Skip to content

Commit

Permalink
WIP: Allow decrypting logins/credentials via the API
Browse files Browse the repository at this point in the history
  • Loading branch information
wrongecho committed Aug 22, 2024
1 parent 0c60ecc commit a6113dc
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 2 deletions.
6 changes: 4 additions & 2 deletions api/v1/credentials/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
if (isset($_GET['login_id']) && isset($_GET['api_key_decrypt_password'])) {

$id = intval($_GET['login_id']);
$password = sanitizeInput($_GET['api_key_decrypt_password']);
$api_key_decrypt_password = $_GET['api_key_decrypt_password']; // No sanitization

$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$id' AND login_client_id LIKE '$client_id' LIMIT 1");

Expand All @@ -26,12 +26,14 @@
// Usually we just output what is in the database, but credentials need to be decrypted first.

if ($sql && mysqli_num_rows($sql) > 0) {

$return_arr['success'] = "True";
$return_arr['count'] = mysqli_num_rows($sql);

$row = array();
while ($row = mysqli_fetch_array($sql)) {
//$row['login_username'] = //decrypt
$row['login_username'] = apiDecryptLoginEntry($row['login_username'], $api_key_decrypt_hash, $api_key_decrypt_password);
$row['login_password'] = apiDecryptLoginEntry($row['login_password'], $api_key_decrypt_hash, $api_key_decrypt_password);
$return_arr['data'][] = $row;
}

Expand Down
1 change: 1 addition & 0 deletions api/v1/validate_api_key.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$api_key_name = htmlentities($row['api_key_name']);
$api_key_decrypt_hash = $row['api_key_decrypt_hash']; // No sanitization
$client_id = intval($row['api_key_client_id']);

// Set limit & offset for queries
Expand Down
15 changes: 15 additions & 0 deletions functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,21 @@ function encryptLoginEntry($login_password_cleartext)
return $iv . $ciphertext;
}

function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key_decrypt_password)
{
// TODO: try marking $api_key_decrypt_password as sensitive

// Split the login entry (username/password) into IV and Ciphertext
$login_iv = substr($login_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_ciphertext, 16);

// Decrypt the api hash to get the master key
$site_encryption_master_key = decryptUserSpecificKey($api_key_decrypt_hash, $api_key_decrypt_password);

// Decrypt the login password using the master key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
}

// Get domain general info (whois + NS/A/MX records)
function getDomainRecords($name)
{
Expand Down

0 comments on commit a6113dc

Please sign in to comment.