Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-12 03:16:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [ADD] New encryption schema by using Defuse/php-encryption library. WARNING: work in progress

Browse Source
This commit is contained in:
nuxsmin
2017-02-17 13:12:41 +01:00
parent fd25415e3b
commit 2f01390c5f
18 changed files with 181 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
inc/SP/Account/Account.class.php
View File

@@ -24,6 +24,7 @@
namespace SP\Account;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\Core\Session;
@@ -303,9 +304,9 @@ class Account extends AccountBase implements AccountInterface
*/
protected function setPasswordEncrypted($masterPass = null)
{
$securedKey = Crypt\Crypt::makeSecuredKey($masterPass);
$securedKey = Crypt::makeSecuredKey($masterPass);
$this->accountData->setAccountPass(Crypt\Crypt::encrypt($this->accountData->getAccountPass(), $securedKey));
$this->accountData->setAccountPass(Crypt::encrypt($this->accountData->getAccountPass(), $securedKey));
$this->accountData->setAccountIV($securedKey);
}

13
inc/SP/Account/AccountCrypt.php
View File

@@ -24,6 +24,7 @@
namespace SP\Account;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\Core\Session;
@@ -100,9 +101,9 @@ class AccountCrypt
$decryptedPass = OldCrypt::getDecrypt($account->account_pass, $account->account_IV, $currentMasterPass);
$securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass);
$securedKey = Crypt::makeSecuredKey($currentMasterPass);
$AccountData->setAccountPass(Crypt\Crypt::encrypt($decryptedPass, $securedKey));
$AccountData->setAccountPass(Crypt::encrypt($decryptedPass, $securedKey));
$AccountData->setAccountIV($securedKey);
try {
@@ -176,11 +177,11 @@ class AccountCrypt
$LogMessage->addDetails(__('IV de encriptación incorrecto', false), sprintf('%s (%d)', $account->account_name, $account->account_id));
}
$currentSecuredKey = Crypt\Crypt::unlockSecuredKey($account->account_IV, $currentMasterPass);
$decryptedPass = Crypt\Crypt::decrypt($account->account_pass, $currentSecuredKey);
$currentSecuredKey = Crypt::unlockSecuredKey($account->account_IV, $currentMasterPass);
$decryptedPass = Crypt::decrypt($account->account_pass, $currentSecuredKey);
$newSecuredKey = Crypt\Crypt::makeSecuredKey($newMasterPass);
$AccountData->setAccountPass(Crypt\Crypt::encrypt($decryptedPass, $newSecuredKey));
$newSecuredKey = Crypt::makeSecuredKey($newMasterPass);
$AccountData->setAccountPass(Crypt::encrypt($decryptedPass, $newSecuredKey));
$AccountData->setAccountIV($newSecuredKey);
try {

18
inc/SP/Account/AccountHistoryCrypt.php
View File

@@ -25,6 +25,8 @@
namespace SP\Account;
use SP\Config\ConfigDB;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Hash;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\Log\Email;
@@ -83,7 +85,7 @@ class AccountHistoryCrypt
$AccountDataBase->id = 0;
$AccountDataBase->pass = '';
$AccountDataBase->iv = '';
$AccountDataBase->hash = Crypt\Hash::hashKey($currentMasterPass);
$AccountDataBase->hash = Hash::hashKey($currentMasterPass);
foreach ($accountsPass as $account) {
$AccountData = clone $AccountDataBase;
@@ -107,9 +109,9 @@ class AccountHistoryCrypt
$decryptedPass = OldCrypt::getDecrypt($account->acchistory_pass, $account->acchistory_IV, $currentMasterPass);
$securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass);
$securedKey = Crypt::makeSecuredKey($currentMasterPass);
$AccountData->pass = Crypt\Crypt::encrypt($decryptedPass, $securedKey);
$AccountData->pass = Crypt::encrypt($decryptedPass, $securedKey);
$AccountData->iv = $securedKey;
try {
@@ -184,7 +186,7 @@ class AccountHistoryCrypt
$AccountDataBase->id = 0;
$AccountDataBase->pass = '';
$AccountDataBase->iv = '';
$AccountDataBase->hash = Crypt\Hash::hashKey($newMasterPass);
$AccountDataBase->hash = Hash::hashKey($newMasterPass);
foreach ($accountsPass as $account) {
$AccountData = clone $AccountDataBase;
@@ -206,11 +208,11 @@ class AccountHistoryCrypt
$LogMessage->addDetails(__('IV de encriptación incorrecto', false), sprintf('%s (%d)', $account->acchistory_name, $account->acchistory_id));
}
$currentSecuredKey = Crypt\Crypt::unlockSecuredKey($account->acchistory_IV, $currentMasterPass);
$decryptedPass = Crypt\Crypt::decrypt($account->acchistory_pass, $currentSecuredKey);
$currentSecuredKey = Crypt::unlockSecuredKey($account->acchistory_IV, $currentMasterPass);
$decryptedPass = Crypt::decrypt($account->acchistory_pass, $currentSecuredKey);
$newSecuredKey = Crypt\Crypt::makeSecuredKey($newMasterPass);
$AccountData->acchistory_pass = Crypt\Crypt::encrypt($decryptedPass, $newSecuredKey);
$newSecuredKey = Crypt::makeSecuredKey($newMasterPass);
$AccountData->acchistory_pass = Crypt::encrypt($decryptedPass, $newSecuredKey);
$AccountData->acchistory_IV = $newSecuredKey;
try {

