aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2013-02-09 18:01:38 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2013-02-09 18:01:38 +0100
commit7f58e2749537e000344dd886df5e103e06eefe91 (patch)
tree10a532583f9eaefd88e1edb6befd71bbb40fa3d5 /apps
parentb95bc663af4135eff12a6a0c97afe37859f35094 (diff)
downloadnextcloud-server-7f58e2749537e000344dd886df5e103e06eefe91.tar.gz
nextcloud-server-7f58e2749537e000344dd886df5e103e06eefe91.zip
cleanup - more to come after
Diffstat (limited to 'apps')
-rw-r--r--apps/files_encryption/ajax/mode.php38
-rw-r--r--apps/files_encryption/appinfo/app.php4
-rw-r--r--apps/files_encryption/hooks/hooks.php10
-rw-r--r--apps/files_encryption/js/settings-personal.js38
-rw-r--r--apps/files_encryption/js/settings.js29
-rwxr-xr-xapps/files_encryption/lib/crypt.php739
-rwxr-xr-xapps/files_encryption/lib/keymanager.php103
-rw-r--r--apps/files_encryption/lib/stream.php6
-rw-r--r--apps/files_encryption/settings-personal.php2
-rw-r--r--apps/files_encryption/templates/settings-personal.php2
10 files changed, 403 insertions, 568 deletions
diff --git a/apps/files_encryption/ajax/mode.php b/apps/files_encryption/ajax/mode.php
deleted file mode 100644
index 64c5be94401..00000000000
--- a/apps/files_encryption/ajax/mode.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or later.
- * See the COPYING-README file.
- */
-
-use OCA\Encryption\Keymanager;
-
-OCP\JSON::checkAppEnabled('files_encryption');
-OCP\JSON::checkLoggedIn();
-OCP\JSON::callCheck();
-
-$mode = $_POST['mode'];
-$changePasswd = false;
-$passwdChanged = false;
-
-if ( isset($_POST['newpasswd']) && isset($_POST['oldpasswd']) ) {
- $oldpasswd = $_POST['oldpasswd'];
- $newpasswd = $_POST['newpasswd'];
- $changePasswd = true;
- $passwdChanged = Keymanager::changePasswd($oldpasswd, $newpasswd);
-}
-
-$query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
-$result = $query->execute(array(\OCP\User::getUser()));
-
-if ($result->fetchRow()){
- $query = OC_DB::prepare( 'UPDATE *PREFIX*encryption SET mode = ? WHERE uid = ?' );
-} else {
- $query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' );
-}
-
-if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) {
- OCP\JSON::success();
-} else {
- OCP\JSON::error();
-} \ No newline at end of file
diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php
index f83109a18ea..08728622525 100644
--- a/apps/files_encryption/appinfo/app.php
+++ b/apps/files_encryption/appinfo/app.php
@@ -43,6 +43,6 @@ if (
}
-// Reguster settings scripts
+// Register settings scripts
OCP\App::registerAdmin( 'files_encryption', 'settings' );
-OCP\App::registerPersonal( 'files_encryption', 'settings-personal' ); \ No newline at end of file
+OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 8bdeee0937b..7e4f677ce9d 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -165,16 +165,6 @@ class Hooks {
* @brief
*/
public static function postShared( $params ) {
-
- // Delete existing catfile
- Keymanager::deleteFileKey( );
-
- // Generate new catfile and env keys
- Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
-
- // Save env keys to user folders
-
-
}
/**
diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js
deleted file mode 100644
index 1a53e99d2b4..00000000000
--- a/apps/files_encryption/js/settings-personal.js
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or later.
- * See the COPYING-README file.
