fixes after review from @DeepDiver1975

author: Florin Peter <github@florin-peter.de> 2013-05-23 23:56:31 +0200
committer: Florin Peter <github@florin-peter.de> 2013-05-23 23:56:31 +0200
commit: 6c8de5ae6d11886d498e810808484a2bdfeaef12 (patch)
tree: 7d9b7ffca8faa83e1d3c599f10f1a64f71660eda /apps/files_encryption/lib/crypt.php
parent: adc930d9f934fab352f4b21d8aa3710ff9db239b (diff)
download: nextcloud-server-6c8de5ae6d11886d498e810808484a2bdfeaef12.tar.gz
nextcloud-server-6c8de5ae6d11886d498e810808484a2bdfeaef12.zip
1 files changed, 113 insertions, 133 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index 1a5c9300a27..f5b7a8a0a40 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -26,7 +26,7 @@
 namespace OCA\Encryption;
 
 //require_once '../3rdparty/Crypt_Blowfish/Blowfish.php';
-require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php');
+require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' );
 
 /**
  * Class for common cryptography functionality
@@ -40,8 +40,7 @@ class Crypt
 	 * @param string $user name (use system wide setting if name=null)
 	 * @return string 'client' or 'server'
 	 */
-	public static function mode($user = null)
-	{
+	public static function mode( $user = null ) {
 
 		return 'server';
 
@@ -51,20 +50,19 @@ class Crypt
 	 * @brief Create a new encryption keypair
 	 * @return array publicKey, privatekey
 	 */
-	public static function createKeypair()
-	{
+	public static function createKeypair() {
 
-		$res = openssl_pkey_new(array('private_key_bits' => 4096));
+		$res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) );
 
 		// Get private key
-		openssl_pkey_export($res, $privateKey);
+		openssl_pkey_export( $res, $privateKey );
 
 		// Get public key
-		$publicKey = openssl_pkey_get_details($res);
+		$publicKey = openssl_pkey_get_details( $res );
 
 		$publicKey = $publicKey['key'];
 
-		return (array('publicKey' => $publicKey, 'privateKey' => $privateKey));
+		return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
 
 	}
 
@@ -77,8 +75,7 @@ class Crypt
 	 * blocks with encryption alone, hence padding is added to achieve the
 	 * required length.
 	 */
-	public static function addPadding($data)
-	{
+	public static function addPadding( $data ) {
 
 		$padded = $data . 'xx';
 
@@ -91,12 +88,11 @@ class Crypt
 	 * @param string $padded padded data to remove padding from
 	 * @return string unpadded data on success, false on error
 	 */
-	public static function removePadding($padded)
-	{
+	public static function removePadding( $padded ) {
 
-		if (substr($padded, -2) == 'xx') {
+		if ( substr( $padded, -2 ) == 'xx' ) {
 
-			$data = substr($padded, 0, -2);
+			$data = substr( $padded, 0, -2 );
 
 			return $data;
 
@@ -115,27 +111,26 @@ class Crypt
 	 * @return boolean
 	 * @note see also OCA\Encryption\Util->isEncryptedPath()
 	 */
-	public static function isCatfileContent($content)
-	{
+	public static function isCatfileContent( $content ) {
 
-		if (!$content) {
+		if ( !$content ) {
 
 			return false;
 
 		}
 
-		$noPadding = self::removePadding($content);
+		$noPadding = self::removePadding( $content );
 
 		// Fetch encryption metadata from end of file
-		$meta = substr($noPadding, -22);
+		$meta = substr( $noPadding, -22 );
 
 		// Fetch IV from end of file
-		$iv = substr($meta, -16);
+		$iv = substr( $meta, -16 );
 
 		// Fetch identifier from start of metadata
-		$identifier = substr($meta, 0, 6);
+		$identifier = substr( $meta, 0, 6 );
 
-		if ($identifier == '00iv00') {
+		if ( $identifier == '00iv00' ) {
 
 			return true;
 
@@ -152,16 +147,15 @@ class Crypt
 	 * @param string $path
 	 * @return bool
 	 */
-	public static function isEncryptedMeta($path)
-	{
+	public static function isEncryptedMeta( $path ) {
 
 		// TODO: Use DI to get \OC\Files\Filesystem out of here
 
 		// Fetch all file metadata from DB
-		$metadata = \OC\Files\Filesystem::getFileInfo($path);
+		$metadata = \OC\Files\Filesystem::getFileInfo( $path );
 
