|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* sysPass |
|
4
|
|
|
* |
|
5
|
|
|
* @author nuxsmin |
|
6
|
|
|
* @link https://syspass.org |
|
7
|
|
|
* @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org |
|
8
|
|
|
* |
|
9
|
|
|
* This file is part of sysPass. |
|
10
|
|
|
* |
|
11
|
|
|
* sysPass is free software: you can redistribute it and/or modify |
|
12
|
|
|
* it under the terms of the GNU General Public License as published by |
|
13
|
|
|
* the Free Software Foundation, either version 3 of the License, or |
|
14
|
|
|
* (at your option) any later version. |
|
15
|
|
|
* |
|
16
|
|
|
* sysPass is distributed in the hope that it will be useful, |
|
17
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
18
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
19
|
|
|
* GNU General Public License for more details. |
|
20
|
|
|
* |
|
21
|
|
|
* You should have received a copy of the GNU General Public License |
|
22
|
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>. |
|
23
|
|
|
*/ |
|
24
|
|
|
|
|
25
|
|
|
namespace SP\Core\Crypt; |
|
26
|
|
|
|
|
27
|
|
|
use SP\Bootstrap; |
|
28
|
|
|
use SP\Config\ConfigData; |
|
29
|
|
|
use SP\Core\Exceptions\SPException; |
|
30
|
|
|
use SP\Util\Checks; |
|
31
|
|
|
|
|
32
|
|
|
defined('APP_ROOT') || die(); |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* Esta clase es la encargada de realizar el encriptado/desencriptado de claves |
|
36
|
|
|
* |
|
37
|
|
|
* @deprecated Since 2.1 |
|
38
|
|
|
*/ |
|
39
|
|
|
final class OldCrypt |
|
40
|
|
|
{ |
|
41
|
|
|
public static $strInitialVector; |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Generar un hash de una clave utilizando un salt. |
|
45
|
|
|
* |
|
46
|
|
|
* @param string $pwd con la clave a 'hashear' |
|
47
|
|
|
* @param bool $prefixSalt Añadir el salt al hash |
|
48
|
|
|
* |
|
49
|
|
|
* @return string con el hash de la clave |
|
50
|
|
|
*/ |
|
51
|
|
|
public static function mkHashPassword($pwd, $prefixSalt = true) |
|
52
|
|
|
{ |
|
53
|
|
|
$salt = self::makeHashSalt(); |
|
54
|
|
|
$hash = crypt($pwd, $salt); |
|
55
|
|
|
|
|
56
|
|
|
return ($prefixSalt === true) ? $salt . $hash : $hash; |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* Crear un salt utilizando mcrypt. |
|
61
|
|
|
* |
|
62
|
|
|
* @param string $salt |
|
63
|
|
|
* @param bool $random |
|
64
|
|
|
* |
|
65
|
|
|
* @return string con el salt creado |
|
66
|
|
|
*/ |
|
67
|
|
|
public static function makeHashSalt($salt = null, $random = true) |
|
68
|
|
|
{ |
|
69
|
|
|
/** @var ConfigData $ConfigData */ |
|
70
|
|
|
$ConfigData = Bootstrap::getContainer()['configData']; |
|
71
|
|
|
|
|
72
|
|
|
if ($random === true) { |
|
73
|
|
|
$salt = bin2hex(self::getIV()); |
|
74
|
|
|
} elseif ($salt !== null && strlen($salt) < 22) { |
|
75
|
|
|
$salt .= $ConfigData->getPasswordSalt(); |
|
76
|
|
|
} elseif ($salt === null) { |
|
77
|
|
|
$salt = $ConfigData->getPasswordSalt(); |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
return '$2y$07$' . substr($salt, 0, 22) . '$'; |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* Crear el vector de inicialización. |
|
85
|
|
|
* |
|
86
|
|
|
* @return string con el IV |
|
87
|
|
|
*/ |
|
88
|
|
|
public static function getIV() |
|
89
|
|
|
{ |
|
90
|
|
|
$source = MCRYPT_DEV_URANDOM; |
