Merge branch 'session-encryption' into 'master'

add optional encryption for stored session data using Sodium library

See merge request tt-rss/tt-rss!117

.docker/app/Dockerfile

@@ -16,7 +16,7 @@ RUN [ ! -z ${ALPINE_MIRROR} ] && \
 	apk add --no-cache ca-certificates dcron git postgresql-client rsync sudo tzdata \
 		php${PHP_SUFFIX} \
 		$(for p in ctype curl dom exif fileinfo fpm gd iconv intl json mbstring opcache \
-			openssl pcntl pdo pdo_pgsql pecl-apcu pecl-xdebug phar posix session simplexml sockets tokenizer xml xmlwriter zip; do \
+			openssl pcntl pdo pdo_pgsql pecl-apcu pecl-xdebug phar posix session simplexml sockets sodium tokenizer xml xmlwriter zip; do \
 			php_pkgs="$php_pkgs php${PHP_SUFFIX}-$p"; \
 		done; \
 		echo $php_pkgs) && \

classes/Config.php

@@ -6,7 +6,7 @@ class Config {
 	const T_STRING = 2;
 	const T_INT = 3;
 
-	const SCHEMA_VERSION = 147;
+	const SCHEMA_VERSION = 148;
 
 	/** override default values, defined below in _DEFAULTS[], prefixing with _ENVVAR_PREFIX:
 	 *
@@ -192,6 +192,10 @@ class Config {
 	/** disables login form controls except HOOK_LOGINFORM_ADDITIONAL_BUTTONS (for SSO providers), also prevents logging in through auth_internal */
 	const DISABLE_LOGIN_FORM = "DISABLE_LOGIN_FORM";
 
+	/** optional key to transparently encrypt sensitive data (currently limited to sessions and feed passwords),
+	 * key is a 32 byte hex string which may be generated using `update.php --gen-encryption-key` */
+	const ENCRYPTION_KEY = "ENCRYPTION_KEY";
+
 	/** default values for all global configuration options */
 	private const _DEFAULTS = [
 		Config::DB_TYPE => [ "pgsql", 									Config::T_STRING ],
@@ -249,7 +253,8 @@ class Config {
 		Config::HTTP_USER_AGENT => [ 'Tiny Tiny RSS/%s (https://tt-rss.org/)',
 																					Config::T_STRING ],
 		Config::HTTP_429_THROTTLE_INTERVAL => [ 3600,				Config::T_INT ],
-		Config::DISABLE_LOGIN_FORM => [ "",								Config::T_BOOL ]
+		Config::DISABLE_LOGIN_FORM => [ "",								Config::T_BOOL ],
+		Config::ENCRYPTION_KEY => [ "",                  Config::T_STRING ]
 	];
 
 	private static ?Config $instance = null;

classes/Crypt.php

@@ -0,0 +1,62 @@
+<?php
+class Crypt {
+
+	/** the only algo supported at the moment */
+	private const ENCRYPT_ALGO = 'xchacha20poly1305_ietf';
+
+	/** currently only generates keys using sodium_crypto_aead_chacha20poly1305_keygen() i.e. one supported Crypt::ENCRYPT_ALGO
+	 * @return string random 256-bit (for ChaCha20-Poly1305) binary string
+	*/
+	static function generate_key() : string {
+		return sodium_crypto_aead_chacha20poly1305_keygen();
+	}
+
+	/** encrypts provided ciphertext using Config::ENCRYPTION_KEY into an encrypted object
+	 *
+	 * @return array{'algo': string, 'nonce': string, 'payload': string} encrypted data object containing algo, nonce, and encrypted data
+	*/
+	static function encrypt_string(string $ciphertext) : array {
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if (!$key)
+			throw new Exception("Crypt::encrypt_string() failed to encrypt - key is not available");
+
+		$nonce = \random_bytes(\SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES);
+
+		$payload = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($ciphertext, '', $nonce, hex2bin($key));
+
+		if ($payload) {
+			$encrypted_data = [
+				'algo' => self::ENCRYPT_ALGO,
+				'nonce' => $nonce,
+				'payload' => $payload,
+			];
+
+			return $encrypted_data;
+		}
+
+		throw new Exception("Crypt::encrypt_string() failed to encrypt ciphertext");
+	}
+
+	/** decrypts payload of a valid encrypted object using Config::ENCRYPTION_KEY
+	 *
+	 * @param array{'algo': string, 'nonce': string, 'payload': string} $encrypted_data
+	 *
+	 * @return string decrypted string payload
+	 */
+	static function decrypt_string(array $encrypted_data) : string {
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if (!$key)
+			throw new Exception("Crypt::decrypt_string() failed to decrypt - key is not available");
+
+		// only one is supported for the time being
+		switch ($encrypted_data['algo']) {
+			case self::ENCRYPT_ALGO:
+				return sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($encrypted_data['payload'], '', $encrypted_data['nonce'], hex2bin($key));
+		}
+
+		throw new Exception('Crypt::decrypt_string() failed to decrypt passed encrypted data object, unsupported algo: ' . $encrypted_data['algo']);
+	}
+
+}

classes/Feeds.php

@@ -2376,5 +2376,29 @@ class Feeds extends Handler_Protected {
 		return [$query, $skip_first_id];
 	}
 