5
inc/SP/Api/SyspassApi.class.php
View File

@@ -31,6 +31,7 @@ use SP\Account\AccountUtil;
use SP\Core\Acl;
use SP\Core\ActionsInterface;
use SP\Core\Backup;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\DataModel\AccountExtData;
@@ -84,11 +85,11 @@ class SyspassApi extends ApiBase
$LogMessage->addDetails(__('Origen', false), 'API');
$this->Log->writeLog();
$securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->mPass);
$securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->mPass);
$ret = [
'itemId' => $accountId,
'pass' => Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey)
'pass' => Crypt::decrypt($AccountData->getAccountPass(), $securedKey)
];
if ($this->getParam('details', false, 0)) {

7
inc/SP/Controller/AccountController.class.php
View File

@@ -34,6 +34,7 @@ use SP\Account\UserAccounts;
use SP\Config\Config;
use SP\Core\Acl;
use SP\Core\ActionsInterface;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\Core\Init;
@@ -150,11 +151,11 @@ class AccountController extends ControllerBase implements ActionsInterface
$AccountPassData = $this->Account->getAccountPassData();
// Obtener la llave de la clave maestra
$securedKey = Crypt\Crypt::unlockSecuredKey($PublicLinkData->getPassIV(), Config::getConfig()->getPasswordSalt() . $PublicLinkData->getLinkHash());
$securedKey = Crypt::unlockSecuredKey($PublicLinkData->getPassIV(), Config::getConfig()->getPasswordSalt() . $PublicLinkData->getLinkHash());
// Desencriptar la clave de la cuenta
$accountSecuredKey = Crypt\Crypt::unlockSecuredKey($AccountPassData->getAccountIV(), Crypt\Crypt::decrypt($PublicLinkData->getPass(), $securedKey));
$accountPass = Crypt\Crypt::decrypt($AccountPassData->getAccountPass(), $accountSecuredKey);
$accountSecuredKey = Crypt::unlockSecuredKey($AccountPassData->getAccountIV(), Crypt::decrypt($PublicLinkData->getPass(), $securedKey));
$accountPass = Crypt::decrypt($AccountPassData->getAccountPass(), $accountSecuredKey);
$this->view->assign('useImage', Config::getConfig()->isPublinksImageEnabled() || Config::getConfig()->isAccountPassToImage());

