Merge pull request #38018 from owncloud/use-better-random-source

Use random_bytes instead of self-rolled random function
owncloud · Oct 29, 2020 · 5cc07a8 · 5cc07a8
2 parents 18dd1f4 + 816bc5b
commit 5cc07a8
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 11 deletions.
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
@@ -90,13 +90,13 @@ public function encrypt($plaintext, $password = '') {
 		}
 		$this->cipher->setPassword($password);
 
-		$iv = $this->random->generate($this->ivLength);
+		$iv = \random_bytes($this->ivLength);
 		$this->cipher->setIV($iv);
 
 		$ciphertext = \bin2hex($this->cipher->encrypt($plaintext));
 		$hmac = \bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
 
-		return $ciphertext.'|'.$iv.'|'.$hmac;
+		return 'v2|' . $ciphertext.'|'. \bin2hex($iv).'|'.$hmac;
 	}
 
 	/**
@@ -113,20 +113,36 @@ public function decrypt($authenticatedCiphertext, $password = '') {
 		$this->cipher->setPassword($password);
 
 		$parts = \explode('|', $authenticatedCiphertext);
-		if (\sizeof($parts) !== 3) {
-			throw new \Exception('Authenticated ciphertext could not be decoded.');
+
+		// v2 uses stronger binary random iv
+		if (\sizeof($parts) === 4 && $parts[0] === 'v2') {
+			$ciphertext = \hex2bin($parts[1]);
+			$iv = \hex2bin($parts[2]);
+			$hmac = \hex2bin($parts[3]);
+
+			$this->cipher->setIV($iv);
+
+			if (!\hash_equals($this->calculateHMAC($parts[1].$iv, $password), $hmac)) {
+				throw new \Exception('HMAC does not match.');
+			}
+
+			return $this->cipher->decrypt($ciphertext);
 		}
 
-		$ciphertext = \hex2bin($parts[0]);
-		$iv = $parts[1];
-		$hmac = \hex2bin($parts[2]);
+		if (\sizeof($parts) === 3) {
+			$ciphertext = \hex2bin($parts[0]);
+			$iv = $parts[1];
+			$hmac = \hex2bin($parts[2]);
 
-		$this->cipher->setIV($iv);
+			$this->cipher->setIV($iv);
+
+			if (!\hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+				throw new \Exception('HMAC does not match.');
+			}
 
-		if (!\hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
-			throw new \Exception('HMAC does not match.');
+			return $this->cipher->decrypt($ciphertext);
 		}
 
-		return $this->cipher->decrypt($ciphertext);
+		throw new \Exception('Authenticated ciphertext could not be decoded.');
 	}
 }
diff --git a/tests/lib/Security/CryptoTest.php b/tests/lib/Security/CryptoTest.php
@@ -52,6 +52,13 @@ public function testLaterDecryption() {
 		$this->assertEquals($stringToEncrypt, $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'));
 	}
 
+	// v2 has stronger generated iv
+	public function testLaterDecryptionV2() {
+		$decrypted = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
+		$encryptedString = 'v2|f71f4fac5e0ccc38857ef1ef85f1bc19fb0a724684623be4106ec03502cbac28ea9e3226e8dfcabdcf075aabc362e83596fdc7868f9ae6b7ff1602f07a8bfc444a8ede9c79897ec61cfa922386a0833e1e1179363a1e26deb332faf4beef73ed17bc525bd4221191af039da52357e73b|07853a2f518e9abee07ea87452222bd4|fb2b33f22184f06261468a71ac4ccff749d27c5f5e76ec0d90e5a1ce559538ce0b12cef08616bd3c4ddd141b7a595e99161b980a273b288c0d79f01debec5dab';
+		$this->assertEquals($decrypted, $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'));
+	}
+
 	/**
 	 */
 	public function testWrongIV() {