From 7f58e2749537e000344dd886df5e103e06eefe91 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thomas=20M=C3=BCller?= Date: Sat, 9 Feb 2013 18:01:38 +0100 Subject: [PATCH] cleanup - more to come after --- apps/files_encryption/ajax/mode.php | 38 - apps/files_encryption/appinfo/app.php | 4 +- apps/files_encryption/hooks/hooks.php | 10 - apps/files_encryption/js/settings-personal.js | 38 - apps/files_encryption/js/settings.js | 29 +- apps/files_encryption/lib/crypt.php | 739 +++++++++--------- apps/files_encryption/lib/keymanager.php | 103 +-- apps/files_encryption/lib/stream.php | 6 +- apps/files_encryption/settings-personal.php | 2 - .../templates/settings-personal.php | 2 +- 10 files changed, 403 insertions(+), 568 deletions(-) delete mode 100644 apps/files_encryption/ajax/mode.php delete mode 100644 apps/files_encryption/js/settings-personal.js diff --git a/apps/files_encryption/ajax/mode.php b/apps/files_encryption/ajax/mode.php deleted file mode 100644 index 64c5be94401..00000000000 --- a/apps/files_encryption/ajax/mode.php +++ /dev/null @@ -1,38 +0,0 @@ - - * This file is licensed under the Affero General Public License version 3 or later. - * See the COPYING-README file. - */ - -use OCA\Encryption\Keymanager; - -OCP\JSON::checkAppEnabled('files_encryption'); -OCP\JSON::checkLoggedIn(); -OCP\JSON::callCheck(); - -$mode = $_POST['mode']; -$changePasswd = false; -$passwdChanged = false; - -if ( isset($_POST['newpasswd']) && isset($_POST['oldpasswd']) ) { - $oldpasswd = $_POST['oldpasswd']; - $newpasswd = $_POST['newpasswd']; - $changePasswd = true; - $passwdChanged = Keymanager::changePasswd($oldpasswd, $newpasswd); -} - -$query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" ); -$result = $query->execute(array(\OCP\User::getUser())); - -if ($result->fetchRow()){ - $query = OC_DB::prepare( 'UPDATE *PREFIX*encryption SET mode = ? WHERE uid = ?' ); -} else { - $query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' ); -} - -if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) { - OCP\JSON::success(); -} else { - OCP\JSON::error(); -} \ No newline at end of file diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index f83109a18ea..08728622525 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -43,6 +43,6 @@ if ( } -// Reguster settings scripts +// Register settings scripts OCP\App::registerAdmin( 'files_encryption', 'settings' ); -OCP\App::registerPersonal( 'files_encryption', 'settings-personal' ); \ No newline at end of file +OCP\App::registerPersonal( 'files_encryption', 'settings-personal' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 8bdeee0937b..7e4f677ce9d 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -165,16 +165,6 @@ class Hooks { * @brief */ public static function postShared( $params ) { - - // Delete existing catfile - Keymanager::deleteFileKey( ); - - // Generate new catfile and env keys - Crypt::multiKeyEncrypt( $plainContent, $publicKeys ); - - // Save env keys to user folders - - } /** diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js deleted file mode 100644 index 1a53e99d2b4..00000000000 --- a/apps/files_encryption/js/settings-personal.js +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Copyright (c) 2012, Bjoern Schiessle - * This file is licensed under the Affero General Public License version 3 or later. - * See the COPYING-README file. - */ - -$(document).ready(function(){ - $('input[name=encryption_mode]').change(function(){ - var prevmode = document.getElementById('prev_encryption_mode').value - var client=$('input[value="client"]:checked').val() - ,server=$('input[value="server"]:checked').val() - ,user=$('input[value="user"]:checked').val() - ,none=$('input[value="none"]:checked').val() - if (client) { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'client' }); - if (prevmode == 'server') { - OC.dialogs.info(t('encryption', 'Please switch to your ownCloud client and change your encryption password to complete the conversion.'), t('encryption', 'switched to client side encryption')); - } - } else if (server) { - if (prevmode == 'client') { - OC.dialogs.form([{text:'Login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) { - if (result.status != 'success') { - document.getElementById(prevmode+'_encryption').checked = true; - OC.dialogs.alert(t('encryption', 'Please check your passwords and try again.'), t('encryption', 'Could not change your file encryption password to your login password')) - } else { - console.log("alles super"); - } - }, true); - }); - } else { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server' }); - } - } else { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'none' }); - } - }) -}) \ No newline at end of file diff --git