* ownCloud\r
*\r
* @author Sam Tuke, Frank Karlitschek, Robin Appelman\r
- * @copyright 2012 Sam Tuke samtuke@owncloud.com, \r
- * Robin Appelman icewind@owncloud.com, Frank Karlitschek \r
+ * @copyright 2012 Sam Tuke samtuke@owncloud.com,\r
+ * Robin Appelman icewind@owncloud.com, Frank Karlitschek\r
* frank@owncloud.org\r
*\r
* This library is free software; you can redistribute it and/or\r
public static function mode( $user = null ) {\r
\r
return 'server';\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Create a new encryption keypair\r
- * @return array publicKey, privatekey\r
- */\r
+\r
+ /**\r
+ * @brief Create a new encryption keypair\r
+ * @return array publicKey, privatekey\r
+ */\r
public static function createKeypair() {\r
- \r
+\r
$res = openssl_pkey_new();\r
\r
// Get private key\r
\r
// Get public key\r
$publicKey = openssl_pkey_get_details( $res );\r
- \r
+\r
$publicKey = $publicKey['key'];\r
- \r
+\r
return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Add arbitrary padding to encrypted data\r
- * @param string $data data to be padded\r
- * @return padded data\r
- * @note In order to end up with data exactly 8192 bytes long we must \r
- * add two letters. It is impossible to achieve exactly 8192 length \r
- * blocks with encryption alone, hence padding is added to achieve the \r
- * required length. \r
- */\r
+\r
+ /**\r
+ * @brief Add arbitrary padding to encrypted data\r
+ * @param string $data data to be padded\r
+ * @return padded data\r
+ * @note In order to end up with data exactly 8192 bytes long we must\r
+ * add two letters. It is impossible to achieve exactly 8192 length\r
+ * blocks with encryption alone, hence padding is added to achieve the\r
+ * required length.\r
+ */\r
public static function addPadding( $data ) {\r
- \r
+\r
$padded = $data . 'xx';\r
- \r
+\r
return $padded;\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Remove arbitrary padding to encrypted data\r
- * @param string $padded padded data to remove padding from\r
- * @return unpadded data on success, false on error\r
- */\r
+\r
+ /**\r
+ * @brief Remove arbitrary padding to encrypted data\r
+ * @param string $padded padded data to remove padding from\r
+ * @return unpadded data on success, false on error\r
+ */\r
public static function removePadding( $padded ) {\r
- \r
+\r
if ( substr( $padded, -2 ) == 'xx' ) {\r
- \r
+\r
$data = substr( $padded, 0, -2 );\r
- \r
+\r
return $data;\r
- \r
+\r
} else {\r
- \r
+\r
// TODO: log the fact that unpadded data was submitted for removal of padding\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Check if a file's contents contains an IV and is symmetrically encrypted\r
- * @return true / false\r
- * @note see also OCA\Encryption\Util->isEncryptedPath()\r
- */\r
+\r
+ /**\r
+ * @brief Check if a file's contents contains an IV and is symmetrically encrypted\r
+ * @return true / false\r
+ * @note see also OCA\Encryption\Util->isEncryptedPath()\r
+ */\r
public static function isCatfile( $content ) {\r
- \r
+\r
if ( !$content ) {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
$noPadding = self::removePadding( $content );\r
- \r
+\r
// Fetch encryption metadata from end of file\r
$meta = substr( $noPadding, -22 );\r
- \r
+\r
// Fetch IV from end of file\r
$iv = substr( $meta, -16 );\r
- \r
+\r
// Fetch identifier from start of metadata\r
$identifier = substr( $meta, 0, 6 );\r
- \r
+\r
if ( $identifier == '00iv00') {\r
- \r
+\r
return true;\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
+\r
/**\r
* Check if a file is encrypted according to database file cache\r
* @param string $path\r
* @return bool\r
*/\r
public static function isEncryptedMeta( $path ) {\r
- \r
+\r
// TODO: Use DI to get \OC\Files\Filesystem out of here\r
- \r
+\r
// Fetch all file metadata from DB\r
$metadata = \OC\Files\Filesystem::getFileInfo( $path, '' );\r
- \r
+\r
// Return encryption status\r
return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Check if a file is encrypted via legacy system\r
- * @param string $relPath The path of the file, relative to user/data;\r
- * e.g. filename or /Docs/filename, NOT admin/files/filename\r
- * @return true / false\r
- */\r
+\r
+ /**\r
+ * @brief Check if a file is encrypted via legacy system\r
+ * @param string $relPath The path of the file, relative to user/data;\r
+ * e.g. filename or /Docs/filename, NOT admin/files/filename\r
