From f3360d51c6d069fc873a0b5563c01d37d58727c7 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Fri, 11 Dec 2015 06:17:47 +0100
Subject: [PATCH] Use PHP polyfills
---
3rdparty | 2 +-
apps/encryption/lib/crypto/crypt.php | 31 +++-----
apps/encryption/vendor/pbkdf2fallback.php | 87 -----------------------
apps/federation/api/ocsauthapi.php | 2 +-
lib/private/appframework/http/request.php | 2 +-
lib/private/log.php | 2 +-
lib/private/security/crypto.php | 2 +-
lib/private/security/hasher.php | 2 +-
lib/private/security/securerandom.php | 45 ++++--------
lib/private/security/stringutils.php | 60 ----------------
lib/public/security/isecurerandom.php | 11 +--
lib/public/security/stringutils.php | 3 +-
tests/lib/security/securerandom.php | 7 +-
tests/lib/security/stringutils.php | 38 ----------
14 files changed, 38 insertions(+), 256 deletions(-)
delete mode 100644 apps/encryption/vendor/pbkdf2fallback.php
delete mode 100644 lib/private/security/stringutils.php
delete mode 100644 tests/lib/security/stringutils.php
diff --git a/3rdparty b/3rdparty
index a7b34d6f831..56934b1fc0f 160000
--- a/3rdparty
+++ b/3rdparty
@@ -1 +1 @@
-Subproject commit a7b34d6f831c8fa363f389d27acd0150128fc0b9
+Subproject commit 56934b1fc0f15760690c7a28c6c6429ce6ce6bef
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index dbc0364a157..12e9008545a 100644
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -30,7 +30,6 @@ use OC\Encryption\Exceptions\DecryptionFailedException;
use OC\Encryption\Exceptions\EncryptionFailedException;
use OCA\Encryption\Exceptions\MultiKeyDecryptException;
use OCA\Encryption\Exceptions\MultiKeyEncryptException;
-use OCA\Encryption\Vendor\PBKDF2Fallback;
use OCP\Encryption\Exceptions\GenericEncryptionException;
use OCP\IConfig;
use OCP\ILogger;
@@ -293,28 +292,14 @@ class Crypt {
$salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
$keySize = $this->getKeySize($cipher);
- if (function_exists('hash_pbkdf2')) {
- $hash = hash_pbkdf2(
- 'sha256',
- $password,
- $salt,
- 100000,
- $keySize,
- true
- );
- } else {
- // fallback to 3rdparty lib for PHP <= 5.4.
- // FIXME: Can be removed as soon as support for PHP 5.4 was dropped
- $fallback = new PBKDF2Fallback();
- $hash = $fallback->pbkdf2(
- 'sha256',
- $password,
- $salt,
- 100000,
- $keySize,
- true
- );
- }
+ $hash = hash_pbkdf2(
+ 'sha256',
+ $password,
+ $salt,
+ 100000,
+ $keySize,
+ true
+ );
return $hash;
}
diff --git a/apps/encryption/vendor/pbkdf2fallback.php b/apps/encryption/vendor/pbkdf2fallback.php
deleted file mode 100644
index ca579f8e7dc..00000000000
--- a/apps/encryption/vendor/pbkdf2fallback.php
+++ /dev/null
@@ -1,87 +0,0 @@
-<?php
-/* Note; This class can be removed as soon as we drop PHP 5.4 support.
- *
- *
- * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
- * Copyright (c) 2013, Taylor Hornby
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-namespace OCA\Encryption\Vendor;
-
-class PBKDF2Fallback {
-
- /*
- * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
- * $algorithm - The hash algorithm to use. Recommended: SHA256
- * $password - The password.
- * $salt - A salt that is unique to the password.
- * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
- * $key_length - The length of the derived key in bytes.
- * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
- * Returns: A $key_length-byte key derived from the password and salt.