a/apps/files_encryption/js/settings.js b/apps/files_encryption/js/settings.js index 60563bde859..0be857bb73e 100644 --- a/apps/files_encryption/js/settings.js +++ b/apps/files_encryption/js/settings.js @@ -9,38 +9,11 @@ $(document).ready(function(){ $('#encryption_blacklist').multiSelect({ oncheck:blackListChange, onuncheck:blackListChange, - createText:'...', + createText:'...' }); function blackListChange(){ var blackList=$('#encryption_blacklist').val().join(','); OC.AppConfig.setValue('files_encryption','type_blacklist',blackList); } - - //TODO: Handle switch between client and server side encryption - $('input[name=encryption_mode]').change(function(){ - var client=$('input[value="client"]:checked').val() - ,server=$('input[value="server"]:checked').val() - ,user=$('input[value="user"]:checked').val() - ,none=$('input[value="none"]:checked').val() - ,disable=false - if (client) { - OC.AppConfig.setValue('files_encryption','mode','client'); - disable = true; - } else if (server) { - OC.AppConfig.setValue('files_encryption','mode','server'); - disable = true; - } else if (user) { - OC.AppConfig.setValue('files_encryption','mode','user'); - disable = true; - } else { - OC.AppConfig.setValue('files_encryption','mode','none'); - } - if (disable) { - document.getElementById('server_encryption').disabled = true; - document.getElementById('client_encryption').disabled = true; - document.getElementById('user_encryption').disabled = true; - document.getElementById('none_encryption').disabled = true; - } - }) }) \ No newline at end of file diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index e3d23023db3..c7a414c5080 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -4,8 +4,8 @@ * ownCloud * * @author Sam Tuke, Frank Karlitschek, Robin Appelman - * @copyright 2012 Sam Tuke samtuke@owncloud.com, - * Robin Appelman icewind@owncloud.com, Frank Karlitschek + * @copyright 2012 Sam Tuke samtuke@owncloud.com, + * Robin Appelman icewind@owncloud.com, Frank Karlitschek * frank@owncloud.org * * This library is free software; you can redistribute it and/or @@ -47,15 +47,15 @@ class Crypt { public static function mode( $user = null ) { return 'server'; - + } - - /** - * @brief Create a new encryption keypair - * @return array publicKey, privatekey - */ + + /** + * @brief Create a new encryption keypair + * @return array publicKey, privatekey + */ public static function createKeypair() { - + $res = openssl_pkey_new(); // Get private key @@ -63,576 +63,543 @@ class Crypt { // Get public key $publicKey = openssl_pkey_get_details( $res ); - + $publicKey = $publicKey['key']; - + return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) ); - + } - - /** - * @brief Add arbitrary padding to encrypted data - * @param string $data data to be padded - * @return padded data - * @note In order to end up with data exactly 8192 bytes long we must - * add two letters. It is impossible to achieve exactly 8192 length - * blocks with encryption alone, hence padding is added to achieve the - * required length. - */ + + /** + * @brief Add arbitrary padding to encrypted data + * @param string $data data to be padded + * @return padded data + * @note In order to end up with data exactly 8192 bytes long we must + * add two letters. It is impossible to achieve exactly 8192 length + * blocks with encryption alone, hence padding is added to achieve the + * required length. + */ public static function addPadding( $data ) { - + $padded = $data . 'xx'; - + return $padded; - + } - - /** - * @brief Remove arbitrary padding to encrypted data - * @param string $padded padded data to remove padding from - * @return unpadded data on success, false on error - */ + + /** + * @brief Remove arbitrary padding to encrypted data + * @param string $padded padded data to remove padding from + * @return unpadded data on success, false on error + */ public static function removePadding( $padded ) { - + if ( substr( $padded, -2 ) == 'xx' ) { - + $data = substr( $padded, 0, -2 ); - + return $data; - + } else { - + // TODO: log the fact that unpadded data was submitted for removal of padding return false; - + } - + } - - /** - * @brief Check if a file's contents contains an IV and is symmetrically encrypted - * @return true / false - * @note see also OCA\Encryption\Util->isEncryptedPath() - */ + + /** + * @brief Check if a file's contents contains an IV and is symmetrically encrypted + * @return true / false + * @note see also OCA\Encryption\Util->isEncryptedPath() + */ public static function isCatfile( $content ) { - + if ( !