diff options
Diffstat (limited to 'apps/files_encryption/lib/crypt.php')
| -rwxr-xr-x | apps/files_encryption/lib/crypt.php | 827 |
1 files changed, 441 insertions, 386 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ba588819d06..783c19d2542 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -4,8 +4,8 @@ * ownCloud
*
* @author Sam Tuke, Frank Karlitschek, Robin Appelman
- * @copyright 2012 Sam Tuke samtuke@owncloud.com,
- * Robin Appelman icewind@owncloud.com, Frank Karlitschek
+ * @copyright 2012 Sam Tuke samtuke@owncloud.com,
+ * Robin Appelman icewind@owncloud.com, Frank Karlitschek
* frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
@@ -27,505 +27,532 @@ namespace OCA\Encryption; require_once 'Crypt_Blowfish/Blowfish.php';
-// Todo:
-// - Add a setting "DonĀ“t encrypt files larger than xx because of performance"
-// - Don't use a password directly as encryption key. but a key which is
-// stored on the server and encrypted with the user password. -> change pass
-// faster
-
/**
* Class for common cryptography functionality
*/
-class Crypt {
+class Crypt
+{
/**
* @brief return encryption mode client or server side encryption
- * @param string user name (use system wide setting if name=null)
+ * @param string $user name (use system wide setting if name=null)
* @return string 'client' or 'server'
*/
- public static function mode( $user = null ) {
+ public static function mode($user = null)
+ {
return 'server';
-
+
}
-
- /**
- * @brief Create a new encryption keypair
- * @return array publicKey, privatekey
- */
- public static function createKeypair() {
-
+
+ /**
+ * @brief Create a new encryption keypair
+ * @return array publicKey, privatekey
+ */
+ public static function createKeypair()
+ {
+
$res = openssl_pkey_new(array('private_key_bits' => 4096));
// Get private key
- openssl_pkey_export( $res, $privateKey );
+ openssl_pkey_export($res, $privateKey);
// Get public key
- $publicKey = openssl_pkey_get_details( $res );
-
+ $publicKey = openssl_pkey_get_details($res);
+
$publicKey = $publicKey['key'];
-
- return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
-
+
+ return (array('publicKey' => $publicKey, 'privateKey' => $privateKey));
+
}
-
- /**
- * @brief Add arbitrary padding to encrypted data
- * @param string $data data to be padded
- * @return padded data
- * @note In order to end up with data exactly 8192 bytes long we must
- * add two letters. It is impossible to achieve exactly 8192 length
- * blocks with encryption alone, hence padding is added to achieve the
- * required length.
- */
- public static function addPadding( $data ) {
-
+
+ /**
+ * @brief Add arbitrary padding to encrypted data
+ * @param string $data data to be padded
+ * @return string padded data
+ * @note In order to end up with data exactly 8192 bytes long we must
+ * add two letters. It is impossible to achieve exactly 8192 length
+ * blocks with encryption alone, hence padding is added to achieve the
+ * required length.