- *
- * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
- *
- * This implementation of PBKDF2 was originally created by https://defuse.ca
- * With improvements by http://www.variations-of-shadow.com
- */
- public function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) {
- $algorithm = strtolower($algorithm);
- if (!in_array($algorithm, hash_algos(), true))
- trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
- if ($count <= 0 || $key_length <= 0)
- trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
-
- if (function_exists("hash_pbkdf2")) {
- // The output length is in NIBBLES (4-bits) if $raw_output is false!
- if (!$raw_output) {
- $key_length = $key_length * 2;
- }
- return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
- }
-
- $hash_length = strlen(hash($algorithm, "", true));
- $block_count = ceil($key_length / $hash_length);
-
- $output = "";
- for ($i = 1; $i <= $block_count; $i++) {
- // $i encoded as 4 bytes, big endian.
- $last = $salt . pack("N", $i);
- // first iteration
- $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
- // perform the other $count - 1 iterations
- for ($j = 1; $j < $count; $j++) {
- $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
- }
- $output .= $xorsum;
- }
-
- if ($raw_output)
- return substr($output, 0, $key_length);
- else
- return bin2hex(substr($output, 0, $key_length));
- }
-}
diff --git a/apps/federation/api/ocsauthapi.php b/apps/federation/api/ocsauthapi.php
index 42d7113820d..d165a0bd22f 100644
--- a/apps/federation/api/ocsauthapi.php
+++ b/apps/federation/api/ocsauthapi.php
@@ -139,7 +139,7 @@ class OCSAuthAPI {
protected function isValidToken($url, $token) {
$storedToken = $this->dbHandler->getToken($url);
- return StringUtils::equals($storedToken, $token);
+ return hash_equals($storedToken, $token);
}
}
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 2bbb70db0f8..6ba1d8f644d 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -447,7 +447,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
$deobfuscatedToken = base64_decode($obfuscatedToken) ^ $secret;
// Check if the token is valid
- if(\OCP\Security\StringUtils::equals($deobfuscatedToken, $this->items['requesttoken'])) {
+ if(hash_equals($deobfuscatedToken, $this->items['requesttoken'])) {
return true;
} else {
return false;
diff --git a/lib/private/log.php b/lib/private/log.php
index ee5d61e98df..a722243dc69 100644
--- a/lib/private/log.php
+++ b/lib/private/log.php
@@ -227,7 +227,7 @@ class Log implements ILogger {
$request = \OC::$server->getRequest();
// if token is found in the request change set the log condition to satisfied
- if($request && StringUtils::equals($request->getParam('log_secret'), $logCondition['shared_secret'])) {
+ if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret'))) {
$this->logConditionSatisfied = true;
}
}
diff --git a/lib/private/security/crypto.php b/lib/private/security/crypto.php
index 0bd34df3f36..46d0c750b2f 100644
--- a/lib/private/security/crypto.php
+++ b/lib/private/security/crypto.php
@@ -123,7 +123,7 @@ class Crypto implements ICrypto {
$this->cipher->setIV($iv);
- if(!\OCP\Security\StringUtils::equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+ if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
throw new \Exception('HMAC does not match.');
}
diff --git a/lib/private/security/hasher.php b/lib/private/security/hasher.php
index a5dd22e5dc8..318141b6852 100644
--- a/lib/private/security/hasher.php
+++ b/lib/private/security/hasher.php
@@ -109,7 +109,7 @@ class Hasher implements IHasher {
// Verify whether it matches a legacy PHPass or SHA1 string
$hashLength = strlen($hash);
if($hashLength === 60 && password_verify($message.$this->legacySalt, $hash) ||
- $hashLength === 40 && StringUtils::equals($hash, sha1($message))) {
+ $hashLength === 40 && hash_equals($hash, sha1($message))) {
$newHash = $this->hash($message);
return true;
}
diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php
index 87dca68985e..24affbe8988 100644
--- a/lib/private/security/securerandom.php
+++ b/lib/private/security/securerandom.php
@@ -27,25 +27,15 @@ use Sabre\DAV\Exception;
use OCP\Security\ISecureRandom;
/**
- * Class SecureRandom provides a layer around RandomLib to generate
- * secure random strings. For PHP 7 the native CSPRNG is used.