$content ) { - + return false; - + } - + $noPadding = self::removePadding( $content ); - + // Fetch encryption metadata from end of file $meta = substr( $noPadding, -22 ); - + // Fetch IV from end of file $iv = substr( $meta, -16 ); - + // Fetch identifier from start of metadata $identifier = substr( $meta, 0, 6 ); - + if ( $identifier == '00iv00') { - + return true; - + } else { - + return false; - + } - + } - + /** * Check if a file is encrypted according to database file cache * @param string $path * @return bool */ public static function isEncryptedMeta( $path ) { - + // TODO: Use DI to get \OC\Files\Filesystem out of here - + // Fetch all file metadata from DB $metadata = \OC\Files\Filesystem::getFileInfo( $path, '' ); - + // Return encryption status return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted']; - + } - - /** - * @brief Check if a file is encrypted via legacy system - * @param string $relPath The path of the file, relative to user/data; - * e.g. filename or /Docs/filename, NOT admin/files/filename - * @return true / false - */ + + /** + * @brief Check if a file is encrypted via legacy system + * @param string $relPath The path of the file, relative to user/data; + * e.g. filename or /Docs/filename, NOT admin/files/filename + * @return true / false + */ public static function isLegacyEncryptedContent( $data, $relPath ) { - + // Fetch all file metadata from DB $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' ); - + // If a file is flagged with encryption in DB, but isn't a // valid content + IV combination, it's probably using the // legacy encryption system - if ( - isset( $metadata['encrypted'] ) - and $metadata['encrypted'] === true - and ! self::isCatfile( $data ) + if ( + isset( $metadata['encrypted'] ) + and $metadata['encrypted'] === true + and ! self::isCatfile( $data ) ) { - + return true; - + } else { - + return false; - + } - + } - - /** - * @brief Symmetrically encrypt a string - * @returns encrypted file - */ + + /** + * @brief Symmetrically encrypt a string + * @returns encrypted file + */ public static function encrypt( $plainContent, $iv, $passphrase = '' ) { - + if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { return $encryptedContent; - + } else { - + \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR ); - + return false; - + } - + } - - /** - * @brief Symmetrically decrypt a string - * @returns decrypted file - */ + + /** + * @brief Symmetrically decrypt a string + * @returns decrypted file + */ public static function decrypt( $encryptedContent, $iv, $passphrase ) { - + if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { return $plainContent; - - + + } else { - + throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' ); - - return false; - + } - + } - - /** - * @brief Concatenate encrypted data with its IV and padding - * @param string $content content to be concatenated - * @param string $iv IV to be concatenated - * @returns string concatenated content - */ + + /** + * @brief Concatenate encrypted data with its IV and padding + * @param string $content content to be concatenated + * @param string $iv IV to be concatenated + * @returns string concatenated content + */ public static function concatIv ( $content, $iv ) { - + $combined = $content . '00iv00' . $iv; - + return $combined; - + } - - /** - * @brief Split concatenated data and IV into respective parts - * @param string $catFile concatenated data to be split - * @returns array keys: encrypted, iv - */ + + /** + * @brief Split concatenated data and IV into respective parts + * @param string $catFile concatenated data to be split + * @returns array keys: encrypted, iv + */ public static function splitIv ( $catFile ) { - + // Fetch encryption metadata from end of file $meta = substr( $catFile, -22 ); - + // Fetch IV from end of file $iv = substr( $meta, -16 ); - + // Remove IV and IV identifier text to expose encrypted content $encrypted = substr( $catFile, 0, -22 ); - + $split = array( 'encrypted' => $encrypted - , 'iv' => $iv + , 'iv' => $iv ); - + return $split; - + } - - /** - * @brief Symmetrically encrypts a string and returns keyfile content - * @param $plainContent content to be encrypted in keyfile - * @returns encrypted content combined with IV - * @note IV need not be specified, as it will be stored in the returned keyfile - * and remain accessible therein. - */ + + /** + * @brief Symmetrically encrypts a string and returns keyfile content + * @param $plainContent content to be encrypted in keyfile + * @returns encrypted content combined with IV + * @note IV need not be specified, as it will be stored in the returned keyfile + * and remain accessible therein. + */ public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) { - + if ( !