1 | <?php |
||||||
2 | /** |
||||||
3 | * sysPass |
||||||
4 | * |
||||||
5 | * @author nuxsmin |
||||||
6 | * @link https://syspass.org |
||||||
7 | * @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org |
||||||
8 | * |
||||||
9 | * This file is part of sysPass. |
||||||
10 | * |
||||||
11 | * sysPass is free software: you can redistribute it and/or modify |
||||||
12 | * it under the terms of the GNU General Public License as published by |
||||||
13 | * the Free Software Foundation, either version 3 of the License, or |
||||||
14 | * (at your option) any later version. |
||||||
15 | * |
||||||
16 | * sysPass is distributed in the hope that it will be useful, |
||||||
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||||
19 | * GNU General Public License for more details. |
||||||
20 | * |
||||||
21 | * You should have received a copy of the GNU General Public License |
||||||
22 | * along with sysPass. If not, see <http://www.gnu.org/licenses/>. |
||||||
23 | */ |
||||||
24 | |||||||
25 | namespace SP\Core\Crypt; |
||||||
26 | |||||||
27 | use SP\Bootstrap; |
||||||
28 | use SP\Config\ConfigData; |
||||||
29 | use SP\Core\Exceptions\SPException; |
||||||
30 | use SP\Util\Checks; |
||||||
31 | |||||||
32 | defined('APP_ROOT') || die(); |
||||||
33 | |||||||
34 | /** |
||||||
35 | * Esta clase es la encargada de realizar el encriptado/desencriptado de claves |
||||||
36 | * |
||||||
37 | * @deprecated Since 2.1 |
||||||
38 | */ |
||||||
39 | final class OldCrypt |
||||||
40 | { |
||||||
41 | public static $strInitialVector; |
||||||
42 | |||||||
43 | /** |
||||||
44 | * Generar un hash de una clave utilizando un salt. |
||||||
45 | * |
||||||
46 | * @param string $pwd con la clave a 'hashear' |
||||||
47 | * @param bool $prefixSalt Añadir el salt al hash |
||||||
48 | * |
||||||
49 | * @return string con el hash de la clave |
||||||
50 | */ |
||||||
51 | public static function mkHashPassword($pwd, $prefixSalt = true) |
||||||
52 | { |
||||||
53 | $salt = self::makeHashSalt(); |
||||||
54 | $hash = crypt($pwd, $salt); |
||||||
55 | |||||||
56 | return ($prefixSalt === true) ? $salt . $hash : $hash; |
||||||
57 | } |
||||||
58 | |||||||
59 | /** |
||||||
60 | * Crear un salt utilizando mcrypt. |
||||||
61 | * |
||||||
62 | * @param string $salt |
||||||
63 | * @param bool $random |
||||||
64 | * |
||||||
65 | * @return string con el salt creado |
||||||
66 | */ |
||||||
67 | public static function makeHashSalt($salt = null, $random = true) |
||||||
68 | { |
||||||
69 | /** @var ConfigData $ConfigData */ |
||||||
70 | $ConfigData = Bootstrap::getContainer()['configData']; |
||||||
71 | |||||||
72 | if ($random === true) { |
||||||
73 | $salt = bin2hex(self::getIV()); |
||||||
74 | } elseif ($salt !== null && strlen($salt) < 22) { |
||||||
75 | $salt .= $ConfigData->getPasswordSalt(); |
||||||
76 | } elseif ($salt === null) { |
||||||
77 | $salt = $ConfigData->getPasswordSalt(); |
||||||
78 | } |
||||||
79 | |||||||
80 | return '$2y$07$' . substr($salt, 0, 22) . '$'; |
||||||
81 | } |
||||||
82 | |||||||
83 | /** |
||||||
84 | * Crear el vector de inicialización. |
||||||
85 | * |
||||||
86 | * @return string con el IV |
||||||
87 | */ |
||||||
88 | public static function getIV() |
||||||
89 | { |
||||||
90 | $source = MCRYPT_DEV_URANDOM; |
||||||
91 | $mcryptRes = self::getMcryptResource(); |
||||||
92 | |||||||
93 | if (Checks::checkIsWindows() && (!defined('PHP_VERSION_ID') || PHP_VERSION_ID < 50300)) { |
||||||
94 | $source = MCRYPT_RAND; |
||||||
95 | } |
||||||
96 | |||||||
97 | // Crear el IV y asegurar que tiene una longitud de 32 bytes |
||||||
98 | do { |
||||||
99 | $cryptIV = mcrypt_create_iv(mcrypt_enc_get_iv_size($mcryptRes), $source); |
||||||
0 ignored issues
–
show
The function
