diff options
| author | lynn-stephenson <lynn.stephenson@protonmail.com> | 2020-10-15 21:04:38 -0800 |
|---|---|---|
| committer | lynn-stephenson <lynn.stephenson@protonmail.com> | 2020-10-15 21:23:24 -0800 |
| commit | 648b60fa0ed0cd980e6309ddc8939673ca1e159f (patch) | |
| tree | 6adaf5f5638d7a546cb9f5a9135ebee4ea61a4be /lib/private/Security/Crypto.php | |
| parent | b13d9bcca633db98ee9f1bee30800cedbfb0608b (diff) | |
| download | nextcloud-server-648b60fa0ed0cd980e6309ddc8939673ca1e159f.tar.gz nextcloud-server-648b60fa0ed0cd980e6309ddc8939673ca1e159f.zip | |
Derive encryption key & MAC key from a single key.
Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
Diffstat (limited to 'lib/private/Security/Crypto.php')
| -rw-r--r-- | lib/private/Security/Crypto.php | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php index 154448281b9..35add2dc649 100644 --- a/lib/private/Security/Crypto.php +++ b/lib/private/Security/Crypto.php @@ -10,6 +10,7 @@ declare(strict_types=1); * @author Lukas Reschke <lukas@statuscode.ch> * @author Morris Jobke <hey@morrisjobke.de> * @author Roeland Jago Douma <roeland@famdouma.nl> + * @author Lynn Stephenson <lynn.stephenson@protonmail.com> * * @license AGPL-3.0 * @@ -90,16 +91,17 @@ class Crypto implements ICrypto { if ($password === '') { $password = $this->config->getSystemValue('secret'); } - $this->cipher->setPassword($password); + $keyMaterial = hash_hkdf('sha512', $password); + $this->cipher->setPassword(substr($keyMaterial, 0, 32)); $iv = \random_bytes($this->ivLength); $this->cipher->setIV($iv); $ciphertext = bin2hex($this->cipher->encrypt($plaintext)); $iv = bin2hex($iv); - $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password)); + $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, substr($keyMaterial, 32))); - return $ciphertext.'|'.$iv.'|'.$hmac.'|2'; + return $ciphertext.'|'.$iv.'|'.$hmac.'|3'; } /** @@ -114,7 +116,7 @@ class Crypto implements ICrypto { if ($password === '') { $password = $this->config->getSystemValue('secret'); } - $this->cipher->setPassword($password); + $hmacKey = $encryptionKey = $password; $parts = explode('|', $authenticatedCiphertext); $partCount = \count($parts); @@ -128,14 +130,20 @@ class Crypto implements ICrypto { if ($partCount === 4) { $version = $parts[3]; - if ($version === '2') { + if ($version >= '2') { $iv = hex2bin($iv); } - } + if ($version === '3') { + $keyMaterial = hash_hkdf('sha512', $password); + $encryptionKey = substr($keyMaterial, 0, 32); + $hmacKey = substr($keyMaterial, 32); + } + } + $this->cipher->setPassword($encryptionKey); $this->cipher->setIV($iv); - if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) { + if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) { throw new \Exception('HMAC does not match.'); } |