Beispiel #1
0
 /**
  * @medium
  * @brief Test that data that is written by the crypto stream wrapper
  * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read
  * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual
  * reassembly of its data
  */
 function testSymmetricStreamEncryptLongFileContent()
 {
     // Generate a a random filename
     $filename = 'tmp-' . uniqid() . '.test';
     $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId);
     // Save long data as encrypted file using stream wrapper
     $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong);
     // Test that data was successfully written
     $this->assertTrue(is_int($cryptedFile));
     // Disable encryption proxy to prevent recursive calls
     $proxyStatus = \OC_FileProxy::$enabled;
     \OC_FileProxy::$enabled = false;
     // Get file contents without using any wrapper to get it's actual contents on disk
     $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename);
     // Re-enable proxy - our work is done
     \OC_FileProxy::$enabled = $proxyStatus;
     // Check that the file was encrypted before being written to disk
     $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile);
     // Manuallly split saved file into separate IVs and encrypted chunks
     $r = preg_split('/(00iv00.{16,18})/', $retreivedCryptedFile, NULL, PREG_SPLIT_DELIM_CAPTURE);
     //print_r($r);
     // Join IVs and their respective data chunks
     $e = array();
     $i = 0;
     while ($i < count($r) - 1) {
         $e[] = $r[$i] . $r[$i + 1];
         $i = $i + 2;
     }
     //print_r($e);
     // Get the encrypted keyfile
     $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $util, $filename);
     // Attempt to fetch the user's shareKey
     $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $util, $filename);
     // get session
     $session = new \OCA\Encryption\Session($this->view);
     // get private key
     $privateKey = $session->getPrivateKey($this->userId);
     // Decrypt keyfile with shareKey
     $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
     // Set var for reassembling decrypted content
     $decrypt = '';
     // Manually decrypt chunk
     foreach ($e as $chunk) {
         $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent($chunk, $plainKeyfile);
         // Assemble decrypted chunks
         $decrypt .= $chunkDecrypt;
     }
     $this->assertEquals($this->dataLong . $this->dataLong, $decrypt);
     // Teardown
     $this->view->unlink($this->userId . '/files/' . $filename);
     Encryption\Keymanager::deleteFileKey($this->view, $filename);
 }
Beispiel #2
0
 /**
  * @param string $path Path of file from which has been read
  * @param string $data Data that has been read from file
  */
 public function postFile_get_contents($path, $data)
 {
     $plainData = null;
     $view = new \OC_FilesystemView('/');
     // init session
     $session = new \OCA\Encryption\Session($view);
     // If data is a catfile
     if (Crypt::mode() === 'server' && Crypt::isCatfileContent($data)) {
         $handle = fopen('crypt://' . $path, 'r');
         if (is_resource($handle)) {
             while (($plainDataChunk = fgets($handle, 8192)) !== false) {
                 $plainData .= $plainDataChunk;
             }
         }
     } elseif (Crypt::mode() == 'server' && \OC::$session->exists('legacyenckey') && Crypt::isEncryptedMeta($path)) {
         // Disable encryption proxy to prevent recursive calls
         $proxyStatus = \OC_FileProxy::$enabled;
         \OC_FileProxy::$enabled = false;
         $plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey());
         \OC_FileProxy::$enabled = $proxyStatus;
     }
     if (!isset($plainData)) {
         $plainData = $data;
     }
     return $plainData;
 }
Beispiel #3
0
 /**
  * set the init status to 'NOT_INITIALIZED' (0) if the app gets enabled
  * @param array $params contains the app ID
  */
 public static function postEnable($params)
 {
     if ($params['app'] === 'files_encryption') {
         $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
         $session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);
     }
 }
Beispiel #4
0
$breadcrumbNav->assign('breadcrumb', $breadcrumb);
$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=');
$permissions = \OCA\Files\Helper::getDirPermissions($dir);
if ($needUpgrade) {
    OCP\Util::addscript('files', 'upgrade');
    $tmpl = new OCP\Template('files', 'upgrade', 'user');
    $tmpl->printPage();
} else {
    // information about storage capacities
    $storageInfo = OC_Helper::getStorageInfo($dir);
    $maxUploadFilesize = OCP\Util::maxUploadFilesize($dir);
    $publicUploadEnabled = \OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes');
    // if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code)
    $encryptionInitStatus = 2;
    if (OC_App::isEnabled('files_encryption')) {
        $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
        $encryptionInitStatus = $session->getInitialized();
    }
    $trashEnabled = \OCP\App::isEnabled('files_trashbin');
    $trashEmpty = true;
    if ($trashEnabled) {
        $trashEmpty = \OCA\Files_Trashbin\Trashbin::isEmpty($user);
    }
    $isCreatable = \OC\Files\Filesystem::isCreatable($dir . '/');
    $fileHeader = (!isset($files) or count($files) > 0);
    $emptyContent = ($isCreatable and !$fileHeader) or $ajaxLoad;
    OCP\Util::addscript('files', 'fileactions');
    OCP\Util::addscript('files', 'files');
    OCP\Util::addscript('files', 'keyboardshortcuts');
    $tmpl = new OCP\Template('files', 'index', 'user');
    $tmpl->assign('fileList', $list->fetchPage());
<?php