+
+	/** decrypts encrypted feed password if possible (key is available and data is a base64-encoded serialized object)
+	 *
+	 * @param $auth_pass possibly encrypted feed password
+	 *
+	 * @return string plaintext representation of an encrypted feed password if encrypted or plaintext password otherwise
+	 * */
+	static function decrypt_feed_pass(string $auth_pass) : string {
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if ($auth_pass && $key) {
+			$auth_pass_serialized = @base64_decode($auth_pass);
+
+			if ($auth_pass_serialized) {
+				$unserialized_data = @unserialize($auth_pass_serialized);
+
+				if ($unserialized_data !== false)
+					return Crypt::decrypt_string($unserialized_data);
+			}
+		}
+
+		return $auth_pass;
+	}
+
 }
 

classes/Pref_Feeds.php

@@ -560,6 +560,7 @@ class Pref_Feeds extends Handler_Protected {
 			ob_end_clean();
 
 			$row["icon"] = Feeds::_get_icon($feed_id);
+			$row["auth_pass"] = Feeds::decrypt_feed_pass($row["auth_pass"]);
 
 			$local_update_intervals = $update_intervals;
 			$local_update_intervals[0] .= sprintf(" (%s)", $update_intervals[Prefs::get(Prefs::DEFAULT_UPDATE_INTERVAL, $_SESSION['uid'])]);
@@ -746,6 +747,11 @@ class Pref_Feeds extends Handler_Protected {
 
 		$feed_language = clean($_POST["feed_language"] ?? "");
 
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if ($key && $auth_pass)
+			$auth_pass = base64_encode(serialize(Crypt::encrypt_string($auth_pass)));
+
 		if (!$batch) {
 
 			/* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");

classes/RSSUtils.php

@@ -331,6 +331,8 @@ class RSSUtils {
 			$pluginhost->load((string)$user_plugins, PluginHost::KIND_USER, $feed->owner_uid);
 			//$pluginhost->load_data();
 
+			$feed_auth_pass_plaintext = Feeds::decrypt_feed_pass($feed->auth_pass);
+
 			$basic_info = [];
 
 			$pluginhost->run_hooks_callback(PluginHost::HOOK_FEED_BASIC_INFO, function ($result) use (&$basic_info) {
@@ -338,13 +340,13 @@ class RSSUtils {
 					$basic_info = $result;
 					return true;
 				}
-			}, $basic_info, $feed->feed_url, $feed->owner_uid, $feed_id, $feed->auth_login, $feed->auth_pass);
+			}, $basic_info, $feed->feed_url, $feed->owner_uid, $feed_id, $feed->auth_login, $feed_auth_pass_plaintext);
 
 			if (!$basic_info) {
 				$feed_data = UrlHelper::fetch([
 					'url' => $feed->feed_url,
 					'login' => $feed->auth_login,
-					'pass' => $feed->auth_pass,
+					'pass' => $feed_auth_pass_plaintext,
 					'timeout' => Config::get(Config::FEED_FETCH_TIMEOUT),
 				]);
 
@@ -458,12 +460,26 @@ class RSSUtils {
 		$hff_owner_uid = $feed_obj->owner_uid;
 		$hff_feed_url = $feed_obj->feed_url;
 
+		$feed_auth_pass_plaintext = Feeds::decrypt_feed_pass($feed_obj->auth_pass);
+
+		// transparently encrypt plaintext password if possible
+		if ($feed_obj->auth_pass && $feed_auth_pass_plaintext === $feed_obj->auth_pass) {
+			$key = Config::get(Config::ENCRYPTION_KEY);
+
+			if ($key) {
+				Debug::log("encrypting stored plaintext feed password...", Debug::LOG_VERBOSE);
+
+				$feed_obj->auth_pass = base64_encode(serialize(Crypt::encrypt_string($feed_auth_pass_plaintext)));
+				$feed_obj->save();
+			}
+		}
+
 		$pluginhost->chain_hooks_callback(PluginHost::HOOK_FETCH_FEED,
 			function ($result, $plugin) use (&$feed_data, $start_ts) {
 				$feed_data = $result;
 				Debug::log(sprintf("=== %.4f (sec) %s", microtime(true) - $start_ts, get_class($plugin)), Debug::LOG_VERBOSE);
 			},
-			$feed_data, $hff_feed_url, $hff_owner_uid, $feed, $last_article_timestamp, $feed_obj->auth_login, $feed_obj->auth_pass);
+			$feed_data, $hff_feed_url, $hff_owner_uid, $feed, $last_article_timestamp, $feed_obj->auth_login, $feed_auth_pass_plaintext);
 
