nextcloud/apps/files_encryption/lib/crypt.php

661 lines
16 KiB
PHP
Raw Normal View History

<?php
/**
* ownCloud
*
* @author Sam Tuke, Frank Karlitschek, Robin Appelman
2013-05-20 03:24:36 +04:00
* @copyright 2012 Sam Tuke samtuke@owncloud.com,
* Robin Appelman icewind@owncloud.com, Frank Karlitschek
* frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption;
2013-05-21 14:33:32 +04:00
//require_once '../3rdparty/Crypt_Blowfish/Blowfish.php';
2013-05-24 01:56:31 +04:00
require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' );
/**
* Class for common cryptography functionality
*/
2013-05-20 03:24:36 +04:00
class Crypt
{
/**
* @brief return encryption mode client or server side encryption
2013-05-20 03:24:36 +04:00
* @param string $user name (use system wide setting if name=null)
* @return string 'client' or 'server'
*/
2013-05-24 01:56:31 +04:00
public static function mode( $user = null ) {
return 'server';
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Create a new encryption keypair
* @return array publicKey, privatekey
*/
2013-05-24 01:56:31 +04:00
public static function createKeypair() {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) );
// Get private key
2013-05-24 01:56:31 +04:00
openssl_pkey_export( $res, $privateKey );
// Get public key
2013-05-24 01:56:31 +04:00
$publicKey = openssl_pkey_get_details( $res );
2013-05-20 03:24:36 +04:00
$publicKey = $publicKey['key'];
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Add arbitrary padding to encrypted data
* @param string $data data to be padded
* @return string padded data
* @note In order to end up with data exactly 8192 bytes long we must
* add two letters. It is impossible to achieve exactly 8192 length
* blocks with encryption alone, hence padding is added to achieve the
* required length.
*/
2013-05-24 01:56:31 +04:00
public static function addPadding( $data ) {
2013-05-20 03:24:36 +04:00
$padded = $data . 'xx';
2013-05-20 03:24:36 +04:00
return $padded;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Remove arbitrary padding to encrypted data
* @param string $padded padded data to remove padding from
* @return string unpadded data on success, false on error
*/
2013-05-24 01:56:31 +04:00
public static function removePadding( $padded ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( substr( $padded, -2 ) == 'xx' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$data = substr( $padded, 0, -2 );
2013-05-20 03:24:36 +04:00
return $data;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
// TODO: log the fact that unpadded data was submitted for removal of padding
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Check if a file's contents contains an IV and is symmetrically encrypted
* @param $content
* @return boolean
* @note see also OCA\Encryption\Util->isEncryptedPath()
*/
2013-05-24 01:56:31 +04:00
public static function isCatfileContent( $content ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$content ) {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$noPadding = self::removePadding( $content );
2013-05-20 03:24:36 +04:00
// Fetch encryption metadata from end of file
2013-05-24 01:56:31 +04:00
$meta = substr( $noPadding, -22 );
2013-05-20 03:24:36 +04:00
// Fetch IV from end of file
2013-05-24 01:56:31 +04:00
$iv = substr( $meta, -16 );
2013-05-20 03:24:36 +04:00
// Fetch identifier from start of metadata
2013-05-24 01:56:31 +04:00
$identifier = substr( $meta, 0, 6 );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $identifier == '00iv00' ) {
2013-05-20 03:24:36 +04:00
return true;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
2012-11-22 18:08:19 +04:00
/**
* Check if a file is encrypted according to database file cache
* @param string $path
* @return bool
*/
2013-05-24 01:56:31 +04:00
public static function isEncryptedMeta( $path ) {
