diff options
| author | jvoisin | 2017-11-27 15:38:38 +0100 |
|---|---|---|
| committer | jvoisin | 2017-11-27 15:38:38 +0100 |
| commit | 3df9d9ebf76e2f0bb5f777089bd64d18c7ff2d3d (patch) | |
| tree | b6b223929a5d05213f622a160019d417e8a8ae61 | |
| parent | da60d1f06ba1b22894b570b121f94d34da6d571f (diff) | |
Improve our nonce's randomness
| -rw-r--r-- | src/sp_cookie_encryption.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index eb20c52..08be9a6 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | 4 | ||
| 5 | ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) | 5 | ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) |
| 6 | 6 | ||
| 7 | static unsigned int nonce_d = 0; | 7 | static zend_long nonce_d = 0; |
| 8 | 8 | ||
| 9 | static inline void generate_key(unsigned char *key) { | 9 | static inline void generate_key(unsigned char *key) { |
| 10 | PHP_SHA256_CTX ctx; | 10 | PHP_SHA256_CTX ctx; |
| @@ -14,8 +14,8 @@ static inline void generate_key(unsigned char *key) { | |||
| 14 | const char *encryption_key = | 14 | const char *encryption_key = |
| 15 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; | 15 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; |
| 16 | 16 | ||
| 17 | /* 32 is the size of a SHA256. */ | 17 | assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. |
| 18 | assert(32 == crypto_secretbox_KEYBYTES); | 18 | assert(encryption_key); // Encryption key can't be NULL |
| 19 | 19 | ||
| 20 | PHP_SHA256Init(&ctx); | 20 | PHP_SHA256Init(&ctx); |
| 21 | 21 | ||
| @@ -95,11 +95,8 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 95 | 95 | ||
| 96 | /** | 96 | /** |
| 97 | This function will return the `data` of length `data_len` encrypted in the | 97 | This function will return the `data` of length `data_len` encrypted in the |
| 98 | form | 98 | form `base64(nonce | encrypted_data)` (with `|` being the concatenation |
| 99 | base64(nonce | encrypted_data) (with `|` being the concatenation | ||
| 100 | operation). | 99 | operation). |
| 101 | |||
| 102 | The `nonce` is time-based. | ||
| 103 | */ | 100 | */ |
| 104 | static zend_string *encrypt_data(char *data, unsigned long long data_len) { | 101 | static zend_string *encrypt_data(char *data, unsigned long long data_len) { |
| 105 | const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; | 102 | const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; |
| @@ -116,13 +113,16 @@ static zend_string *encrypt_data(char *data, unsigned long long data_len) { | |||
| 116 | crypto_secretbox_ZEROBYTES zeroes. */ | 113 | crypto_secretbox_ZEROBYTES zeroes. */ |
| 117 | memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, data, data_len); | 114 | memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, data, data_len); |
| 118 | 115 | ||
| 119 | assert(sizeof(size_t) <= crypto_secretbox_NONCEBYTES); | 116 | assert(sizeof(zend_long) <= crypto_secretbox_NONCEBYTES); |
| 120 | 117 | ||
| 121 | if (0 == nonce_d) { | 118 | if (0 == nonce_d) { |
| 122 | nonce_d = getpid(); | 119 | /* A zend_long should be enough to avoid collisions */ |
| 120 | if (php_random_int_throw(0, ZEND_LONG_MAX, &nonce_d) == FAILURE) { | ||
| 121 | return NULL; | ||
| 122 | } | ||
| 123 | } | 123 | } |
| 124 | nonce_d++; | 124 | nonce_d++; |
| 125 | sscanf((char*)nonce, "%ud", &nonce_d); | 125 | sscanf((char*)nonce, "%ld", &nonce_d); |
| 126 | 126 | ||
| 127 | memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES); | 127 | memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES); |
| 128 | crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES, | 128 | crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES, |