8
inc/SP/Controller/ConfigActionController.class.php
View File

@@ -24,25 +24,21 @@
namespace SP\Controller;
use SP\Account\Account;
use SP\Account\AccountCrypt;
use SP\Account\AccountHistory;
use SP\Account\AccountHistoryCrypt;
use SP\Config\Config;
use SP\Config\ConfigDB;
use SP\Core\ActionsInterface;
use SP\Core\Backup;
use SP\Core\OldCrypt;
use SP\Core\Crypt\Hash;
use SP\Core\Crypt\Session as CryptSession;
use SP\Core\CryptMasterPass;
use SP\Core\Exceptions\SPException;
use SP\Core\Init;
use SP\Core\Messages\LogMessage;
use SP\Core\Messages\NoticeMessage;
use SP\Core\Session;
use SP\Core\SessionUtil;
use SP\Core\XmlExport;
use SP\Html\Html;
use SP\Http\Request;
use SP\Import\Import;
use SP\Import\ImportParams;
@@ -590,7 +586,7 @@ class ConfigActionController implements ItemControllerInterface
$this->LogMessage->setAction(__('Actualizar Clave Maestra', false));
if (ConfigDB::setValue('masterPwd', Hash::hashKey(Crypt\Session::getSessionKey()))) {
if (ConfigDB::setValue('masterPwd', Hash::hashKey(CryptSession::getSessionKey()))) {
$this->LogMessage->addDescription(__('Hash de clave maestra actualizado', false));
$this->JsonResponse->setStatus(0);

7
inc/SP/Controller/ItemShowController.class.php
View File

@@ -31,7 +31,8 @@ use SP\Account\AccountAcl;
use SP\Account\AccountHistory;
use SP\Api\ApiTokensUtil;
use SP\Core\ActionsInterface;
use SP\Core\OldCrypt;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Session as CryptSession;
use SP\Core\Exceptions\ItemException;
use SP\Core\Plugin\PluginUtil;
use SP\Core\Session;
@@ -513,8 +514,8 @@ class ItemShowController extends ControllerBase implements ActionsInterface, Ite
throw new ItemException(__('Clave maestra actualizada', false) . '<br>' . __('Reinicie la sesión para cambiarla', false));
}
$securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), Crypt\Session::getSessionKey());
$accountClearPass = Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey);
$securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), CryptSession::getSessionKey());
$accountClearPass = Crypt::decrypt($AccountData->getAccountPass(), $securedKey);
if (!$isHistory) {
$Account->incrementDecryptCounter();

1
inc/SP/Controller/LoginController.class.php
View File

@@ -30,7 +30,6 @@ use SP\Auth\AuthUtil;
use SP\Auth\Browser\BrowserAuthData;
use SP\Auth\Database\DatabaseAuthData;
use SP\Auth\Ldap\LdapAuthData;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Session as CryptSession;
use SP\Core\CryptMasterPass;
use SP\Core\DiFactory;