+ * Class SecureRandom provides a wrapper around the random_int function to generate
+ * secure random strings. For PHP 7 the native CSPRNG is used, older versions do
+ * use a fallback.
*
* Usage:
- * \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
- *
+ * \OC::$server->getSecureRandom()->generate(10);
* @package OC\Security
*/
class SecureRandom implements ISecureRandom {
-
- /** @var \RandomLib\Factory */
- var $factory;
- /** @var \RandomLib\Generator */
- var $generator;
-
- function __construct() {
- $this->factory = new RandomLib\Factory;
- }
-
/**
* Convenience method to get a low strength random number generator.
*
@@ -53,10 +43,10 @@ class SecureRandom implements ISecureRandom {
* in a non-cryptographical setting. They are not strong enough to be
* used as keys or salts. They are however useful for one-time use tokens.
*
+ * @deprecated 9.0.0 Use \OC\Security\SecureRandom::generate directly or random_bytes() / random_int()
* @return $this
*/
public function getLowStrengthGenerator() {
- $this->generator = $this->factory->getLowStrengthGenerator();
return $this;
}
@@ -67,10 +57,10 @@ class SecureRandom implements ISecureRandom {
* They are strong enough to be used as keys and salts. However, they do
* take some time and resources to generate, so they should not be over-used
*
+ * @deprecated 9.0.0 Use \OC\Security\SecureRandom::generate directly or random_bytes() / random_int()
* @return $this
*/
public function getMediumStrengthGenerator() {
- $this->generator = $this->factory->getMediumStrengthGenerator();
return $this;
}
@@ -80,26 +70,17 @@ class SecureRandom implements ISecureRandom {
* @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used.
* @return string
- * @throws \Exception If the generator is not initialized.
*/
public function generate($length,
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/') {
- if(is_null($this->generator)) {
- throw new \Exception('Generator is not initialized.');
- }
+ $maxCharIndex = strlen($characters) - 1;
+ $randomString = '';
- if(function_exists('random_int')) {
- $maxCharIndex = strlen($characters) - 1;
- $randomString = '';
-
- while($length > 0) {
- $randomNumber = random_int(0, $maxCharIndex);
- $randomString .= $characters[$randomNumber];
- $length--;
- }
- return $randomString;
+ while($length > 0) {
+ $randomNumber = random_int(0, $maxCharIndex);
+ $randomString .= $characters[$randomNumber];
+ $length--;
}
-
- return $this->generator->generateString($length, $characters);
+ return $randomString;
}
}
diff --git a/lib/private/security/stringutils.php b/lib/private/security/stringutils.php
deleted file mode 100644
index fa4342a2b45..00000000000
--- a/lib/private/security/stringutils.php
+++ /dev/null
@@ -1,60 +0,0 @@
-<?php
-/**
- * @author Lukas Reschke <lukas@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2015, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OC\Security;
-
-class StringUtils {
-
- /**
- * Compares whether two strings are equal. To prevent guessing of the string
- * length this is done by comparing two hashes against each other and afterwards
- * a comparison of the real string to prevent against the unlikely chance of
- * collisions.
- *
- * Be aware that this function may leak whether the string to compare have a different
- * length.
- *
- * @param string $expected The expected value
- * @param string $input The input to compare against
- * @return bool True if the two strings are equal, otherwise false.
- */
- public static function equals($expected, $input) {
-
- if(!is_string($expected) || !is_string($input)) {
- return false;
- }
-
- if(function_exists('hash_equals')) {
- return hash_equals($expected, $input);
- }
-
- $randomString = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(10);
-
- if(hash('sha512', $expected.$randomString) === hash('sha512', $input.$randomString)) {
- if($expected === $input) {
- return true;
- }
- }
-
- return false;
- }
-}
\ No newline at end of file
diff --git a/lib/public/security/isecurerandom.php b/lib/public/security/isecurerandom.php
index 1b72e4f4377..8315d0f971a 100644
--- a/lib/public/security/isecurerandom.php
+++ b/lib/public/security/isecurerandom.php
@@ -23,12 +23,12 @@
namespace OCP\Security;
/**
- * Class SecureRandom provides a layer around RandomLib to generate
- * secure random strings. For PHP 7 the native CSPRNG is used.
