From 62bc0e5264af50be48dbcbb720b7bd16e8d88df5 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 7 Aug 2015 14:04:17 +0200 Subject: use password hash instead of the plain password to encrypt the private key --- apps/encryption/lib/crypto/crypt.php | 139 ++++++++++++++++++++++++++++++++--- apps/encryption/lib/keymanager.php | 9 +-- apps/encryption/lib/recovery.php | 2 +- 3 files changed, 135 insertions(+), 15 deletions(-) (limited to 'apps/encryption/lib') diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index f3cf38fb96c..eef16e51447 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -30,6 +30,7 @@ use OC\Encryption\Exceptions\DecryptionFailedException; use OC\Encryption\Exceptions\EncryptionFailedException; use OCA\Encryption\Exceptions\MultiKeyDecryptException; use OCA\Encryption\Exceptions\MultiKeyEncryptException; +use OCA\Encryption\Vendor\PBKDF2Fallback; use OCP\Encryption\Exceptions\GenericEncryptionException; use OCP\IConfig; use OCP\ILogger; @@ -42,6 +43,10 @@ class Crypt { // default cipher from old ownCloud versions const LEGACY_CIPHER = 'AES-128-CFB'; + // default key format, old ownCloud version encrypted the private key directly + // with the user password + const LEGACY_KEY_FORMAT = 'password'; + const HEADER_START = 'HBEGIN'; const HEADER_END = 'HEND'; /** @@ -57,6 +62,11 @@ class Crypt { */ private $config; + /** + * @var array + */ + private $supportedKeyFormats; + /** * @param ILogger $logger * @param IUserSession $userSession @@ -66,6 +76,7 @@ class Crypt { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; $this->config = $config; + $this->supportedKeyFormats = ['hash', 'password']; } /** @@ -161,10 +172,23 @@ class Crypt { /** * generate header for encrypted file + * + * @param string $keyFormat (can be 'hash' or 'password') + * @return string + * @throws \InvalidArgumentException */ - public function generateHeader() { + public function generateHeader($keyFormat = 'hash') { + + if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) { + throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported'); + } + $cipher = $this->getCipher(); - $header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END; + + $header = self::HEADER_START + . ':cipher:' . $cipher + . ':keyFormat:' . $keyFormat + . ':' . self::HEADER_END; return $header; } @@ -211,6 +235,25 @@ class Crypt { return $cipher; } + /** + * get key size depending on the cipher + * + * @param string $cipher supported ('AES-256-CFB' and 'AES-128-CFB') + * @return int + * @throws \InvalidArgumentException + */ + protected function getKeySize($cipher) { + if ($cipher === 'AES-256-CFB') { + return 32; + } else if ($cipher === 'AES-128-CFB') { + return 16; + } + + throw new \InvalidArgumentException( + 'Wrong cipher defined only AES-128-CFB and AES-256-CFB are supported.' + ); + } + /** * get legacy cipher * @@ -237,6 +280,63 @@ class Crypt { return $data . 'xx'; } + /** + * generate password hash used to encrypt the users private key + * + * @param string $password + * @param string $cipher + * @return string + */ + protected function generatePasswordHash($password, $cipher) { + $instanceId = $this->config->getSystemValue('instanceid'); + $instanceSecret = $this->config->getSystemValue('secret'); + $salt = hash('sha256', $instanceId . $instanceSecret, true); + $keySize = $this->getKeySize($cipher); + + if (function_exists('hash_pbkdf2')) { + $hash = hash_pbkdf2( + 'sha256', + $password, + $salt, + 100000, + $keySize, + true + ); + } else { + // fallback to 3rdparty lib for PHP <= 5.4. + // FIXME: Can be removed as soon as support for PHP 5.4 was dropped + $fallback = new PBKDF2Fallback(); + $hash = $fallback->pbkdf2( + 'sha256', + $password, + $salt, + 100000, + $keySize, + true + ); + } + + return $hash; + } + + /** + * encrypt private key + * + * @param string $privateKey + * @param string $password + * @return bool|string + */ + public function encryptPrivateKey($privateKey, $password) { + $cipher = $this->getCipher(); + $hash = $this->generatePasswordHash($password, $cipher); + $encryptedKey = $this->symmetricEncryptFileContent( + $privateKey, + $hash + ); + + return $encryptedKey; + } + /** * @param string $privateKey * @param string $password @@ -252,6 +352,16 @@ class Crypt { $cipher = self::LEGACY_CIPHER; } + if (isset($header['keyFormat'])) { + $keyFormat = $header['keyFormat']; + } else { + $keyFormat = self::LEGACY_KEY_FORMAT; + } + + if ($keyFormat === 'hash') { + $password = $this->generatePasswordHash($password, $cipher); + } + // If we found a header we need to remove it from the key we want to decrypt if (!empty($header)) { $privateKey = substr($privateKey, @@ -263,18 +373,29 @@ class Crypt { $password, $cipher); - // Check if this is a valid private key + if ($this->isValidPrivateKey($plainKey) === false) { + return false; + } + + return $plainKey; + } + + /** + * check if it is a valid private key + * + * @param $plainKey + * @return bool + */ + protected function isValidPrivateKey($plainKey) { $res = openssl_get_privatekey($plainKey); if (is_resource($res)) { $sslInfo = openssl_pkey_get_details($res); - if (!isset($sslInfo['key'])) { - return false; + if (isset($sslInfo['key'])) { + return true; } - } else { - return false; } - return $plainKey; + return true; } /** @@ -358,7 +479,7 @@ class Crypt { * @param $data * @return array */ - private function parseHeader($data) { + protected function parseHeader($data) { $result = []; if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) { diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 8c8c1f8fd78..47a8e7d391f 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -146,7 +146,7 @@ class KeyManager { Encryption::ID); // Encrypt private key empty passphrase - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], ''); $header = $this->crypt->generateHeader(); $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey); } @@ -203,8 +203,8 @@ class KeyManager { // Save Public Key $this->setPublicKey($uid, $keyPair['publicKey']); - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], - $password); + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password); + $header = $this->crypt->generateHeader(); if ($encryptedKey) { @@ -226,8 +226,7 @@ class KeyManager { $keyPair['publicKey'], Encryption::ID); - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], - $password); + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password); $header = $this->crypt->generateHeader(); if ($encryptedKey) { diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index e31a14fba63..e82ecca9d49 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -136,7 +136,7 @@ class Recovery { public function changeRecoveryKeyPassword($newPassword, $oldPassword) { $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword); - $encryptedRecoveryKey = $this->crypt->symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword); + $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword); $header = $this->crypt->generateHeader(); if ($encryptedRecoveryKey) { $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey); -- cgit v1.2.3 From 854fd63ea907a870f1916d266e18aaba97820e32 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 7 Aug 2015 15:51:43 +0200 Subject: use uid as additional information for salt --- apps/encryption/controller/settingscontroller.php | 4 ++-- apps/encryption/hooks/userhooks.php | 4 ++-- apps/encryption/lib/crypto/crypt.php | 15 +++++++++------ apps/encryption/lib/keymanager.php | 8 +++----- apps/encryption/lib/recovery.php | 3 +-- 5 files changed, 17 insertions(+), 17 deletions(-) (limited to 'apps/encryption/lib') diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php index dbd960bb784..2a668f7cd4a 100644 --- a/apps/encryption/controller/settingscontroller.php +++ b/apps/encryption/controller/settingscontroller.php @@ -100,10 +100,10 @@ class SettingsController extends Controller { if ($passwordCorrect !== false) { $encryptedKey = $this->keyManager->getPrivateKey($uid); - $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword); + $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid); if ($decryptedKey) { - $encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword); + $encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid); $header = $this->crypt->generateHeader(); if ($encryptedKey) { $this->keyManager->setPrivateKey($uid, $header . $encryptedKey); diff --git a/apps/encryption/hooks/userhooks.php b/apps/encryption/hooks/userhooks.php index 71c0435d200..8b6f17bec6d 100644 --- a/apps/encryption/hooks/userhooks.php +++ b/apps/encryption/hooks/userhooks.php @@ -220,7 +220,7 @@ class UserHooks implements IHook { if ($user && $params['uid'] === $user->getUID() && $privateKey) { // Encrypt private key with new user pwd as passphrase - $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password']); + $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']); // Save private key if ($encryptedPrivateKey) { @@ -258,7 +258,7 @@ class UserHooks implements IHook { $this->keyManager->setPublicKey($user, $keyPair['publicKey']); // Encrypt private key with new password - $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword); + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user); if ($encryptedKey) { $this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey); diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index eef16e51447..6c4c108f50a 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -285,12 +285,13 @@ class Crypt { * * @param string $password * @param string $cipher + * @param string $uid only used for user keys * @return string */ - protected function generatePasswordHash($password, $cipher) { + protected function generatePasswordHash($password, $cipher, $uid = '') { $instanceId = $this->config->getSystemValue('instanceid'); $instanceSecret = $this->config->getSystemValue('secret'); - $salt = hash('sha256', $instanceId . $instanceSecret, true); + $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true); $keySize = $this->getKeySize($cipher); if (function_exists('hash_pbkdf2')) { @@ -324,11 +325,12 @@ class Crypt { * * @param string $privateKey * @param string $password + * @param string $uid for regular users, empty for system keys * @return bool|string */ - public function encryptPrivateKey($privateKey, $password) { + public function encryptPrivateKey($privateKey, $password, $uid = '') { $cipher = $this->getCipher(); - $hash = $this->generatePasswordHash($password, $cipher); + $hash = $this->generatePasswordHash($password, $cipher, $uid); $encryptedKey = $this->symmetricEncryptFileContent( $privateKey, $hash @@ -340,9 +342,10 @@ class Crypt { /** * @param string $privateKey * @param string $password + * @param string $uid for regular users, empty for system keys * @return bool|string */ - public function decryptPrivateKey($privateKey, $password = '') { + public function decryptPrivateKey($privateKey, $password = '', $uid = '') { $header = $this->parseHeader($privateKey); @@ -359,7 +362,7 @@ class Crypt { } if ($keyFormat === 'hash') { - $password = $this->generatePasswordHash($password, $cipher); + $password = $this->generatePasswordHash($password, $cipher, $uid); } // If we found a header we need to remove it from the key we want to decrypt diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 47a8e7d391f..6c793e5964f 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -184,8 +184,7 @@ class KeyManager { */ public function checkRecoveryPassword($password) { $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID); - $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, - $password); + $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password); if ($decryptedRecoveryKey) { return true; @@ -203,7 +202,7 @@ class KeyManager { // Save Public Key $this->setPublicKey($uid, $keyPair['publicKey']); - $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password); + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid); $header = $this->crypt->generateHeader(); @@ -307,8 +306,7 @@ class KeyManager { try { $privateKey = $this->getPrivateKey($uid); - $privateKey = $this->crypt->decryptPrivateKey($privateKey, - $passPhrase); + $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; } catch (DecryptionFailedException $e) { diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index e82ecca9d49..b22e3265628 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -263,8 +263,7 @@ class Recovery { public function recoverUsersFiles($recoveryPassword, $user) { $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); - $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, - $recoveryPassword); + $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); } -- cgit v1.2.3