+ * @return true / false\r
+ */\r
public static function isLegacyEncryptedContent( $data, $relPath ) {\r
- \r
+\r
// Fetch all file metadata from DB\r
$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );\r
- \r
+\r
// If a file is flagged with encryption in DB, but isn't a \r
// valid content + IV combination, it's probably using the \r
// legacy encryption system\r
- if ( \r
- isset( $metadata['encrypted'] ) \r
- and $metadata['encrypted'] === true \r
- and ! self::isCatfile( $data ) \r
+ if (\r
+ isset( $metadata['encrypted'] )\r
+ and $metadata['encrypted'] === true\r
+ and ! self::isCatfile( $data )\r
) {\r
- \r
+\r
return true;\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Symmetrically encrypt a string\r
- * @returns encrypted file\r
- */\r
+\r
+ /**\r
+ * @brief Symmetrically encrypt a string\r
+ * @returns encrypted file\r
+ */\r
public static function encrypt( $plainContent, $iv, $passphrase = '' ) {\r
- \r
+\r
if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {\r
\r
return $encryptedContent;\r
- \r
+\r
} else {\r
- \r
+\r
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Symmetrically decrypt a string\r
- * @returns decrypted file\r
- */\r
+\r
+ /**\r
+ * @brief Symmetrically decrypt a string\r
+ * @returns decrypted file\r
+ */\r
public static function decrypt( $encryptedContent, $iv, $passphrase ) {\r
- \r
+\r
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {\r
\r
return $plainContent;\r
- \r
- \r
+\r
+\r
} else {\r
- \r
+\r
throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );\r
- \r
- return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Concatenate encrypted data with its IV and padding\r
- * @param string $content content to be concatenated\r
- * @param string $iv IV to be concatenated\r
- * @returns string concatenated content\r
- */\r
+\r
+ /**\r
+ * @brief Concatenate encrypted data with its IV and padding\r
+ * @param string $content content to be concatenated\r
+ * @param string $iv IV to be concatenated\r
+ * @returns string concatenated content\r
+ */\r
public static function concatIv ( $content, $iv ) {\r
- \r
+\r
$combined = $content . '00iv00' . $iv;\r
- \r
+\r
return $combined;\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Split concatenated data and IV into respective parts\r
- * @param string $catFile concatenated data to be split\r
- * @returns array keys: encrypted, iv\r
- */\r
+\r
+ /**\r
+ * @brief Split concatenated data and IV into respective parts\r
+ * @param string $catFile concatenated data to be split\r
+ * @returns array keys: encrypted, iv\r
+ */\r
public static function splitIv ( $catFile ) {\r
- \r
+\r
// Fetch encryption metadata from end of file\r
$meta = substr( $catFile, -22 );\r
- \r
+\r
// Fetch IV from end of file\r
$iv = substr( $meta, -16 );\r
- \r
+\r
// Remove IV and IV identifier text to expose encrypted content\r
$encrypted = substr( $catFile, 0, -22 );\r
- \r
+\r
$split = array(\r
'encrypted' => $encrypted\r
- , 'iv' => $iv\r
+ , 'iv' => $iv\r
);\r
- \r
+\r
return $split;\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Symmetrically encrypts a string and returns keyfile content\r
- * @param $plainContent content to be encrypted in keyfile\r
- * @returns encrypted content combined with IV\r
- * @note IV need not be specified, as it will be stored in the returned keyfile\r
- * and remain accessible therein.\r
- */\r
+\r
+ /**\r
+ * @brief Symmetrically encrypts a string and returns keyfile content\r
+ * @param $plainContent content to be encrypted in keyfile\r
+ * @returns encrypted content combined with IV\r
+ * @note IV need not be specified, as it will be stored in the returned keyfile\r
+ * and remain accessible therein.\r
+ */\r
public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {\r
- \r
+\r
if ( !$plainContent ) {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
$iv = self::generateIv();\r
- \r
+\r
if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {\r
- \r
- // Combine content to encrypt with IV identifier and actual IV\r
- $catfile = self::concatIv( $encryptedContent, $iv );\r
- \r
- $padded = self::addPadding( $catfile );\r
- \r
- return $padded;\r
- \r
+\r
+ // Combine content to encrypt with IV identifier and actual IV\r
+ $catfile = self::concatIv( $encryptedContent, $iv );\r
+\r
+ $padded = self::addPadding( $catfile );\r
+\r
+ return $padded;\r