- */
-
-$(document).ready(function(){
- $('input[name=encryption_mode]').change(function(){
- var prevmode = document.getElementById('prev_encryption_mode').value
- var client=$('input[value="client"]:checked').val()
- ,server=$('input[value="server"]:checked').val()
- ,user=$('input[value="user"]:checked').val()
- ,none=$('input[value="none"]:checked').val()
- if (client) {
- $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'client' });
- if (prevmode == 'server') {
- OC.dialogs.info(t('encryption', 'Please switch to your ownCloud client and change your encryption password to complete the conversion.'), t('encryption', 'switched to client side encryption'));
- }
- } else if (server) {
- if (prevmode == 'client') {
- OC.dialogs.form([{text:'Login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) {
- $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) {
- if (result.status != 'success') {
- document.getElementById(prevmode+'_encryption').checked = true;
- OC.dialogs.alert(t('encryption', 'Please check your passwords and try again.'), t('encryption', 'Could not change your file encryption password to your login password'))
- } else {
- console.log("alles super");
- }
- }, true);
- });
- } else {
- $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server' });
- }
- } else {
- $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'none' });
- }
- })
-}) \ No newline at end of file
diff --git a/apps/files_encryption/js/settings.js b/apps/files_encryption/js/settings.js
index 60563bde859..0be857bb73e 100644
--- a/apps/files_encryption/js/settings.js
+++ b/apps/files_encryption/js/settings.js
@@ -9,38 +9,11 @@ $(document).ready(function(){
$('#encryption_blacklist').multiSelect({
oncheck:blackListChange,
onuncheck:blackListChange,
- createText:'...',
+ createText:'...'
});
function blackListChange(){
var blackList=$('#encryption_blacklist').val().join(',');
OC.AppConfig.setValue('files_encryption','type_blacklist',blackList);
}
-
- //TODO: Handle switch between client and server side encryption
- $('input[name=encryption_mode]').change(function(){
- var client=$('input[value="client"]:checked').val()
- ,server=$('input[value="server"]:checked').val()
- ,user=$('input[value="user"]:checked').val()
- ,none=$('input[value="none"]:checked').val()
- ,disable=false
- if (client) {
- OC.AppConfig.setValue('files_encryption','mode','client');
- disable = true;
- } else if (server) {
- OC.AppConfig.setValue('files_encryption','mode','server');
- disable = true;
- } else if (user) {
- OC.AppConfig.setValue('files_encryption','mode','user');
- disable = true;
- } else {
- OC.AppConfig.setValue('files_encryption','mode','none');
- }
- if (disable) {
- document.getElementById('server_encryption').disabled = true;
- document.getElementById('client_encryption').disabled = true;
- document.getElementById('user_encryption').disabled = true;
- document.getElementById('none_encryption').disabled = true;
- }
- })
}) \ No newline at end of file
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index e3d23023db3..c7a414c5080 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -4,8 +4,8 @@
* ownCloud
*
* @author Sam Tuke, Frank Karlitschek, Robin Appelman
- * @copyright 2012 Sam Tuke samtuke@owncloud.com,
- * Robin Appelman icewind@owncloud.com, Frank Karlitschek
+ * @copyright 2012 Sam Tuke samtuke@owncloud.com,
+ * Robin Appelman icewind@owncloud.com, Frank Karlitschek
* frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
@@ -47,15 +47,15 @@ class Crypt {
public static function mode( $user = null ) {
return 'server';
-
+
}
-
- /**
- * @brief Create a new encryption keypair
- * @return array publicKey, privatekey
- */
+
+ /**
+ * @brief Create a new encryption keypair
+ * @return array publicKey, privatekey
+ */
public static function createKeypair() {
-
+
$res = openssl_pkey_new();
// Get private key
@@ -63,576 +63,543 @@ class Crypt {
// Get public key
$publicKey = openssl_pkey_get_details( $res );
-
+
$publicKey = $publicKey['key'];
-
+
return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
-
+
}
-
- /**
- * @brief Add arbitrary padding to encrypted data
- * @param string $data data to be padded
- * @return padded data
- * @note In order to end up with data exactly 8192 bytes long we must
- * add two letters. It is impossible to achieve exactly 8192 length
- * blocks with encryption alone, hence padding is added to achieve the
- * required length.
- */
+
+ /**
+ * @brief Add arbitrary padding to encrypted data
+ * @param string $data data to be padded
+ * @return padded data
+ * @note In order to end up with data exactly 8192 bytes long we must
+ * add two letters. It is impossible to achieve exactly 8192 length
+ * blocks with encryption alone, hence padding is added to achieve the
+ * required length.
