/** * @medium * @brief Test that data that is written by the crypto stream wrapper * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual * reassembly of its data */ function testSymmetricStreamEncryptLongFileContent() { // Generate a a random filename $filename = 'tmp-' . uniqid() . '.test'; $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Get file contents without using any wrapper to get it's actual contents on disk $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile); // Manuallly split saved file into separate IVs and encrypted chunks $r = preg_split('/(00iv00.{16,18})/', $retreivedCryptedFile, NULL, PREG_SPLIT_DELIM_CAPTURE); //print_r($r); // Join IVs and their respective data chunks $e = array(); $i = 0; while ($i < count($r) - 1) { $e[] = $r[$i] . $r[$i + 1]; $i = $i + 2; } //print_r($e); // Get the encrypted keyfile $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $util, $filename); // Attempt to fetch the user's shareKey $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $util, $filename); // get session $session = new \OCA\Encryption\Session($this->view); // get private key $privateKey = $session->getPrivateKey($this->userId); // Decrypt keyfile with shareKey $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); // Set var for reassembling decrypted content $decrypt = ''; // Manually decrypt chunk foreach ($e as $chunk) { $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent($chunk, $plainKeyfile); // Assemble decrypted chunks $decrypt .= $chunkDecrypt; } $this->assertEquals($this->dataLong . $this->dataLong, $decrypt); // Teardown $this->view->unlink($this->userId . '/files/' . $filename); Encryption\Keymanager::deleteFileKey($this->view, $filename); }
/** * @param string $path Path of file from which has been read * @param string $data Data that has been read from file */ public function postFile_get_contents($path, $data) { $plainData = null; $view = new \OC_FilesystemView('/'); // init session $session = new \OCA\Encryption\Session($view); // If data is a catfile if (Crypt::mode() === 'server' && Crypt::isCatfileContent($data)) { $handle = fopen('crypt://' . $path, 'r'); if (is_resource($handle)) { while (($plainDataChunk = fgets($handle, 8192)) !== false) { $plainData .= $plainDataChunk; } } } elseif (Crypt::mode() == 'server' && \OC::$session->exists('legacyenckey') && Crypt::isEncryptedMeta($path)) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey()); \OC_FileProxy::$enabled = $proxyStatus; } if (!isset($plainData)) { $plainData = $data; } return $plainData; }
/** * set the init status to 'NOT_INITIALIZED' (0) if the app gets enabled * @param array $params contains the app ID */ public static function postEnable($params) { if ($params['app'] === 'files_encryption') { $session = new \OCA\Encryption\Session(new \OC\Files\View('/')); $session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED); } }
$breadcrumbNav->assign('breadcrumb', $breadcrumb); $breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir='); $permissions = \OCA\Files\Helper::getDirPermissions($dir); if ($needUpgrade) { OCP\Util::addscript('files', 'upgrade'); $tmpl = new OCP\Template('files', 'upgrade', 'user'); $tmpl->printPage(); } else { // information about storage capacities $storageInfo = OC_Helper::getStorageInfo($dir); $maxUploadFilesize = OCP\Util::maxUploadFilesize($dir); $publicUploadEnabled = \OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes'); // if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code) $encryptionInitStatus = 2; if (OC_App::isEnabled('files_encryption')) { $session = new \OCA\Encryption\Session(new \OC\Files\View('/')); $encryptionInitStatus = $session->getInitialized(); } $trashEnabled = \OCP\App::isEnabled('files_trashbin'); $trashEmpty = true; if ($trashEnabled) { $trashEmpty = \OCA\Files_Trashbin\Trashbin::isEmpty($user); } $isCreatable = \OC\Files\Filesystem::isCreatable($dir . '/'); $fileHeader = (!isset($files) or count($files) > 0); $emptyContent = ($isCreatable and !$fileHeader) or $ajaxLoad; OCP\Util::addscript('files', 'fileactions'); OCP\Util::addscript('files', 'files'); OCP\Util::addscript('files', 'keyboardshortcuts'); $tmpl = new OCP\Template('files', 'index', 'user'); $tmpl->assign('fileList', $list->fetchPage());
<?php $session = new \OCA\Encryption\Session(\OC::$server->getSession()); $userSession = \OC::$server->getUserSession(); $template = new OCP\Template('encryption', 'settings-personal'); $crypt = new \OCA\Encryption\Crypto\Crypt(\OC::$server->getLogger(), $userSession, \OC::$server->getConfig()); $util = new \OCA\Encryption\Util(new \OC\Files\View(), $crypt, \OC::$server->getLogger(), $userSession, \OC::$server->getConfig(), \OC::$server->getUserManager()); $keyManager = new \OCA\Encryption\KeyManager(\OC::$server->getEncryptionKeyStorage(), $crypt, \OC::$server->getConfig(), $userSession, $session, \OC::$server->getLogger(), $util); $user = $userSession->getUser()->getUID(); $view = new \OC\Files\View('/'); $privateKeySet = $session->isPrivateKeySet(); // did we tried to initialize the keys for this session? $initialized = $session->getStatus(); $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled'); $recoveryEnabledForUser = $util->isRecoveryEnabledForUser($user); $result = false; if ($recoveryAdminEnabled || !$privateKeySet) { $template->assign('recoveryEnabled', $recoveryAdminEnabled); $template->assign('recoveryEnabledForUser', $recoveryEnabledForUser); $template->assign('privateKeySet', $privateKeySet); $template->assign('initialized', $initialized); $result = $template->fetchPage(); } return $result;
public function closeEncryptionSession() { $session = new \OCA\Encryption\Session($this->view); $session->closeSession(); }
<?php /** * @author Björn Schießle <*****@*****.**> * @author Clark Tomlinson <*****@*****.**> * @author Thomas Müller <*****@*****.**> * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ \OC_Util::checkAdminUser(); $tmpl = new OCP\Template('encryption', 'settings-admin'); // Check if an adminRecovery account is enabled for recovering files after lost pwd $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0'); $session = new \OCA\Encryption\Session(\OC::$server->getSession()); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('initStatus', $session->getStatus()); return $tmpl->fetchPage();