2013-05-20 03:24:36 +04:00
// TODO: Use DI to get \OC\Files\Filesystem out of here
2013-05-20 03:24:36 +04:00
2012-11-22 18:08:19 +04:00
// Fetch all file metadata from DB
2013-05-24 01:56:31 +04:00
$metadata = \OC\Files\Filesystem::getFileInfo( $path );
2013-05-20 03:24:36 +04:00
2012-11-22 18:08:19 +04:00
// Return encryption status
2013-05-24 01:56:31 +04:00
return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
2013-05-20 03:24:36 +04:00
2012-11-22 18:08:19 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Check if a file is encrypted via legacy system
* @param $data
* @param string $relPath The path of the file, relative to user/data;
* e.g. filename or /Docs/filename, NOT admin/files/filename
* @return boolean
*/
2013-05-24 01:56:31 +04:00
public static function isLegacyEncryptedContent( $data, $relPath ) {
2013-05-17 19:29:32 +04:00
// Fetch all file metadata from DB
2013-05-24 01:56:31 +04:00
$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
2013-05-20 03:24:36 +04:00
// If a file is flagged with encryption in DB, but isn't a
// valid content + IV combination, it's probably using the
// legacy encryption system
2013-05-20 03:24:36 +04:00
if (
2013-05-24 01:56:31 +04:00
isset( $metadata['encrypted'] )
2013-05-20 03:24:36 +04:00
and $metadata['encrypted'] === true
2013-05-24 01:56:31 +04:00
and !self::isCatfileContent( $data )
) {
2013-05-20 03:24:36 +04:00
return true;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Symmetrically encrypt a string
2013-05-24 01:56:31 +04:00
* @param $plainContent
* @param $iv
* @param string $passphrase
2013-05-20 03:24:36 +04:00
* @return string encrypted file content
*/
2013-05-24 01:56:31 +04:00
public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $encryptedContent;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Symmetrically decrypt a string
2013-05-24 01:56:31 +04:00
* @param $encryptedContent
* @param $iv
* @param $passphrase
* @throws \Exception
2013-05-20 03:24:36 +04:00
* @return string decrypted file content
*/
2013-05-24 01:56:31 +04:00
public static function decrypt( $encryptedContent, $iv, $passphrase ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $plainContent;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Concatenate encrypted data with its IV and padding
* @param string $content content to be concatenated
* @param string $iv IV to be concatenated
* @returns string concatenated content
*/
2013-05-24 01:56:31 +04:00
public static function concatIv( $content, $iv ) {
2013-05-20 03:24:36 +04:00
$combined = $content . '00iv00' . $iv;
2013-05-20 03:24:36 +04:00
return $combined;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Split concatenated data and IV into respective parts
* @param string $catFile concatenated data to be split
* @returns array keys: encrypted, iv
*/
2013-05-24 01:56:31 +04:00
public static function splitIv( $catFile ) {
2013-05-20 03:24:36 +04:00
// Fetch encryption metadata from end of file
2013-05-24 01:56:31 +04:00
$meta = substr( $catFile, -22 );
2013-05-20 03:24:36 +04:00
// Fetch IV from end of file
2013-05-24 01:56:31 +04:00
$iv = substr( $meta, -16 );
2013-05-20 03:24:36 +04:00
// Remove IV and IV identifier text to expose encrypted content
2013-05-24 01:56:31 +04:00
$encrypted = substr( $catFile, 0, -22 );
2013-05-20 03:24:36 +04:00
$split = array(
'encrypted' => $encrypted
2013-05-20 03:24:36 +04:00
, 'iv' => $iv
);
2013-05-20 03:24:36 +04:00
return $split;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Symmetrically encrypts a string and returns keyfile content
* @param string $plainContent content to be encrypted in keyfile
* @param string $passphrase
* @return bool|string
* @return string encrypted content combined with IV
* @note IV need not be specified, as it will be stored in the returned keyfile
* and remain accessible therein.