141
inc/SP/Core/Init.class.php
View File

@@ -40,6 +40,7 @@ use SP\Storage\DBUtil;
use SP\Util\Checks;
use SP\Util\Json;
use SP\Util\Util;
use SP\Core\Crypt\Session as CryptSession;
defined('APP_ROOT') || die();
@@ -143,7 +144,7 @@ class Init
Language::setLanguage(true);
DiFactory::getTheme()->initTheme(true);
if (self::isLoggedIn()){
if (self::isLoggedIn()) {
// Recargar los permisos del perfil de usuario
Session::setUserProfile(Profile::getItem()->getById(Session::getUserData()->getUserProfileId()));
// Reset de los datos de ACL de cuentas
@@ -165,8 +166,8 @@ class Init
// Comprobar si es cierre de sesión
self::checkLogout();
// Comprobar la versión y actualizarla
self::checkDbVersion();
// Comprobar si es necesario actualizar componentes
self::checkUpgrade();
// Inicializar la sesión
self::initSession();
@@ -305,8 +306,8 @@ class Init
* Devuelve un error utilizando la plantilla de error o en formato JSON
*
* @param string $message con la descripción del error
* @param string $hint opcional, con una ayuda sobre el error
* @param bool $headers
* @param string $hint opcional, con una ayuda sobre el error
* @param bool $headers
* @throws \SP\Core\Exceptions\SPException
*/
public static function initError($message, $hint = '', $headers = false)
@@ -495,6 +496,16 @@ class Init
}
}
/**
* Comprobar si el usuario está logado.
*
* @returns bool
*/
public static function isLoggedIn()
{
return (DiFactory::getDBStorage()->getDbStatus() === 0 && Session::getUserData()->getUserLogin());
}
/**
* Comprueba que la aplicación esté instalada
* Esta función comprueba si la aplicación está instalada. Si no lo está, redirige al instalador.
@@ -555,16 +566,6 @@ class Init
return false;
}
/**
* Comprobar si el usuario está logado.
*
* @returns bool
*/
public static function isLoggedIn()
{
return (DiFactory::getDBStorage()->getDbStatus() === 0 && Session::getUserData()->getUserLogin());
}
/**
* Comprobar si es necesario cerrar la sesión
*/
@@ -613,62 +614,17 @@ class Init
}
/**
* Comrpueba y actualiza la versión de la aplicación.
*
* @throws \SP\Core\Exceptions\SPException
* Comprobar si es necesario actualizar componentes
*/
private static function checkDbVersion()
private static function checkUpgrade()
{
if (self::$SUBURI !== '/index.php' || Request::analyze('logout', 0) === 1) {
if (self::$SUBURI !== '/index.php') {
return;
}
$update = false;
$databaseVersion = (int)str_replace('.', '', ConfigDB::getValue('version'));
$appVersion = (int)implode(Util::getVersion(true));
if ($databaseVersion < $appVersion
&& Request::analyze('nodbupgrade', 0) === 0
&& Upgrade::needDBUpgrade($databaseVersion)
) {
if (!self::checkMaintenanceMode(true)) {
$upgradeKey = Config::getConfig()->getUpgradeKey();
if (empty($upgradeKey)) {
Config::getConfig()->setUpgradeKey(sha1(uniqid(mt_rand(), true)));
Config::getConfig()->setMaintenance(true);
Config::saveConfig(null, false);
}
self::initError(__('La aplicación necesita actualizarse'), sprintf(__('Si es un administrador pulse en el enlace: %s'), '<a href="index.php?upgrade=1&a=upgrade">' . __('Actualizar') . '</a>'));
} else {
$action = Request::analyze('a');
$hash = Request::analyze('h');
$confirm = Request::analyze('chkConfirm', false, false, true);
if ($confirm === true
&& $action === 'upgrade'
&& $hash === Config::getConfig()->getUpgradeKey()
) {
try {
$update = Upgrade::doUpgrade($databaseVersion);
ConfigDB::setValue('version', $appVersion);
Config::getConfig()->setMaintenance(false);
Config::getConfig()->setUpgradeKey('');
Config::saveConfig();
} catch (SPException $e) {
$hint = $e->getHint() . '<p class="center"><a href="index.php?nodbupgrade=1">' . __('Acceder') . '</a></p>';
self::initError($e->getMessage(), $hint);
}
} else {
$controller = new MainController();
$controller->getUpgrade();
}
}
}
if ($update === true) {
if (self::checkDbVersion($appVersion)) {
$Log = new Log();
$LogMessage = $Log->getLogMessage();
$LogMessage->setAction(__('Actualización', false));
@@ -683,6 +639,55 @@ class Init
}
}
/**
* Comrpueba y actualiza la versión de la aplicación.
*
* @param $appVersion
* @return bool
*/
private static function checkDbVersion($appVersion)
{
$databaseVersion = (int)str_replace('.', '', ConfigDB::getValue('version'));
if ($databaseVersion < $appVersion
&& Request::analyze('nodbupgrade', 0) === 0
&& Upgrade::needDBUpgrade($databaseVersion)
) {
if (!self::checkMaintenanceMode(true)) {
Upgrade::setUpgradeKey('db');
} else {
$action = Request::analyze('a');
$hash = Request::analyze('h');
$confirm = Request::analyze('chkConfirm', false, false, true);
if ($confirm === true
&& $action === 'upgrade'
&& $hash === Config::getConfig()->getUpgradeKey()
) {
try {
Upgrade::doUpgrade($databaseVersion);
ConfigDB::setValue('version', $appVersion);
Config::getConfig()->setMaintenance(false);
Config::getConfig()->setUpgradeKey('');
Config::saveConfig();
return true;
} catch (SPException $e) {
$hint = $e->getHint() . '<p class="center"><a href="index.php?nodbupgrade=1">' . __('Acceder') . '</a></p>';
self::initError($e->getMessage(), $hint);
}
} else {
$controller = new MainController();
$controller->getUpgrade();
}
}
}
return false;
}
/**
* Inicialiar la sesión de usuario
*
@@ -711,13 +716,15 @@ class Init
if (Session::getSidStartTime() === 0) {
Session::setSidStartTime(time());
Session::setStartActivity(time());
} else if (Session::getUserData()->getUserId() > 0 && time() - Session::getSidStartTime() > $sessionLifeTime / 2) {
$sessionMPass = Crypt\Session::getSessionKey();
} else if (Session::getUserData()->getUserId() > 0
&& time() - Session::getSidStartTime() > $sessionLifeTime / 2
) {
$sessionMPass = CryptSession::getSessionKey();
session_regenerate_id(true);
// Regenerar la clave maestra
Crypt\Session::saveSessionKey($sessionMPass);
CryptSession::saveSessionKey($sessionMPass);
Session::setSidStartTime(time());
// Recargar los permisos del perfil de usuario

