Exemplo n.º 1
0
 /**
  * @brief Startup encryption backend upon user login
  * @note This method should never be called for users using client side encryption
  */
 public static function login($params)
 {
     $l = new \OC_L10N('files_encryption');
     //check if all requirements are met
     if (!Helper::checkRequirements()) {
         $error_msg = $l->t("Missing requirements.");
         $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
         \OC_App::disable('files_encryption');
         \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
         \OCP\Template::printErrorPage($error_msg, $hint);
     }
     $view = new \OC_FilesystemView('/');
     // ensure filesystem is loaded
     if (!\OC\Files\Filesystem::$loaded) {
         \OC_Util::setupFS($params['uid']);
     }
     $util = new Util($view, $params['uid']);
     // setup user, if user not ready force relogin
     if (Helper::setupUser($util, $params['password']) === false) {
         return false;
     }
     $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);
     $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
     if ($privateKey === false) {
         \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
     }
     $session = new \OCA\Encryption\Session($view);
     $session->setPrivateKey($privateKey);
     // Check if first-run file migration has already been performed
     $ready = false;
     if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
         $ready = $util->beginMigration();
     }
     // If migration not yet done
     if ($ready) {
         $userView = new \OC_FilesystemView('/' . $params['uid']);
         // Set legacy encryption key if it exists, to support
         // depreciated encryption system
         if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) {
             $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
             $session->setLegacyKey($plainLegacyKey);
         }
         // Encrypt existing user files:
         // This serves to upgrade old versions of the encryption
         // app (see appinfo/spec.txt)
         if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) {
             \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
         }
         // Register successful migration in DB
         $util->finishMigration();
     }
     return true;
 }
Exemplo n.º 2
0
 /**
  * decrypt private key and add it to the current session
  * @param array $params with 'uid' and 'password'
  * @return mixed session or false
  */
 public function initEncryption($params)
 {
     $session = new \OCA\Encryption\Session($this->view);
     // we tried to initialize the encryption app for this session
     $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED);
     $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
     $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
     if ($privateKey === false) {
         \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
         return false;
     }
     $session->setPrivateKey($privateKey);
     $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
     return $session;
 }
Exemplo n.º 3
0
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('core');
$return = false;
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Encryption\Session($view);
$user = \OCP\User::getUser();
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
$encryptedKey = $view->file_get_contents($keyPath);
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
    $cipher = \OCA\Encryption\Helper::getCipher();
    $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher);
    if ($encryptedKey) {
        \OCA\Encryption\Keymanager::setPrivateKey($encryptedKey, $user);
        $session->setPrivateKey($decryptedKey);
        $return = true;
    }
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {
    $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
    \OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
} else {
    \OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
}