*/
2013-05-24 01:56:31 +04:00
public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$plainContent ) {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
$iv = self::generateIv();
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
2013-05-20 03:24:36 +04:00
// Combine content to encrypt with IV identifier and actual IV
2013-05-24 01:56:31 +04:00
$catfile = self::concatIv( $encryptedContent, $iv );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$padded = self::addPadding( $catfile );
2013-05-20 03:24:36 +04:00
return $padded;
} else {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
/**
2013-05-20 03:24:36 +04:00
* @brief Symmetrically decrypts keyfile content
* @param $keyfileContent
* @param string $passphrase
* @throws \Exception
* @return bool|string
* @internal param string $source
* @internal param string $target
* @internal param string $key the decryption key
* @returns string decrypted content
*
* This function decrypts a file
*/
2013-05-24 01:56:31 +04:00
public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$keyfileContent ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
throw new \Exception( 'Encryption library: no data provided for decryption' );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
// Remove padding
2013-05-24 01:56:31 +04:00
$noPadding = self::removePadding( $keyfileContent );
2013-05-20 03:24:36 +04:00
// Split into enc data and catfile
2013-05-24 01:56:31 +04:00
$catfile = self::splitIv( $noPadding );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
2013-05-20 03:24:36 +04:00
return $plainContent;
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
} else {
return false;
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
2013-05-20 03:24:36 +04:00
* @brief Creates symmetric keyfile content using a generated key
* @param string $plainContent content to be encrypted
* @returns array keys: key, encrypted
* @note symmetricDecryptFileContent() can be used to decrypt files created using this method
*
* This function decrypts a file
*/
2013-05-24 01:56:31 +04:00
public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
2013-05-20 03:24:36 +04:00
$key = self::generateKey();
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
2013-05-20 03:24:36 +04:00
return array(
2013-05-24 01:56:31 +04:00
'key' => $key,
'encrypted' => $encryptedContent
);
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
2013-05-20 03:24:36 +04:00
* @brief Create asymmetrically encrypted keyfile content using a generated key
* @param string $plainContent content to be encrypted
* @param array $publicKeys array keys must be the userId of corresponding user
* @returns array keys: keys (array, key = userId), data
* @note symmetricDecryptFileContent() can decrypt files created using this method
*/
2013-05-24 01:56:31 +04:00
public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
2013-05-20 03:24:36 +04:00
// openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error
2013-05-24 01:56:31 +04:00
if ( empty( $plainContent ) ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
// Set empty vars to be set by openssl by reference
$sealed = '';
$shareKeys = array();
2013-05-24 01:56:31 +04:00
$mappedShareKeys = array();
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {
2013-05-20 03:24:36 +04:00
$i = 0;
2013-05-20 03:24:36 +04:00
// Ensure each shareKey is labelled with its
// corresponding userId
2013-05-24 01:56:31 +04:00
foreach ( $publicKeys as $userId => $publicKey ) {
2013-05-20 03:24:36 +04:00
$mappedShareKeys[$userId] = $shareKeys[$i];
$i++;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
return array(
2013-05-24 01:56:31 +04:00
'keys' => $mappedShareKeys,
'data' => $sealed
);
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
2013-05-20 03:24:36 +04:00
* @brief Asymmetrically encrypt a file using multiple public keys
* @param $encryptedContent
* @param $shareKey
* @param $privateKey
* @return bool
* @internal param string $plainContent content to be encrypted
* @returns string $plainContent decrypted string
* @note symmetricDecryptFileContent() can be used to decrypt files created using this method
*
* This function decrypts a file
*/
2013-05-24 01:56:31 +04:00
public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$encryptedContent ) {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) {
2013-05-20 03:24:36 +04:00
return $plainContent;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Asymetrically encrypt a string using a public key
* @return string encrypted file
*/
2013-05-24 01:56:31 +04:00
public static function keyEncrypt( $plainContent, $publicKey ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
2013-05-20 03:24:36 +04:00
return $encryptedContent;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @brief Asymetrically decrypt a file using a private key
* @return string decrypted file
*/
2013-05-24 01:56:31 +04:00
public static function keyDecrypt( $encryptedContent, $privatekey ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $result ) {
return $plainContent;
}
return $result;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