 		// Return encryption status
-		return isset($metadata['encrypted']) and ( bool )$metadata['encrypted'];
+		return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
 
 	}
 
@@ -172,19 +166,18 @@ class Crypt
 	 *        e.g. filename or /Docs/filename, NOT admin/files/filename
 	 * @return boolean
 	 */
-	public static function isLegacyEncryptedContent($data, $relPath)
-	{
+	public static function isLegacyEncryptedContent( $data, $relPath ) {
 
 		// Fetch all file metadata from DB
-		$metadata = \OC\Files\Filesystem::getFileInfo($relPath, '');
+		$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
 
 		// If a file is flagged with encryption in DB, but isn't a 
 		// valid content + IV combination, it's probably using the 
 		// legacy encryption system
 		if (
-			isset($metadata['encrypted'])
+			isset( $metadata['encrypted'] )
 			and $metadata['encrypted'] === true
-			and !self::isCatfileContent($data)
+			and !self::isCatfileContent( $data )
 		) {
 
 			return true;
@@ -199,18 +192,20 @@ class Crypt
 
 	/**
 	 * @brief Symmetrically encrypt a string
+	 * @param $plainContent
+	 * @param $iv
+	 * @param string $passphrase
 	 * @return string encrypted file content
 	 */
-	public static function encrypt($plainContent, $iv, $passphrase = '')
-	{
+	public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
 
-		if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) {
+		if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
 
 			return $encryptedContent;
 
 		} else {
 
-			\OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR);
+			\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
 
 			return false;
 
@@ -220,21 +215,21 @@ class Crypt
 
 	/**
 	 * @brief Symmetrically decrypt a string
+	 * @param $encryptedContent
+	 * @param $iv
+	 * @param $passphrase
+	 * @throws \Exception
 	 * @return string decrypted file content
 	 */
-	public static function decrypt($encryptedContent, $iv, $passphrase)
-	{
+	public static function decrypt( $encryptedContent, $iv, $passphrase ) {
 
-		if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) {
+		if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
 
 			return $plainContent;
 
-
 		} else {
 
-			throw new \Exception('Encryption library: Decryption (symmetric) of content failed');
-
-			return false;
+			throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
 
 		}
 
@@ -246,8 +241,7 @@ class Crypt
 	 * @param string $iv IV to be concatenated
 	 * @returns string concatenated content
 	 */
-	public static function concatIv($content, $iv)
-	{
+	public static function concatIv( $content, $iv ) {
 
 		$combined = $content . '00iv00' . $iv;
 
@@ -260,17 +254,16 @@ class Crypt
 	 * @param string $catFile concatenated data to be split
 	 * @returns array keys: encrypted, iv
 	 */
-	public static function splitIv($catFile)
-	{
+	public static function splitIv( $catFile ) {
 
 		// Fetch encryption metadata from end of file
-		$meta = substr($catFile, -22);
+		$meta = substr( $catFile, -22 );
 
 		// Fetch IV from end of file
-		$iv = substr($meta, -16);
+		$iv = substr( $meta, -16 );
 
 		// Remove IV and IV identifier text to expose encrypted content
-		$encrypted = substr($catFile, 0, -22);
+		$encrypted = substr( $catFile, 0, -22 );
 
 		$split = array(
 			'encrypted' => $encrypted
@@ -290,10 +283,9 @@ class Crypt
 	 * @note IV need not be specified, as it will be stored in the returned keyfile
 	 * and remain accessible therein.
 	 */
-	public static function symmetricEncryptFileContent($plainContent, $passphrase = '')
-	{
+	public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
 
-		if (!$plainContent) {
+		if ( !$plainContent ) {
 
 			return false;
 
@@ -301,18 +293,18 @@ class Crypt
 
 		$iv = self::generateIv();
 
-		if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) {
+		if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
 
 			// Combine content to encrypt with IV identifier and actual IV
-			$catfile = self::concatIv($encryptedContent, $iv);
+			$catfile = self::concatIv( $encryptedContent, $iv );
 
-			$padded = self::addPadding($catfile);
+			$padded = self::addPadding( $catfile );
 
 			return $padded;
 
 		} else {
 
-			\OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR);
+			\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
 
 			return false;
 
@@ -334,25 +326,26 @@ class Crypt
 	 *
 	 * This function decrypts a file
 	 */
-	public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '')
-	{
+	public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
 
-		if (!$keyfileContent) {
+		if ( !$keyfileContent ) {
 
-			throw new \Exception('Encryption library: no data provided for decryption');
+			throw new \Exception( 'Encryption library: no data provided for decryption' );
 