$plainContent ) { - + return false; - + } - + $iv = self::generateIv(); - + if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) { - - // Combine content to encrypt with IV identifier and actual IV - $catfile = self::concatIv( $encryptedContent, $iv ); - - $padded = self::addPadding( $catfile ); - - return $padded; - + + // Combine content to encrypt with IV identifier and actual IV + $catfile = self::concatIv( $encryptedContent, $iv ); + + $padded = self::addPadding( $catfile ); + + return $padded; + } else { - + \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR ); - + return false; - + } - + } /** - * @brief Symmetrically decrypts keyfile content - * @param string $source - * @param string $target - * @param string $key the decryption key - * @returns decrypted content - * - * This function decrypts a file - */ + * @brief Symmetrically decrypts keyfile content + * @param string $source + * @param string $target + * @param string $key the decryption key + * @returns decrypted content + * + * This function decrypts a file + */ public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) { - + if ( !$keyfileContent ) { - + throw new \Exception( 'Encryption library: no data provided for decryption' ); - + } - + // Remove padding $noPadding = self::removePadding( $keyfileContent ); - + // Split into enc data and catfile $catfile = self::splitIv( $noPadding ); - + if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) { - + return $plainContent; - + } - + } - + /** - * @brief Creates symmetric keyfile content using a generated key - * @param string $plainContent content to be encrypted - * @returns array keys: key, encrypted - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file - */ + * @brief Creates symmetric keyfile content using a generated key + * @param string $plainContent content to be encrypted + * @returns array keys: key, encrypted + * @note symmetricDecryptFileContent() can be used to decrypt files created using this method + * + * This function decrypts a file + */ public static function symmetricEncryptFileContentKeyfile( $plainContent ) { - + $key = self::generateKey(); - + if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) { - + return array( 'key' => $key - , 'encrypted' => $encryptedContent + , 'encrypted' => $encryptedContent ); - + } else { - + return false; - + } - + } - + /** - * @brief Create asymmetrically encrypted keyfile content using a generated key - * @param string $plainContent content to be encrypted - * @returns array keys: key, encrypted - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file - */ + * @brief Create asymmetrically encrypted keyfile content using a generated key + * @param string $plainContent content to be encrypted + * @returns array keys: key, encrypted + * @note symmetricDecryptFileContent() can be used to decrypt files created using this method + * + * This function decrypts a file + */ public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { - + // Set empty vars to be set by openssl by reference $sealed = ''; $envKeys = array(); - + if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) { - + return array( 'keys' => $envKeys - , 'encrypted' => $sealed + , 'encrypted' => $sealed ); - + } else { - + return false; - + } - + } - + /** - * @brief Asymmetrically encrypt a file using multiple public keys - * @param string $plainContent content to be encrypted - * @returns string $plainContent decrypted string - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file - */ + * @brief Asymmetrically encrypt a file using multiple public keys + * @param string $plainContent content to be encrypted + * @returns string $plainContent decrypted string + * @note symmetricDecryptFileContent() can be used to decrypt files created using this method + * + * This function decrypts a file + */ public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) { - + if ( !$encryptedContent ) { - + return false; - + } - + if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) { - + return $plainContent; - + } else { - + \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR ); - + return false; - + } - + } - - /** - * @brief Asymetrically encrypt a string using a public key - * @returns encrypted file - */ + + /** + * @brief Asymmetrically encrypt a string using a public key + * @returns encrypted file + */ public static function keyEncrypt( $plainContent, $publicKey ) { - + openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); - + return $encryptedContent; - + } - - /** - * @brief Asymetrically decrypt a file using a private key - * @returns decrypted file - */ + + /** + * @brief Asymetrically decrypt a file using a private key + * @returns decrypted file + */ public static function keyDecrypt( $encryptedContent, $privatekey ) { - + openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); - + return $plainContent; - + } - /** - * @brief Encrypts content symmetrically and generates keyfile asymmetrically - * @returns array containing catfile and new keyfile. - * keys: data, key - * @note this method is a wrapper for combining other crypt class methods - */ + /** + * @brief Encrypts content symmetrically and generates keyfile asymmetrically + * @returns array containing catfile and new keyfile. + * keys: data, key + * @note this method is a wrapper for combining other crypt class methods + */ public static function keyEncryptKeyfile( $plainContent, $publicKey ) { - + // Encrypt plain data, generate keyfile & encrypted file $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent ); - + // Encrypt keyfile $cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey ); - + return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey ); - + } - - /** - * @brief Takes catfile, keyfile, and private key, and - * performs decryption - * @returns decrypted content - * @note this method is a wrapper for combining other crypt class methods - */ + + /** + * @brief Takes catfile, keyfile, and private key, and + * performs decryption + * @returns decrypted content + * @note this method is a wrapper for combining other crypt class methods + */ public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) { - + // Decrypt the keyfile with the user's private key $decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey ); - + // Decrypt the catfile symmetrically using the decrypted keyfile $decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile ); - + return $decryptedData; - + } - + /** - * @brief Symmetrically encrypt a file by combining encrypted component data blocks - */ + * @brief Symmetrically encrypt a file by combining encrypted component data blocks + */ public static function symmetricBlockEncryptFileContent( $plainContent, $key ) { - + $crypted = ''; - + $remaining = $plainContent; - + $testarray = array(); - + while( strlen( $remaining ) ) { - + //echo "\n\n\$block = ".substr( $remaining, 0, 6126 ); - + // Encrypt a chunk of unencrypted data and add it to the rest $block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key ); - + $padded = self::addPadding( $block ); - + $crypted .= $block; - + $testarray[] = $block; - + // Remove the data already encrypted from remaining unencrypted data $remaining = substr( $remaining, 6126 ); - + } - - //echo "hags "; - - //echo "\n\n\n\$crypted = $crypted\n\n\n"; - - //print_r($testarray); - + return $crypted; } /** - * @brief Symmetrically decrypt a file by combining encrypted component data blocks - */ + * @brief Symmetrically decrypt a file by combining encrypted component data blocks + */ public static function symmetricBlockDecryptFileContent( $crypted, $key ) { - + $decrypted = ''; - + $remaining = $crypted; - + $testarray = array(); - + while( strlen( $remaining ) ) { - + $testarray[] = substr( $remaining, 0, 8192 ); - + // Decrypt a chunk of unencrypted data and add it to the rest $decrypted .= self::symmetricDecryptFileContent( $remaining, $key ); - + // Remove the data already encrypted from remaining unencrypted data $remaining = substr( $remaining, 8192 ); - + } - - //echo "\n\n\$testarray = "; print_r($testarray); - + return $decrypted; - + } - - /** - * @brief Generates a pseudo random initialisation vector - * @return String $iv generated IV - */ + + /** + * @brief Generates a pseudo random initialisation vector + * @return String $iv generated IV + */ public static function generateIv() { - + if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { - + if ( !$strong ) { - + // If OpenSSL indicates randomness is insecure, log error \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN ); - + } - + // We encode the iv purely for string manipulation // purposes - it gets decoded before use $iv = base64_encode( $random ); - + return $iv; - + } else { - - throw new Exception( 'Generating IV failed' ); - + + throw new \Exception( 'Generating IV failed' ); + } - + } - - /** - * @brief Generate a pseudo random 1024kb ASCII key - * @returns $key Generated key - */ + + /** + * @brief Generate a pseudo random 1024kb ASCII key + * @returns $key Generated key + */ public static function generateKey() { - + // Generate key if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) { - + if ( !$strong ) { - + // If OpenSSL indicates randomness is insecure, log error - throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); - + throw new \Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); + } - + return $key; - + } else { - + return false; - - } - - } - public static function changekeypasscode( $oldPassword, $newPassword ) { - - if ( \OCP\User::isLoggedIn() ) { - - $key = Keymanager::getPrivateKey( $user, $view ); - - if ( ( $key = Crypt::symmetricDecryptFileContent($key,$oldpasswd) ) ) { - - if ( ( $key = Crypt::symmetricEncryptFileContent( $key, $newpasswd ) ) ) { - - Keymanager::setPrivateKey( $key ); - - return true; - } - - } - } - - return false; - + } - + /** * @brief Get the blowfish encryption handeler for a key * @param $key string (optional) @@ -641,21 +608,21 @@ class Crypt { * if the key is left out, the default handeler will be used */ public static function getBlowfish( $key = '' ) { - + if ( $key ) { - + return new \Crypt_Blowfish( $key ); - + } else { - + return false; - + } - + } - + public static function legacyCreateKey( $passphrase ) { - + // Generate a random integer $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ); @@ -663,9 +630,9 @@ class Crypt { $legacyEncKey = self::legacyEncrypt( $key, $passphrase ); return $legacyEncKey; - + } - + /** * @brief encrypts content using legacy blowfish system * @param $content the cleartext message you want to encrypt @@ -675,54 +642,54 @@ class Crypt { * This function encrypts an content */ public static function legacyEncrypt( $content, $passphrase = '' ) { - + $bf = self::getBlowfish( $passphrase ); - + return $bf->encrypt( $content ); - + } - + /** - * @brief decrypts content using legacy blowfish system - * @param $content the cleartext message you want to decrypt - * @param $key the encryption key (optional) - * @returns cleartext content - * - * This function decrypts an content - */ + * @brief decrypts content using legacy blowfish system + * @param $content the cleartext message you want to decrypt + * @param $key the encryption key (optional) + * @returns cleartext content + * + * This function decrypts an content + */ public static function legacyDecrypt( $content, $passphrase = '' ) { - + $bf = self::getBlowfish( $passphrase ); - + $decrypted = $bf->decrypt( $content ); - + $trimmed = rtrim( $decrypted, "\0" ); - + return $trimmed; - + } - + public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) { - + $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase ); - + $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey ); - + return $recrypted; - + } - + /** - * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV - * @param $legacyContent the legacy encrypted content to re-encrypt - * @returns cleartext content - * - * This function decrypts an content - */ + * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV + * @param $legacyContent the legacy encrypted content to re-encrypt + * @returns cleartext content + * + * This function decrypts an content + */ public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) { - + // TODO: write me - + } - + } \ No newline at end of file diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 0d0380db6ec..95587797154 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -28,7 +28,7 @@ namespace OCA\Encryption; * @note Where a method requires a view object, it's root must be '/' */ class Keymanager { - + /** * @brief retrieve the ENCRYPTED private key from a user * @@ -46,8 +46,8 @@ class Keymanager { /** * @brief retrieve public key for a specified user - * @param \OC_FilesystemView $view - * @param $userId + * @param \OC_FilesystemView $view + * @param $userId * @return string public key or false */ public static function getPublicKey( \OC_FilesystemView $view, $userId ) { @@ -58,8 +58,8 @@ class Keymanager { /** * @brief retrieve both keys from a user (private and public) - * @param \OC_FilesystemView $view - * @param $userId + * @param \OC_FilesystemView $view + * @param $userId * @return array keys: privateKey, publicKey */ public static function getUserKeys( \OC_FilesystemView $view, $userId ) { @@ -148,11 +148,11 @@ class Keymanager { /** * @brief retrieve keyfile for an encrypted file - * @param \OC_FilesystemView $view - * @param $userId - * @param $filePath - * @internal param \OCA\Encryption\file $string name - * @return string file key or false + * @param \OC_FilesystemView $view + * @param $userId + * @param $filePath + * @internal param \OCA\Encryption\file $string name + * @return string file key or false * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ @@ -177,12 +177,12 @@ class Keymanager { /** * @brief Delete a keyfile * - * @param OC_FilesystemView $view - * @param string $userId username - * @param string $path path of the file the key belongs to - * @return bool Outcome of unlink operation - * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT - * /data/admin/files/mydoc.txt + * @param OC_FilesystemView $view + * @param string $userId username + * @param string $path path of the file the key belongs to + * @return bool Outcome of unlink operation + * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT + * /data/admin/files/mydoc.txt */ public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { @@ -220,12 +220,11 @@ class Keymanager { \OC_FileProxy::$enabled = false; - if ( !