2013-05-18 00:44:45 +04:00
* @brief Generates a pseudo random initialisation vector
* @return String $iv generated IV
*/
2013-05-24 01:56:31 +04:00
public static function generateIv() {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$strong ) {
2013-05-20 03:24:36 +04:00
// If OpenSSL indicates randomness is insecure, log error
2013-05-24 01:56:31 +04:00
\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
2013-05-24 01:56:31 +04:00
$iv = base64_encode( $random );
2013-05-20 03:24:36 +04:00
return $iv;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
throw new \Exception( 'Generating IV failed' );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
2013-05-18 00:44:45 +04:00
/**
* @brief Generate a pseudo random 1024kb ASCII key
* @returns $key Generated key
*/
2013-05-24 01:56:31 +04:00
public static function generateKey() {
2013-05-20 03:24:36 +04:00
// Generate key
2013-05-24 01:56:31 +04:00
if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( !$strong ) {
2013-05-20 03:24:36 +04:00
// If OpenSSL indicates randomness is insecure, log error
2013-05-24 01:56:31 +04:00
throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
return $key;
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
/**
* @brief Get the blowfish encryption handeler for a key
* @param $key string (optional)
* @return Crypt_Blowfish blowfish object
*
* if the key is left out, the default handeler will be used
*/
2013-05-24 01:56:31 +04:00
public static function getBlowfish( $key = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
if ( $key ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
return new \Crypt_Blowfish( $key );
2013-05-20 03:24:36 +04:00
} else {
2013-05-20 03:24:36 +04:00
return false;
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
* @param $passphrase
* @return mixed
*/
2013-05-24 01:56:31 +04:00
public static function legacyCreateKey( $passphrase ) {
2013-05-20 03:24:36 +04:00
// Generate a random integer
2013-05-24 01:56:31 +04:00
$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
// Encrypt the key with the passphrase
2013-05-24 01:56:31 +04:00
$legacyEncKey = self::legacyEncrypt( $key, $passphrase );
return $legacyEncKey;
2013-05-20 03:24:36 +04:00
}
2013-05-17 23:59:53 +04:00
/**
* @brief encrypts content using legacy blowfish system
2013-05-20 03:24:36 +04:00
* @param string $content the cleartext message you want to encrypt
* @param string $passphrase
* @return
* @internal param \OCA\Encryption\the $key encryption key (optional)
* @returns string encrypted content
*
* This function encrypts an content
*/
2013-05-24 01:56:31 +04:00
public static function legacyEncrypt( $content, $passphrase = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$bf = self::getBlowfish( $passphrase );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
return $bf->encrypt( $content );
2013-05-20 03:24:36 +04:00
}
2013-05-20 03:24:36 +04:00
/**
2013-05-20 03:24:36 +04:00
* @brief decrypts content using legacy blowfish system
* @param string $content the cleartext message you want to decrypt
* @param string $passphrase
* @return string
* @internal param \OCA\Encryption\the $key encryption key (optional)
* @return string cleartext content
*
* This function decrypts an content
*/
private static function legacyDecrypt( $content, $passphrase = '' ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$bf = self::getBlowfish( $passphrase );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$decrypted = $bf->decrypt( $content );
2013-05-20 03:24:36 +04:00
return $decrypted;
2013-05-20 03:24:36 +04:00
}
2013-05-17 19:29:32 +04:00
2013-05-20 03:24:36 +04:00
/**
* @param $data
* @param string $key
* @param int $maxLength
* @return string
*/
public static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) {
2013-05-17 19:29:32 +04:00
$result = '';
2013-05-24 01:56:31 +04:00
while ( strlen( $data ) ) {
$result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key );
$data = substr( $data, 8192 );
2013-05-17 19:29:32 +04:00
}
2013-05-24 01:56:31 +04:00
if ( $maxLength > 0 ) {
return substr( $result, 0, $maxLength );
2013-05-17 19:29:32 +04:00
} else {
2013-05-24 01:56:31 +04:00
return rtrim( $result, "\0" );
2013-05-17 19:29:32 +04:00
}
}
2013-05-20 03:24:36 +04:00
/**
* @param $legacyEncryptedContent
* @param $legacyPassphrase
* @param $publicKeys
* @param $newPassphrase
* @param $path
* @return array
*/
2013-05-24 01:56:31 +04:00
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) {
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
$decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase );
2013-05-17 16:13:05 +04:00
// Encrypt plain data, generate keyfile & encrypted file
2013-05-24 01:56:31 +04:00
$cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );
2013-05-17 16:13:05 +04:00
// Encrypt plain keyfile to multiple sharefiles
2013-05-24 01:56:31 +04:00
$multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
2013-05-20 03:24:36 +04:00
2013-05-24 01:56:31 +04:00
return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
2013-05-17 16:13:05 +04:00
}
2013-05-18 00:44:45 +04:00
}