/**
* @expectedException \Defuse\Crypto\Exception\InvalidCiphertext
*/
public function testBitflip()
{
$key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\hex2bin('0102030405060708090a0b0c0d0e0f10'));
$password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key);
$password[0] = \ord($password[0]) === 0 ? 255 : 0;
PasswordLock::decryptAndVerify('YELLOW SUBMARINE', $password, $key);
}
public static function encryptDataKeyAndPutIntoSession(Request $request, User $user, $password, $salt)
{
$key = Key::CreateKeyBasedOnPassword($password, $salt);
$encryptedKey = $user->getDataKey();
$asciiDataKey = Crypto::decrypt($encryptedKey, $key, true);
$dataKey = Key::LoadFromAsciiSafeString($asciiDataKey);
$request->getSession()->set(AuthSuccessHandler::SESSION_KEY_DATA_KEY, $dataKey);
return $dataKey;
}
public function getGroupKey(Groups $group)
{
// Get private key of current user
$privKey = $this->request->getSession()->get('pkey');
// Get encrypted group key
/** @var UserGroup $usergroup */
$usergroup = $this->userGroupRepository->findOneBy(['user' => $this->getUser()->getId(), 'group' => $group->getId()]);
// If $usergroup is null, then current user is not a member of this group
if (is_null($usergroup)) {
throw new AccessDeniedHttpException("Attempt to access password user doesn't have access to");
}
$encryptedGroupKey = $usergroup->getGroupKey();
// Decrypt Group key with current users private key
// TODO check return
if (openssl_private_decrypt($encryptedGroupKey, $groupKey, $privKey)) {
$groupKey = Key::LoadFromAsciiSafeString($groupKey);
return $groupKey;
} else {
// TODO catch this upstream?
throw new \Exception("Unable to decode group key for current user");
}
}
/**
* @param Schema $schema
*/
public function up(Schema $schema)
{
// this up() migration is auto-generated, please modify it to your needs
$this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.');
$password = '******';
$hash = password_hash($password, PASSWORD_BCRYPT);
$salt = base64_decode($this->container->getParameter('salt_key'));
if (\strlen($salt) < Key::MIN_SAFE_KEY_BYTE_SIZE) {
$suggestedSalt = base64_encode(openssl_random_pseudo_bytes(Key::MIN_SAFE_KEY_BYTE_SIZE * 2));
throw new AbortMigrationException('You need to define an own salt_key in your parameters.yml file which is at least ' . Key::MIN_SAFE_KEY_BYTE_SIZE . ' characters long.' . "\n" . 'Following a randomly created key:' . "\n" . 'salt_key: ' . $suggestedSalt);
}
$dataKey = null;
if ($this->container->hasParameter('data_key_delete_after_migration')) {
$asciiDataKey = $this->container->getParameter('data_key_delete_after_migration');
$dataKey = Key::LoadFromAsciiSafeString($asciiDataKey);
}
if ($dataKey == null) {
throw new AbortMigrationException('You need to define an own data_key_delete_after_migration in your parameters.yml which is a key generated with \\Defuse\\Crypto\\Key::CreateNewRandomKey()->saveToAsciiSafeString()' . "\n" . 'Following a randomly created key:' . "\n" . 'data_key_delete_after_migration: ' . Key::CreateNewRandomKey()->saveToAsciiSafeString() . "\n" . 'YOU MUST delete this entry in your parameters.yml afterwards (you can make a copy on a save device).');
}
$key = Key::CreateKeyBasedOnPassword($password, $salt);
$encryptedDataKey = Crypto::encrypt($asciiDataKey, $key, true);
$this->addSql('CREATE TABLE category (id INT AUTO_INCREMENT NOT NULL, name VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, UNIQUE INDEX UNIQ_64C19C15E237E06 (name), INDEX IDX_64C19C1A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
$this->addSql('CREATE TABLE purchase (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, purchase_date DATE NOT NULL, total VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, INDEX IDX_6117D13BA76ED395 (user_id), INDEX IDX_6117D13BA7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
$this->addSql('CREATE TABLE purchase_position (id INT AUTO_INCREMENT NOT NULL, purchase_id INT NOT NULL, category_id INT NOT NULL, expression LONGBLOB NOT NULL, price VARBINARY(255) NOT NULL, notice LONGBLOB NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, INDEX IDX_6FEEF7A712469DE2 (category_id), INDEX IDX_6FEEF7A7558FBEB9 (purchase_id), INDEX IDX_6FEEF7A7A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
$this->addSql('CREATE TABLE app_users (id INT AUTO_INCREMENT NOT NULL, username VARCHAR(25) NOT NULL, password VARCHAR(64) NOT NULL, email VARCHAR(60) NOT NULL, role VARCHAR(20) DEFAULT NULL, data_key VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, UNIQUE INDEX UNIQ_C2502824F85E0677 (username), UNIQUE INDEX UNIQ_C2502824E7927C74 (email), INDEX IDX_C2502824A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
$this->addSql('ALTER TABLE category ADD CONSTRAINT FK_64C19C1A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)');
$this->addSql('ALTER TABLE purchase ADD CONSTRAINT FK_6117D13BA76ED395 FOREIGN KEY (user_id) REFERENCES app_users (id)');
$this->addSql('ALTER TABLE purchase ADD CONSTRAINT FK_6117D13BA7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)');
$this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A712469DE2 FOREIGN KEY (category_id) REFERENCES category (id)');
$this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A7558FBEB9 FOREIGN KEY (purchase_id) REFERENCES purchase (id) ON DELETE CASCADE');
$this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A7A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)');
$this->addSql('ALTER TABLE app_users ADD CONSTRAINT FK_C2502824A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)');
$now = date('Y-m-d\\TH:i:s', time());
$this->addSql('INSERT INTO app_users (username, password, role, data_key, updated_by_user, updated_at) ' . 'VALUES (\'admin\', :password, \'ROLE_ADMIN\', :data_key, \'1\', :updated_at)', array('password' => $hash, 'data_key' => $encryptedDataKey, 'updated_at' => $now));
$this->addSql('INSERT INTO category (name, updated_by_user, updated_at) ' . 'VALUES (:name, \'1\', :updated_at)', array('name' => Crypto::encrypt('Lebensmittel', $dataKey, true), 'updated_at' => $now));
}
public function getKey($rawKey)
{
// If this is already a \Defuse\Crypto\Key object, just return it
if ($rawKey instanceof Key) {
return $rawKey;
}
if ($rawKey === null && defined('ENCRYPT_AT_REST_KEY')) {
// Retrieve key from _ss_env, if set
$rawKey = ENCRYPT_AT_REST_KEY;
}
if ($rawKey === null) {
throw new \InvalidArgumentException('Can\'t encrypt without a key. Define ENCRYPT_AT_REST_KEY, or pass the $key argument.');
}
$key = Key::LoadFromAsciiSafeString($rawKey);
return $key;
}