<?php /** * Copyright (c) 2013 Sam Tuke <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ // Add CSS stylesheet \OC_Util::addStyle('files_encryption', 'settings-personal'); $tmpl = new OCP\Template('files_encryption', 'settings-personal'); $user = \OCP\USER::getUser(); $view = new \OC\Files\View('/'); $util = new \OCA\Encryption\Util($view, $user); $session = new \OCA\Encryption\Session($view); $privateKeySet = $session->getPrivateKey() !== false; // did we tried to initialize the keys for this session? $initialized = $session->getInitialized(); $recoveryAdminEnabled = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled'); $recoveryEnabledForUser = $util->recoveryEnabledForUser(); $result = false; if ($recoveryAdminEnabled || !$privateKeySet) { \OCP\Util::addscript('files_encryption', 'settings-personal'); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser); $tmpl->assign('privateKeySet', $privateKeySet); $tmpl->assign('initialized', $initialized); $result = $tmpl->fetchPage(); } return $result;
* This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. * * Script to change recovery key password * */ use OCA\Encryption; \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); $l = \OC::$server->getL10N('core'); $return = false; $oldPassword = $_POST['oldPassword']; $newPassword = $_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Encryption\Session($view); $user = \OCP\User::getUser(); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key'; $encryptedKey = $view->file_get_contents($keyPath); $decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword); if ($decryptedKey) { $cipher = \OCA\Encryption\Helper::getCipher(); $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Encryption\Keymanager::setPrivateKey($encryptedKey, $user); $session->setPrivateKey($decryptedKey); $return = true; } }
/** * @brief decrypt private key and add it to the current session * @param array $params with 'uid' and 'password' * @return mixed session or false */ public function initEncryption($params) { $session = new \OCA\Encryption\Session($this->view); // we tried to initialize the encryption app for this session $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED); $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); return false; } $session->setPrivateKey($privateKey); $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL); return $session; }
/** * @brief Change a user's encryption passphrase * @param array $params keys: uid, password */ public static function setPassphrase($params) { // Only attempt to change passphrase if server-side encryption // is in use (client-side encryption does not have access to // the necessary keys) if (Crypt::mode() === 'server') { if ($params['uid'] === \OCP\User::getUser()) { $view = new \OC_FilesystemView('/'); $session = new \OCA\Encryption\Session($view); // Get existing decrypted private key $privateKey = $session->getPrivateKey(); // Encrypt private key with new user pwd as passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']); // Save private key Keymanager::setPrivateKey($encryptedPrivateKey); // NOTE: Session does not need to be updated as the // private key has not changed, only the passphrase // used to decrypt it has changed } else { // admin changed the password for a different user, create new keys and reencrypt file keys $user = $params['uid']; $recoveryPassword = $params['recoveryPassword']; $newUserPassword = $params['password']; $view = new \OC_FilesystemView('/'); // make sure that the users home is mounted \OC\Files\Filesystem::initMountPoints($user); $keypair = Crypt::createKeypair(); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Save public key $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); // Encrypt private key empty passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword); // Save private key $view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey); if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files $util = new Util($view, $user); $util->recoverUsersFiles($recoveryPassword); } \OC_FileProxy::$enabled = $proxyStatus; } } }
<?php /** * Copyright (c) 2013 Sam Tuke <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ // Add CSS stylesheet \OC_Util::addStyle('files_encryption', 'settings-personal'); $tmpl = new OCP\Template('files_encryption', 'settings-personal'); $user = \OCP\USER::getUser(); $view = new \OC_FilesystemView('/'); $util = new \OCA\Encryption\Util($view, $user); $session = new \OCA\Encryption\Session($view); $privateKeySet = $session->getPrivateKey() !== false ? true : false; $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $recoveryEnabledForUser = $util->recoveryEnabledForUser(); $result = false; if ($recoveryAdminEnabled || !$privateKeySet) { \OCP\Util::addscript('files_encryption', 'settings-personal'); \OCP\Util::addScript('settings', 'personal'); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser); $tmpl->assign('privateKeySet', $privateKeySet); $result = $tmpl->fetchPage(); } return $result;
<?php /** * Copyright (c) 2011 Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ \OC_Util::checkAdminUser(); $tmpl = new OCP\Template('files_encryption', 'settings-admin'); // Check if an adminRecovery account is enabled for recovering files after lost pwd $recoveryAdminEnabled = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled', '0'); $session = new \OCA\Encryption\Session(new \OC\Files\View('/')); $initStatus = $session->getInitialized(); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('initStatus', $initStatus); \OCP\Util::addscript('files_encryption', 'settings-admin'); \OCP\Util::addscript('core', 'multiselect'); return $tmpl->fetchPage();
* This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. * * @brief Script to change recovery key password * */ use OCA\Encryption; \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); $l = OC_L10N::get('core'); $return = false; $oldPassword = $_POST['oldPassword']; $newPassword = $_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Encryption\Session($view); $user = \OCP\User::getUser(); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key'; $encryptedKey = $view->file_get_contents($keyPath); $decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword); if ($decryptedKey) { $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword); $view->file_put_contents($keyPath, $encryptedKey); $session->setPrivateKey($decryptedKey); $return = true; } \OC_FileProxy::$enabled = $proxyStatus; // success or failure if ($return) {