/**
* decrypt private key and add it to the current session
* @param array $params with 'uid' and 'password'
* @return mixed session or false
*/
public function initEncryption($params)
{
$session = new Session($this->view);
// we tried to initialize the encryption app for this session
$session->setInitialized(Session::INIT_EXECUTED);
$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
$privateKey = false;
if ($encryptedKey) {
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
}
if ($privateKey === false) {
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
return false;
}
$session->setPrivateKey($privateKey);
$session->setInitialized(Session::INIT_SUCCESSFUL);
return $session;
}
/**
* @brief replacing encryption keys during password change should be allowed
* until the user logged in for the first time
*/
public function testSetPassphrase()
{
$view = new \OC\Files\View();
// set user password for the first time
\OC_User::createUser(self::TEST_ENCRYPTION_HOOKS_USER3, 'newUserPassword');
\OCA\Files_Encryption\Hooks::postCreateUser(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'newUserPassword'));
$this->assertTrue($view->file_exists(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.publicKey'));
$this->assertTrue($view->file_exists(self::TEST_ENCRYPTION_HOOKS_USER3 . '/files_encryption/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.privateKey'));
// check if we are able to decrypt the private key
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword');
$this->assertTrue(is_string($privateKey));
// change the password before the user logged-in for the first time,
// we can replace the encryption keys
\OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged'));
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
$this->assertTrue(is_string($privateKey));
// now create a files folder to simulate a already used account
$view->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '/files');
// change the password after the user logged in, now the password should not change
\OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged2'));
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2');
$this->assertFalse($privateKey);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
$this->assertTrue(is_string($privateKey));
}
public function testDecryptPrivateKey()
{
// test successful decrypt
$crypted = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($this->genPrivateKey, 'hat');
$header = \OCA\Files_Encryption\Crypt::generateHeader();
$decrypted = \OCA\Files_Encryption\Crypt::decryptPrivateKey($header . $crypted, 'hat');
$this->assertEquals($this->genPrivateKey, $decrypted);
//test private key decrypt with wrong password
$wrongPasswd = \OCA\Files_Encryption\Crypt::decryptPrivateKey($crypted, 'hat2');
$this->assertEquals(false, $wrongPasswd);
}
$errorMessage = $l->t('Please repeat the new recovery password');
\OCP\JSON::error(array('data' => array('message' => $errorMessage)));
exit;
}
if ($_POST['newPassword'] !== $_POST['confirmPassword']) {
$errorMessage = $l->t('Repeated recovery key password does not match the provided recovery key password');
\OCP\JSON::error(array('data' => array('message' => $errorMessage)));
exit;
}
$view = new \OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser());
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyId = $util->getRecoveryKeyId();
$encryptedRecoveryKey = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyId);
$decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false;
if ($decryptedRecoveryKey) {
$cipher = \OCA\Files_Encryption\Helper::getCipher();
$encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher);
if ($encryptedKey) {
\OCA\Files_Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId);
$return = true;
}
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not change the password. Maybe the old password was not correct.'))));
}
/**
* @medium
*/
function testGetUserKeys()
{
$keys = \OCA\Files_Encryption\Keymanager::getUserKeys($this->view, $this->userId);
$resPublic = openssl_pkey_get_public($keys['publicKey']);
$this->assertTrue(is_resource($resPublic));
$sslInfoPublic = openssl_pkey_get_details($resPublic);
$this->assertArrayHasKey('key', $sslInfoPublic);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($keys['privateKey'], $this->pass);
$resPrivate = openssl_pkey_get_private($privateKey);
$this->assertTrue(is_resource($resPrivate));
$sslInfoPrivate = openssl_pkey_get_details($resPrivate);
$this->assertArrayHasKey('key', $sslInfoPrivate);
}