+ */
+ public static function addPadding($data)
+ {
+
$padded = $data . 'xx';
-
+
return $padded;
-
+
}
-
- /**
- * @brief Remove arbitrary padding to encrypted data
- * @param string $padded padded data to remove padding from
- * @return unpadded data on success, false on error
- */
- public static function removePadding( $padded ) {
-
- if ( substr( $padded, -2 ) == 'xx' ) {
-
- $data = substr( $padded, 0, -2 );
-
+
+ /**
+ * @brief Remove arbitrary padding to encrypted data
+ * @param string $padded padded data to remove padding from
+ * @return string unpadded data on success, false on error
+ */
+ public static function removePadding($padded)
+ {
+
+ if (substr($padded, -2) == 'xx') {
+
+ $data = substr($padded, 0, -2);
+
return $data;
-
+
} else {
-
+
// TODO: log the fact that unpadded data was submitted for removal of padding
return false;
-
+
}
-
+
}
-
- /**
- * @brief Check if a file's contents contains an IV and is symmetrically encrypted
- * @return true / false
- * @note see also OCA\Encryption\Util->isEncryptedPath()
- */
- public static function isCatfileContent( $content ) {
-
- if ( !$content ) {
-
+
+ /**
+ * @brief Check if a file's contents contains an IV and is symmetrically encrypted
+ * @param $content
+ * @return boolean
+ * @note see also OCA\Encryption\Util->isEncryptedPath()
+ */
+ public static function isCatfileContent($content)
+ {
+
+ if (!$content) {
+
return false;
-
+
}
-
- $noPadding = self::removePadding( $content );
-
+
+ $noPadding = self::removePadding($content);
+
// Fetch encryption metadata from end of file
- $meta = substr( $noPadding, -22 );
-
+ $meta = substr($noPadding, -22);
+
// Fetch IV from end of file
- $iv = substr( $meta, -16 );
-
+ $iv = substr($meta, -16);
+
// Fetch identifier from start of metadata
- $identifier = substr( $meta, 0, 6 );
-
- if ( $identifier == '00iv00') {
-
+ $identifier = substr($meta, 0, 6);
+
+ if ($identifier == '00iv00') {
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
* Check if a file is encrypted according to database file cache
* @param string $path
* @return bool
*/
- public static function isEncryptedMeta( $path ) {
-
+ public static function isEncryptedMeta($path)
+ {
+
// TODO: Use DI to get \OC\Files\Filesystem out of here
-
+
// Fetch all file metadata from DB
- $metadata = \OC\Files\Filesystem::getFileInfo( $path);
-
+ $metadata = \OC\Files\Filesystem::getFileInfo($path);
+
// Return encryption status
- return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
-
+ return isset($metadata['encrypted']) and ( bool )$metadata['encrypted'];
+
}
-
- /**
- * @brief Check if a file is encrypted via legacy system
- * @param string $relPath The path of the file, relative to user/data;
- * e.g. filename or /Docs/filename, NOT admin/files/filename
- * @return true / false
- */
- public static function isLegacyEncryptedContent( $data, $relPath ) {
+
+ /**
+ * @brief Check if a file is encrypted via legacy system
+ * @param $data
+ * @param string $relPath The path of the file, relative to user/data;
+ * e.g. filename or /Docs/filename, NOT admin/files/filename
+ * @return boolean
+ */
+ public static function isLegacyEncryptedContent($data, $relPath)
+ {
// Fetch all file metadata from DB
- $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
-
+ $metadata = \OC\Files\Filesystem::getFileInfo($relPath, '');
+
// If a file is flagged with encryption in DB, but isn't a
// valid content + IV combination, it's probably using the
// legacy encryption system
- if (
- isset( $metadata['encrypted'] )
- and $metadata['encrypted'] === true
- and ! self::isCatfileContent( $data )
+ if (
+ isset($metadata['encrypted'])
+ and $metadata['encrypted'] === true
+ and !self::isCatfileContent($data)
) {
-
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically encrypt a string
- * @returns encrypted file
- */
- public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
-
- if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
+
+ /**
+ * @brief Symmetrically encrypt a string
+ * @return string encrypted file content
+ */
+ public static function encrypt($plainContent, $iv, $passphrase = '')
+ {
+
+ if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) {
return $encryptedContent;
-
+
} else {
-
- \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
-
+
+ \OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR);
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically decrypt a string
- * @returns decrypted file
- */
- public static function decrypt( $encryptedContent, $iv, $passphrase ) {
-
- if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
+
+ /**
+ * @brief Symmetrically decrypt a string
+ * @return string decrypted file content
+ */
+ public static function decrypt($encryptedContent, $iv, $passphrase)
+ {
+
+ if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) {
return $plainContent;
-
-
+
+
} else {
-
- throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
-
+
+ throw new \Exception('Encryption library: Decryption (symmetric) of content failed');
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Concatenate encrypted data with its IV and padding
- * @param string $content content to be concatenated
- * @param string $iv IV to be concatenated
- * @returns string concatenated content
- */
- public static function concatIv ( $content, $iv ) {
-
+
+ /**
+ * @brief Concatenate encrypted data with its IV and padding
+ * @param string $content content to be concatenated
+ * @param string $iv IV to be concatenated
+ * @returns string concatenated content
+ */
+ public static function concatIv($content, $iv)
+ {
+
$combined = $content . '00iv00' . $iv;
-
+
return $combined;
-
+
}
-
- /**
- * @brief Split concatenated data and IV into respective parts
- * @param string $catFile concatenated data to be split
- * @returns array keys: encrypted, iv
- */
- public static function splitIv ( $catFile ) {
-
+
+ /**
+ * @brief Split concatenated data and IV into respective parts
+ * @param string $catFile concatenated data to be split
+ * @returns array keys: encrypted, iv
+ */
+ public static function splitIv($catFile)
+ {
+
// Fetch encryption metadata from end of file
- $meta = substr( $catFile, -22 );
-
+ $meta = substr($catFile, -22);
+
// Fetch IV from end of file
- $iv = substr( $meta, -16 );
-
+ $iv = substr($meta, -16);
+
// Remove IV and IV identifier text to expose encrypted content
- $encrypted = substr( $catFile, 0, -22 );
-
+ $encrypted = substr($catFile, 0, -22);
+
$split = array(
'encrypted' => $encrypted
- , 'iv' => $iv
+ , 'iv' => $iv
);
-
+
return $split;
-
+
}
-
- /**
- * @brief Symmetrically encrypts a string and returns keyfile content
- * @param $plainContent content to be encrypted in keyfile
- * @returns encrypted content combined with IV
- * @note IV need not be specified, as it will be stored in the returned keyfile
- * and remain accessible therein.
- */
- public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
-
- if ( !$plainContent ) {
-
+
+ /**
+ * @brief Symmetrically encrypts a string and returns keyfile content
+ * @param string $plainContent content to be encrypted in keyfile
+ * @param string $passphrase
+ * @return bool|string
+ * @return string encrypted content combined with IV
+ * @note IV need not be specified, as it will be stored in the returned keyfile
+ * and remain accessible therein.
+ */
+ public static function symmetricEncryptFileContent($plainContent, $passphrase = '')
+ {
+
+ if (!$plainContent) {
+
return false;
-
+
}
-
+
$iv = self::generateIv();
-
- if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
-
- // Combine content to encrypt with IV identifier and actual IV
- $catfile = self::concatIv( $encryptedContent, $iv );
-
- $padded = self::addPadding( $catfile );
-
- return $padded;
-
+
+ if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) {
+
+ // Combine content to encrypt with IV identifier and actual IV
+ $catfile = self::concatIv($encryptedContent, $iv);
+
+ $padded = self::addPadding($catfile);
+
+ return $padded;
+
} else {
-
- \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
-
+
+ \OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR);
+
return false;
-
+
}
-
+
}
/**
- * @brief Symmetrically decrypts keyfile content
- * @param string $source
- * @param string $target
- * @param string $key the decryption key
- * @returns decrypted content
- *
- * This function decrypts a file
- */
- public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
-
- if ( !$keyfileContent ) {
-
- throw new \Exception( 'Encryption library: no data provided for decryption' );
-
+ * @brief Symmetrically decrypts keyfile content
+ * @param $keyfileContent
+ * @param string $passphrase
+ * @throws \Exception
+ * @return bool|string
+ * @internal param string $source
+ * @internal param string $target
+ * @internal param string $key the decryption key
+ * @returns string decrypted content
+ *
+ * This function decrypts a file
+ */
+ public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '')
+ {
+
+ if (!$keyfileContent) {
+
+ throw new \Exception('Encryption library: no data provided for decryption');
+
}
-
+
// Remove padding
- $noPadding = self::removePadding( $keyfileContent );
-
+ $noPadding = self::removePadding($keyfileContent);
+
// Split into enc data and catfile
- $catfile = self::splitIv( $noPadding );
-
- if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
-
+ $catfile = self::splitIv($noPadding);
+
+ if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) {
+
return $plainContent;
-
+
}
-
+
}
-
+
/**
- * @brief Creates symmetric keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @returns array keys: key, encrypted
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
- public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
-
+ * @brief Creates symmetric keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
+ public static function symmetricEncryptFileContentKeyfile($plainContent)
+ {
+
$key = self::generateKey();
-
- if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
-
+
+ if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) {
+
return array(
'key' => $key
- , 'encrypted' => $encryptedContent
+ , 'encrypted' => $encryptedContent
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Create asymmetrically encrypted keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @param array $publicKeys array keys must be the userId of corresponding user
- * @returns array keys: keys (array, key = userId), data
- * @note symmetricDecryptFileContent() can decrypt files created using this method
- */
- public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
-
+ * @brief Create asymmetrically encrypted keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @param array $publicKeys array keys must be the userId of corresponding user
+ * @returns array keys: keys (array, key = userId), data
+ * @note symmetricDecryptFileContent() can decrypt files created using this method
+ */
+ public static function multiKeyEncrypt($plainContent, array $publicKeys)
+ {
+
// openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error
- if ( empty( $plainContent ) ) {
-
- trigger_error( "Cannot mutliKeyEncrypt empty plain content" );
- throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' );
-
+ if (empty($plainContent)) {
+
+ trigger_error("Cannot mutliKeyEncrypt empty plain content");
+ throw new \Exception('Cannot mutliKeyEncrypt empty plain content');
+
}
-
+
// Set empty vars to be set by openssl by reference
$sealed = '';
$shareKeys = array();
-
- if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {
-
+
+ if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) {
+
$i = 0;
-
+
// Ensure each shareKey is labelled with its
// corresponding userId
- foreach ( $publicKeys as $userId => $publicKey ) {
-
+ foreach ($publicKeys as $userId => $publicKey) {
+
$mappedShareKeys[$userId] = $shareKeys[$i];
$i++;
-
+
}
-
+
return array(
'keys' => $mappedShareKeys
- , 'data' => $sealed
+ , 'data' => $sealed
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Asymmetrically encrypt a file using multiple public keys
- * @param string $plainContent content to be encrypted
- * @returns string $plainContent decrypted string
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
- public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) {
-
- if ( !$encryptedContent ) {
-
+ * @brief Asymmetrically encrypt a file using multiple public keys
+ * @param $encryptedContent
+ * @param $shareKey
+ * @param $privateKey
+ * @return bool
+ * @internal param string $plainContent content to be encrypted
+ * @returns string $plainContent decrypted string
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
+ public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey)
+ {
+
+ if (!$encryptedContent) {
+
return false;
-
+
}
-
- if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) {
-
+
+ if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
+
return $plainContent;
-
+
} else {
-
- \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
-
+
+ \OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR);
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Asymetrically encrypt a string using a public key
- * @returns encrypted file
- */
- public static function keyEncrypt( $plainContent, $publicKey ) {
-
- openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
-
+
+ /**
+ * @brief Asymetrically encrypt a string using a public key
+ * @return string encrypted file
+ */
+ public static function keyEncrypt($plainContent, $publicKey)
+ {
+
+ openssl_public_encrypt($plainContent, $encryptedContent, $publicKey);
+
return $encryptedContent;
-
+
}
-
- /**
- * @brief Asymetrically decrypt a file using a private key
- * @returns decrypted file
- */
- public static function keyDecrypt( $encryptedContent, $privatekey ) {
-
- $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
-
- if ( $result ) {
+
+ /**
+ * @brief Asymetrically decrypt a file using a private key
+ * @return string decrypted file
+ */
+ public static function keyDecrypt($encryptedContent, $privatekey)
+ {
+
+ $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey);
+
+ if ($result) {
return $plainContent;
}
return $result;
-
+
}
-
+
/**
* @brief Generates a pseudo random initialisation vector
* @return String $iv generated IV
*/
- public static function generateIv() {
-
- if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
-
- if ( !$strong ) {
-
+ public static function generateIv()
+ {
+
+ if ($random = openssl_random_pseudo_bytes(12, $strong)) {
+
+ if (!$strong) {
+
// If OpenSSL indicates randomness is insecure, log error
- \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
-
+ \OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN);
+
}
-
+
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
- $iv = base64_encode( $random );
-
+ $iv = base64_encode($random);
+
return $iv;
-
+
} else {
-
- throw new Exception( 'Generating IV failed' );
-
+
+ throw new \Exception('Generating IV failed');
+
}
-
+
}
-
+
/**
* @brief Generate a pseudo random 1024kb ASCII key
* @returns $key Generated key
*/
- public static function generateKey() {
-
+ public static function generateKey()
+ {
+
// Generate key
- if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
-
- if ( !$strong ) {
-
+ if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) {
+
+ if (!$strong) {
+
// If OpenSSL indicates randomness is insecure, log error
- throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
-
+ throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');
+
}
-
+
return $key;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
/**
@@ -535,70 +562,89 @@ class Crypt { *
* if the key is left out, the default handeler will be used
*/
- public static function getBlowfish( $key = '' ) {
-
- if ( $key ) {
-
- return new \Crypt_Blowfish( $key );
-
+ public static function getBlowfish($key = '')
+ {
+
+ if ($key) {
+
+ return new \Crypt_Blowfish($key);
+
} else {
-
+
return false;
-
+
}
-
+
}
-
- public static function legacyCreateKey( $passphrase ) {
-
+
+ /**
+ * @param $passphrase
+ * @return mixed
+ */
+ public static function legacyCreateKey($passphrase)
+ {
+
// Generate a random integer
- $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
+ $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999);
// Encrypt the key with the passphrase
- $legacyEncKey = self::legacyEncrypt( $key, $passphrase );
+ $legacyEncKey = self::legacyEncrypt($key, $passphrase);
return $legacyEncKey;
-
+
}
/**
* @brief encrypts content using legacy blowfish system
- * @param $content the cleartext message you want to encrypt
- * @param $key the encryption key (optional)
- * @returns encrypted content
+ * @param string $content the cleartext message you want to encrypt
+ * @param string $passphrase
+ * @return
+ * @internal param \OCA\Encryption\the $key encryption key (optional)
+ * @returns string encrypted content
*
* This function encrypts an content
*/
- public static function legacyEncrypt( $content, $passphrase = '' ) {
-
- $bf = self::getBlowfish( $passphrase );
-
- return $bf->encrypt( $content );
-
+ public static function legacyEncrypt($content, $passphrase = '')
+ {
+
+ $bf = self::getBlowfish($passphrase);
+
+ return $bf->encrypt($content);
+
}
-
+
/**
- * @brief decrypts content using legacy blowfish system
- * @param $content the cleartext message you want to decrypt
- * @param $key the encryption key (optional)
- * @returns cleartext content
- *
- * This function decrypts an content
- */
- public static function legacyDecrypt( $content, $passphrase = '' ) {
-
- $bf = self::getBlowfish( $passphrase );
-
- $decrypted = $bf->decrypt( $content );
-
+ * @brief decrypts content using legacy blowfish system
+ * @param string $content the cleartext message you want to decrypt
+ * @param string $passphrase
+ * @return string
+ * @internal param \OCA\Encryption\the $key encryption key (optional)
+ * @return string cleartext content
+ *
+ * This function decrypts an content
+ */
+ public static function legacyDecrypt($content, $passphrase = '')
+ {
+
+ $bf = self::getBlowfish($passphrase);
+
+ $decrypted = $bf->decrypt($content);
+
return rtrim($decrypted, "\0");;
-
+
}
- private static function legacyBlockDecrypt($data, $key='',$maxLength=0) {
+ /**
+ * @param $data
+ * @param string $key
+ * @param int $maxLength
+ * @return string
+ */
+ private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0)
+ {
$result = '';
while (strlen($data)) {
- $result.=self::legacyDecrypt(substr($data, 0, 8192), $key);
+ $result .= self::legacyDecrypt(substr($data, 0, 8192), $key);
$data = substr($data, 8192);
}
if ($maxLength > 0) {
@@ -607,19 +653,28 @@ class Crypt { return rtrim($result, "\0");
}
}
-
- public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) {
-
- $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase );
+
+ /**
+ * @param $legacyEncryptedContent
+ * @param $legacyPassphrase
+ * @param $publicKeys
+ * @param $newPassphrase
+ * @param $path
+ * @return array
+ */
+ public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path)
+ {
+
+ $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);
// Encrypt plain data, generate keyfile & encrypted file
- $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );
+ $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);
// Encrypt plain keyfile to multiple sharefiles
- $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
+ $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);
+
+ return array('data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys']);
- return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
-
}
}
\ No newline at end of file |