+ */
public static function addPadding( $data ) {
-
+
$padded = $data . 'xx';
-
+
return $padded;
-
+
}
-
- /**
- * @brief Remove arbitrary padding to encrypted data
- * @param string $padded padded data to remove padding from
- * @return unpadded data on success, false on error
- */
+
+ /**
+ * @brief Remove arbitrary padding to encrypted data
+ * @param string $padded padded data to remove padding from
+ * @return unpadded data on success, false on error
+ */
public static function removePadding( $padded ) {
-
+
if ( substr( $padded, -2 ) == 'xx' ) {
-
+
$data = substr( $padded, 0, -2 );
-
+
return $data;
-
+
} else {
-
+
// TODO: log the fact that unpadded data was submitted for removal of padding
return false;
-
+
}
-
+
}
-
- /**
- * @brief Check if a file's contents contains an IV and is symmetrically encrypted
- * @return true / false
- * @note see also OCA\Encryption\Util->isEncryptedPath()
- */
+
+ /**
+ * @brief Check if a file's contents contains an IV and is symmetrically encrypted
+ * @return true / false
+ * @note see also OCA\Encryption\Util->isEncryptedPath()
+ */
public static function isCatfile( $content ) {
-
+
if ( !$content ) {
-
+
return false;
-
+
}
-
+
$noPadding = self::removePadding( $content );
-
+
// Fetch encryption metadata from end of file
$meta = substr( $noPadding, -22 );
-
+
// Fetch IV from end of file
$iv = substr( $meta, -16 );
-
+
// Fetch identifier from start of metadata
$identifier = substr( $meta, 0, 6 );
-
+
if ( $identifier == '00iv00') {
-
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
* Check if a file is encrypted according to database file cache
* @param string $path
* @return bool
*/
public static function isEncryptedMeta( $path ) {
-
+
// TODO: Use DI to get \OC\Files\Filesystem out of here
-
+
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo( $path, '' );
-
+
// Return encryption status
return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
-
+
}
-
- /**
- * @brief Check if a file is encrypted via legacy system
- * @param string $relPath The path of the file, relative to user/data;
- * e.g. filename or /Docs/filename, NOT admin/files/filename
- * @return true / false
- */
+
+ /**
+ * @brief Check if a file is encrypted via legacy system
+ * @param string $relPath The path of the file, relative to user/data;
+ * e.g. filename or /Docs/filename, NOT admin/files/filename
+ * @return true / false
+ */
public static function isLegacyEncryptedContent( $data, $relPath ) {
-
+
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
-
+
// If a file is flagged with encryption in DB, but isn't a
// valid content + IV combination, it's probably using the
// legacy encryption system
- if (
- isset( $metadata['encrypted'] )
- and $metadata['encrypted'] === true
- and ! self::isCatfile( $data )
+ if (
+ isset( $metadata['encrypted'] )
+ and $metadata['encrypted'] === true
+ and ! self::isCatfile( $data )
) {
-
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically encrypt a string
- * @returns encrypted file
- */
+
+ /**
+ * @brief Symmetrically encrypt a string
+ * @returns encrypted file
+ */
public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
-
+
if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $encryptedContent;
-
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically decrypt a string
- * @returns decrypted file
- */
+
+ /**
+ * @brief Symmetrically decrypt a string
+ * @returns decrypted file
+ */
public static function decrypt( $encryptedContent, $iv, $passphrase ) {
-
+
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $plainContent;
-
-
+
+
} else {
-
+
throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
-
- return false;
-
+
}
-
+
}
-
- /**
- * @brief Concatenate encrypted data with its IV and padding
- * @param string $content content to be concatenated
- * @param string $iv IV to be concatenated
- * @returns string concatenated content
- */
+
+ /**
+ * @brief Concatenate encrypted data with its IV and padding
+ * @param string $content content to be concatenated
+ * @param string $iv IV to be concatenated
+ * @returns string concatenated content
+ */
public static function concatIv ( $content, $iv ) {
-
+
$combined = $content . '00iv00' . $iv;
-
+
return $combined;
-
+
}
-
- /**
- * @brief Split concatenated data and IV into respective parts
- * @param string $catFile concatenated data to be split
- * @returns array keys: encrypted, iv
- */
+
+ /**
+ * @brief Split concatenated data and IV into respective parts
+ * @param string $catFile concatenated data to be split
+ * @returns array keys: encrypted, iv
+ */
public static function splitIv ( $catFile ) {
-
+
// Fetch encryption metadata from end of file
$meta = substr( $catFile, -22 );
-
+
// Fetch IV from end of file
$iv = substr( $meta, -16 );
-
+
// Remove IV and IV identifier text to expose encrypted content
$encrypted = substr( $catFile, 0, -22 );
-
+
$split = array(
'encrypted' => $encrypted
- , 'iv' => $iv
+ , 'iv' => $iv
);
-
+
return $split;
-
+
}
-
- /**
- * @brief Symmetrically encrypts a string and returns keyfile content
- * @param $plainContent content to be encrypted in keyfile
- * @returns encrypted content combined with IV
- * @note IV need not be specified, as it will be stored in the returned keyfile
- * and remain accessible therein.