4
inc/SP/Core/SessionUtil.class.php
View File

@@ -27,7 +27,7 @@ namespace SP\Core;
use SP\Config\Config;
use SP\DataModel\UserData;
use SP\Mgmt\Profiles\Profile;
use SP\Core\Crypt\Session as SessionCrypt;
use SP\Core\Crypt\Session as CryptSession;
defined('APP_ROOT') || die();
@@ -70,7 +70,7 @@ class SessionUtil
*/
public static function getSessionMPass()
{
return SessionCrypt::getSessionKey();
return CryptSession::getSessionKey();
}
/**

30
inc/SP/Core/Upgrade.class.php
View File

@@ -28,6 +28,7 @@ namespace SP\Core;
use SP\Config\Config;
use SP\Config\ConfigData;
use SP\Core\Exceptions\SPException;
use SP\Core\Upgrade\Crypt;
use SP\Core\Upgrade\Group;
use SP\Core\Upgrade\Profile;
use SP\Core\Upgrade\User;
@@ -42,6 +43,7 @@ use SP\Mgmt\Users\UserMigrate;
use SP\Mgmt\Users\UserPreferencesUtil;
use SP\Storage\DB;
use SP\Storage\QueryData;
use SP\Util\Util;
defined('APP_ROOT') || die();
@@ -52,7 +54,7 @@ class Upgrade
{
private static $dbUpgrade = [110, 1121, 1122, 1123, 11213, 11219, 11220, 12001, 12002, 1316011001, 1316020501, 1316100601, 20017011302, 20017011701, 20017012901];
private static $cfgUpgrade = [1124, 1316020501, 20017011202];
private static $auxUpgrade = [12001, 12002, 20017010901, 20017011202];
private static $auxUpgrade = [12001, 12002, 20017010901, 20017011202, 20017021601];
/**
* Inicia el proceso de actualización de la BBDD.
@@ -70,7 +72,7 @@ class Upgrade
foreach (self::$dbUpgrade as $upgradeVersion) {
if ($version < $upgradeVersion) {
if (self::auxPreUpgrades($upgradeVersion) === false) {
if (self::auxPreDbUpgrade($upgradeVersion) === false) {
DB::rollbackTransaction();
throw new SPException(SPException::SP_CRITICAL,
@@ -108,7 +110,7 @@ class Upgrade
* @param $version
* @return bool
*/
private static function auxPreUpgrades($version)
private static function auxPreDbUpgrade($version)
{
switch ($version) {
case 1316011001:
@@ -219,6 +221,10 @@ class Upgrade
return CustomFieldsUtil::migrateCustomFields() && UserPreferencesUtil::migrate();
case 20017011202:
return UserPreferencesUtil::migrate();
case 20017021601:
$masterPass = Request::analyze('mpass');
return !empty($masterPass) && Crypt::migrateHash($masterPass) && Crypt::migrate($masterPass);
}
return true;
@@ -398,4 +404,22 @@ class Upgrade
'setWikiSearchUrl' => ['wikisearchurl', 'wiki_searchurl']
];
}
/**
* Establecer la key de actualización
*
* @param string $type Tipo de actualización
*/
public static function setUpgradeKey($type)
{
$upgradeKey = Config::getConfig()->getUpgradeKey();
if (empty($upgradeKey)) {
Config::getConfig()->setUpgradeKey(Util::generateRandomBytes(64));
Config::getConfig()->setMaintenance(true);
Config::saveConfig(null, false);
}
Init::initError(__('La aplicación necesita actualizarse'), sprintf(__('Si es un administrador pulse en el enlace: %s'), '<a href="index.php?upgrade=1&a=upgrade&type=' . $type . '">' . __('Actualizar') . '</a>'));
}
}

14
inc/SP/Core/Upgrade/Crypt.class.php
View File

@@ -33,6 +33,7 @@ use SP\Core\Crypt\Hash;
use SP\Core\Exceptions\SPException;
use SP\Log\Log;
use SP\Mgmt\CustomFields\CustomFieldsUtil;
use SP\Storage\DB;
/**
* Class Crypt
@@ -50,11 +51,19 @@ class Crypt
public static function migrate(&$masterPass)
{
try {
DB::beginTransaction();
self::migrateAccounts($masterPass);
self::migrateCustomFields($masterPass);
DB::endTransaction();
} catch (CryptoException $e) {
DB::rollbackTransaction();
return false;
} catch (SPException $e) {
DB::rollbackTransaction();
return false;
}
@@ -115,13 +124,14 @@ class Crypt
return true;
}
// Hash de clave maestra anterior a 2.0.0.17013101
// Hash de clave maestra anterior a 2.0.0.17013101
// Hash de clave maestra anterior a 2.0.0.17021601
} elseif (hash_equals(crypt($masterPass, substr($configHashMPass, 0, 72)), substr($configHashMPass, 72))
|| hash_equals(crypt($masterPass, substr($configHashMPass, 0, 30)), substr($configHashMPass, 30))
) {
ConfigDB::setValue('masterPwd', Hash::hashKey($masterPass));
Log::writeNewLog(__('Aviso', false), __('Se ha regenerado el HASH de clave maestra. No es necesaria ninguna acción.', false), Log::NOTICE);
return true;
}

5
inc/SP/Import/ImportBase.class.php
View File

@@ -25,6 +25,7 @@
namespace SP\Import;
use SP\Account\Account;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\Core\Messages\LogMessage;
@@ -126,8 +127,8 @@ abstract class ImportBase implements ImportInterface
}
if ($this->ImportParams->getImportMasterPwd() !== '') {
$securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd());
$pass = Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey);
$securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd());
$pass = Crypt::decrypt($AccountData->getAccountPass(), $securedKey);
// TODO: importar con encriptación anterior
// $pass = Crypt::getDecrypt($AccountData->getAccountPass(), $AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd());

5
inc/SP/Import/SyspassImport.class.php
View File

@@ -24,6 +24,7 @@
namespace SP\Import;
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Crypt\Hash;
use SP\Core\Exceptions\SPException;
@@ -117,8 +118,8 @@ class SyspassImport extends ImportBase
if ($iv = base64_decode($node->getAttribute('iv'))) {
$xmlDecrypted = OldCrypt::getDecrypt($data, $iv, $this->ImportParams->getImportPwd());
} else {
$securedKey = Crypt\Crypt::unlockSecuredKey($node->getAttribute('key'), $this->ImportParams->getImportPwd());
$xmlDecrypted = Crypt\Crypt::decrypt($data, $securedKey);
$securedKey = Crypt::unlockSecuredKey($node->getAttribute('key'), $this->ImportParams->getImportPwd());
$xmlDecrypted = Crypt::decrypt($data, $securedKey);
}
$newXmlData = new \DOMDocument();

