Use random_bytes

Since we don't care if it is human readbale.
The code is backwards compatible with the old format.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2020-05-11 10:31:46 +02:00 committed by backportbot[bot]
parent 6b6d28ee98
commit 387af7eb60
2 changed files with 24 additions and 11 deletions

View File

@ -52,17 +52,14 @@ class Crypto implements ICrypto {
private $ivLength = 16; private $ivLength = 16;
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
/** @var ISecureRandom */
private $random;
/** /**
* @param IConfig $config * @param IConfig $config
* @param ISecureRandom $random * @param ISecureRandom $random
*/ */
public function __construct(IConfig $config, ISecureRandom $random) { public function __construct(IConfig $config) {
$this->cipher = new AES(); $this->cipher = new AES();
$this->config = $config; $this->config = $config;
$this->random = $random;
} }
/** /**
@ -95,13 +92,14 @@ class Crypto implements ICrypto {
} }
$this->cipher->setPassword($password); $this->cipher->setPassword($password);
$iv = $this->random->generate($this->ivLength); $iv = \random_bytes($this->ivLength);
$this->cipher->setIV($iv); $this->cipher->setIV($iv);
$ciphertext = bin2hex($this->cipher->encrypt($plaintext)); $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
$iv = bin2hex($iv);
$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password)); $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
return $ciphertext.'|'.$iv.'|'.$hmac; return $ciphertext.'|'.$iv.'|'.$hmac.'|2';
} }
/** /**
@ -119,7 +117,8 @@ class Crypto implements ICrypto {
$this->cipher->setPassword($password); $this->cipher->setPassword($password);
$parts = explode('|', $authenticatedCiphertext); $parts = explode('|', $authenticatedCiphertext);
if (\count($parts) !== 3) { $partCount = \count($parts);
if ($partCount < 3 || $partCount > 4) {
throw new \Exception('Authenticated ciphertext could not be decoded.'); throw new \Exception('Authenticated ciphertext could not be decoded.');
} }
@ -127,6 +126,13 @@ class Crypto implements ICrypto {
$iv = $parts[1]; $iv = $parts[1];
$hmac = hex2bin($parts[2]); $hmac = hex2bin($parts[2]);
if ($partCount === 4) {
$version = $parts[3];
if ($version === '2') {
$iv = hex2bin($iv);
}
}
$this->cipher->setIV($iv); $this->cipher->setIV($iv);
if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) { if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {

View File

@ -24,7 +24,7 @@ class CryptoTest extends \Test\TestCase {
protected function setUp(): void { protected function setUp(): void {
parent::setUp(); parent::setUp();
$this->crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $this->crypto = new Crypto(\OC::$server->getConfig());
} }
/** /**
@ -68,4 +68,11 @@ class CryptoTest extends \Test\TestCase {
$encryptedString = '1|2'; $encryptedString = '1|2';
$this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');
} }
public function testLegacy() {
$cipherText = 'e16599188e3d212f5c7f17fdc2abca46|M1WfLAxbcAmITeD6|509457885d6ca5e6c3bfd3741852687a7f2bffce197f8d5ae97b65818b15a1b7f616b68326ff312371540f4ca8ac55f8e2de4aa13aab3474bd3431e51214e3ee';
$password = 'mypass';
$this->assertSame('legacy test', $this->crypto->decrypt($cipherText, $password));
}
} }