- */
+
+ /**
+ * @brief Symmetrically encrypts a string and returns keyfile content
+ * @param $plainContent content to be encrypted in keyfile
+ * @returns encrypted content combined with IV
+ * @note IV need not be specified, as it will be stored in the returned keyfile
+ * and remain accessible therein.
+ */
public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
-
+
if ( !$plainContent ) {
-
+
return false;
-
+
}
-
+
$iv = self::generateIv();
-
+
if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
-
- // Combine content to encrypt with IV identifier and actual IV
- $catfile = self::concatIv( $encryptedContent, $iv );
-
- $padded = self::addPadding( $catfile );
-
- return $padded;
-
+
+ // Combine content to encrypt with IV identifier and actual IV
+ $catfile = self::concatIv( $encryptedContent, $iv );
+
+ $padded = self::addPadding( $catfile );
+
+ return $padded;
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
/**
- * @brief Symmetrically decrypts keyfile content
- * @param string $source
- * @param string $target
- * @param string $key the decryption key
- * @returns decrypted content
- *
- * This function decrypts a file
- */
+ * @brief Symmetrically decrypts keyfile content
+ * @param string $source
+ * @param string $target
+ * @param string $key the decryption key
+ * @returns decrypted content
+ *
+ * This function decrypts a file
+ */
public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
-
+
if ( !$keyfileContent ) {
-
+
throw new \Exception( 'Encryption library: no data provided for decryption' );
-
+
}
-
+
// Remove padding
$noPadding = self::removePadding( $keyfileContent );
-
+
// Split into enc data and catfile
$catfile = self::splitIv( $noPadding );
-
+
if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
-
+
return $plainContent;
-
+
}
-
+
}
-
+
/**
- * @brief Creates symmetric keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @returns array keys: key, encrypted
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Creates symmetric keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
-
+
$key = self::generateKey();
-
+
if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
-
+
return array(
'key' => $key
- , 'encrypted' => $encryptedContent
+ , 'encrypted' => $encryptedContent
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Create asymmetrically encrypted keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @returns array keys: key, encrypted
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Create asymmetrically encrypted keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
-
+
// Set empty vars to be set by openssl by reference
$sealed = '';
$envKeys = array();
-
+
if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) {
-
+
return array(
'keys' => $envKeys
- , 'encrypted' => $sealed
+ , 'encrypted' => $sealed
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Asymmetrically encrypt a file using multiple public keys
- * @param string $plainContent content to be encrypted
- * @returns string $plainContent decrypted string
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Asymmetrically encrypt a file using multiple public keys
+ * @param string $plainContent content to be encrypted
+ * @returns string $plainContent decrypted string
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) {
-
+
if ( !$encryptedContent ) {
-
+
return false;
-
+
}
-
+
if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) {
-
+
return $plainContent;
-
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Asymetrically encrypt a string using a public key
- * @returns encrypted file
- */
+
+ /**
+ * @brief Asymmetrically encrypt a string using a public key
+ * @returns encrypted file
+ */
public static function keyEncrypt( $plainContent, $publicKey ) {
-
+
openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
-
+
return $encryptedContent;
-
+
}
-
- /**
- * @brief Asymetrically decrypt a file using a private key
- * @returns decrypted file
- */
+
+ /**
+ * @brief Asymetrically decrypt a file using a private key
+ * @returns decrypted file
+ */
public static function keyDecrypt( $encryptedContent, $privatekey ) {
-
+
openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
-
+
return $plainContent;
-
+
}
- /**
- * @brief Encrypts content symmetrically and generates keyfile asymmetrically
- * @returns array containing catfile and new keyfile.
