From 9e7ecefa2004e2f11bf9db6cf7556b0afd9e9183 Mon Sep 17 00:00:00 2001
From: Noemie Ariste <noemieariste@catalyst.net.nz>
Date: Thu, 21 Sep 2023 11:55:10 +1200
Subject: [PATCH] =?UTF-8?q?Switch=20to=20using=20ParagonIE=20library=20fro?=
 =?UTF-8?q?m=20T=C5=8Dtara=20core?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 factor/totp/classes/factor.php                |   6 +-
 .../extlib/ParagonIE/ConstantTime/Base32.php  | 430 ------------------
 .../extlib/ParagonIE/ConstantTime/Binary.php  |  97 ----
 .../ConstantTime/EncoderInterface.php         |  50 --
 factor/totp/tests/factor_test.php             |   3 -
 5 files changed, 3 insertions(+), 583 deletions(-)
 delete mode 100644 factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
 delete mode 100644 factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
 delete mode 100644 factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php

diff --git a/factor/totp/classes/factor.php b/factor/totp/classes/factor.php
index 76f871c0..f359f3ac 100644
--- a/factor/totp/classes/factor.php
+++ b/factor/totp/classes/factor.php
@@ -28,9 +28,9 @@
 require_once(__DIR__.'/../extlib/Assert/Assertion.php');
 require_once(__DIR__.'/../extlib/Assert/AssertionFailedException.php');
 require_once(__DIR__.'/../extlib/Assert/InvalidArgumentException.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/EncoderInterface.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Binary.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Base32.php');
+require_once($CFG->libraries.'/required/paragonie/constant_time_encoding/src/EncoderInterface.php');
+require_once($CFG->libraries.'/required/paragonie/constant_time_encoding/src/Binary.php');
+require_once($CFG->libraries.'/required/paragonie/constant_time_encoding/src/Base32.php');
 
 use tool_mfa\local\factor\object_factor_base;
 use OTPHP\TOTP;
diff --git a/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php b/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
deleted file mode 100644
index 761053e9..00000000
--- a/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
+++ /dev/null
@@ -1,430 +0,0 @@
-<?php
-namespace ParagonIE\ConstantTime;
-
-/**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
- *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
- *
- *  Permission is hereby granted, free of charge, to any person obtaining a copy
- *  of this software and associated documentation files (the "Software"), to deal
- *  in the Software without restriction, including without limitation the rights
- *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- *  copies of the Software, and to permit persons to whom the Software is
- *  furnished to do so, subject to the following conditions:
- *
- *  The above copyright notice and this permission notice shall be included in all
- *  copies or substantial portions of the Software.
- *
- *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- *  SOFTWARE.
- */
-
-/**
- * Class Base32
- * [A-Z][2-7]
- *
- * @package ParagonIE\ConstantTime
- */
-abstract class Base32 implements EncoderInterface
-{
-    /**
-     * Decode a Base32-encoded string into raw binary
-     *
-     * @param string $src
-     * @param bool $strictPadding
-     * @return string
-     */
-    public static function decode($src, $strictPadding = \false)
-    {
-        return static::doDecode($src, \false, $strictPadding);
-    }
-
-    /**
-     * Decode an uppercase Base32-encoded string into raw binary
-     *
-     * @param string $src
-     * @param bool $strictPadding
-     * @return string
-     */
-    public static function decodeUpper($src, $strictPadding = \false)
-    {
-        return static::doDecode($src, \true, $strictPadding);
-    }
-
-    /**
-     * Encode into Base32 (RFC 4648)
-     *
-     * @param string $src
-     * @return string
-     */
-    public static function encode($src)
-    {
-        return static::doEncode($src, \false);
-    }
-
-    /**
-     * Encode into Base32 (RFC 4648)
-     *
-     * @param string $src
-     * @return string
-     * @throws \TypeError
-     */
-    public static function encodeUnpadded($src)
-    {
-        return static::doEncode($src, false, false);
-    }
-
-    /**
-     * Encode into uppercase Base32 (RFC 4648)
-     *
-     * @param string $src
-     * @return string
-     */
-    public static function encodeUpper($src)
-    {
-        return static::doEncode($src, \true);
-    }
-
-    /**
-     * Encode into uppercase Base32 (RFC 4648)
-     *
-     * @param string $src
-     * @return string
-     * @throws \TypeError
-     */
-    public static function encodeUpperUnpadded($src)
-    {
-        return static::doEncode($src, true, false);
-    }
-
-    /**
-     * Uses bitwise operators instead of table-lookups to turn 5-bit integers
-     * into 8-bit integers.
-     *
-     * @param int $src
-     * @return int
-     */
-    protected static function decode5Bits($src)
-    {
-        $ret = -1;
-
-        // if ($src > 96 && $src < 123) $ret += $src - 97 + 1; // -64
-        $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 96);
-
-        // if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23
-        $ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23);
-
-        return $ret;
-    }
-
-    /**
-     * Uses bitwise operators instead of table-lookups to turn 5-bit integers
-     * into 8-bit integers.
-     *
-     * Uppercase variant.
-     *
-     * @param int $src
-     * @return int
-     */
-    protected static function decode5BitsUpper($src)
-    {
-        $ret = -1;
-
-        // if ($src > 64 && $src < 91) $ret += $src - 65 + 1; // -64
-        $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64);
-
-        // if ($src > 0x31 && $src < 0x38) $ret += $src - 24 + 1; // -23
-        $ret += (((0x31 - $src) & ($src - 0x38)) >> 8) & ($src - 23);
-
-        return $ret;
-    }
-
-    /**
-     * Uses bitwise operators instead of table-lookups to turn 8-bit integers
-     * into 5-bit integers.
-     *
-     * @param int $src
-     * @return string
-     */
-    protected static function encode5Bits($src)
-    {
-        $diff = 0x61;
-
-        // if ($src > 25) $ret -= 72;
-        $diff -= ((25 - $src) >> 8) & 73;
-
-        return \pack('C', $src + $diff);
-    }
-
-    /**
-     * Uses bitwise operators instead of table-lookups to turn 8-bit integers
-     * into 5-bit integers.
-     *
-     * Uppercase variant.
-     *
-     * @param int $src
-     * @return string
-     */
-    protected static function encode5BitsUpper($src)
-    {
-        $diff = 0x41;
-
-        // if ($src > 25) $ret -= 40;
-        $diff -= ((25 - $src) >> 8) & 41;
-
-        return \pack('C', $src + $diff);
-    }
-
-
-    /**
-     * Base32 decoding
-     *
-     * @param string $src
-     * @param bool $upper
-     * @param bool $strictPadding
-     * @return string
-     */
-    protected static function doDecode($src, $upper = \false, $strictPadding = \true)
-    {
-        // We do this to reduce code duplication:
-        $method = $upper
-            ? 'decode5BitsUpper'
-            : 'decode5Bits';
-
-        // Remove padding
-        $srcLen = Binary::safeStrlen($src);
-        if ($srcLen === 0) {
-            return '';
-        }
-        if ($strictPadding) {
-            if (($srcLen & 7) === 0) {
-                for ($j = 0; $j < 7; ++$j) {
-                    if ($src[$srcLen - 1] === '=') {
-                        $srcLen--;
-                    } else {
-                        break;
-                    }
-                }
-            }
-            if (($srcLen & 7) === 1) {
-                throw new \RangeException(
-                    'Incorrect padding'
-                );
-            }
-        } else {
-            $src = \rtrim($src, '=');
-            $srcLen = Binary::safeStrlen($src);
-        }
-
-        $err = 0;
-        $dest = '';
-        // Main loop (no padding):
-        for ($i = 0; $i + 8 <= $srcLen; $i += 8) {
-            $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 8));
-            $c0 = static::$method($chunk[1]);
-            $c1 = static::$method($chunk[2]);
-            $c2 = static::$method($chunk[3]);
-            $c3 = static::$method($chunk[4]);
-            $c4 = static::$method($chunk[5]);
-            $c5 = static::$method($chunk[6]);
-            $c6 = static::$method($chunk[7]);
-            $c7 = static::$method($chunk[8]);
-
-            $dest .= \pack(
-                'CCCCC',
-                (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
-                (($c3 << 4) | ($c4 >> 1)             ) & 0xff,
-                (($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff,
-                (($c6 << 5) | ($c7     )             ) & 0xff
-            );
-            $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6 | $c7) >> 8;
-        }
-        // The last chunk, which may have padding:
-        if ($i < $srcLen) {
-            $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
-            $c0 = static::$method($chunk[1]);
-
-            if ($i + 6 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-                $c2 = static::$method($chunk[3]);
-                $c3 = static::$method($chunk[4]);
-                $c4 = static::$method($chunk[5]);
-                $c5 = static::$method($chunk[6]);
-                $c6 = static::$method($chunk[7]);
-
-                $dest .= \pack(
-                    'CCCC',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                    (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
-                    (($c3 << 4) | ($c4 >> 1)             ) & 0xff,
-                    (($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff
-                );
-                $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6) >> 8;
-            } elseif ($i + 5 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-                $c2 = static::$method($chunk[3]);
-                $c3 = static::$method($chunk[4]);
-                $c4 = static::$method($chunk[5]);
-                $c5 = static::$method($chunk[6]);
-
-                $dest .= \pack(
-                    'CCCC',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                    (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