+\r
} else {\r
- \r
+\r
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
\r
\r
/**\r
- * @brief Symmetrically decrypts keyfile content\r
- * @param string $source\r
- * @param string $target\r
- * @param string $key the decryption key\r
- * @returns decrypted content\r
- *\r
- * This function decrypts a file\r
- */\r
+ * @brief Symmetrically decrypts keyfile content\r
+ * @param string $source\r
+ * @param string $target\r
+ * @param string $key the decryption key\r
+ * @returns decrypted content\r
+ *\r
+ * This function decrypts a file\r
+ */\r
public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {\r
- \r
+\r
if ( !$keyfileContent ) {\r
- \r
+\r
throw new \Exception( 'Encryption library: no data provided for decryption' );\r
- \r
+\r
}\r
- \r
+\r
// Remove padding\r
$noPadding = self::removePadding( $keyfileContent );\r
- \r
+\r
// Split into enc data and catfile\r
$catfile = self::splitIv( $noPadding );\r
- \r
+\r
if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {\r
- \r
+\r
return $plainContent;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief Creates symmetric keyfile content using a generated key\r
- * @param string $plainContent content to be encrypted\r
- * @returns array keys: key, encrypted\r
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
- *\r
- * This function decrypts a file\r
- */\r
+ * @brief Creates symmetric keyfile content using a generated key\r
+ * @param string $plainContent content to be encrypted\r
+ * @returns array keys: key, encrypted\r
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
+ *\r
+ * This function decrypts a file\r
+ */\r
public static function symmetricEncryptFileContentKeyfile( $plainContent ) {\r
- \r
+\r
$key = self::generateKey();\r
- \r
+\r
if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {\r
- \r
+\r
return array(\r
'key' => $key\r
- , 'encrypted' => $encryptedContent\r
+ , 'encrypted' => $encryptedContent\r
);\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief Create asymmetrically encrypted keyfile content using a generated key\r
- * @param string $plainContent content to be encrypted\r
- * @returns array keys: key, encrypted\r
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
- *\r
- * This function decrypts a file\r
- */\r
+ * @brief Create asymmetrically encrypted keyfile content using a generated key\r
+ * @param string $plainContent content to be encrypted\r
+ * @returns array keys: key, encrypted\r
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
+ *\r
+ * This function decrypts a file\r
+ */\r
public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {\r
- \r
+\r
// Set empty vars to be set by openssl by reference\r
$sealed = '';\r
$envKeys = array();\r
- \r
+\r
if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) {\r
- \r
+\r
return array(\r
'keys' => $envKeys\r
- , 'encrypted' => $sealed\r
+ , 'encrypted' => $sealed\r
);\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief Asymmetrically encrypt a file using multiple public keys\r
- * @param string $plainContent content to be encrypted\r
- * @returns string $plainContent decrypted string\r
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
- *\r
- * This function decrypts a file\r
- */\r
+ * @brief Asymmetrically encrypt a file using multiple public keys\r
+ * @param string $plainContent content to be encrypted\r
+ * @returns string $plainContent decrypted string\r
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method\r
+ *\r
+ * This function decrypts a file\r
+ */\r
public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) {\r
- \r
+\r
if ( !$encryptedContent ) {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) {\r
- \r
+\r
return $plainContent;\r
- \r
+\r
} else {\r
- \r
+\r
\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Asymetrically encrypt a string using a public key\r
- * @returns encrypted file\r
- */\r
+\r
+ /**\r
+ * @brief Asymmetrically encrypt a string using a public key\r
+ * @returns encrypted file\r
+ */\r
public static function keyEncrypt( $plainContent, $publicKey ) {\r
- \r
+\r
openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );\r
- \r
+\r
return $encryptedContent;\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Asymetrically decrypt a file using a private key\r
- * @returns decrypted file\r
- */\r
+\r
+ /**\r
+ * @brief Asymetrically decrypt a file using a private key\r
+ * @returns decrypted file\r
+ */\r
public static function keyDecrypt( $encryptedContent, $privatekey ) {\r
- \r
+\r
openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );\r
- \r
+\r
return $plainContent;\r
- \r
+\r
}\r
\r
- /**\r
- * @brief Encrypts content symmetrically and generates keyfile asymmetrically\r
- * @returns array containing catfile and new keyfile. \r
- * keys: data, key\r
- * @note this method is a wrapper for combining other crypt class methods\r
- */\r
+ /**\r
+ * @brief Encrypts content symmetrically and generates keyfile asymmetrically\r
+ * @returns array containing catfile and new keyfile.\r
+ * keys: data, key\r
+ * @note this method is a wrapper for combining other crypt class methods\r
+ */\r
public static function keyEncryptKeyfile( $plainContent, $publicKey ) {\r
- \r
+\r
// Encrypt plain data, generate keyfile & encrypted file\r
$cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );\r
- \r
+\r
// Encrypt keyfile\r
$cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );\r
- \r
+\r
return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Takes catfile, keyfile, and private key, and\r
- * performs decryption\r
- * @returns decrypted content\r
- * @note this method is a wrapper for combining other crypt class methods\r
- */\r
+\r
+ /**\r
+ * @brief Takes catfile, keyfile, and private key, and\r
+ * performs decryption\r
+ * @returns decrypted content\r
+ * @note this method is a wrapper for combining other crypt class methods\r
+ */\r
public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) {\r
- \r
+\r
// Decrypt the keyfile with the user's private key\r
$decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey );\r
- \r
+\r
// Decrypt the catfile symmetrically using the decrypted keyfile\r
$decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile );\r
- \r
+\r
return $decryptedData;\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief Symmetrically encrypt a file by combining encrypted component data blocks\r
- */\r
+ * @brief Symmetrically encrypt a file by combining encrypted component data blocks\r
+ */\r
public static function symmetricBlockEncryptFileContent( $plainContent, $key ) {\r
- \r
+\r
$crypted = '';\r
- \r
+\r
$remaining = $plainContent;\r
- \r
+\r
$testarray = array();\r
- \r
+\r
while( strlen( $remaining ) ) {\r
- \r
+\r
//echo "\n\n\$block = ".substr( $remaining, 0, 6126 );\r
- \r
+\r
// Encrypt a chunk of unencrypted data and add it to the rest\r
$block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key );\r
- \r
+\r
$padded = self::addPadding( $block );\r
- \r
+\r
$crypted .= $block;\r
- \r
+\r
$testarray[] = $block;\r
- \r
+\r
// Remove the data already encrypted from remaining unencrypted data\r
$remaining = substr( $remaining, 6126 );\r
- \r
+\r
}\r
- \r
- //echo "hags ";\r
- \r
- //echo "\n\n\n\$crypted = $crypted\n\n\n";\r
- \r
- //print_r($testarray);\r
- \r
+\r
return $crypted;\r
\r
}\r
\r
\r
/**\r
- * @brief Symmetrically decrypt a file by combining encrypted component data blocks\r
- */\r
+ * @brief Symmetrically decrypt a file by combining encrypted component data blocks\r
+ */\r
public static function symmetricBlockDecryptFileContent( $crypted, $key ) {\r
- \r
+\r
$decrypted = '';\r
- \r
+\r
$remaining = $crypted;\r
- \r
+\r
$testarray = array();\r
- \r
+\r
while( strlen( $remaining ) ) {\r
- \r
+\r
$testarray[] = substr( $remaining, 0, 8192 );\r
- \r
+\r
// Decrypt a chunk of unencrypted data and add it to the rest\r
$decrypted .= self::symmetricDecryptFileContent( $remaining, $key );\r
- \r
+\r
// Remove the data already encrypted from remaining unencrypted data\r
$remaining = substr( $remaining, 8192 );\r
- \r
+\r
}\r
- \r
- //echo "\n\n\$testarray = "; print_r($testarray);\r
- \r
+\r
return $decrypted;\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Generates a pseudo random initialisation vector\r
- * @return String $iv generated IV\r
- */\r
+\r
+ /**\r
+ * @brief Generates a pseudo random initialisation vector\r
+ * @return String $iv generated IV\r
+ */\r
public static function generateIv() {\r
- \r
+\r
if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {\r
- \r
+\r
if ( !$strong ) {\r
- \r
+\r
// If OpenSSL indicates randomness is insecure, log error\r
\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );\r
- \r
+\r
}\r
- \r
+\r
// We encode the iv purely for string manipulation \r
// purposes - it gets decoded before use\r
$iv = base64_encode( $random );\r
- \r
+\r
return $iv;\r
- \r
+\r
} else {\r
- \r
- throw new Exception( 'Generating IV failed' );\r
- \r
+\r
+ throw new \Exception( 'Generating IV failed' );\r
+\r
}\r
- \r
+\r
}\r
- \r
- /**\r
- * @brief Generate a pseudo random 1024kb ASCII key\r
- * @returns $key Generated key\r
- */\r
+\r
+ /**\r
+ * @brief Generate a pseudo random 1024kb ASCII key\r
+ * @returns $key Generated key\r
+ */\r
public static function generateKey() {\r
- \r
+\r
// Generate key\r
if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {\r
- \r
+\r
if ( !$strong ) {\r
- \r
+\r
// If OpenSSL indicates randomness is insecure, log error\r
- throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );\r
- \r
+ throw new \Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );\r
+\r
}\r
- \r
+\r
return $key;\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
- }\r
- \r
- }\r
\r
- public static function changekeypasscode( $oldPassword, $newPassword ) {\r
-\r
- if ( \OCP\User::isLoggedIn() ) {\r
- \r
- $key = Keymanager::getPrivateKey( $user, $view );\r
- \r
- if ( ( $key = Crypt::symmetricDecryptFileContent($key,$oldpasswd) ) ) {\r
- \r
- if ( ( $key = Crypt::symmetricEncryptFileContent( $key, $newpasswd ) ) ) {\r
- \r
- Keymanager::setPrivateKey( $key );\r
- \r
- return true;\r
- }\r
- \r
- }\r
- \r
}\r
- \r
- return false;\r
- \r
+\r
}\r
- \r
+\r
/**\r
* @brief Get the blowfish encryption handeler for a key\r
* @param $key string (optional)\r
* if the key is left out, the default handeler will be used\r
*/\r
public static function getBlowfish( $key = '' ) {\r
- \r
+\r
if ( $key ) {\r
- \r
+\r
return new \Crypt_Blowfish( $key );\r
- \r
+\r
} else {\r
- \r
+\r
return false;\r
- \r
+\r
}\r
- \r
+\r
}\r
- \r
+\r
public static function legacyCreateKey( $passphrase ) {\r
- \r
+\r
// Generate a random integer\r
$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );\r
\r
$legacyEncKey = self::legacyEncrypt( $key, $passphrase );\r
\r
return $legacyEncKey;\r
- \r
+\r
}\r
- \r
+\r
/**\r
* @brief encrypts content using legacy blowfish system\r
* @param $content the cleartext message you want to encrypt\r
* This function encrypts an content\r
*/\r
public static function legacyEncrypt( $content, $passphrase = '' ) {\r
- \r
+\r
$bf = self::getBlowfish( $passphrase );\r
- \r
+\r
return $bf->encrypt( $content );\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief decrypts content using legacy blowfish system\r
- * @param $content the cleartext message you want to decrypt\r
- * @param $key the encryption key (optional)\r
- * @returns cleartext content\r
- *\r
- * This function decrypts an content\r
- */\r
+ * @brief decrypts content using legacy blowfish system\r
+ * @param $content the cleartext message you want to decrypt\r
+ * @param $key the encryption key (optional)\r
+ * @returns cleartext content\r
+ *\r
+ * This function decrypts an content\r
+ */\r
public static function legacyDecrypt( $content, $passphrase = '' ) {\r
- \r
+\r
$bf = self::getBlowfish( $passphrase );\r
- \r
+\r
$decrypted = $bf->decrypt( $content );\r
- \r
+\r
$trimmed = rtrim( $decrypted, "\0" );\r
- \r
+\r
return $trimmed;\r
- \r
+\r
}\r
- \r
+\r
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) {\r
- \r
+\r
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );\r
- \r
+\r
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey );\r
- \r
+\r
return $recrypted;\r
- \r
+\r
}\r
- \r
+\r
/**\r
- * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV\r
- * @param $legacyContent the legacy encrypted content to re-encrypt\r
- * @returns cleartext content\r
- *\r
- * This function decrypts an content\r
- */\r
+ * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV\r
+ * @param $legacyContent the legacy encrypted content to re-encrypt\r
+ * @returns cleartext content\r
+ *\r
+ * This function decrypts an content\r
+ */\r
public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) {\r
- \r
+\r
// TODO: write me\r
- \r
+\r
}\r
- \r
+\r
}
\ No newline at end of file
* @note Where a method requires a view object, it's root must be '/'
*/
class Keymanager {
- \r
+
/**
* @brief retrieve the ENCRYPTED private key from a user
*
/**
* @brief retrieve public key for a specified user
- * @param \OC_FilesystemView $view\r
- * @param $userId\r
+ * @param \OC_FilesystemView $view