mcrypt_enc_get_iv_size() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
100 | } while ($cryptIV === false || strlen($cryptIV) < 32); |
||||||
101 | |||||||
102 | mcrypt_module_close($mcryptRes); |
||||||
0 ignored issues
–
show
The function
mcrypt_module_close() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
103 | |||||||
104 | return $cryptIV; |
||||||
105 | } |
||||||
106 | |||||||
107 | /** |
||||||
108 | * Método para obtener un recurso del módulo mcrypt. |
||||||
109 | * Se utiliza el algoritmo RIJNDAEL_256 en modo CBC |
||||||
110 | * |
||||||
111 | * @return resource |
||||||
112 | */ |
||||||
113 | private static function getMcryptResource() |
||||||
114 | { |
||||||
115 | return mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, ''); |
||||||
0 ignored issues
–
show
The function
mcrypt_module_open() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
116 | } |
||||||
117 | |||||||
118 | /** |
||||||
119 | * Generar la clave maestra encriptada con una clave |
||||||
120 | * |
||||||
121 | * @param string $customPwd con la clave a encriptar |
||||||
122 | * @param string $masterPwd con la clave maestra |
||||||
123 | * |
||||||
124 | * @return array con la clave encriptada |
||||||
125 | */ |
||||||
126 | public static function mkCustomMPassEncrypt($customPwd, $masterPwd) |
||||||
127 | { |
||||||
128 | $cryptIV = self::getIV(); |
||||||
129 | $cryptValue = self::encrypt($masterPwd, $customPwd, $cryptIV); |
||||||
130 | |||||||
131 | return [$cryptValue, $cryptIV]; |
||||||
132 | } |
||||||
133 | |||||||
134 | /** |
||||||
135 | * Encriptar datos con la clave maestra. |
||||||
136 | * |
||||||
137 | * @param string $strValue con los datos a encriptar |
||||||
138 | * @param string $strPassword con la clave maestra |
||||||
139 | * @param string $cryptIV con el IV |
||||||
140 | * |
||||||
141 | * @return string con los datos encriptados |
||||||
142 | */ |
||||||
143 | private static function encrypt($strValue, $strPassword, $cryptIV) |
||||||
144 | { |
||||||
145 | if (empty($strValue)) { |
||||||
146 | return ''; |
||||||
147 | } |
||||||
148 | |||||||
149 | $mcryptRes = self::getMcryptResource(); |
||||||
150 | |||||||
151 | mcrypt_generic_init($mcryptRes, $strPassword, $cryptIV); |
||||||
0 ignored issues
–
show
The function
mcrypt_generic_init() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
152 | $strEncrypted = mcrypt_generic($mcryptRes, $strValue); |
||||||
0 ignored issues
–
show
The function
mcrypt_generic() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
153 | mcrypt_generic_deinit($mcryptRes); |
||||||
0 ignored issues
–
show
The function
mcrypt_generic_deinit() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
154 | |||||||
155 | return $strEncrypted; |
||||||
156 | } |
||||||
157 | |||||||
158 | /** |
||||||
159 | * Encriptar datos. Devuelve un array con los datos encriptados y el IV. |
||||||
160 | * |
||||||
161 | * @param mixed $data string Los datos a encriptar |
||||||
162 | * @param string $pwd La clave de encriptación |
||||||
163 | * |
||||||
164 | * @return array |
||||||
165 | * @throws SPException |
||||||
166 | */ |
||||||
167 | public static function encryptData($data, $pwd = null) |
||||||
168 | { |
||||||
169 | if (empty($data)) { |
||||||
170 | return array('data' => '', 'iv' => ''); |
||||||
171 | } |
||||||
172 | |||||||
173 | // Comprobar el módulo de encriptación |
||||||
174 | if (!OldCrypt::checkCryptModule()) { |
||||||
175 | throw new SPException( |
||||||
176 | __u('Internal error'), |
||||||
177 | SPException::CRITICAL, |
||||||
178 | __u('Crypto module cannot be loaded') |
||||||
179 | ); |
||||||
180 | } |
||||||
181 | |||||||
182 | // FIXME |
||||||
183 | // Encriptar datos |
||||||
184 | $encData['data'] = OldCrypt::mkEncrypt($data, $pwd); |
