/** * decrypt private key and add it to the current session * @param array $params with 'uid' and 'password' * @return mixed session or false */ public function initEncryption($params) { $session = new Session($this->view); // we tried to initialize the encryption app for this session $session->setInitialized(Session::INIT_EXECUTED); $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); $privateKey = false; if ($encryptedKey) { $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); } if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); return false; } $session->setPrivateKey($privateKey); $session->setInitialized(Session::INIT_SUCCESSFUL); return $session; }
\OCP\JSON::callCheck(); $l = \OC::$server->getL10N('core'); $return = false; $errorMessage = $l->t('Could not update the private key password.'); $oldPassword = (string) $_POST['oldPassword']; $newPassword = (string) $_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Files_Encryption\Session($view); $user = \OCP\User::getUser(); $loginName = \OC::$server->getUserSession()->getLoginName(); // check new password $passwordCorrect = \OCP\User::checkPassword($loginName, $newPassword); if ($passwordCorrect !== false) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, $user); $decryptedKey = $encryptedKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false; if ($decryptedKey) { $cipher = \OCA\Files_Encryption\Helper::getCipher(); $encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Files_Encryption\Keymanager::setPrivateKey($encryptedKey, $user); $session->setPrivateKey($decryptedKey); $return = true; } } else { $result = false; $errorMessage = $l->t('The old password was not correct, please try again.'); } \OC_FileProxy::$enabled = $proxyStatus; } else {
/** * @brief replacing encryption keys during password change should be allowed * until the user logged in for the first time */ public function testSetPassphrase() { $view = new \OC\Files\View(); // set user password for the first time \OC_User::createUser(self::TEST_ENCRYPTION_HOOKS_USER3, 'newUserPassword'); \OCA\Files_Encryption\Hooks::postCreateUser(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'newUserPassword')); $this->assertTrue($view->file_exists(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.publicKey')); $this->assertTrue($view->file_exists(self::TEST_ENCRYPTION_HOOKS_USER3 . '/files_encryption/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.privateKey')); // check if we are able to decrypt the private key $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword'); $this->assertTrue(is_string($privateKey)); // change the password before the user logged-in for the first time, // we can replace the encryption keys \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged')); $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged'); $this->assertTrue(is_string($privateKey)); // now create a files folder to simulate a already used account $view->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '/files'); // change the password after the user logged in, now the password should not change \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged2')); $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2'); $this->assertFalse($privateKey); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged'); $this->assertTrue(is_string($privateKey)); }
/** * @medium */ function testGetPrivateKey() { $key = \OCA\Files_Encryption\Keymanager::getPrivateKey($this->view, $this->userId); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($key, $this->pass); $res = openssl_pkey_get_private($privateKey); $this->assertTrue(is_resource($res)); $sslInfo = openssl_pkey_get_details($res); $this->assertArrayHasKey('key', $sslInfo); }