nextcloud/lib/private/Security/Crypto.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Andreas Fischer <bantu@owncloud.com>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */


namespace OC\Security;

use phpseclib\Crypt\AES;
use phpseclib\Crypt\Hash;
use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
use OCP\IConfig;

/**
 * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
 * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
 *
 * Usage:
 * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
 * $encryptWithCustompassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
 *
 * @package OC\Security
 */
class Crypto implements ICrypto {
	/** @var AES $cipher */
	private $cipher;
	/** @var int */
	private $ivLength = 16;
	/** @var IConfig */
	private $config;
	/** @var ISecureRandom */
	private $random;

	/**
	 * @param IConfig $config
	 * @param ISecureRandom $random
	 */
	function __construct(IConfig $config, ISecureRandom $random) {
		$this->cipher = new AES();
		$this->config = $config;
		$this->random = $random;
	}

	/**
	 * @param string $message The message to authenticate
	 * @param string $password Password to use (defaults to `secret` in config.php)
	 * @return string Calculated HMAC
	 */
	public function calculateHMAC($message, $password = '') {
		if($password === '') {
			$password = $this->config->getSystemValue('secret');
		}

		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
		$password = hash('sha512', $password . 'a');

		$hash = new Hash('sha512');
		$hash->setKey($password);
		return $hash->hash($message);
	}

	/**
	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
	 * @param string $plaintext
	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	 * @return string Authenticated ciphertext
	 */
	public function encrypt($plaintext, $password = '') {
		if($password === '') {
			$password = $this->config->getSystemValue('secret');
		}
		$this->cipher->setPassword($password);

		$iv = $this->random->generate($this->ivLength);
		$this->cipher->setIV($iv);

		$ciphertext = bin2hex($this->cipher->encrypt($plaintext));
		$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));

		return $ciphertext.'|'.$iv.'|'.$hmac;
	}

	/**
	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
	 * @param string $authenticatedCiphertext
	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	 * @return string plaintext
	 * @throws \Exception If the HMAC does not match
	 */
	public function decrypt($authenticatedCiphertext, $password = '') {
		if($password === '') {
			$password = $this->config->getSystemValue('secret');
		}
		$this->cipher->setPassword($password);

		$parts = explode('|', $authenticatedCiphertext);
		if(sizeof($parts) !== 3) {
			throw new \Exception('Authenticated ciphertext could not be decoded.');
		}

		$ciphertext = hex2bin($parts[0]);
		$iv = $parts[1];
		$hmac = hex2bin($parts[2]);

		$this->cipher->setIV($iv);

		if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
			throw new \Exception('HMAC does not match.');
		}

		return $this->cipher->decrypt($ciphertext);
	}

}
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`<?php`
			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
update licence headers via script 2015-10-05 21:54:56 +03:00			`* @author Andreas Fischer <bantu@owncloud.com>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Morris Jobke <hey@morrisjobke.de>`
Fix others 2016-07-21 18:07:57 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
Update license headers 2015-03-26 13:44:34 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
			`*`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`*/`
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36. 2015-02-26 13:37:37 +03:00

Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`namespace OC\Security;`

Update phpseclib to 2.0 2015-08-03 07:39:53 +03:00			`use phpseclib\Crypt\AES;`
			`use phpseclib\Crypt\Hash;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`use OCP\Security\ICrypto;`
Use DI 2014-08-27 02:49:53 +04:00			`use OCP\Security\ISecureRandom;`
			`use OCP\IConfig;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00
			`/**`
			`* Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided`
			`* it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.`
			`*`
			`* Usage:`
			`* $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');`
			`* $encryptWithCustompassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');`
			`*`
			`* @package OC\Security`
			`*/`
			`class Crypto implements ICrypto {`
Update phpseclib to 2.0 2015-08-03 07:39:53 +03:00			`/** @var AES $cipher */`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`private $cipher;`
			`/** @var int */`
			`private $ivLength = 16;`
Use DI 2014-08-27 02:49:53 +04:00			`/** @var IConfig */`
			`private $config;`
			`/** @var ISecureRandom */`
			`private $random;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00
Remove "use" statement Ref https://bugs.php.net/bug.php?id=66773 2015-08-04 22:41:33 +03:00			`/**`
			`* @param IConfig $config`
			`* @param ISecureRandom $random`
			`*/`
Use DI 2014-08-27 02:49:53 +04:00			`function __construct(IConfig $config, ISecureRandom $random) {`
Update phpseclib to 2.0 2015-08-03 07:39:53 +03:00			`$this->cipher = new AES();`
Use DI 2014-08-27 02:49:53 +04:00			`$this->config = $config;`
			`$this->random = $random;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`}`

			`/**`
			`* @param string $message The message to authenticate`
			* @param string $password Password to use (defaults to `secret` in config.php)
			`* @return string Calculated HMAC`
			`*/`
			`public function calculateHMAC($message, $password = '') {`
			`if($password === '') {`
Use DI 2014-08-27 02:49:53 +04:00			`$password = $this->config->getSystemValue('secret');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`}`

Add char consts, hash the specified password for the HMAC 2014-09-03 13:03:27 +04:00			`// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption`
			`$password = hash('sha512', $password . 'a');`

Update phpseclib to 2.0 2015-08-03 07:39:53 +03:00			`$hash = new Hash('sha512');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`$hash->setKey($password);`
			`return $hash->hash($message);`
			`}`

			`/**`
			`* Encrypts a value and adds an HMAC (Encrypt-Then-MAC)`
			`* @param string $plaintext`
			`* @param string $password Password to encrypt, if not specified the secret from config.php will be taken`
			`* @return string Authenticated ciphertext`
			`*/`
			`public function encrypt($plaintext, $password = '') {`
			`if($password === '') {`
Use DI 2014-08-27 02:49:53 +04:00			`$password = $this->config->getSystemValue('secret');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`}`
			`$this->cipher->setPassword($password);`

getLowStrengthGenerator does not do anything anymore 2016-01-11 21:59:15 +03:00			`$iv = $this->random->generate($this->ivLength);`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`$this->cipher->setIV($iv);`

			`$ciphertext = bin2hex($this->cipher->encrypt($plaintext));`
			`$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));`

			`return $ciphertext.'\|'.$iv.'\|'.$hmac;`
			`}`

			`/**`
			`* Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)`
			`* @param string $authenticatedCiphertext`
			`* @param string $password Password to encrypt, if not specified the secret from config.php will be taken`
			`* @return string plaintext`
			`* @throws \Exception If the HMAC does not match`
			`*/`
			`public function decrypt($authenticatedCiphertext, $password = '') {`
			`if($password === '') {`
Use DI 2014-08-27 02:49:53 +04:00			`$password = $this->config->getSystemValue('secret');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`}`
			`$this->cipher->setPassword($password);`

			`$parts = explode('\|', $authenticatedCiphertext);`
			`if(sizeof($parts) !== 3) {`
			`throw new \Exception('Authenticated ciphertext could not be decoded.');`
			`}`

Remove workaround for 5.3 Function is natively available with 5.4 2014-12-04 13:17:33 +03:00			`$ciphertext = hex2bin($parts[0]);`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`$iv = $parts[1];`
Remove workaround for 5.3 Function is natively available with 5.4 2014-12-04 13:17:33 +03:00			`$hmac = hex2bin($parts[2]);`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00
			`$this->cipher->setIV($iv);`

Use PHP polyfills 2015-12-11 08:17:47 +03:00			`if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`throw new \Exception('HMAC does not match.');`
			`}`

			`return $this->cipher->decrypt($ciphertext);`
			`}`

			`}`