+ * Class SecureRandom provides a wrapper around the random_int function to generate
+ * secure random strings. For PHP 7 the native CSPRNG is used, older versions do
+ * use a fallback.
*
* Usage:
- * $rng = new \OC\Security\SecureRandom();
- * $randomString = $rng->getMediumStrengthGenerator()->generateString(30);
+ * \OC::$server->getSecureRandom()->generate(10);
*
* @package OCP\Security
* @since 8.0.0
@@ -52,6 +52,7 @@ interface ISecureRandom {
*
* @return $this
* @since 8.0.0
+ * @deprecated 9.0.0 Use \OC\Security\SecureRandom::generate directly or random_bytes() / random_int()
*/
public function getLowStrengthGenerator();
@@ -64,6 +65,7 @@ interface ISecureRandom {
*
* @return $this
* @since 8.0.0
+ * @deprecated 9.0.0 Use \OC\Security\SecureRandom::generate directly or random_bytes() / random_int()
*/
public function getMediumStrengthGenerator();
@@ -73,7 +75,6 @@ interface ISecureRandom {
* @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used.
* @return string
- * @throws \Exception If the generator is not initialized.
* @since 8.0.0
*/
public function generate($length,
diff --git a/lib/public/security/stringutils.php b/lib/public/security/stringutils.php
index 4f41fcf8262..7cf12ea2702 100644
--- a/lib/public/security/stringutils.php
+++ b/lib/public/security/stringutils.php
@@ -39,8 +39,9 @@ class StringUtils {
* @param string $input The input to compare against
* @return bool True if the two strings are equal, otherwise false.
* @since 8.0.0
+ * @deprecated 9.0.0 Use hash_equals
*/
public static function equals($expected, $input) {
- return \OC\Security\StringUtils::equals($expected, $input);
+ return hash_equals($expected, $input);
}
}
diff --git a/tests/lib/security/securerandom.php b/tests/lib/security/securerandom.php
index d9bbd0e71e5..af437640805 100644
--- a/tests/lib/security/securerandom.php
+++ b/tests/lib/security/securerandom.php
@@ -57,11 +57,10 @@ class SecureRandomTest extends \Test\TestCase {
}
/**
- * @expectedException \Exception
- * @expectedExceptionMessage Generator is not initialized
+ * @dataProvider stringGenerationProvider
*/
- function testUninitializedGenerate() {
- $this->rng->generate(30);
+ function testUninitializedGenerate($length, $expectedLength) {
+ $this->assertEquals($expectedLength, strlen($this->rng->generate($length)));
}
/**
diff --git a/tests/lib/security/stringutils.php b/tests/lib/security/stringutils.php
deleted file mode 100644
index 060315debb4..00000000000
--- a/tests/lib/security/stringutils.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
-
-use \OC\Security\StringUtils;
-
-class StringUtilsTest extends \Test\TestCase {
-
- public function dataProvider()
- {
- return array(
- array('Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.', 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'),
- array('', ''),
- array('我看这本书。 我看這本書', '我看这本书。 我看這本書'),
- array('GpKY9fSnWNJbES99zVGvA', 'GpKY9fSnWNJbES99zVGvA')
- );
- }
-
- /**
- * @dataProvider dataProvider
- */
- function testWrongEquals($string) {
- $this->assertFalse(StringUtils::equals($string, 'A Completely Wrong String'));
- $this->assertFalse(StringUtils::equals($string, null));
- }
-
- /**
- * @dataProvider dataProvider
- */
- function testTrueEquals($string, $expected) {
- $this->assertTrue(StringUtils::equals($string, $expected));
- }
-
-}
--
GitLab