diff options
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/crypto/crypt.php | 48 | ||||
| -rw-r--r-- | apps/encryption/lib/crypto/encryption.php | 34 | ||||
| -rw-r--r-- | apps/encryption/lib/exceptions/multikeydecryptexception.php | 20 | ||||
| -rw-r--r-- | apps/encryption/lib/exceptions/multikeyencryptexception.php | 20 | ||||
| -rw-r--r-- | apps/encryption/lib/exceptions/privatekeymissingexception.php | 8 | ||||
| -rw-r--r-- | apps/encryption/lib/exceptions/publickeymissingexception.php | 21 | ||||
| -rw-r--r-- | apps/encryption/lib/hookmanager.php | 9 | ||||
| -rw-r--r-- | apps/encryption/lib/keymanager.php | 28 | ||||
| -rw-r--r-- | apps/encryption/lib/recovery.php | 6 | ||||
| -rw-r--r-- | apps/encryption/lib/session.php | 31 | ||||
| -rw-r--r-- | apps/encryption/lib/users/setup.php | 35 | ||||
| -rw-r--r-- | apps/encryption/lib/util.php | 5 |
12 files changed, 202 insertions, 63 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index c0b737a3daa..974e0038afc 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -1,7 +1,9 @@ <?php /** - * @author Clark Tomlinson <clark@owncloud.com> - * @since 2/19/15, 1:42 PM + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * @@ -35,6 +37,8 @@ use OCP\IUserSession; class Crypt { const DEFAULT_CIPHER = 'AES-256-CFB'; + // default cipher from old ownCloud versions + const LEGACY_CIPHER = 'AES-128-CFB'; const HEADER_START = 'HBEGIN'; const HEADER_END = 'HEND'; @@ -71,7 +75,7 @@ class Crypt { $res = $this->getOpenSSLPKey(); if (!$res) { - $log->error("Encryption Library could'nt generate users key-pair for {$this->user->getUID()}", + $log->error("Encryption Library couldn't generate users key-pair for {$this->user->getUID()}", ['app' => 'encryption']); if (openssl_error_string()) { @@ -90,7 +94,7 @@ class Crypt { 'privateKey' => $privateKey ]; } - $log->error('Encryption library couldn\'t export users private key, please check your servers openSSL configuration.' . $this->user->getUID(), + $log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user->getUID(), ['app' => 'encryption']); if (openssl_error_string()) { $log->error('Encryption Library:' . openssl_error_string(), @@ -147,6 +151,16 @@ class Crypt { } /** + * generate header for encrypted file + */ + public function generateHeader() { + $cipher = $this->getCipher(); + $header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END; + + return $header; + } + + /** * @param string $plainContent * @param string $iv * @param string $passPhrase @@ -203,23 +217,28 @@ class Crypt { } /** - * @param string $recoveryKey + * @param string $privateKey * @param string $password * @return bool|string */ - public function decryptPrivateKey($recoveryKey, $password) { + public function decryptPrivateKey($privateKey, $password) { - $header = $this->parseHeader($recoveryKey); - $cipher = $this->getCipher(); + $header = $this->parseHeader($privateKey); + + if (isset($header['cipher'])) { + $cipher = $header['cipher']; + } else { + $cipher = self::LEGACY_CIPHER; + } // If we found a header we need to remove it from the key we want to decrypt if (!empty($header)) { - $recoveryKey = substr($recoveryKey, - strpos($recoveryKey, + $privateKey = substr($privateKey, + strpos($privateKey, self::HEADER_END) + strlen(self::HEADER_START)); } - $plainKey = $this->symmetricDecryptFileContent($recoveryKey, + $plainKey = $this->symmetricDecryptFileContent($privateKey, $password, $cipher); @@ -360,8 +379,11 @@ class Crypt { } /** - * Generate a pseudo random 256-bit ASCII key, used as file key + * Generate a cryptographically secure pseudo-random base64 encoded 256-bit + * ASCII key, used as file key + * * @return string + * @throws \Exception */ public static function generateFileKey() { // Generate key @@ -419,7 +441,7 @@ class Crypt { } /** - * @param $plainContent + * @param string $plainContent * @param array $keyFiles * @return array * @throws MultiKeyEncryptException diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index 7c633b7411f..13beda196ce 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -1,9 +1,24 @@ <?php /** - * @author Clark Tomlinson <fallen013@gmail.com> - * @since 3/6/15, 2:28 PM - * @link http:/www.clarkt.com - * @copyright Clark Tomlinson © 2015 + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * @author Lukas Reschke <lukas@owncloud.com> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> * */ @@ -92,7 +107,7 @@ class Encryption implements IEncryptionModule { * written to the header, in case of a write operation * or if no additional data is needed return a empty array */ - public function begin($path, $user, $header, $accessList) { + public function begin($path, $user, array $header, array $accessList) { if (isset($header['cipher'])) { $this->cipher = $header['cipher']; @@ -231,7 +246,7 @@ class Encryption implements IEncryptionModule { * @param array $accessList who has access to the file contains the key 'users' and 'public' * @return boolean */ - public function update($path, $uid, $accessList) { + public function update($path, $uid, array $accessList) { $fileKey = $this->keyManager->getFileKey($path, $uid); $publicKeys = array(); foreach ($accessList['users'] as $user) { @@ -262,12 +277,11 @@ class Encryption implements IEncryptionModule { } if ($this->keyManager->recoveryKeyExists() && - $this->util->recoveryEnabled($this->user)) { + $this->util->isRecoveryEnabledForUser()) { $publicKeys[$this->keyManager->getRecoveryKeyId()] = $this->keyManager->getRecoveryKey(); } - return $publicKeys; } @@ -314,6 +328,10 @@ class Encryption implements IEncryptionModule { return 6126; } + /** + * @param string $path + * @return string + */ protected function getPathToRealFile($path) { $realPath = $path; $parts = explode('/', $path); diff --git a/apps/encryption/lib/exceptions/multikeydecryptexception.php b/apps/encryption/lib/exceptions/multikeydecryptexception.php index 1466d35eda3..48b916ff1b8 100644 --- a/apps/encryption/lib/exceptions/multikeydecryptexception.php +++ b/apps/encryption/lib/exceptions/multikeydecryptexception.php @@ -1,5 +1,23 @@ <?php - +/** + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ namespace OCA\Encryption\Exceptions; use OCP\Encryption\Exceptions\GenericEncryptionException; diff --git a/apps/encryption/lib/exceptions/multikeyencryptexception.php b/apps/encryption/lib/exceptions/multikeyencryptexception.php index daf528e2cf7..197e06adbf3 100644 --- a/apps/encryption/lib/exceptions/multikeyencryptexception.php +++ b/apps/encryption/lib/exceptions/multikeyencryptexception.php @@ -1,5 +1,23 @@ <?php - +/** + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ namespace OCA\Encryption\Exceptions; use OCP\Encryption\Exceptions\GenericEncryptionException; diff --git a/apps/encryption/lib/exceptions/privatekeymissingexception.php b/apps/encryption/lib/exceptions/privatekeymissingexception.php index 50d75870b20..29db5a16641 100644 --- a/apps/encryption/lib/exceptions/privatekeymissingexception.php +++ b/apps/encryption/lib/exceptions/privatekeymissingexception.php @@ -1,7 +1,9 @@ <?php - /** - * @author Clark Tomlinson <clark@owncloud.com> - * @since 2/25/15, 9:39 AM +/** + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * diff --git a/apps/encryption/lib/exceptions/publickeymissingexception.php b/apps/encryption/lib/exceptions/publickeymissingexception.php index 9638c28e427..078add0369a 100644 --- a/apps/encryption/lib/exceptions/publickeymissingexception.php +++ b/apps/encryption/lib/exceptions/publickeymissingexception.php @@ -1,6 +1,23 @@ <?php - - +/** + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ namespace OCA\Encryption\Exceptions; use OCP\Encryption\Exceptions\GenericEncryptionException; diff --git a/apps/encryption/lib/hookmanager.php b/apps/encryption/lib/hookmanager.php index 19ee142a622..4b885cd7f64 100644 --- a/apps/encryption/lib/hookmanager.php +++ b/apps/encryption/lib/hookmanager.php @@ -1,7 +1,9 @@ <?php /** - * @author Clark Tomlinson <clark@owncloud.com> - * @since 2/19/15, 10:13 AM + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Lukas Reschke <lukas@owncloud.com> + * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * @@ -48,9 +50,6 @@ class HookManager { return true; } - /** - * - */ public function fireHooks() { foreach ($this->hookInstances as $instance) { /** diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 1f71a891e81..a280ea9bde3 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -1,5 +1,25 @@ <?php - +/** + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ namespace OCA\Encryption; use OC\Encryption\Exceptions\DecryptionFailedException; @@ -180,9 +200,10 @@ class KeyManager { $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $password); + $header = $this->crypt->generateHeader(); if ($encryptedKey) { - $this->setPrivateKey($uid, $encryptedKey); + $this->setPrivateKey($uid, $header . $encryptedKey); return true; } return false; @@ -199,9 +220,10 @@ class KeyManager { $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $password); + $header = $this->crypt->generateHeader(); if ($encryptedKey) { - $this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey); + $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey); return true; } return false; diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index 34acdd0a6e3..5c1e91866a0 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -1,7 +1,8 @@ <?php /** - * @author Clark Tomlinson <clark@owncloud.com> - * @since 2/19/15, 11:45 AM + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * @@ -128,6 +129,7 @@ class Recovery { * * @param string $newPassword * @param string $oldPassword + * @return bool */ public function changeRecoveryKeyPassword($newPassword, $oldPassword) { $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); diff --git a/apps/encryption/lib/session.php b/apps/encryption/lib/session.php index e705611fa6e..85d2a7698ef 100644 --- a/apps/encryption/lib/session.php +++ b/apps/encryption/lib/session.php @@ -1,24 +1,24 @@ <?php - /** - * ownCloud - * - * @copyright (C) 2015 ownCloud, Inc. + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Lukas Reschke <lukas@owncloud.com> * - * @author Bjoern Schiessle <schiessle@owncloud.com> + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. * - * This library is distributed in the hope that it will be useful, + * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. */ namespace OCA\Encryption; @@ -34,6 +34,9 @@ class Session { const INIT_EXECUTED = '1'; const INIT_SUCCESSFUL = '2'; + /** + * @param ISession $session + */ public function __construct(ISession $session) { $this->session = $session; } diff --git a/apps/encryption/lib/users/setup.php b/apps/encryption/lib/users/setup.php index e80bf6003e6..2ec49b5c7fb 100644 --- a/apps/encryption/lib/users/setup.php +++ b/apps/encryption/lib/users/setup.php @@ -1,9 +1,23 @@ <?php /** - * @author Clark Tomlinson <fallen013@gmail.com> - * @since 3/6/15, 11:36 AM - * @link http:/www.clarkt.com - * @copyright Clark Tomlinson © 2015 + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Lukas Reschke <lukas@owncloud.com> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> * */ @@ -40,7 +54,10 @@ class Setup { * @param Crypt $crypt * @param KeyManager $keyManager */ - public function __construct(ILogger $logger, IUserSession $userSession, Crypt $crypt, KeyManager $keyManager) { + public function __construct(ILogger $logger, + IUserSession $userSession, + Crypt $crypt, + KeyManager $keyManager) { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->crypt = $crypt; @@ -48,8 +65,8 @@ class Setup { } /** - * @param $uid userid - * @param $password user password + * @param string $uid userid + * @param string $password user password * @return bool */ public function setupUser($uid, $password) { @@ -57,8 +74,8 @@ class Setup { } /** - * @param $uid userid - * @param $password user password + * @param string $uid userid + * @param string $password user password * @return bool */ public function setupServerSide($uid, $password) { diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php index 6b6b8b6b38c..04e04028caf 100644 --- a/apps/encryption/lib/util.php +++ b/apps/encryption/lib/util.php @@ -1,7 +1,8 @@ <?php /** - * @author Clark Tomlinson <clark@owncloud.com> - * @since 3/17/15, 10:31 AM + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * |