/** * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { $l = new \OC_L10N('files_encryption'); //check if all requirements are met if (!Helper::checkRequirements()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } $view = new \OC_FilesystemView('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); } $session = new \OCA\Encryption\Session($view); $session->setPrivateKey($privateKey); // Check if first-run file migration has already been performed $ready = false; if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) { $ready = $util->beginMigration(); } // If migration not yet done if ($ready) { $userView = new \OC_FilesystemView('/' . $params['uid']); // Set legacy encryption key if it exists, to support // depreciated encryption system if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) { $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $session->setLegacyKey($plainLegacyKey); } // Encrypt existing user files: // This serves to upgrade old versions of the encryption // app (see appinfo/spec.txt) if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); } // Register successful migration in DB $util->finishMigration(); } return true; }
/** * decrypt private key and add it to the current session * @param array $params with 'uid' and 'password' * @return mixed session or false */ public function initEncryption($params) { $session = new \OCA\Encryption\Session($this->view); // we tried to initialize the encryption app for this session $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED); $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); return false; } $session->setPrivateKey($privateKey); $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL); return $session; }
\OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); $l = \OC::$server->getL10N('core'); $return = false; $oldPassword = $_POST['oldPassword']; $newPassword = $_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Encryption\Session($view); $user = \OCP\User::getUser(); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key'; $encryptedKey = $view->file_get_contents($keyPath); $decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword); if ($decryptedKey) { $cipher = \OCA\Encryption\Helper::getCipher(); $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Encryption\Keymanager::setPrivateKey($encryptedKey, $user); $session->setPrivateKey($decryptedKey); $return = true; } } \OC_FileProxy::$enabled = $proxyStatus; // success or failure if ($return) { $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL); \OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.')))); } else { \OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.')))); }