Added Auto Encryption

Added Auto Encryption utilizing Roundcubes des_key that is randomly generated at installation.
texxasrulez · Aug 13, 2020 · a64f20f · a64f20f
1 parent bc4043f
commit a64f20f
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -3,17 +3,16 @@
 **Check Email from an external IMAP account from within Roundcube**   
 
 Supported Webmail Providers "out of the box"  
-
-* gmail.com  
-* googlemail.com  
-* yahoo.com    
-* hotmail.com    
-* live.com    
-* outlook.com    
-* aol.com    
-* gmx.com    
-* icloud.com    
-* yandex.com  
+* gmail.com (Tested - Works)  
+* googlemail.com (Un-Tested)  
+* yahoo.com (Tested - Works. Does require app password from Yahoo to use here not your account password)  
+* hotmail.com (Tested - Works)  
+* live.com (Un-Tested)  
+* outlook.com (Un-Tested)  
+* aol.com (Un-Tested)  
+* gmx.com (Un-Tested)  
+* icloud.com (Un-Tested)  
+* yandex.com (Un-Tested)  
 
 If you would like more, just give me the url of the webmail provider and I will add it if able to.  
 

diff --git a/additional_imap.php b/additional_imap.php
@@ -25,6 +25,11 @@ function init() {
     }
 
     function switch_account() {
+
+	// encrypted with your Roundcube user password using RC's default des_key
+        $rcmail = rcmail::get_instance();
+        $rc_des_key = self::getDesKey();
+
         $rcmail = $this->rcmail;
         if ($_ = rcube_utils::get_input_value('_switch', rcube_utils::INPUT_GET)) {
             $_SESSION['additional_imap_id'] = $_;
@@ -725,4 +730,92 @@ private function gc($W) {
             }
         }
     }
+
+	// password helpers
+    private static function getDesKey(): string
+    {
+        $rcmail = rcmail::get_instance();
+        $imap_password = $rcmail->decrypt($_SESSION['password']);
+        while (strlen($imap_password) < 24) {
+            $imap_password .= $imap_password;
+        }
+        return substr($imap_password, 0, 24);
+    }
+
+    public static function encryptPassword(string $clear): string
+    {
+        $scheme = self::$pwstore_scheme;
+
+        if (strcasecmp($scheme, 'plain') === 0) {
+            return $clear;
+        }
+
+        if (strcasecmp($scheme, 'encrypted') === 0) {
+            if (empty($_SESSION['password'])) { // no key for encryption available, downgrade to DES_KEY
+                $scheme = 'des_key';
+            } else {
+                // encrypted with IMAP password
+                $rcmail = rcmail::get_instance();
+
+                $imap_password = self::getDesKey();
+                $deskey_backup = $rcmail->config->set('additional_imap_salt', $imap_password);
+
+                $crypted = $rcmail->encrypt($clear, 'additional_imap_salt');
+
+                // there seems to be no way to unset a preference
+                $deskey_backup = $rcmail->config->set('additional_imap_salt', '');
+
+                return '{ENCRYPTED}' . $crypted;
+            }
+        }
+
+        if (strcasecmp($scheme, 'des_key') === 0) {
+            // encrypted with global des_key
+            $rcmail = rcmail::get_instance();
+            $crypted = $rcmail->encrypt($clear);
+            return '{DES_KEY}' . $crypted;
+        }
+
+        // default: base64-coded password
+        return '{BASE64}' . base64_encode($clear);
+    }
+
+    public static function decryptPassword(string $crypt): string
+    {
+        if (strpos($crypt, '{ENCRYPTED}') === 0) {
+            // return empty password if decruption key not available
+            if (empty($_SESSION['password'])) {
+                self::$logger->warning("Cannot decrypt password as now session password is available");
+                return "";
+            }
+
+            $crypt = substr($crypt, strlen('{ENCRYPTED}'));
+            $rcmail = rcmail::get_instance();
+
+            $imap_password = self::getDesKey();
+            $deskey_backup = $rcmail->config->set('additional_imap_salt', $imap_password);
+
+            $clear = $rcmail->decrypt($crypt, 'additional_imap_salt');
+
+            // there seems to be no way to unset a preference
+            $deskey_backup = $rcmail->config->set('additional_imap_salt', '');
+
+            return $clear;
+        }
+
+        if (strpos($crypt, '{DES_KEY}') === 0) {
+            $crypt = substr($crypt, strlen('{DES_KEY}'));
+            $rcmail = rcmail::get_instance();
+
+            return $rcmail->decrypt($crypt);
+        }
+
+        if (strpos($crypt, '{BASE64}') === 0) {
+            $crypt = substr($crypt, strlen('{BASE64}'));
+            return base64_decode($crypt);
+        }
+
+        // unknown scheme, assume cleartext
+        return $crypt;
+    }
 }
diff --git a/composer.json b/composer.json
@@ -4,7 +4,7 @@
 	"description": "Add additional IMAP Accounts to your Roundcube.",
 	"homepage": "https://github.com/texxasrulez/additional_imap",
 	"license": "GPL-3.0-only",
-	"version": "0.1.1",
+	"version": "0.2.0",
 	"authors": [
 		{
 			"name": "Gene Hawkins",

diff --git a/config.inc.php.dist b/config.inc.php.dist
@@ -6,7 +6,7 @@
 $config['additional_imap_crypt'] = 'rcmail';
 
 /* password encryption salt (only used for secure encryption) */
-$config['additional_imap_salt'] = '!!!!Random_1_2_4_5_6_String!!!!';
+// $config['additional_imap_salt'] = 'Utilizes RC Default des_key generated at installation';
 
 /* predefined imap hosts (associated with the domain part of the identity email property) */
 $config['additional_imap_external'] = array(