||||||
185 | |||||||
186 | if (!empty($data) && ($encData['data'] === false || null === $encData['data'])) { |
||||||
187 | throw new SPException( |
||||||
188 | __u('Internal error'), |
||||||
189 | SPException::CRITICAL, |
||||||
190 | __u('Error while creating the encrypted data') |
||||||
191 | ); |
||||||
192 | } |
||||||
193 | |||||||
194 | $encData['iv'] = OldCrypt::$strInitialVector; |
||||||
195 | |||||||
196 | return $encData; |
||||||
197 | } |
||||||
198 | |||||||
199 | /** |
||||||
200 | * Comprobar si el módulo de encriptación está disponible. |
||||||
201 | * |
||||||
202 | * @return bool |
||||||
203 | */ |
||||||
204 | public static function checkCryptModule() |
||||||
205 | { |
||||||
206 | return mcrypt_module_self_test(MCRYPT_RIJNDAEL_256); |
||||||
0 ignored issues
–
show
The function
mcrypt_module_self_test() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
207 | } |
||||||
208 | |||||||
209 | /** |
||||||
210 | * Generar datos encriptados. |
||||||
211 | * Esta función llama a los métodos privados para encriptar datos. |
||||||
212 | * |
||||||
213 | * @param string $data con los datos a encriptar |
||||||
214 | * @param string $masterPwd con la clave maestra |
||||||
215 | * |
||||||
216 | * @return bool |
||||||
217 | */ |
||||||
218 | public static function mkEncrypt($data, $masterPwd) |
||||||
219 | { |
||||||
220 | self::$strInitialVector = self::getIV(); |
||||||
221 | |||||||
222 | return self::encrypt($data, $masterPwd, self::$strInitialVector); |
||||||
223 | } |
||||||
224 | |||||||
225 | /** |
||||||
226 | * Desencriptar datos con la clave maestra. |
||||||
227 | * |
||||||
228 | * @param string $cryptData Los datos a desencriptar |
||||||
229 | * @param string $cryptIV con el IV |
||||||
230 | * @param string $password La clave maestra |
||||||
231 | * |
||||||
232 | * @return string con los datos desencriptados |
||||||
233 | */ |
||||||
234 | public static function getDecrypt($cryptData, $cryptIV, $password) |
||||||
235 | { |
||||||
236 | if (empty($cryptData) || empty($cryptIV)) { |
||||||
237 | return false; |
||||||
238 | } |
||||||
239 | |||||||
240 | $mcryptRes = self::getMcryptResource(); |
||||||
241 | @mcrypt_generic_init($mcryptRes, $password, $cryptIV); |
||||||
0 ignored issues
–
show
The function
mcrypt_generic_init() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
It seems like you do not handle an error condition for
mcrypt_generic_init() . This can introduce security issues, and is generally not recommended.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||||||
242 | $strDecrypted = trim(mdecrypt_generic($mcryptRes, $cryptData)); |
||||||
0 ignored issues
–
show
The function
mdecrypt_generic() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
243 | |||||||
244 | mcrypt_generic_deinit($mcryptRes); |
||||||
0 ignored issues
–
show
The function
mcrypt_generic_deinit() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
245 | mcrypt_module_close($mcryptRes); |
||||||
0 ignored issues
–
show
The function
mcrypt_module_close() has been deprecated: 7.1
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||||
246 | |||||||
247 | return $strDecrypted; |
||||||
248 | } |
||||||
249 | |||||||
250 | /** |
||||||
251 | * Generar una key para su uso con el algoritmo AES |
||||||
252 | * |
||||||
253 | * @param string $string La cadena de la que deriva la key |
||||||
254 | * @param null $salt El salt utilizado |
||||||
255 | * |
||||||
256 | * @return string |
||||||
257 | */ |
||||||
258 | public static function generateAesKey($string, $salt = null) |
||||||
259 | { |
||||||
260 | return substr(crypt($string, self::makeHashSalt($salt, false)), 7, 32); |
||||||
261 | } |
||||||
262 | } |
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.