+ * @param $userId
* @return string public key or false
*/
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
/**
* @brief retrieve both keys from a user (private and public)
- * @param \OC_FilesystemView $view\r
- * @param $userId\r
+ * @param \OC_FilesystemView $view
+ * @param $userId
* @return array keys: privateKey, publicKey
*/
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
/**
* @brief retrieve keyfile for an encrypted file
- * @param \OC_FilesystemView $view\r
- * @param $userId\r
- * @param $filePath\r
- * @internal param \OCA\Encryption\file $string name\r
- * @return string file key or false\r
+ * @param \OC_FilesystemView $view
+ * @param $userId
+ * @param $filePath
+ * @internal param \OCA\Encryption\file $string name
+ * @return string file key or false
* @note The keyfile returned is asymmetrically encrypted. Decryption
* of the keyfile must be performed by client code
*/
/**
* @brief Delete a keyfile
*
- * @param OC_FilesystemView $view\r
- * @param string $userId username\r
- * @param string $path path of the file the key belongs to\r
- * @return bool Outcome of unlink operation\r
- * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT\r
- * /data/admin/files/mydoc.txt\r
+ * @param OC_FilesystemView $view
+ * @param string $userId username
+ * @param string $path path of the file the key belongs to
+ * @return bool Outcome of unlink operation
+ * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
+ * /data/admin/files/mydoc.txt
*/
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
\OC_FileProxy::$enabled = false;
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+ if ( !$view->file_exists( '' ) )
+ $view->mkdir( '' );
return $view->file_put_contents( $user . '.private.key', $key );
-
- \OC_FileProxy::$enabled = true;
-
+
}
/**
\OC_FileProxy::$enabled = false;
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+ if ( !$view->file_exists( '' ) )
+ $view->mkdir( '' );
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
-
- \OC_FileProxy::$enabled = true;
+
}
/**
- * @brief store file encryption key\r
- *\r
- * @param string $path relative path of the file, including filename\r
- * @param string $key\r
- * @param null $view\r
- * @param string $dbClassName\r
- * @return bool true/false\r
- * @note The keyfile is not encrypted here. Client code must\r
- * asymmetrically encrypt the keyfile before passing it to this method\r
+ * @brief store file encryption key
+ *
+ * @param string $path relative path of the file, including filename
+ * @param string $key
+ * @param null $view
+ * @param string $dbClassName
+ * @return bool true/false
+ * @note The keyfile is not encrypted here. Client code must
+ * asymmetrically encrypt the keyfile before passing it to this method
*/
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
- }\r
- \r
- /**\r
- * @brief Make preparations to vars and filesystem for saving a keyfile\r
- */\r
- public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {\r
+ }
+
+ /**
+ * @brief Make preparations to vars and filesystem for saving a keyfile
+ */
+ public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
$targetPath = ltrim( $path, '/' );
$path_parts = pathinfo( $targetPath );
// If the file resides within a subdirectory, create it
- if ( \r
- isset( $path_parts['dirname'] )\r
- && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] ) \r
+ if (
+ isset( $path_parts['dirname'] )
+ && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
) {
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
}
- return $targetPath;\r
- \r
- }
+ return $targetPath;
- /**
- * @brief change password of private encryption key
- *
- * @param string $oldpasswd old password
- * @param string $newpasswd new password
- * @return bool true/false
- */
- public static function changePasswd($oldpasswd, $newpasswd) {
-
- if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
- return Crypt::changekeypasscode($oldpasswd, $newpasswd);
- }
- return false;
-
}
-
+
/**
* @brief Fetch the legacy encryption key from user files
* @param string $login used to locate the legacy key
* @param string $passphrase used to decrypt the legacy key
* @return true / false
*
- * if the key is left out, the default handeler will be used
+ * if the key is left out, the default handler will be used
*/
public function getLegacyKey() {
projects / nextcloud-server.git / commitdiff