15
inc/SP/Mgmt/CustomFields/CustomField.class.php
View File

@@ -26,7 +26,8 @@ namespace SP\Mgmt\CustomFields;
defined('APP_ROOT') || die();
use SP\Core\OldCrypt;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Session as CryptSession;
use SP\DataModel\CustomFieldData;
use SP\DataModel\CustomFieldDefData;
use SP\Mgmt\ItemInterface;
@@ -79,7 +80,7 @@ class CustomField extends CustomFieldBase implements ItemInterface
return $this->delete($this->itemData->getId());
}
$securedKey = Crypt\Crypt::makeSecuredKey(Crypt\Session::getSessionKey());
$securedKey = Crypt::makeSecuredKey(CryptSession::getSessionKey());
$query = /** @lang SQL */
'UPDATE customFieldsData SET
@@ -91,7 +92,7 @@ class CustomField extends CustomFieldBase implements ItemInterface
$Data = new QueryData();
$Data->setQuery($query);
$Data->addParam(Crypt\Crypt::encrypt($this->itemData->getValue(), $securedKey));
$Data->addParam(Crypt::encrypt($this->itemData->getValue(), $securedKey));
$Data->addParam($securedKey);
$Data->addParam($this->itemData->getModule());
$Data->addParam($this->itemData->getId());
@@ -136,7 +137,7 @@ class CustomField extends CustomFieldBase implements ItemInterface
return true;
}
$securedKey = Crypt\Crypt::makeSecuredKey(Crypt\Session::getSessionKey());
$securedKey = Crypt::makeSecuredKey(CryptSession::getSessionKey());
$query = /** @lang SQL */
'INSERT INTO customFieldsData SET
@@ -151,7 +152,7 @@ class CustomField extends CustomFieldBase implements ItemInterface
$Data->addParam($this->itemData->getId());
$Data->addParam($this->itemData->getModule());
$Data->addParam($this->itemData->getDefinitionId());
$Data->addParam(Crypt\Crypt::encrypt($this->itemData->getValue(), $securedKey));
$Data->addParam(Crypt::encrypt($this->itemData->getValue(), $securedKey));
$Data->addParam($securedKey);
return DB::getQuery($Data);
@@ -248,9 +249,9 @@ class CustomField extends CustomFieldBase implements ItemInterface
protected function unencryptData(CustomFieldData $CustomFieldData)
{
if ($CustomFieldData->getCustomfielddataData() !== '') {
$securedKey = Crypt\Crypt::unlockSecuredKey($CustomFieldData->getCustomfielddataIv(), Crypt\Session::getSessionKey());
$securedKey = Crypt::unlockSecuredKey($CustomFieldData->getCustomfielddataIv(), CryptSession::getSessionKey());
return $this->formatValue(Crypt\Crypt::decrypt($CustomFieldData->getCustomfielddataData(), $securedKey));
return $this->formatValue(Crypt::decrypt($CustomFieldData->getCustomfielddataData(), $securedKey));
}
return '';

13
inc/SP/Mgmt/CustomFields/CustomFieldsUtil.class.php
View File

@@ -26,6 +26,7 @@ namespace SP\Mgmt\CustomFields;
defined('APP_ROOT') || die();
use SP\Core\Crypt\Crypt;
use SP\Core\OldCrypt;
use SP\Core\Exceptions\SPException;
use SP\DataModel\CustomFieldData;
@@ -92,10 +93,10 @@ class CustomFieldsUtil
$success = [];
foreach ($queryRes as $CustomField) {
$currentSecuredKey = Crypt\Crypt::unlockSecuredKey($CustomField->getCustomfielddataIv(), $currentMasterPass);
$fieldData = Crypt\Crypt::decrypt($CustomField->getCustomfielddataData(), $currentSecuredKey);
$currentSecuredKey = Crypt::unlockSecuredKey($CustomField->getCustomfielddataIv(), $currentMasterPass);
$fieldData = Crypt::decrypt($CustomField->getCustomfielddataData(), $currentSecuredKey);
$securedKey = Crypt\Crypt::makeSecuredKey($newMasterPassword);
$securedKey = Crypt::makeSecuredKey($newMasterPassword);
$query = /** @lang SQL */
'UPDATE customFieldsData SET
@@ -105,7 +106,7 @@ class CustomFieldsUtil
$Data = new QueryData();
$Data->setQuery($query);
$Data->addParam(Crypt\Crypt::encrypt($fieldData, $securedKey));
$Data->addParam(Crypt::encrypt($fieldData, $securedKey));
$Data->addParam($securedKey);
$Data->addParam($CustomField->getCustomfielddataId());
@@ -162,7 +163,7 @@ class CustomFieldsUtil
$success = [];
foreach ($queryRes as $CustomField) {
$securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass);
$securedKey = Crypt::makeSecuredKey($currentMasterPass);
$fieldData = OldCrypt::getDecrypt($CustomField->getCustomfielddataData(), $CustomField->getCustomfielddataIv(), $currentMasterPass);
$query = /** @lang SQL */
@@ -173,7 +174,7 @@ class CustomFieldsUtil
$Data = new QueryData();
$Data->setQuery($query);
$Data->addParam(Crypt\Crypt::encrypt($fieldData, $securedKey));
$Data->addParam(Crypt::encrypt($fieldData, $securedKey));
$Data->addParam($securedKey);
$Data->addParam($CustomField->getCustomfielddataId());

