Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Commit

Permalink
Improve security of SensitiveString
Browse files Browse the repository at this point in the history
  • Loading branch information
the-djmaze committed Dec 4, 2023
1 parent b7b266d commit 95ec5e6
Showing 1 changed file with 26 additions and 21 deletions.
47 changes: 26 additions & 21 deletions snappymail/v/0.0.0/app/libraries/snappymail/sensitivestring.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,10 @@

namespace SnappyMail;

function xorIt(
#[\SensitiveParameter]
string $value
) : string
{
$key = APP_SALT;
$kl = \strlen($key);
$i = \strlen($value);
while ($i--) {
$value[$i] = $value[$i] ^ $key[$i % $kl];
}
return $value;
}

class SensitiveString /* extends SensitiveParameterValue | SensitiveParameter */ implements \Stringable
{
private string $value, $nonce;
private static ?string $key = null;

public function __construct(
#[\SensitiveParameter]
Expand All @@ -31,9 +18,9 @@ public function __construct(
public function getValue(): string
{
if (\is_callable('sodium_crypto_secretbox')) {
return \sodium_crypto_secretbox_open($this->value, $this->nonce, APP_SALT);
return \sodium_crypto_secretbox_open($this->value, $this->nonce, static::$key);
}
return xorIt($this->value);
return static::xorIt($this->value);
}

public function setValue(
Expand All @@ -43,11 +30,29 @@ public function setValue(
{
if (\is_callable('sodium_crypto_secretbox')) {
$this->nonce = \random_bytes(\SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
// $this->key = \sodium_crypto_secretbox_keygen();
$this->value = \sodium_crypto_secretbox($value, $this->nonce, APP_SALT);
if (!static::$key) {
static::$key = \sodium_crypto_secretbox_keygen();
}
$this->value = \sodium_crypto_secretbox($value, $this->nonce, static::$key);
} else {
$this->value = xorIt($value);
$this->value = static::xorIt($value);
}
}

private static function xorIt(
#[\SensitiveParameter]
string $value
) : string
{
if (!static::$key) {
static::$key = \random_bytes(32);
}
$kl = \strlen(static::$key);
$i = \strlen($value);
while ($i--) {
$value[$i] = $value[$i] ^ static::$key[$i % $kl];
}
return $value;
}

public function __toString(): string
Expand All @@ -62,11 +67,11 @@ public function __debugInfo(): array

public function __serialize(): array
{
throw new \Exception("Serialization of 'SensitiveString' is not allowed");
throw new \Exception("Serialization of 'SnappyMail\\SensitiveString' is not allowed");
}

public function __unserialize(array $data): void
{
throw new \Exception("Unserialization of 'SensitiveString' is not allowed");
throw new \Exception("Unserialization of 'SnappyMail\\SensitiveString' is not allowed");
}
}

0 comments on commit 95ec5e6

Please sign in to comment.