-                    (($c3 << 4) | ($c4 >> 1)             ) & 0xff,
-                    (($c4 << 7) | ($c5 << 2)             ) & 0xff
-                );
-                $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5) >> 8;
-            } elseif ($i + 4 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-                $c2 = static::$method($chunk[3]);
-                $c3 = static::$method($chunk[4]);
-                $c4 = static::$method($chunk[5]);
-
-                $dest .= \pack(
-                    'CCC',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                    (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff,
-                    (($c3 << 4) | ($c4 >> 1)             ) & 0xff
-                );
-                $err |= ($c0 | $c1 | $c2 | $c3 | $c4) >> 8;
-            } elseif ($i + 3 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-                $c2 = static::$method($chunk[3]);
-                $c3 = static::$method($chunk[4]);
-
-                $dest .= \pack(
-                    'CC',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                    (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff
-                );
-                $err |= ($c0 | $c1 | $c2 | $c3) >> 8;
-            } elseif ($i + 2 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-                $c2 = static::$method($chunk[3]);
-
-                $dest .= \pack(
-                    'CC',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff,
-                    (($c1 << 6) | ($c2 << 1)             ) & 0xff
-                );
-                $err |= ($c0 | $c1 | $c2) >> 8;
-            } elseif ($i + 1 < $srcLen) {
-                $c1 = static::$method($chunk[2]);
-
-                $dest .= \pack(
-                    'C',
-                    (($c0 << 3) | ($c1 >> 2)             ) & 0xff
-                );
-                $err |= ($c0 | $c1) >> 8;
-            } else {
-                $dest .= \pack(
-                    'C',
-                    (($c0 << 3)                          ) & 0xff
-                );
-                $err |= ($c0) >> 8;
-            }
-        }
-        if ($err !== 0) {
-            throw new \RangeException(
-                'Base32::doDecode() only expects characters in the correct base32 alphabet'
-            );
-        }
-        return $dest;
-    }
-
-    /**
-     * Base32 Decoding
-     *
-     * @param string $src
-     * @param bool $upper
-     * @param bool $pad
-     * @return string
-     */
-    protected static function doEncode($src, $upper = \false, $pad = \true)
-    {
-        // We do this to reduce code duplication:
-        $method = $upper
-            ? 'encode5BitsUpper'
-            : 'encode5Bits';
-
-        $dest = '';
-        $srcLen = Binary::safeStrlen($src);
-
-        // Main loop (no padding):
-        for ($i = 0; $i + 5 <= $srcLen; $i += 5) {
-            $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 5));
-            $b0 = $chunk[1];
-            $b1 = $chunk[2];
-            $b2 = $chunk[3];
-            $b3 = $chunk[4];
-            $b4 = $chunk[5];
-            $dest .=
-                static::$method(              ($b0 >> 3)  & 31) .
-                static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
-                static::$method((($b1 >> 1)             ) & 31) .
-                static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
-                static::$method((($b2 << 1) | ($b3 >> 7)) & 31) .
-                static::$method((($b3 >> 2)             ) & 31) .
-                static::$method((($b3 << 3) | ($b4 >> 5)) & 31) .
-                static::$method(  $b4                     & 31);
-        }
-        // The last chunk, which may have padding:
-        if ($i < $srcLen) {
-            $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
-            $b0 = $chunk[1];
-            if ($i + 3 < $srcLen) {
-                $b1 = $chunk[2];
-                $b2 = $chunk[3];
-                $b3 = $chunk[4];
-                $dest .=
-                    static::$method(              ($b0 >> 3)  & 31) .
-                    static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
-                    static::$method((($b1 >> 1)             ) & 31) .
-                    static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
-                    static::$method((($b2 << 1) | ($b3 >> 7)) & 31) .
-                    static::$method((($b3 >> 2)             ) & 31) .
-                    static::$method((($b3 << 3)             ) & 31);
-                if ($pad) {
-                    $dest .= '=';
-                }
-            } elseif ($i + 2 < $srcLen) {
-                $b1 = $chunk[2];
-                $b2 = $chunk[3];
-                $dest .=
-                    static::$method(              ($b0 >> 3)  & 31) .
-                    static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
-                    static::$method((($b1 >> 1)             ) & 31) .
-                    static::$method((($b1 << 4) | ($b2 >> 4)) & 31) .
-                    static::$method((($b2 << 1)             ) & 31);
-                if ($pad) {
-                    $dest .= '===';
-                }
-            } elseif ($i + 1 < $srcLen) {
-                $b1 = $chunk[2];
-                $dest .=
-                    static::$method(              ($b0 >> 3)  & 31) .
-                    static::$method((($b0 << 2) | ($b1 >> 6)) & 31) .
-                    static::$method((($b1 >> 1)             ) & 31) .
