nextcloud/lib/crypt.php

<?php
/**
 * ownCloud
 *
 * @author Frank Karlitschek
 * @copyright 2010 Frank Karlitschek karlitschek@kde.org
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */


// Todo:
//  Crypt/decrypt button in the userinterface
//  setting if crypto should be on by default
//  transparent decrypt/encrpt in filesystem.php
//  don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
//  check if the block lenght of the encrypted data stays the same


require_once('Crypt_Blowfish/Blowfish.php');

/**
 * This class is for crypting and decrypting
 */
class OC_Crypt {

        static $encription_extension='.encrypted';

	public static function init($login,$password) {
		$_SESSION['user_password'] = $password;  // save the password as passcode for the encryption
		if(OC_User::isLoggedIn()){
			// does key exist?
			if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){
				OC_Crypt::createkey($_SESSION['user_password']);
			}
		}
	}


	public static function createkey($passcode) {
		if(OC_User::isLoggedIn()){
			// generate a random key
			$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);

			// encrypt the key with the passcode of the user
			$enckey=OC_Crypt::encrypt($key,$passcode);

			// Write the file
		        $username=OC_USER::getUser();
			file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );
		}
	}

	public static function changekeypasscode( $newpasscode) {
		if(OC_User::isLoggedIn()){
		        $username=OC_USER::getUser();

			// read old key
			$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');

			// decrypt key with old passcode
			$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);

			// encrypt again with new passcode
			$key=OC_Crypt::encrypt($key,$newpassword);

			// store the new key
			file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );

			 $_SESSION['user_password']=$newpasscode;
		}
	}

	/**
	 * @brief encrypts an content
	 * @param $content the cleartext message you want to encrypt
	 * @param $key the encryption key
	 * @returns encrypted content
	 *
	 * This function encrypts an content
	 */
	public static function encrypt( $content, $key) {
		$bf = new Crypt_Blowfish($key);
		return($bf->encrypt($content));
	}


        /**
         * @brief decryption of an content
         * @param $content the cleartext message you want to decrypt
         * @param $key the encryption key
         * @returns cleartext content
         *
         * This function decrypts an content
         */
        public static function decrypt( $content, $key) {
		$bf = new Crypt_Blowfish($key);
		return($bf->encrypt($contents));
        }       


        /**
         * @brief encryption of a file
         * @param $filename
         * @param $key the encryption key
         *
         * This function encrypts a file
         */
	public static function encryptfile( $filename, $key) {
		$handleread  = fopen($filename, "rb");
		if($handleread<>FALSE) {
			$handlewrite = fopen($filename.OC_Crypt::$encription_extension, "wb");
			while (!feof($handleread)) {
				$content = fread($handleread, 8192);
				$enccontent=OC_CRYPT::encrypt( $content, $key);
				fwrite($handlewrite, $enccontent);
			}
			fclose($handlewrite);
			unlink($filename);
		}
		fclose($handleread);
	}


        /**
         * @brief decryption of a file
         * @param $filename
         * @param $key the decryption key
         *
         * This function decrypts a file
         */
	public static function decryptfile( $filename, $key) {
		$handleread  = fopen($filename.OC_Crypt::$encription_extension, "rb");
		if($handleread<>FALSE) {
			$handlewrite = fopen($filename, "wb");
			while (!feof($handleread)) {
				$content = fread($handleread, 8192);
				$enccontent=OC_CRYPT::decrypt( $content, $key);
				fwrite($handlewrite, $enccontent);
			}
			fclose($handlewrite);
			unlink($filename.OC_Crypt::$encription_extension);
		}
		fclose($handleread);
	}


}
first step to file encription 2011-08-07 19:32:48 +04:00			`<?php`
			`/**`
			`* ownCloud`
			`*`
			`* @author Frank Karlitschek`
			`* @copyright 2010 Frank Karlitschek karlitschek@kde.org`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
			`* License as published by the Free Software Foundation; either`
			`* version 3 of the License, or any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public`
			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`

more work on the encryption library 2011-08-10 19:24:38 +04:00

			`// Todo:`
			`// Crypt/decrypt button in the userinterface`
more work on encryption 2011-08-11 19:49:36 +04:00			`// setting if crypto should be on by default`
more work on the encryption library 2011-08-10 19:24:38 +04:00			`// transparent decrypt/encrpt in filesystem.php`
			`// don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster`
more work on encryption 2011-08-11 19:49:36 +04:00			`// check if the block lenght of the encrypted data stays the same`
more work on the encryption library 2011-08-10 19:24:38 +04:00

first step to file encription 2011-08-07 19:32:48 +04:00			`require_once('Crypt_Blowfish/Blowfish.php');`

