Skip to content

Commit

Permalink
use uid as additional information for salt
Browse files Browse the repository at this point in the history
  • Loading branch information
Bjoern Schiessle committed Aug 7, 2015
1 parent 62bc0e5 commit 854fd63
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 17 deletions.
4 changes: 2 additions & 2 deletions apps/encryption/controller/settingscontroller.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,10 @@ public function updatePrivateKeyPassword($oldPassword, $newPassword) {

if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);

if ($decryptedKey) {
$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword);
$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
Expand Down
4 changes: 2 additions & 2 deletions apps/encryption/hooks/userhooks.php
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ public function setPassphrase($params) {
if ($user && $params['uid'] === $user->getUID() && $privateKey) {

// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password']);
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);

// Save private key
if ($encryptedPrivateKey) {
Expand Down Expand Up @@ -258,7 +258,7 @@ public function setPassphrase($params) {
$this->keyManager->setPublicKey($user, $keyPair['publicKey']);

// Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword);
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);

if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
Expand Down
15 changes: 9 additions & 6 deletions apps/encryption/lib/crypto/crypt.php
Original file line number Diff line number Diff line change
Expand Up @@ -285,12 +285,13 @@ private function addPadding($data) {
*
* @param string $password
* @param string $cipher
* @param string $uid only used for user keys
* @return string
*/
protected function generatePasswordHash($password, $cipher) {
protected function generatePasswordHash($password, $cipher, $uid = '') {
$instanceId = $this->config->getSystemValue('instanceid');
$instanceSecret = $this->config->getSystemValue('secret');
$salt = hash('sha256', $instanceId . $instanceSecret, true);
$salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
$keySize = $this->getKeySize($cipher);

if (function_exists('hash_pbkdf2')) {
Expand Down Expand Up @@ -324,11 +325,12 @@ protected function generatePasswordHash($password, $cipher) {
*
* @param string $privateKey
* @param string $password
* @param string $uid for regular users, empty for system keys
* @return bool|string
*/
public function encryptPrivateKey($privateKey, $password) {
public function encryptPrivateKey($privateKey, $password, $uid = '') {
$cipher = $this->getCipher();
$hash = $this->generatePasswordHash($password, $cipher);
$hash = $this->generatePasswordHash($password, $cipher, $uid);
$encryptedKey = $this->symmetricEncryptFileContent(
$privateKey,
$hash
Expand All @@ -340,9 +342,10 @@ public function encryptPrivateKey($privateKey, $password) {
/**
* @param string $privateKey
* @param string $password
* @param string $uid for regular users, empty for system keys
* @return bool|string
*/
public function decryptPrivateKey($privateKey, $password = '') {
public function decryptPrivateKey($privateKey, $password = '', $uid = '') {

$header = $this->parseHeader($privateKey);

Expand All @@ -359,7 +362,7 @@ public function decryptPrivateKey($privateKey, $password = '') {
}

if ($keyFormat === 'hash') {
$password = $this->generatePasswordHash($password, $cipher);
$password = $this->generatePasswordHash($password, $cipher, $uid);
}

// If we found a header we need to remove it from the key we want to decrypt
Expand Down
8 changes: 3 additions & 5 deletions apps/encryption/lib/keymanager.php
Original file line number Diff line number Diff line change
Expand Up @@ -184,8 +184,7 @@ public function getRecoveryKeyId() {
*/
public function checkRecoveryPassword($password) {
$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey,
$password);
$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);

if ($decryptedRecoveryKey) {
return true;
Expand All @@ -203,7 +202,7 @@ public function storeKeyPair($uid, $password, $keyPair) {
// Save Public Key
$this->setPublicKey($uid, $keyPair['publicKey']);

$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);

$header = $this->crypt->generateHeader();

Expand Down Expand Up @@ -307,8 +306,7 @@ public function init($uid, $passPhrase) {

try {
$privateKey = $this->getPrivateKey($uid);
$privateKey = $this->crypt->decryptPrivateKey($privateKey,
$passPhrase);
$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
} catch (PrivateKeyMissingException $e) {
return false;
} catch (DecryptionFailedException $e) {
Expand Down
3 changes: 1 addition & 2 deletions apps/encryption/lib/recovery.php
Original file line number Diff line number Diff line change
Expand Up @@ -263,8 +263,7 @@ private function removeRecoveryKeys($path) {
public function recoverUsersFiles($recoveryPassword, $user) {
$encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());

$privateKey = $this->crypt->decryptPrivateKey($encryptedKey,
$recoveryPassword);
$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);

$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
}
Expand Down

0 comments on commit 854fd63

Please sign in to comment.