-                    static::$method((($b1 << 4)             ) & 31);
-                if ($pad) {
-                    $dest .= '====';
-                }
-            } else {
-                $dest .=
-                    static::$method(              ($b0 >> 3)  & 31) .
-                    static::$method( ($b0 << 2)               & 31);
-                if ($pad) {
-                    $dest .= '======';
-                }
-            }
-        }
-        return $dest;
-    }
-}
\ No newline at end of file
diff --git a/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php b/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
deleted file mode 100644
index 3ee6cc8d..00000000
--- a/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
+++ /dev/null
@@ -1,97 +0,0 @@
-<?php
-namespace ParagonIE\ConstantTime;
-
-/**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
- *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
- *
- *  Permission is hereby granted, free of charge, to any person obtaining a copy
- *  of this software and associated documentation files (the "Software"), to deal
- *  in the Software without restriction, including without limitation the rights
- *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- *  copies of the Software, and to permit persons to whom the Software is
- *  furnished to do so, subject to the following conditions:
- *
- *  The above copyright notice and this permission notice shall be included in all
- *  copies or substantial portions of the Software.
- *
- *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- *  SOFTWARE.
- */
-
-/**
- * Class Binary
- *
- * Binary string operators that don't choke on
- * mbstring.func_overload
- *
- * @package ParagonIE\ConstantTime
- */
-abstract class Binary
-{
-    /**
-     * Safe string length
-     *
-     * @ref mbstring.func_overload
-     *
-     * @param string $str
-     * @return int
-     */
-    public static function safeStrlen($str)
-    {
-        if (\function_exists('mb_strlen')) {
-            return (int) \mb_strlen($str, '8bit');
-        } else {
-            return (int) \strlen($str);
-        }
-    }
-
-    /**
-     * Safe substring
-     *
-     * @ref mbstring.func_overload
-     *
-     * @staticvar boolean $exists
-     * @param string $str
-     * @param int $start
-     * @param int $length
-     * @return string
-     * @throws \TypeError
-     */
-    public static function safeSubstr(
-        $str,
-        $start = 0,
-        $length = \null
-    ) {
-        if (\function_exists('mb_substr')) {
-            // mb_substr($str, 0, null, '8bit') returns an empty string on PHP
-            // 5.3, so we have to find the length ourselves.
-            if (\is_null($length)) {
-                if ($start >= 0) {
-                    $length = self::safeStrlen($str) - $start;
-                } else {
-                    $length = -$start;
-                }
-            }
-            // $length calculation above might result in a 0-length string
-            if ($length === 0) {
-                return '';
-            }
-            return \mb_substr($str, $start, $length, '8bit');
-        }
-        if ($length === 0) {
-            return '';
-        }
-        // Unlike mb_substr(), substr() doesn't accept null for length
-        if (!is_null($length)) {
-            return \substr($str, $start, $length);
-        } else {
-            return \substr($str, $start);
-        }
-    }
-}
\ No newline at end of file
diff --git a/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php b/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php
deleted file mode 100644
index 76568dcf..00000000
--- a/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-namespace ParagonIE\ConstantTime;
-
-/**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
- *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
- *
- *  Permission is hereby granted, free of charge, to any person obtaining a copy
- *  of this software and associated documentation files (the "Software"), to deal
- *  in the Software without restriction, including without limitation the rights
- *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- *  copies of the Software, and to permit persons to whom the Software is
- *  furnished to do so, subject to the following conditions:
- *
- *  The above copyright notice and this permission notice shall be included in all
- *  copies or substantial portions of the Software.
- *
- *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- *  SOFTWARE.
- */
-
-/**
- * Interface EncoderInterface
- * @package ParagonIE\ConstantTime
- */
-interface EncoderInterface
-{
-    /**
-     * Convert a binary string into a hexadecimal string without cache-timing
-     * leaks
-     *
-     * @param string $bin_string (raw binary)
-     * @return string
-     */
-    public static function encode($bin_string);
-
-    /**
-     * Convert a binary string into a hexadecimal string without cache-timing
-     * leaks
-     *
-     * @param string $encoded_string
-     * @return string (raw binary)
-     */
-    public static function decode($encoded_string);
-}
\ No newline at end of file
diff --git a/factor/totp/tests/factor_test.php b/factor/totp/tests/factor_test.php
index 992585f5..2856f5dc 100644
--- a/factor/totp/tests/factor_test.php
+++ b/factor/totp/tests/factor_test.php
@@ -27,9 +27,6 @@
 require_once(__DIR__.'/../extlib/Assert/Assertion.php');
 require_once(__DIR__.'/../extlib/Assert/AssertionFailedException.php');
 require_once(__DIR__.'/../extlib/Assert/InvalidArgumentException.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/EncoderInterface.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Binary.php');
-require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Base32.php');
 
 /**
  * Tests for TOTP factor.