- * keys: data, key
- * @note this method is a wrapper for combining other crypt class methods
- */
+ /**
+ * @brief Encrypts content symmetrically and generates keyfile asymmetrically
+ * @returns array containing catfile and new keyfile.
+ * keys: data, key
+ * @note this method is a wrapper for combining other crypt class methods
+ */
public static function keyEncryptKeyfile( $plainContent, $publicKey ) {
-
+
// Encrypt plain data, generate keyfile & encrypted file
$cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );
-
+
// Encrypt keyfile
$cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );
-
+
return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );
-
+
}
-
- /**
- * @brief Takes catfile, keyfile, and private key, and
- * performs decryption
- * @returns decrypted content
- * @note this method is a wrapper for combining other crypt class methods
- */
+
+ /**
+ * @brief Takes catfile, keyfile, and private key, and
+ * performs decryption
+ * @returns decrypted content
+ * @note this method is a wrapper for combining other crypt class methods
+ */
public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) {
-
+
// Decrypt the keyfile with the user's private key
$decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey );
-
+
// Decrypt the catfile symmetrically using the decrypted keyfile
$decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile );
-
+
return $decryptedData;
-
+
}
-
+
/**
- * @brief Symmetrically encrypt a file by combining encrypted component data blocks
- */
+ * @brief Symmetrically encrypt a file by combining encrypted component data blocks
+ */
public static function symmetricBlockEncryptFileContent( $plainContent, $key ) {
-
+
$crypted = '';
-
+
$remaining = $plainContent;
-
+
$testarray = array();
-
+
while( strlen( $remaining ) ) {
-
+
//echo "\n\n\$block = ".substr( $remaining, 0, 6126 );
-
+
// Encrypt a chunk of unencrypted data and add it to the rest
$block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key );
-
+
$padded = self::addPadding( $block );
-
+
$crypted .= $block;
-
+
$testarray[] = $block;
-
+
// Remove the data already encrypted from remaining unencrypted data
$remaining = substr( $remaining, 6126 );
-
+
}
-
- //echo "hags ";
-
- //echo "\n\n\n\$crypted = $crypted\n\n\n";
-
- //print_r($testarray);
-
+
return $crypted;
}
/**
- * @brief Symmetrically decrypt a file by combining encrypted component data blocks
- */
+ * @brief Symmetrically decrypt a file by combining encrypted component data blocks
+ */
public static function symmetricBlockDecryptFileContent( $crypted, $key ) {
-
+
$decrypted = '';
-
+
$remaining = $crypted;
-
+
$testarray = array();
-
+
while( strlen( $remaining ) ) {
-
+
$testarray[] = substr( $remaining, 0, 8192 );
-
+
// Decrypt a chunk of unencrypted data and add it to the rest
$decrypted .= self::symmetricDecryptFileContent( $remaining, $key );
-
+
// Remove the data already encrypted from remaining unencrypted data
$remaining = substr( $remaining, 8192 );
-
+
}
-
- //echo "\n\n\$testarray = "; print_r($testarray);
-
+
return $decrypted;
-
+
}
-
- /**
- * @brief Generates a pseudo random initialisation vector
- * @return String $iv generated IV
- */
+
+ /**
+ * @brief Generates a pseudo random initialisation vector
+ * @return String $iv generated IV
+ */
public static function generateIv() {
-
+
if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
-
+
if ( !$strong ) {
-
+
// If OpenSSL indicates randomness is insecure, log error
\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
-
+
}
-
+
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
$iv = base64_encode( $random );
-
+
return $iv;
-
+
} else {
-
- throw new Exception( 'Generating IV failed' );
-
+
+ throw new \Exception( 'Generating IV failed' );
+
}
-
+
}
-
- /**
- * @brief Generate a pseudo random 1024kb ASCII key
- * @returns $key Generated key
- */
+
+ /**
+ * @brief Generate a pseudo random 1024kb ASCII key
+ * @returns $key Generated key
+ */
public static function generateKey() {
-
+
// Generate key
if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
-
+
if ( !$strong ) {
-
+
// If OpenSSL indicates randomness is insecure, log error
- throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
-
+ throw new \Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
+
}
-
+
return $key;
-
+
} else {
-
+
return false;
-
- }
-
- }
- public static function changekeypasscode( $oldPassword, $newPassword ) {
-
- if ( \OCP\User::isLoggedIn() ) {
-
- $key = Keymanager::getPrivateKey( $user, $view );
-
- if ( ( $key = Crypt::symmetricDecryptFileContent($key,$oldpasswd) ) ) {
