diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2015-08-07 15:51:43 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2015-08-07 15:51:43 +0200 |
| commit | 854fd63ea907a870f1916d266e18aaba97820e32 (patch) | |
| tree | 8223f61c364316185d7b859b2bdb888fc7a421e1 /apps/encryption/lib/crypto | |
| parent | 62bc0e5264af50be48dbcbb720b7bd16e8d88df5 (diff) | |
| download | nextcloud-server-854fd63ea907a870f1916d266e18aaba97820e32.tar.gz nextcloud-server-854fd63ea907a870f1916d266e18aaba97820e32.zip | |
use uid as additional information for salt
Diffstat (limited to 'apps/encryption/lib/crypto')
| -rw-r--r-- | apps/encryption/lib/crypto/crypt.php | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index eef16e51447..6c4c108f50a 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -285,12 +285,13 @@ class Crypt { * * @param string $password * @param string $cipher + * @param string $uid only used for user keys * @return string */ - protected function generatePasswordHash($password, $cipher) { + protected function generatePasswordHash($password, $cipher, $uid = '') { $instanceId = $this->config->getSystemValue('instanceid'); $instanceSecret = $this->config->getSystemValue('secret'); - $salt = hash('sha256', $instanceId . $instanceSecret, true); + $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true); $keySize = $this->getKeySize($cipher); if (function_exists('hash_pbkdf2')) { @@ -324,11 +325,12 @@ class Crypt { * * @param string $privateKey * @param string $password + * @param string $uid for regular users, empty for system keys * @return bool|string */ - public function encryptPrivateKey($privateKey, $password) { + public function encryptPrivateKey($privateKey, $password, $uid = '') { $cipher = $this->getCipher(); - $hash = $this->generatePasswordHash($password, $cipher); + $hash = $this->generatePasswordHash($password, $cipher, $uid); $encryptedKey = $this->symmetricEncryptFileContent( $privateKey, $hash @@ -340,9 +342,10 @@ class Crypt { /** * @param string $privateKey * @param string $password + * @param string $uid for regular users, empty for system keys * @return bool|string */ - public function decryptPrivateKey($privateKey, $password = '') { + public function decryptPrivateKey($privateKey, $password = '', $uid = '') { $header = $this->parseHeader($privateKey); @@ -359,7 +362,7 @@ class Crypt { } if ($keyFormat === 'hash') { - $password = $this->generatePasswordHash($password, $cipher); + $password = $this->generatePasswordHash($password, $cipher, $uid); } // If we found a header we need to remove it from the key we want to decrypt |