9
inc/SP/Mgmt/PublicLinks/PublicLinkBase.class.php
View File

@@ -27,13 +27,12 @@ namespace SP\Mgmt\PublicLinks;
defined('APP_ROOT') || die();
use SP\Config\Config;
use SP\Core\OldCrypt;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Session as CryptSession;
use SP\Core\Exceptions\SPException;
use SP\Core\SessionUtil;
use SP\DataModel\PublicLinkData;
use SP\Mgmt\ItemBase;
use SP\DataModel\PublicLinkBaseData;
use SP\Util\Util;
/**
* Class PublicLinks para la gestión de enlaces públicos
@@ -77,9 +76,9 @@ abstract class PublicLinkBase extends ItemBase
*/
protected final function createLinkPass()
{
$securedKey = Crypt\Crypt::makeSecuredKey(Config::getConfig()->getPasswordSalt() . $this->createLinkHash());
$securedKey = Crypt::makeSecuredKey(Config::getConfig()->getPasswordSalt() . $this->createLinkHash());
$this->itemData->setPass(Crypt\Crypt::encrypt(Crypt\Session::getSessionKey(), $securedKey));
$this->itemData->setPass(Crypt::encrypt(CryptSession::getSessionKey(), $securedKey));
$this->itemData->setPassIV($securedKey);
}

17
inc/SP/Mgmt/Users/UserPass.class.php
View File

@@ -27,15 +27,14 @@ namespace SP\Mgmt\Users;
defined('APP_ROOT') || die();
use SP\Config\ConfigDB;
use SP\Core\OldCrypt;
use SP\Core\Crypt\Crypt;
use SP\Core\Crypt\Hash;
use SP\Core\Exceptions\SPException;
use SP\Core\SessionUtil;
use SP\DataModel\UserPassData;
use SP\Log\Email;
use SP\Log\Log;
use SP\Storage\DB;
use SP\Storage\QueryData;
use SP\Core\Crypt\Session as CryptSession;
/**
* Class UserPass para la gestión de las claves de un usuario
@@ -190,7 +189,7 @@ class UserPass extends UserBase
} elseif (Hash::checkHashKey($userMPass, $configHashMPass)) {
$this->clearUserMPass = $userMPass;
Crypt\Session::saveSessionKey($userMPass);
CryptSession::saveSessionKey($userMPass);
return true;
}
@@ -226,9 +225,9 @@ class UserPass extends UserBase
$this->itemData->setUserMPass($queryRes->user_mPass);
$this->itemData->setUserMIV($queryRes->user_mIV);
$securedKey = Crypt\Crypt::unlockSecuredKey($queryRes->user_mIV, $this->getCypherPass($cypher));
$securedKey = Crypt::unlockSecuredKey($queryRes->user_mIV, $this->getCypherPass($cypher));
return Crypt\Crypt::decrypt($queryRes->user_mPass, $securedKey);
return Crypt::decrypt($queryRes->user_mPass, $securedKey);
}
/**
@@ -241,7 +240,7 @@ class UserPass extends UserBase
{
$pass = $cypher === null ? $this->itemData->getUserPass() : $cypher;
return Crypt\Crypt::makeSecuredKey($pass . $this->itemData->getUserLogin());
return Crypt::makeSecuredKey($pass . $this->itemData->getUserLogin());
}
/**
@@ -291,8 +290,8 @@ class UserPass extends UserBase
if (Hash::checkHashKey($masterPwd, $configHashMPass)
|| \SP\Core\Upgrade\Crypt::migrateHash($masterPwd)
) {
$securedKey = Crypt\Crypt::makeSecuredKey($this->getCypherPass());
$cryptMPass = Crypt\Crypt::encrypt($masterPwd, $securedKey);
$securedKey = Crypt::makeSecuredKey($this->getCypherPass());
$cryptMPass = Crypt::encrypt($masterPwd, $securedKey);
if (!empty($cryptMPass)) {
$query = /** @lang SQL */