$session = new \OCA\Encryption\Session(\OC::$server->getSession());
$userSession = \OC::$server->getUserSession();
$template = new OCP\Template('encryption', 'settings-personal');
$crypt = new \OCA\Encryption\Crypto\Crypt(\OC::$server->getLogger(), $userSession, \OC::$server->getConfig());
$util = new \OCA\Encryption\Util(new \OC\Files\View(), $crypt, \OC::$server->getLogger(), $userSession, \OC::$server->getConfig(), \OC::$server->getUserManager());
$keyManager = new \OCA\Encryption\KeyManager(\OC::$server->getEncryptionKeyStorage(), $crypt, \OC::$server->getConfig(), $userSession, $session, \OC::$server->getLogger(), $util);
$user = $userSession->getUser()->getUID();
$view = new \OC\Files\View('/');
$privateKeySet = $session->isPrivateKeySet();
// did we tried to initialize the keys for this session?
$initialized = $session->getStatus();
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->isRecoveryEnabledForUser($user);
$result = false;
if ($recoveryAdminEnabled || !$privateKeySet) {
    $template->assign('recoveryEnabled', $recoveryAdminEnabled);
    $template->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
    $template->assign('privateKeySet', $privateKeySet);
    $template->assign('initialized', $initialized);
    $result = $template->fetchPage();
}
return $result;
Beispiel #6
0
 public function closeEncryptionSession()
 {
     $session = new \OCA\Encryption\Session($this->view);
     $session->closeSession();
 }
Beispiel #7
0
<?php

/**
 * @author Björn Schießle <*****@*****.**>
 * @author Clark Tomlinson <*****@*****.**>
 * @author Thomas Müller <*****@*****.**>
 *
 * @copyright Copyright (c) 2015, ownCloud, Inc.
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */
\OC_Util::checkAdminUser();
$tmpl = new OCP\Template('encryption', 'settings-admin');
// Check if an adminRecovery account is enabled for recovering files after lost pwd
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0');
$session = new \OCA\Encryption\Session(\OC::$server->getSession());
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('initStatus', $session->getStatus());
return $tmpl->fetchPage();
<?php