 		}
 
 		// Remove padding
-		$noPadding = self::removePadding($keyfileContent);
+		$noPadding = self::removePadding( $keyfileContent );
 
 		// Split into enc data and catfile
-		$catfile = self::splitIv($noPadding);
+		$catfile = self::splitIv( $noPadding );
 
-		if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) {
+		if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
 
 			return $plainContent;
 
+		} else {
+			return false;
 		}
 
 	}
@@ -365,16 +358,15 @@ class Crypt
 	 *
 	 * This function decrypts a file
 	 */
-	public static function symmetricEncryptFileContentKeyfile($plainContent)
-	{
+	public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
 
 		$key = self::generateKey();
 
-		if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) {
+		if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
 
 			return array(
-				'key' => $key
-			, 'encrypted' => $encryptedContent
+				'key' => $key,
+				'encrypted' => $encryptedContent
 			);
 
 		} else {
@@ -392,29 +384,28 @@ class Crypt
 	 * @returns array keys: keys (array, key = userId), data
 	 * @note symmetricDecryptFileContent() can decrypt files created using this method
 	 */
-	public static function multiKeyEncrypt($plainContent, array $publicKeys)
-	{
+	public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
 
 		// openssl_seal returns false without errors if $plainContent 
 		// is empty, so trigger our own error
-		if (empty($plainContent)) {
+		if ( empty( $plainContent ) ) {
 
-			trigger_error("Cannot mutliKeyEncrypt empty plain content");
-			throw new \Exception('Cannot mutliKeyEncrypt empty plain content');
+			throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' );
 
 		}
 
 		// Set empty vars to be set by openssl by reference
 		$sealed = '';
 		$shareKeys = array();
+		$mappedShareKeys = array();
 
-		if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) {
+		if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {
 
 			$i = 0;
 
 			// Ensure each shareKey is labelled with its 
 			// corresponding userId
-			foreach ($publicKeys as $userId => $publicKey) {
+			foreach ( $publicKeys as $userId => $publicKey ) {
 
 				$mappedShareKeys[$userId] = $shareKeys[$i];
 				$i++;
@@ -422,8 +413,8 @@ class Crypt
 			}
 
 			return array(
-				'keys' => $mappedShareKeys
-			, 'data' => $sealed
+				'keys' => $mappedShareKeys,
+				'data' => $sealed
 			);
 
 		} else {
@@ -446,22 +437,21 @@ class Crypt
 	 *
 	 * This function decrypts a file
 	 */
-	public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey)
-	{
+	public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) {
 
-		if (!$encryptedContent) {
+		if ( !$encryptedContent ) {
 
 			return false;
 
 		}
 
-		if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
+		if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) {
 
 			return $plainContent;
 
 		} else {
 
-			\OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR);
+			\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
 
 			return false;
 
@@ -473,10 +463,9 @@ class Crypt
 	 * @brief Asymetrically encrypt a string using a public key
 	 * @return string encrypted file
 	 */
-	public static function keyEncrypt($plainContent, $publicKey)
-	{
+	public static function keyEncrypt( $plainContent, $publicKey ) {
 
-		openssl_public_encrypt($plainContent, $encryptedContent, $publicKey);
+		openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
 
 		return $encryptedContent;
 
@@ -486,12 +475,11 @@ class Crypt
 	 * @brief Asymetrically decrypt a file using a private key
 	 * @return string decrypted file
 	 */
-	public static function keyDecrypt($encryptedContent, $privatekey)
-	{
+	public static function keyDecrypt( $encryptedContent, $privatekey ) {
 
-		$result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey);
+		$result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
 
-		if ($result) {
+		if ( $result ) {
 			return $plainContent;
 		}
 
@@ -503,27 +491,26 @@ class Crypt
 	 * @brief Generates a pseudo random initialisation vector
 	 * @return String $iv generated IV
 	 */
-	public static function generateIv()
-	{
+	public static function generateIv() {
 
-		if ($random = openssl_random_pseudo_bytes(12, $strong)) {
+		if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
 
-			if (!$strong) {
+			if ( !$strong ) {
 
 				// If OpenSSL indicates randomness is insecure, log error
-				\OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN);
+				\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
 
 			}
 
 			// We encode the iv purely for string manipulation 
 			// purposes - it gets decoded before use
-			$iv = base64_encode($random);
+			$iv = base64_encode( $random );
 
 			return $iv;
 
 		} else {
 
-			throw new \Exception('Generating IV failed');
+			throw new \Exception( 'Generating IV failed' );
 