|
91
|
|
|
$mcryptRes = self::getMcryptResource(); |
|
92
|
|
|
|
|
93
|
|
|
if (Checks::checkIsWindows() && (!defined('PHP_VERSION_ID') || PHP_VERSION_ID < 50300)) { |
|
94
|
|
|
$source = MCRYPT_RAND; |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
// Crear el IV y asegurar que tiene una longitud de 32 bytes |
|
98
|
|
|
do { |
|
99
|
|
|
$cryptIV = mcrypt_create_iv(mcrypt_enc_get_iv_size($mcryptRes), $source); |
|
|
|
|
|
|
100
|
|
|
} while ($cryptIV === false || strlen($cryptIV) < 32); |
|
101
|
|
|
|
|
102
|
|
|
mcrypt_module_close($mcryptRes); |
|
|
|
|
|
|
103
|
|
|
|
|
104
|
|
|
return $cryptIV; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* Método para obtener un recurso del módulo mcrypt. |
|
109
|
|
|
* Se utiliza el algoritmo RIJNDAEL_256 en modo CBC |
|
110
|
|
|
* |
|
111
|
|
|
* @return resource |
|
112
|
|
|
*/ |
|
113
|
|
|
private static function getMcryptResource() |
|
114
|
|
|
{ |
|
115
|
|
|
return mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, ''); |
|
|
|
|
|
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
/** |
|
119
|
|
|
* Generar la clave maestra encriptada con una clave |
|
120
|
|
|
* |
|
121
|
|
|
* @param string $customPwd con la clave a encriptar |
|
122
|
|
|
* @param string $masterPwd con la clave maestra |
|
123
|
|
|
* |
|
124
|
|
|
* @return array con la clave encriptada |
|
125
|
|
|
*/ |
|
126
|
|
|
public static function mkCustomMPassEncrypt($customPwd, $masterPwd) |
|
127
|
|
|
{ |
|
128
|
|
|
$cryptIV = self::getIV(); |
|
129
|
|
|
$cryptValue = self::encrypt($masterPwd, $customPwd, $cryptIV); |
|
130
|
|
|
|
|
131
|
|
|
return [$cryptValue, $cryptIV]; |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
/** |
|
135
|
|
|
* Encriptar datos con la clave maestra. |
|
136
|
|
|
* |
|
137
|
|
|
* @param string $strValue con los datos a encriptar |
|
138
|
|
|
* @param string $strPassword con la clave maestra |
|
139
|
|
|
* @param string $cryptIV con el IV |
|
140
|
|
|
* |
|
141
|
|
|
* @return string con los datos encriptados |
|
142
|
|
|
*/ |
|
143
|
|
|
private static function encrypt($strValue, $strPassword, $cryptIV) |
|
144
|
|
|
{ |
|
145
|
|
|
if (empty($strValue)) { |
|
146
|
|
|
return ''; |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
$mcryptRes = self::getMcryptResource(); |
|
150
|
|
|
|
|
151
|
|
|
mcrypt_generic_init($mcryptRes, $strPassword, $cryptIV); |
|
|
|
|
|
|
152
|
|
|
$strEncrypted = mcrypt_generic($mcryptRes, $strValue); |
|
|
|
|
|
|
153
|
|
|
mcrypt_generic_deinit($mcryptRes); |
|
|
|
|
|
|
154
|
|
|
|
|
155
|
|
|
return $strEncrypted; |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
/** |
|
159
|
|
|
* Encriptar datos. Devuelve un array con los datos encriptados y el IV. |
|
160
|
|
|
* |
|
161
|
|
|
* @param mixed $data string Los datos a encriptar |
|
162
|
|
|
* @param string $pwd La clave de encriptación |
|
163
|
|
|
* |
|
164
|
|
|
* @return array |
|
165
|
|
|
* @throws SPException |
|
166
|
|
|
*/ |
|
167
|
|
|
public static function encryptData($data, $pwd = null) |
|
168
|
|
|
{ |
|
169
|
|
|
if (empty($data)) { |
|
170
|
|
|
return array('data' => '', 'iv' => ''); |
|
171
|
|
|
} |
|
172
|
|
|
|
|
173
|
|
|
// Comprobar el módulo de encriptación |
|
174
|
|
|
if (!OldCrypt::checkCryptModule()) { |
|
175
|
|
|