-
- if ( ( $key = Crypt::symmetricEncryptFileContent( $key, $newpasswd ) ) ) {
-
- Keymanager::setPrivateKey( $key );
-
- return true;
- }
-
- }
-
}
-
- return false;
-
+
}
-
+
/**
* @brief Get the blowfish encryption handeler for a key
* @param $key string (optional)
@@ -641,21 +608,21 @@ class Crypt {
* if the key is left out, the default handeler will be used
*/
public static function getBlowfish( $key = '' ) {
-
+
if ( $key ) {
-
+
return new \Crypt_Blowfish( $key );
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
public static function legacyCreateKey( $passphrase ) {
-
+
// Generate a random integer
$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
@@ -663,9 +630,9 @@ class Crypt {
$legacyEncKey = self::legacyEncrypt( $key, $passphrase );
return $legacyEncKey;
-
+
}
-
+
/**
* @brief encrypts content using legacy blowfish system
* @param $content the cleartext message you want to encrypt
@@ -675,54 +642,54 @@ class Crypt {
* This function encrypts an content
*/
public static function legacyEncrypt( $content, $passphrase = '' ) {
-
+
$bf = self::getBlowfish( $passphrase );
-
+
return $bf->encrypt( $content );
-
+
}
-
+
/**
- * @brief decrypts content using legacy blowfish system
- * @param $content the cleartext message you want to decrypt
- * @param $key the encryption key (optional)
- * @returns cleartext content
- *
- * This function decrypts an content
- */
+ * @brief decrypts content using legacy blowfish system
+ * @param $content the cleartext message you want to decrypt
+ * @param $key the encryption key (optional)
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
public static function legacyDecrypt( $content, $passphrase = '' ) {
-
+
$bf = self::getBlowfish( $passphrase );
-
+
$decrypted = $bf->decrypt( $content );
-
+
$trimmed = rtrim( $decrypted, "\0" );
-
+
return $trimmed;
-
+
}
-
+
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) {
-
+
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );
-
+
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey );
-
+
return $recrypted;
-
+
}
-
+
/**
- * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV
- * @param $legacyContent the legacy encrypted content to re-encrypt
- * @returns cleartext content
- *
- * This function decrypts an content
- */
+ * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV
+ * @param $legacyContent the legacy encrypted content to re-encrypt
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) {
-
+
// TODO: write me
-
+
}
-
+
} \ No newline at end of file
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 0d0380db6ec..95587797154 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -28,7 +28,7 @@ namespace OCA\Encryption;
* @note Where a method requires a view object, it's root must be '/'
*/
class Keymanager {
-
+
/**
* @brief retrieve the ENCRYPTED private key from a user
*
@@ -46,8 +46,8 @@ class Keymanager {
/**
* @brief retrieve public key for a specified user
- * @param \OC_FilesystemView $view
- * @param $userId
+ * @param \OC_FilesystemView $view
+ * @param $userId
* @return string public key or false
*/
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
@@ -58,8 +58,8 @@ class Keymanager {
/**
* @brief retrieve both keys from a user (private and public)
- * @param \OC_FilesystemView $view
- * @param $userId
+ * @param \OC_FilesystemView $view
+ * @param $userId
* @return array keys: privateKey, publicKey
*/
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
@@ -148,11 +148,11 @@ class Keymanager {
/**
* @brief retrieve keyfile for an encrypted file
- * @param \OC_FilesystemView $view
- * @param $userId
- * @param $filePath
- * @internal param \OCA\Encryption\file $string name
- * @return string file key or false
+ * @param \OC_FilesystemView $view
+ * @param $userId
+ * @param $filePath
+ * @internal param \OCA\Encryption\file $string name
+ * @return string file key or false
* @note The keyfile returned is asymmetrically encrypted. Decryption
* of the keyfile must be performed by client code
*/
@@ -177,12 +177,12 @@ class Keymanager {
/**
* @brief Delete a keyfile
*
- * @param OC_FilesystemView $view
- * @param string $userId username
- * @param string $path path of the file the key belongs to
- * @return bool Outcome of unlink operation
- * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
- * /data/admin/files/mydoc.txt
+ * @param OC_FilesystemView $view
+ * @param string $userId username
+ * @param string $path path of the file the key belongs to
+ * @return bool Outcome of unlink operation
+ * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
