Show Posts
1
Development and Code Review / Anyone with old encrypted backups? - New authenticated encryption mode
« on: April 02, 2022, 08:02:47 pm »
Hello,
Since the current backup scheme (AES-256-CBC encrypted, SHA512 key derivation) doesn't have any authentication/integrity functionality added to it, which can be bad[1][2], I decided to make a pull request[3] that upgrades to a more modern scheme AES-256-GCM (Galois/Counter Mode). The pull request additionally removes the shell invocations that used openssl command line tool and just uses native PHP functions like openssl_encrypt() and openssl_decrypt().
I have tested that my new methods are compatible with openssl command line tool, and with the current encryption and key derivation scheme, but I don't have any older style backups (MD5 key derivation) since I'm pretty new OPNsense user. It would be great if someone with the older MD5 derived keys could test it. That way we could see that it really works end to end.
Steps needed.
1. Install (or have) a fully updated OPNsense on a virtual machine or on a real hardware.
2. Replace src/opnsense/mvc/app/library/OPNsense/Backup/Base.php file with this one https://raw.githubusercontent.com/opnsense/core/c67e016ad6b8e84f672e11f0d1de65316bcfb134/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
3. Try to restore an encrypted backup, which uses MD5 key derivation.
4. Success!
Thanks!
[1]: https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html
[2]: https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/#aes-gcm-vs-aes-cbc
[3]: https://github.com/opnsense/core/pull/5665
Since the current backup scheme (AES-256-CBC encrypted, SHA512 key derivation) doesn't have any authentication/integrity functionality added to it, which can be bad[1][2], I decided to make a pull request[3] that upgrades to a more modern scheme AES-256-GCM (Galois/Counter Mode). The pull request additionally removes the shell invocations that used openssl command line tool and just uses native PHP functions like openssl_encrypt() and openssl_decrypt().
I have tested that my new methods are compatible with openssl command line tool, and with the current encryption and key derivation scheme, but I don't have any older style backups (MD5 key derivation) since I'm pretty new OPNsense user. It would be great if someone with the older MD5 derived keys could test it. That way we could see that it really works end to end.
Steps needed.
1. Install (or have) a fully updated OPNsense on a virtual machine or on a real hardware.
2. Replace src/opnsense/mvc/app/library/OPNsense/Backup/Base.php file with this one https://raw.githubusercontent.com/opnsense/core/c67e016ad6b8e84f672e11f0d1de65316bcfb134/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
3. Try to restore an encrypted backup, which uses MD5 key derivation.
4. Success!
Thanks!
[1]: https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html
[2]: https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/#aes-gcm-vs-aes-cbc
[3]: https://github.com/opnsense/core/pull/5665