throw new SPException( |
|
176
|
|
|
__u('Internal error'), |
|
177
|
|
|
SPException::CRITICAL, |
|
178
|
|
|
__u('Crypto module cannot be loaded') |
|
179
|
|
|
); |
|
180
|
|
|
} |
|
181
|
|
|
|
|
182
|
|
|
// FIXME |
|
183
|
|
|
// Encriptar datos |
|
184
|
|
|
$encData['data'] = OldCrypt::mkEncrypt($data, $pwd); |
|
185
|
|
|
|
|
186
|
|
|
if (!empty($data) && ($encData['data'] === false || null === $encData['data'])) { |
|
187
|
|
|
throw new SPException( |
|
188
|
|
|
__u('Internal error'), |
|
189
|
|
|
SPException::CRITICAL, |
|
190
|
|
|
__u('Error while creating the encrypted data') |
|
191
|
|
|
); |
|
192
|
|
|
} |
|
193
|
|
|
|
|
194
|
|
|
$encData['iv'] = OldCrypt::$strInitialVector; |
|
195
|
|
|
|
|
196
|
|
|
return $encData; |
|
197
|
|
|
} |
|
198
|
|
|
|
|
199
|
|
|
/** |
|
200
|
|
|
* Comprobar si el módulo de encriptación está disponible. |
|
201
|
|
|
* |
|
202
|
|
|
* @return bool |
|
203
|
|
|
*/ |
|
204
|
|
|
public static function checkCryptModule() |
|
205
|
|
|
{ |
|
206
|
|
|
return mcrypt_module_self_test(MCRYPT_RIJNDAEL_256); |
|
|
|
|
|
|
207
|
|
|
} |
|
208
|
|
|
|
|
209
|
|
|
/** |
|
210
|
|
|
* Generar datos encriptados. |
|
211
|
|
|
* Esta función llama a los métodos privados para encriptar datos. |
|
212
|
|
|
* |
|
213
|
|
|
* @param string $data con los datos a encriptar |
|
214
|
|
|
* @param string $masterPwd con la clave maestra |
|
215
|
|
|
* |
|
216
|
|
|
* @return bool |
|
217
|
|
|
*/ |
|
218
|
|
|
public static function mkEncrypt($data, $masterPwd) |
|
219
|
|
|
{ |
|
220
|
|
|
self::$strInitialVector = self::getIV(); |
|
221
|
|
|
|
|
222
|
|
|
return self::encrypt($data, $masterPwd, self::$strInitialVector); |
|
223
|
|
|
} |
|
224
|
|
|
|
|
225
|
|
|
/** |
|
226
|
|
|
* Desencriptar datos con la clave maestra. |
|
227
|
|
|
* |
|
228
|
|
|
* @param string $cryptData Los datos a desencriptar |
|
229
|
|
|
* @param string $cryptIV con el IV |
|
230
|
|
|
* @param string $password La clave maestra |
|
231
|
|
|
* |
|
232
|
|
|
* @return string con los datos desencriptados |
|
233
|
|
|
*/ |
|
234
|
|
|
public static function getDecrypt($cryptData, $cryptIV, $password) |
|
235
|
|
|
{ |
|
236
|
|
|
if (empty($cryptData) || empty($cryptIV)) { |
|
237
|
|
|
return false; |
|
238
|
|
|
} |
|
239
|
|
|
|
|
240
|
|
|
$mcryptRes = self::getMcryptResource(); |
|
241
|
|
|
@mcrypt_generic_init($mcryptRes, $password, $cryptIV); |
|
|
|
|
|
|
242
|
|
|
$strDecrypted = trim(mdecrypt_generic($mcryptRes, $cryptData)); |
|
|
|
|
|
|
243
|
|
|
|
|
244
|
|
|
mcrypt_generic_deinit($mcryptRes); |
|
|
|
|
|
|
245
|
|
|
mcrypt_module_close($mcryptRes); |
|
|
|
|
|
|
246
|
|
|
|
|
247
|
|
|
return $strDecrypted; |
|
248
|
|
|
} |
|
249
|
|
|
|
|
250
|
|
|
/** |
|
251
|
|
|
* Generar una key para su uso con el algoritmo AES |
|
252
|
|
|
* |
|
253
|
|
|
* @param string $string La cadena de la que deriva la key |
|
254
|
|
|
* @param null $salt El salt utilizado |
|
255
|
|
|
* |
|
256
|
|
|
* @return string |
|
257
|
|
|
*/ |
|
258
|
|
|
public static function generateAesKey($string, $salt = null) |
|
259
|
|
|
{ |
|
260
|
|
|
return substr(crypt($string, self::makeHashSalt($salt, false)), 7, 32); |
|
261
|
|
|
} |
|
262
|
|
|
} |
nuxsmin /
sysPass
nuxsmin
Loading history...
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.