+ * /data/admin/files/mydoc.txt
*/
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
@@ -220,12 +220,11 @@ class Keymanager {
\OC_FileProxy::$enabled = false;
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+ if ( !$view->file_exists( '' ) )
+ $view->mkdir( '' );
return $view->file_put_contents( $user . '.private.key', $key );
-
- \OC_FileProxy::$enabled = true;
-
+
}
/**
@@ -253,24 +252,24 @@ class Keymanager {
\OC_FileProxy::$enabled = false;
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+ if ( !$view->file_exists( '' ) )
+ $view->mkdir( '' );
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
-
- \OC_FileProxy::$enabled = true;
+
}
/**
- * @brief store file encryption key
- *
- * @param string $path relative path of the file, including filename
- * @param string $key
- * @param null $view
- * @param string $dbClassName
- * @return bool true/false
- * @note The keyfile is not encrypted here. Client code must
- * asymmetrically encrypt the keyfile before passing it to this method
+ * @brief store file encryption key
+ *
+ * @param string $path relative path of the file, including filename
+ * @param string $key
+ * @param null $view
+ * @param string $dbClassName
+ * @return bool true/false
+ * @note The keyfile is not encrypted here. Client code must
+ * asymmetrically encrypt the keyfile before passing it to this method
*/
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
@@ -280,54 +279,38 @@ class Keymanager {
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
- }
-
- /**
- * @brief Make preparations to vars and filesystem for saving a keyfile
- */
- public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
+ }
+
+ /**
+ * @brief Make preparations to vars and filesystem for saving a keyfile
+ */
+ public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
$targetPath = ltrim( $path, '/' );
$path_parts = pathinfo( $targetPath );
// If the file resides within a subdirectory, create it
- if (
- isset( $path_parts['dirname'] )
- && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
+ if (
+ isset( $path_parts['dirname'] )
+ && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
) {
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
}
- return $targetPath;
-
- }
+ return $targetPath;
- /**
- * @brief change password of private encryption key
- *
- * @param string $oldpasswd old password
- * @param string $newpasswd new password
- * @return bool true/false
- */
- public static function changePasswd($oldpasswd, $newpasswd) {
-
- if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
- return Crypt::changekeypasscode($oldpasswd, $newpasswd);
- }
- return false;
-
}
-
+
/**
* @brief Fetch the legacy encryption key from user files
* @param string $login used to locate the legacy key
* @param string $passphrase used to decrypt the legacy key
* @return true / false
*
- * if the key is left out, the default handeler will be used
+ * if the key is left out, the default handler will be used
*/
public function getLegacyKey() {
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index d4b993b4c06..65d7d57a05a 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -173,7 +173,7 @@ class Stream {
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
- \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', OCP\Util::FATAL );
+ \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL );
die();
@@ -209,7 +209,7 @@ class Stream {
}
/**
- * @brief Encrypt and pad data ready for writting to disk
+ * @brief Encrypt and pad data ready for writing to disk
* @param string $plainData data to be encrypted
* @param string $key key to use for encryption
* @return encrypted data on success, false on failure
@@ -403,7 +403,7 @@ class Stream {
$encrypted = $this->preWriteEncrypt( $chunk, $this->keyfile );
// Write the data chunk to disk. This will be
- // addended to the last data chunk if the file
+ // attended to the last data chunk if the file
// being handled totals more than 6126 bytes
fwrite( $this->handle, $encrypted );
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index 6fe4ea6d564..af0273cfdc4 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -12,8 +12,6 @@ $blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_b
$tmpl->assign( 'blacklist', $blackList );
-OCP\Util::addscript('files_encryption','settings-personal');
-
return $tmpl->fetchPage();
return null;
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 1f71efb1735..47467c52c08 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -16,7 +16,7 @@
<?php echo $type; ?>
</li>
<?php endforeach; ?>
- </p>
+ </ul>
<?php endif; ?>
</fieldset>
</form>