 		if ($feed_data) {
 			Debug::log("feed data has been modified by a plugin.", Debug::LOG_VERBOSE);
@@ -510,7 +526,7 @@ class RSSUtils {
 			$feed_data = UrlHelper::fetch([
 				"url" => $feed_obj->feed_url,
 				"login" => $feed_obj->auth_login,
-				"pass" => $feed_obj->auth_pass,
+				"pass" => $feed_auth_pass_plaintext,
 				"timeout" => $no_cache ? Config::get(Config::FEED_FETCH_NO_CACHE_TIMEOUT) : Config::get(Config::FEED_FETCH_TIMEOUT),
 				"last_modified" => $force_refetch ? "" : $feed_obj->last_modified
 			]);

classes/Sessions.php

@@ -58,7 +58,17 @@ class Sessions implements \SessionHandlerInterface {
 		$sth->execute([$id]);
 
 		if ($row = $sth->fetch()) {
-			return base64_decode($row['data']);
+			$data = base64_decode($row['data']);
+
+			if (Config::get(Config::ENCRYPTION_KEY)) {
+				$unserialized_data = @unserialize($data); // avoid leaking plaintext session via error message
+
+				if ($unserialized_data !== false)
+					return Crypt::decrypt_string($unserialized_data);
+			}
+
+			// if encryption key is missing or session data is not in serialized format, assume plaintext data and return as-is
+			return $data;
 		}
 
 		$expire = time() + $this->session_expire;
@@ -69,7 +79,12 @@ class Sessions implements \SessionHandlerInterface {
 	}
 
 	public function write(string $id, string $data): bool {
+
+		if (Config::get(Config::ENCRYPTION_KEY))
+			$data = serialize(Crypt::encrypt_string($data));
+
 		$data = base64_encode($data);
+
 		$expire = time() + $this->session_expire;
 
 		$sth = Db::pdo()->prepare('SELECT id FROM ttrss_sessions WHERE id=?');

sql/mysql/migrations/148.sql

@@ -0,0 +1,2 @@
+alter table ttrss_feeds change auth_pass auth_pass text not null;
+

sql/mysql/schema.sql

@@ -121,7 +121,7 @@ create table ttrss_feeds (id integer not null auto_increment primary key,
 	favicon_is_custom boolean default null,
 	site_url varchar(250) not null default '',
 	auth_login varchar(250) not null default '',
-	auth_pass varchar(250) not null default '',
+	auth_pass text not null default '',
 	parent_feed integer default null,
 	private bool not null default false,
 	rtl_content bool not null default false,

sql/pgsql/migrations/148.sql

@@ -0,0 +1,5 @@
+alter table ttrss_feeds rename column auth_pass to auth_pass_old;
+alter table ttrss_feeds add column auth_pass text;
+update ttrss_feeds set auth_pass = auth_pass_old;
+alter table ttrss_feeds alter column auth_pass set not null;
+alter table ttrss_feeds drop column auth_pass_old;

sql/pgsql/schema.sql

@@ -92,7 +92,7 @@ create table ttrss_feeds (id serial not null primary key,
 	auth_login varchar(250) not null default '',
 	parent_feed integer default null references ttrss_feeds(id) on delete set null,
 	private boolean not null default false,
-	auth_pass varchar(250) not null default '',
+	auth_pass text not null default '',
 	hidden boolean not null default false,
 	include_in_digest boolean not null default true,
 	rtl_content boolean not null default false,

update.php

@@ -84,6 +84,7 @@
 		"update-schema::" => ["[force-yes]", "update database schema, optionally without prompting"],
 		"force-update" => "mark all feeds as pending update",
 		"gen-search-idx" => "generate basic PostgreSQL fulltext search index",
+		"gen-encryption-key" => "generate an encryption key (ChaCha20-Poly1305)",
 		"plugins-list" => "list installed plugins",
 		"debug-feed:" => ["N", "update specified feed with debug output enabled"],
 		"force-refetch" => "debug update: force refetch feed data",
@@ -323,6 +324,10 @@
 		}
 	}
 
+	if (isset($options["gen-encryption-key"])) {
+		echo "Generated encryption key: " . bin2hex(Crypt::generate_key()) . "\n";
+	}
+
 	if (isset($options["plugins-list"])) {
 		$tmppluginhost = new PluginHost();
 		$tmppluginhost->load_all($tmppluginhost::KIND_ALL);