 		}
 
@@ -533,16 +520,15 @@ class Crypt
 	 * @brief Generate a pseudo random 1024kb ASCII key
 	 * @returns $key Generated key
 	 */
-	public static function generateKey()
-	{
+	public static function generateKey() {
 
 		// Generate key
-		if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) {
+		if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
 
-			if (!$strong) {
+			if ( !$strong ) {
 
 				// If OpenSSL indicates randomness is insecure, log error
-				throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');
+				throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
 
 			}
 
@@ -563,12 +549,11 @@ class Crypt
 	 *
 	 * if the key is left out, the default handeler will be used
 	 */
-	public static function getBlowfish($key = '')
-	{
+	public static function getBlowfish( $key = '' ) {
 
-		if ($key) {
+		if ( $key ) {
 
-			return new \Crypt_Blowfish($key);
+			return new \Crypt_Blowfish( $key );
 
 		} else {
 
@@ -582,14 +567,13 @@ class Crypt
 	 * @param $passphrase
 	 * @return mixed
 	 */
-	public static function legacyCreateKey($passphrase)
-	{
+	public static function legacyCreateKey( $passphrase ) {
 
 		// Generate a random integer
-		$key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999);
+		$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
 
 		// Encrypt the key with the passphrase
-		$legacyEncKey = self::legacyEncrypt($key, $passphrase);
+		$legacyEncKey = self::legacyEncrypt( $key, $passphrase );
 
 		return $legacyEncKey;
 
@@ -605,12 +589,11 @@ class Crypt
 	 *
 	 * This function encrypts an content
 	 */
-	public static function legacyEncrypt($content, $passphrase = '')
-	{
+	public static function legacyEncrypt( $content, $passphrase = '' ) {
 
-		$bf = self::getBlowfish($passphrase);
+		$bf = self::getBlowfish( $passphrase );
 
-		return $bf->encrypt($content);
+		return $bf->encrypt( $content );
 
 	}
 
@@ -624,14 +607,13 @@ class Crypt
 	 *
 	 * This function decrypts an content
 	 */
-	public static function legacyDecrypt($content, $passphrase = '')
-	{
+	public static function legacyDecrypt( $content, $passphrase = '' ) {
 
-		$bf = self::getBlowfish($passphrase);
+		$bf = self::getBlowfish( $passphrase );
 
-		$decrypted = $bf->decrypt($content);
+		$decrypted = $bf->decrypt( $content );
 
-		return rtrim($decrypted, "\0");;
+		return rtrim( $decrypted, "\0" );;
 
 	}
 
@@ -641,17 +623,16 @@ class Crypt
 	 * @param int $maxLength
 	 * @return string
 	 */
-	private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0)
-	{
+	private static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) {
 		$result = '';
-		while (strlen($data)) {
-			$result .= self::legacyDecrypt(substr($data, 0, 8192), $key);
-			$data = substr($data, 8192);
+		while ( strlen( $data ) ) {
+			$result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key );
+			$data = substr( $data, 8192 );
 		}
-		if ($maxLength > 0) {
-			return substr($result, 0, $maxLength);
+		if ( $maxLength > 0 ) {
+			return substr( $result, 0, $maxLength );
 		} else {
-			return rtrim($result, "\0");
+			return rtrim( $result, "\0" );
 		}
 	}
 
@@ -663,18 +644,17 @@ class Crypt
 	 * @param $path
 	 * @return array
 	 */
-	public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path)
-	{
+	public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) {
 
-		$decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);
+		$decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase );
 
 		// Encrypt plain data, generate keyfile & encrypted file
-		$cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);
+		$cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );
 
 		// Encrypt plain keyfile to multiple sharefiles
-		$multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);
+		$multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
 
-		return array('data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys']);
+		return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
 
 	}
author	Florin Peter <github@florin-peter.de>	2013-05-23 23:56:31 +0200
committer	Florin Peter <github@florin-peter.de>	2013-05-23 23:56:31 +0200
commit	6c8de5ae6d11886d498e810808484a2bdfeaef12 (patch)
tree	7d9b7ffca8faa83e1d3c599f10f1a64f71660eda /apps/files_encryption/lib/crypt.php
parent	adc930d9f934fab352f4b21d8aa3710ff9db239b (diff)
download	nextcloud-server-6c8de5ae6d11886d498e810808484a2bdfeaef12.tar.gz nextcloud-server-6c8de5ae6d11886d498e810808484a2bdfeaef12.zip