diff options
Diffstat (limited to 'apps/files_encryption/lib/crypt.php')
| -rw-r--r-- | apps/files_encryption/lib/crypt.php | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php new file mode 100644 index 00000000000..4e7739b1d06 --- /dev/null +++ b/apps/files_encryption/lib/crypt.php @@ -0,0 +1,207 @@ +<?php +/** + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + + + +// Todo: +// - Crypt/decrypt button in the userinterface +// - Setting if crypto should be on by default +// - Add a setting "DonĀ“t encrypt files larger than xx because of performance reasons" +// - Transparent decrypt/encrpt in filesystem.php. Autodetect if a file is encrypted (.encrypted extensio) +// - Don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster +// - IMPORTANT! Check if the block lenght of the encrypted data stays the same + + +require_once('Crypt_Blowfish/Blowfish.php'); + +/** + * This class is for crypting and decrypting + */ +class OC_Crypt { + static private $bf = null; + + public static function loginListener($params){ + self::init($params['uid'],$params['password']); + } + + public static function init($login,$password) { + if(OC_User::isLoggedIn()){ + $view=new OC_FilesystemView('/'.$login); + if(!$view->file_exists('/encryption.key')){// does key exist? + OC_Crypt::createkey($password); + } + $key=$view->file_get_contents('/encryption.key'); + $_SESSION['enckey']=OC_Crypt::decrypt($key, $password); + } + } + + /** + * get the blowfish encryption handeler for a key + * @param string $key (optional) + * + * if the key is left out, the default handeler will be used + */ + public static function getBlowfish($key=''){ + if($key){ + return new Crypt_Blowfish($key); + }else{ + if(!isset($_SESSION['enckey'])){ + return false; + } + if(!self::$bf){ + self::$bf=new Crypt_Blowfish($_SESSION['enckey']); + } + return self::$bf; + } + } + + public static function createkey($passcode) { + if(OC_User::isLoggedIn()){ + // generate a random key + $key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999); + + // encrypt the key with the passcode of the user + $enckey=OC_Crypt::encrypt($key,$passcode); + + // Write the file + $username=OC_USER::getUser(); + OC_FileProxy::$enabled=false; + $view=new OC_FilesystemView('/'.$username); + $view->file_put_contents('/encryption.key',$enckey); + OC_FileProxy::$enabled=true; + } + } + + public static function changekeypasscode($oldPassword, $newPassword) { + if(OC_User::isLoggedIn()){ + $username=OC_USER::getUser(); + $view=new OC_FilesystemView('/'.$username); + + // read old key + $key=$view->file_get_contents('/encryption.key'); + + // decrypt key with old passcode + $key=OC_Crypt::decrypt($key, $oldPassword); + + // encrypt again with new passcode + $key=OC_Crypt::encrypt($key, $newPassword); + + // store the new key + $view->file_put_contents('/encryption.key', $key ); + } + } + + /** + * @brief encrypts an content + * @param $content the cleartext message you want to encrypt + * @param $key the encryption key (optional) + * @returns encrypted content + * + * This function encrypts an content + */ + public static function encrypt( $content, $key='') { + $bf = self::getBlowfish($key); + return($bf->encrypt($content)); + } + + /** + * @brief decryption of an content + * @param $content the cleartext message you want to decrypt + * @param $key the encryption key (optional) + * @returns cleartext content + * + * This function decrypts an content + */ + public static function decrypt( $content, $key='') { + $bf = self::getBlowfish($key); + return($bf->encrypt($contents)); + } + + /** + * @brief encryption of a file + * @param $filename + * @param $key the encryption key + * + * This function encrypts a file + */ + public static function encryptfile( $filename, $key) { + $handleread = fopen($filename, "rb"); + if($handleread<>FALSE) { + $handlewrite = fopen($filename.OC_Crypt::$encription_extension, "wb"); + while (!feof($handleread)) { + $content = fread($handleread, 8192); + $enccontent=OC_CRYPT::encrypt( $content, $key); + fwrite($handlewrite, $enccontent); + } + fclose($handlewrite); + unlink($filename); + } + fclose($handleread); + } + + + /** + * @brief decryption of a file + * @param $filename + * @param $key the decryption key + * + * This function decrypts a file + */ + public static function decryptfile( $filename, $key) { + $handleread = fopen($filename.OC_Crypt::$encription_extension, "rb"); + if($handleread<>FALSE) { + $handlewrite = fopen($filename, "wb"); + while (!feof($handleread)) { + $content = fread($handleread, 8192); + $enccontent=OC_CRYPT::decrypt( $content, $key); + fwrite($handlewrite, $enccontent); + } + fclose($handlewrite); + unlink($filename.OC_Crypt::$encription_extension); + } + fclose($handleread); + } + + /** + * encrypt data in 8192b sized blocks + */ + public static function blockEncrypt($data){ + $result=''; + while(strlen($data)){ + $result=self::encrypt(substr($data,0,8192)); + $data=substr($data,8192); + } + return $result; + } + + /** + * decrypt data in 8192b sized blocks + */ + public static function blockDecrypt($data){ + $result=''; + while(strlen($data)){ + $result=self::decrypt(substr($data,0,8192)); + $data=substr($data,8192); + } + return $result; + } +} |