/**
 * Copyright (c) 2013 Sam Tuke <*****@*****.**>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */
// Add CSS stylesheet
\OC_Util::addStyle('files_encryption', 'settings-personal');
$tmpl = new OCP\Template('files_encryption', 'settings-personal');
$user = \OCP\USER::getUser();
$view = new \OC\Files\View('/');
$util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
$privateKeySet = $session->getPrivateKey() !== false;
// did we tried to initialize the keys for this session?
$initialized = $session->getInitialized();
$recoveryAdminEnabled = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
$result = false;
if ($recoveryAdminEnabled || !$privateKeySet) {
    \OCP\Util::addscript('files_encryption', 'settings-personal');
    $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
    $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
    $tmpl->assign('privateKeySet', $privateKeySet);
    $tmpl->assign('initialized', $initialized);
    $result = $tmpl->fetchPage();
}
return $result;
 * This file is licensed under the Affero General Public License version 3 or later.
 * See the COPYING-README file.
 *
 * Script to change recovery key password
 *
 */
use OCA\Encryption;
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('core');
$return = false;
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Encryption\Session($view);
$user = \OCP\User::getUser();
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
$encryptedKey = $view->file_get_contents($keyPath);
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
    $cipher = \OCA\Encryption\Helper::getCipher();
    $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher);
    if ($encryptedKey) {
        \OCA\Encryption\Keymanager::setPrivateKey($encryptedKey, $user);
        $session->setPrivateKey($decryptedKey);
        $return = true;
    }
}
Beispiel #10
0
 /**
  * @brief decrypt private key and add it to the current session
  * @param array $params with 'uid' and 'password'
  * @return mixed session or false
  */
 public function initEncryption($params)
 {
     $session = new \OCA\Encryption\Session($this->view);
     // we tried to initialize the encryption app for this session
     $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED);
     $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
     $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
     if ($privateKey === false) {
         \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
         return false;
     }
     $session->setPrivateKey($privateKey);
     $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
     return $session;
 }
Beispiel #11
0
 /**
  * @brief Change a user's encryption passphrase
  * @param array $params keys: uid, password
  */
 public static function setPassphrase($params)
 {
     // Only attempt to change passphrase if server-side encryption
     // is in use (client-side encryption does not have access to
     // the necessary keys)
     if (Crypt::mode() === 'server') {
         if ($params['uid'] === \OCP\User::getUser()) {
             $view = new \OC_FilesystemView('/');
             $session = new \OCA\Encryption\Session($view);
             // Get existing decrypted private key
             $privateKey = $session->getPrivateKey();
             // Encrypt private key with new user pwd as passphrase
             $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']);
             // Save private key
             Keymanager::setPrivateKey($encryptedPrivateKey);
             // NOTE: Session does not need to be updated as the
             // private key has not changed, only the passphrase
             // used to decrypt it has changed
         } else {
             // admin changed the password for a different user, create new keys and reencrypt file keys
             $user = $params['uid'];
             $recoveryPassword = $params['recoveryPassword'];
             $newUserPassword = $params['password'];
             $view = new \OC_FilesystemView('/');
             // make sure that the users home is mounted
             \OC\Files\Filesystem::initMountPoints($user);
             $keypair = Crypt::createKeypair();
             // Disable encryption proxy to prevent recursive calls
             $proxyStatus = \OC_FileProxy::$enabled;
             \OC_FileProxy::$enabled = false;
             // Save public key
             $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
             // Encrypt private key empty passphrase
             $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
             // Save private key
             $view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
             if ($recoveryPassword) {
                 // if recovery key is set we can re-encrypt the key files
                 $util = new Util($view, $user);
                 $util->recoverUsersFiles($recoveryPassword);
             }
             \OC_FileProxy::$enabled = $proxyStatus;
         }
     }
 }
<?php

/**
 * Copyright (c) 2013 Sam Tuke <*****@*****.**>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */
// Add CSS stylesheet
\OC_Util::addStyle('files_encryption', 'settings-personal');
$tmpl = new OCP\Template('files_encryption', 'settings-personal');
$user = \OCP\USER::getUser();
$view = new \OC_FilesystemView('/');
$util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
$privateKeySet = $session->getPrivateKey() !== false ? true : false;
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
$result = false;
if ($recoveryAdminEnabled || !$privateKeySet) {
    \OCP\Util::addscript('files_encryption', 'settings-personal');
    \OCP\Util::addScript('settings', 'personal');
    $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
    $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
    $tmpl->assign('privateKeySet', $privateKeySet);
    $result = $tmpl->fetchPage();
}
return $result;
<?php

/**
 * Copyright (c) 2011 Robin Appelman <*****@*****.**>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */
\OC_Util::checkAdminUser();
$tmpl = new OCP\Template('files_encryption', 'settings-admin');
// Check if an adminRecovery account is enabled for recovering files after lost pwd
$recoveryAdminEnabled = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled', '0');
$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
$initStatus = $session->getInitialized();
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('initStatus', $initStatus);
\OCP\Util::addscript('files_encryption', 'settings-admin');
\OCP\Util::addscript('core', 'multiselect');
return $tmpl->fetchPage();
 * This file is licensed under the Affero General Public License version 3 or later.
 * See the COPYING-README file.
 *
 * @brief Script to change recovery key password
 *
 */
use OCA\Encryption;
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = OC_L10N::get('core');
$return = false;
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Encryption\Session($view);
$user = \OCP\User::getUser();
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
$encryptedKey = $view->file_get_contents($keyPath);
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
    $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword);
    $view->file_put_contents($keyPath, $encryptedKey);
    $session->setPrivateKey($decryptedKey);
    $return = true;
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {