfenceClass.php | File | 435.98 KB | 0644 |
|
| wordfenceConstants.php | File | 3.56 KB | 0644 |
|
| wordfenceHash.php | File | 42.7 KB | 0644 |
|
| wordfenceScanner.php | File | 30.47 KB | 0644 |
|
| wordfenceURLHoover.php | File | 18.36 KB | 0644 |
|