View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Libsodium only for Web API (PHP 7.2+) - ProjeQtOr
 
 

Libsodium only for Web API (PHP 7.2+)

More
20 Aug 2023 18:56 #1 by kadogo
Libsodium only for Web API (PHP 7.2+) was created by kadogo
Hello,

I had noticed the implementation of libsodium on the topic www.projeqtor.org/fr/forum-fr/2-submit-i...yption?start=6#31201
I checked the zip file, but I found that there were many files that are changed instead of just replacing the AesCtr::decrypt method to another decrypt method.

--- api/index.php    2023-04-27 15:00:41.086294046 +0200
+++ api/index.php    2023-08-20 00:49:33.561385887 +0200
@@ -46,8 +46,6 @@
 $batchMode=true;
 $apiMode=true;
 require_once "../tool/projeqtor.php";
-require_once "../external/phpAES/aes.class.php";
-require_once "../external/phpAES/aesctr.class.php";
 require_once '../tool/jsonFunctions.php';
 
 $batchMode=false;
@@ -284,10 +282,10 @@
   // NB : access rights will be controlled on insert/update/delete (!)
     if (isset($_REQUEST) ) {
         $dataEncoded=$_REQUEST;
-        $data=AesCtr::decrypt($dataEncoded, $user->apiKey, Parameter::getGlobalParameter('aesKeyLength'));
+        $data=safeDecrypt($dataEncoded, $user->apiKey);
     } else {
         $dataEncoded = file_get_contents("php://input");
-        $data=AesCtr::decrypt($dataEncoded, $user->apiKey, Parameter::getGlobalParameter('aesKeyLength'));
+        $data=safeDecrypt($dataEncoded, $user->apiKey);
     }
     if (! $data) {
         returnError($invalidQuery, "'data' missing for method ".$_SERVER);
@@ -398,4 +396,37 @@
     return $needed_parts ? false : $data;
 }
 
-?>
\ No newline at end of file
+// stackoverflow.com/questions/34477643/how...s-with-libsodium-php
+/**
+* Decrypt a message
+*
+* @param string $encrypted - message encrypted with safeEncrypt()
+* @param string $key - encryption key
+* @return string
+*/
+function safeDecrypt($encrypted, $key)
+{
+    $decoded = base64_decode($encrypted);
+    if ($decoded === false) {
+        throw new Exception('Scream bloody murder, the encoding failed');
+    }
+    if (mb_strlen($decoded, '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
+        throw new Exception('Scream bloody murder, the message was truncated');
+    }
+    $nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
+    $ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
+
+    $plain = sodium_crypto_secretbox_open(
+        $ciphertext,
+        $nonce,
+        $key
+    );
+    if ($plain === false) {
+        throw new Exception('the message was tampered with in transit');
+    }
+    sodium_memzero($ciphertext);
+    sodium_memzero($key);
+    return $plain;
+}
+
+?>

Good weekend

Regards

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.027 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form