$view->file_exists( '' ) ) $view->mkdir( '' ); + if ( !$view->file_exists( '' ) ) + $view->mkdir( '' ); return $view->file_put_contents( $user . '.private.key', $key ); - - \OC_FileProxy::$enabled = true; - + } /** @@ -253,24 +252,24 @@ class Keymanager { \OC_FileProxy::$enabled = false; - if ( !$view->file_exists( '' ) ) $view->mkdir( '' ); + if ( !$view->file_exists( '' ) ) + $view->mkdir( '' ); return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key ); - - \OC_FileProxy::$enabled = true; + } /** - * @brief store file encryption key - * - * @param string $path relative path of the file, including filename - * @param string $key - * @param null $view - * @param string $dbClassName - * @return bool true/false - * @note The keyfile is not encrypted here. Client code must - * asymmetrically encrypt the keyfile before passing it to this method + * @brief store file encryption key + * + * @param string $path relative path of the file, including filename + * @param string $key + * @param null $view + * @param string $dbClassName + * @return bool true/false + * @note The keyfile is not encrypted here. Client code must + * asymmetrically encrypt the keyfile before passing it to this method */ public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { @@ -280,54 +279,38 @@ class Keymanager { return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey ); - } - - /** - * @brief Make preparations to vars and filesystem for saving a keyfile - */ - public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { + } + + /** + * @brief Make preparations to vars and filesystem for saving a keyfile + */ + public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { $targetPath = ltrim( $path, '/' ); $path_parts = pathinfo( $targetPath ); // If the file resides within a subdirectory, create it - if ( - isset( $path_parts['dirname'] ) - && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] ) + if ( + isset( $path_parts['dirname'] ) + && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] ) ) { $view->mkdir( $basePath . '/' . $path_parts['dirname'] ); } - return $targetPath; - - } + return $targetPath; - /** - * @brief change password of private encryption key - * - * @param string $oldpasswd old password - * @param string $newpasswd new password - * @return bool true/false - */ - public static function changePasswd($oldpasswd, $newpasswd) { - - if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) { - return Crypt::changekeypasscode($oldpasswd, $newpasswd); - } - return false; - } - + /** * @brief Fetch the legacy encryption key from user files * @param string $login used to locate the legacy key * @param string $passphrase used to decrypt the legacy key * @return true / false * - * if the key is left out, the default handeler will be used + * if the key is left out, the default handler will be used */ public function getLegacyKey() { diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index d4b993b4c06..65d7d57a05a 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -173,7 +173,7 @@ class Stream { // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', OCP\Util::FATAL ); + \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL ); die(); @@ -209,7 +209,7 @@ class Stream { } /** - * @brief Encrypt and pad data ready for writting to disk + * @brief Encrypt and pad data ready for writing to disk * @param string $plainData data to be encrypted * @param string $key key to use for encryption * @return encrypted data on success, false on failure @@ -403,7 +403,7 @@ class Stream { $encrypted = $this->preWriteEncrypt( $chunk, $this->keyfile ); // Write the data chunk to disk. This will be - // addended to the last data chunk if the file + // attended to the last data chunk if the file // being handled totals more than 6126 bytes fwrite( $this->handle, $encrypted ); diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php index 6fe4ea6d564..af0273cfdc4 100644 --- a/apps/files_encryption/settings-personal.php +++ b/apps/files_encryption/settings-personal.php @@ -12,8 +12,6 @@ $blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_b $tmpl->assign( 'blacklist', $blackList ); -OCP\Util::addscript('files_encryption','settings-personal'); - return $tmpl->fetchPage(); return null; diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php index 1f71efb1735..47467c52c08 100644 --- a/apps/files_encryption/templates/settings-personal.php +++ b/apps/files_encryption/templates/settings-personal.php @@ -16,7 +16,7 @@ -

+ -- 2.39.5