/** * @expectedException \Defuse\Crypto\Exception\InvalidCiphertext */ public function testBitflip() { $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\hex2bin('0102030405060708090a0b0c0d0e0f10')); $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key); $password[0] = \ord($password[0]) === 0 ? 255 : 0; PasswordLock::decryptAndVerify('YELLOW SUBMARINE', $password, $key); }
public static function encryptDataKeyAndPutIntoSession(Request $request, User $user, $password, $salt) { $key = Key::CreateKeyBasedOnPassword($password, $salt); $encryptedKey = $user->getDataKey(); $asciiDataKey = Crypto::decrypt($encryptedKey, $key, true); $dataKey = Key::LoadFromAsciiSafeString($asciiDataKey); $request->getSession()->set(AuthSuccessHandler::SESSION_KEY_DATA_KEY, $dataKey); return $dataKey; }
public function getGroupKey(Groups $group) { // Get private key of current user $privKey = $this->request->getSession()->get('pkey'); // Get encrypted group key /** @var UserGroup $usergroup */ $usergroup = $this->userGroupRepository->findOneBy(['user' => $this->getUser()->getId(), 'group' => $group->getId()]); // If $usergroup is null, then current user is not a member of this group if (is_null($usergroup)) { throw new AccessDeniedHttpException("Attempt to access password user doesn't have access to"); } $encryptedGroupKey = $usergroup->getGroupKey(); // Decrypt Group key with current users private key // TODO check return if (openssl_private_decrypt($encryptedGroupKey, $groupKey, $privKey)) { $groupKey = Key::LoadFromAsciiSafeString($groupKey); return $groupKey; } else { // TODO catch this upstream? throw new \Exception("Unable to decode group key for current user"); } }
/** * @param Schema $schema */ public function up(Schema $schema) { // this up() migration is auto-generated, please modify it to your needs $this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.'); $password = '******'; $hash = password_hash($password, PASSWORD_BCRYPT); $salt = base64_decode($this->container->getParameter('salt_key')); if (\strlen($salt) < Key::MIN_SAFE_KEY_BYTE_SIZE) { $suggestedSalt = base64_encode(openssl_random_pseudo_bytes(Key::MIN_SAFE_KEY_BYTE_SIZE * 2)); throw new AbortMigrationException('You need to define an own salt_key in your parameters.yml file which is at least ' . Key::MIN_SAFE_KEY_BYTE_SIZE . ' characters long.' . "\n" . 'Following a randomly created key:' . "\n" . 'salt_key: ' . $suggestedSalt); } $dataKey = null; if ($this->container->hasParameter('data_key_delete_after_migration')) { $asciiDataKey = $this->container->getParameter('data_key_delete_after_migration'); $dataKey = Key::LoadFromAsciiSafeString($asciiDataKey); } if ($dataKey == null) { throw new AbortMigrationException('You need to define an own data_key_delete_after_migration in your parameters.yml which is a key generated with \\Defuse\\Crypto\\Key::CreateNewRandomKey()->saveToAsciiSafeString()' . "\n" . 'Following a randomly created key:' . "\n" . 'data_key_delete_after_migration: ' . Key::CreateNewRandomKey()->saveToAsciiSafeString() . "\n" . 'YOU MUST delete this entry in your parameters.yml afterwards (you can make a copy on a save device).'); } $key = Key::CreateKeyBasedOnPassword($password, $salt); $encryptedDataKey = Crypto::encrypt($asciiDataKey, $key, true); $this->addSql('CREATE TABLE category (id INT AUTO_INCREMENT NOT NULL, name VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, UNIQUE INDEX UNIQ_64C19C15E237E06 (name), INDEX IDX_64C19C1A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB'); $this->addSql('CREATE TABLE purchase (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, purchase_date DATE NOT NULL, total VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, INDEX IDX_6117D13BA76ED395 (user_id), INDEX IDX_6117D13BA7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB'); $this->addSql('CREATE TABLE purchase_position (id INT AUTO_INCREMENT NOT NULL, purchase_id INT NOT NULL, category_id INT NOT NULL, expression LONGBLOB NOT NULL, price VARBINARY(255) NOT NULL, notice LONGBLOB NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, INDEX IDX_6FEEF7A712469DE2 (category_id), INDEX IDX_6FEEF7A7558FBEB9 (purchase_id), INDEX IDX_6FEEF7A7A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB'); $this->addSql('CREATE TABLE app_users (id INT AUTO_INCREMENT NOT NULL, username VARCHAR(25) NOT NULL, password VARCHAR(64) NOT NULL, email VARCHAR(60) NOT NULL, role VARCHAR(20) DEFAULT NULL, data_key VARBINARY(255) NOT NULL, updated_by_user INT NOT NULL, updated_at DATETIME NOT NULL, UNIQUE INDEX UNIQ_C2502824F85E0677 (username), UNIQUE INDEX UNIQ_C2502824E7927C74 (email), INDEX IDX_C2502824A7F6CB27 (updated_by_user), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB'); $this->addSql('ALTER TABLE category ADD CONSTRAINT FK_64C19C1A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)'); $this->addSql('ALTER TABLE purchase ADD CONSTRAINT FK_6117D13BA76ED395 FOREIGN KEY (user_id) REFERENCES app_users (id)'); $this->addSql('ALTER TABLE purchase ADD CONSTRAINT FK_6117D13BA7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)'); $this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A712469DE2 FOREIGN KEY (category_id) REFERENCES category (id)'); $this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A7558FBEB9 FOREIGN KEY (purchase_id) REFERENCES purchase (id) ON DELETE CASCADE'); $this->addSql('ALTER TABLE purchase_position ADD CONSTRAINT FK_6FEEF7A7A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)'); $this->addSql('ALTER TABLE app_users ADD CONSTRAINT FK_C2502824A7F6CB27 FOREIGN KEY (updated_by_user) REFERENCES app_users (id)'); $now = date('Y-m-d\\TH:i:s', time()); $this->addSql('INSERT INTO app_users (username, password, role, data_key, updated_by_user, updated_at) ' . 'VALUES (\'admin\', :password, \'ROLE_ADMIN\', :data_key, \'1\', :updated_at)', array('password' => $hash, 'data_key' => $encryptedDataKey, 'updated_at' => $now)); $this->addSql('INSERT INTO category (name, updated_by_user, updated_at) ' . 'VALUES (:name, \'1\', :updated_at)', array('name' => Crypto::encrypt('Lebensmittel', $dataKey, true), 'updated_at' => $now)); }
public function getKey($rawKey) { // If this is already a \Defuse\Crypto\Key object, just return it if ($rawKey instanceof Key) { return $rawKey; } if ($rawKey === null && defined('ENCRYPT_AT_REST_KEY')) { // Retrieve key from _ss_env, if set $rawKey = ENCRYPT_AT_REST_KEY; } if ($rawKey === null) { throw new \InvalidArgumentException('Can\'t encrypt without a key. Define ENCRYPT_AT_REST_KEY, or pass the $key argument.'); } $key = Key::LoadFromAsciiSafeString($rawKey); return $key; }