			`/**`
			`* This class is for crypting and decrypting`
			`*/`
			`class OC_Crypt {`

more work on the encryption library 2011-08-10 19:24:38 +04:00			`static $encription_extension='.encrypted';`

more work on encryption 2011-08-11 19:49:36 +04:00			`public static function init($login,$password) {`
			`$_SESSION['user_password'] = $password; // save the password as passcode for the encryption`
			`if(OC_User::isLoggedIn()){`
			`// does key exist?`
			`if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){`
			`OC_Crypt::createkey($_SESSION['user_password']);`
			`}`
			`}`
			`}`


more work on the encryption library 2011-08-10 19:24:38 +04:00
more work on encryption 2011-08-11 19:49:36 +04:00			`public static function createkey($passcode) {`
			`if(OC_User::isLoggedIn()){`
			`// generate a random key`
			`$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);`
more work on the encryption library 2011-08-10 19:24:38 +04:00
more work on encryption 2011-08-11 19:49:36 +04:00			`// encrypt the key with the passcode of the user`
			`$enckey=OC_Crypt::encrypt($key,$passcode);`

			`// Write the file`
			`$username=OC_USER::getUser();`
			`file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );`
			`}`
			`}`

			`public static function changekeypasscode( $newpasscode) {`
			`if(OC_User::isLoggedIn()){`
			`$username=OC_USER::getUser();`

			`// read old key`
			`$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');`

			`// decrypt key with old passcode`
			`$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);`

			`// encrypt again with new passcode`
			`$key=OC_Crypt::encrypt($key,$newpassword);`

			`// store the new key`
			`file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );`

			`$_SESSION['user_password']=$newpasscode;`
			`}`
more work on the encryption library 2011-08-10 19:24:38 +04:00			`}`

first step to file encription 2011-08-07 19:32:48 +04:00			`/**`
			`* @brief encrypts an content`
			`* @param $content the cleartext message you want to encrypt`
			`* @param $key the encryption key`
			`* @returns encrypted content`
			`*`
			`* This function encrypts an content`
			`*/`
			`public static function encrypt( $content, $key) {`
			`$bf = new Crypt_Blowfish($key);`
more work on encryption 2011-08-11 19:49:36 +04:00			`return($bf->encrypt($content));`
first step to file encription 2011-08-07 19:32:48 +04:00			`}`


			`/**`
			`* @brief decryption of an content`
			`* @param $content the cleartext message you want to decrypt`
			`* @param $key the encryption key`
			`* @returns cleartext content`
			`*`
			`* This function decrypts an content`
			`*/`
			`public static function decrypt( $content, $key) {`
more work on the encryption library 2011-08-10 19:24:38 +04:00			`$bf = new Crypt_Blowfish($key);`
			`return($bf->encrypt($contents));`
first step to file encription 2011-08-07 19:32:48 +04:00			`}`


more work on the encryption library 2011-08-10 19:24:38 +04:00			`/**`
			`* @brief encryption of a file`
			`* @param $filename`
			`* @param $key the encryption key`
			`*`
			`* This function encrypts a file`
			`*/`
			`public static function encryptfile( $filename, $key) {`
			`$handleread = fopen($filename, "rb");`
			`if($handleread<>FALSE) {`
			`$handlewrite = fopen($filename.OC_Crypt::$encription_extension, "wb");`
			`while (!feof($handleread)) {`
			`$content = fread($handleread, 8192);`
			`$enccontent=OC_CRYPT::encrypt( $content, $key);`
			`fwrite($handlewrite, $enccontent);`
			`}`
			`fclose($handlewrite);`
			`unlink($filename);`
			`}`
			`fclose($handleread);`
			`}`


			`/**`
			`* @brief decryption of a file`
			`* @param $filename`
			`* @param $key the decryption key`
			`*`
			`* This function decrypts a file`
			`*/`
			`public static function decryptfile( $filename, $key) {`
			`$handleread = fopen($filename.OC_Crypt::$encription_extension, "rb");`
			`if($handleread<>FALSE) {`
			`$handlewrite = fopen($filename, "wb");`
			`while (!feof($handleread)) {`
			`$content = fread($handleread, 8192);`
			`$enccontent=OC_CRYPT::decrypt( $content, $key);`
			`fwrite($handlewrite, $enccontent);`
			`}`
			`fclose($handlewrite);`
			`unlink($filename.OC_Crypt::$encription_extension);`
			`}`
			`fclose($handleread);`
			`}`

first step to file encription 2011-08-07 19:32:48 +04:00


			`}`