nextcloud/apps/files_encryption/lib/crypt.php

<?php
/**
 * ownCloud
 *
 * @author Frank Karlitschek
 * @copyright 2010 Frank Karlitschek karlitschek@kde.org
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */



// Todo:
//  - Crypt/decrypt button in the userinterface
//  - Setting if crypto should be on by default
//  - Add a setting "Don´t encrypt files larger than xx because of performance reasons"
//  - Transparent decrypt/encrpt in filesystem.php. Autodetect if a file is encrypted (.encrypted extensio)
//  - Don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
//  - IMPORTANT! Check if the block lenght of the encrypted data stays the same


require_once('Crypt_Blowfish/Blowfish.php');

/**
 * This class is for crypting and decrypting
 */
class OC_Crypt {
	static private $bf = null;

	public static function loginListener($params){
		self::init($params['uid'],$params['password']);
	}

	public static function init($login,$password) {
		if(OC_User::isLoggedIn()){
			$view=new OC_FilesystemView('/'.$login);
			if(!$view->file_exists('/encryption.key')){// does key exist?
				OC_Crypt::createkey($password);
			}
			$key=$view->file_get_contents('/encryption.key');
			$_SESSION['enckey']=OC_Crypt::decrypt($key, $password);
		}
	}

	/**
	 * get the blowfish encryption handeler for a key
	 * @param string $key (optional)
	 *
	 * if the key is left out, the default handeler will be used
	 */
	public static function getBlowfish($key=''){
		if($key){
			return new Crypt_Blowfish($key);
		}else{
			if(!isset($_SESSION['enckey'])){
				return false;
			}
			if(!self::$bf){
				self::$bf=new Crypt_Blowfish($_SESSION['enckey']);
			}
			return self::$bf;
		}
	}

	public static function createkey($passcode) {
		if(OC_User::isLoggedIn()){
			// generate a random key
			$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);

			// encrypt the key with the passcode of the user
			$enckey=OC_Crypt::encrypt($key,$passcode);

			// Write the file
			$username=OC_USER::getUser();
			OC_FileProxy::$enabled=false;
			$view=new OC_FilesystemView('/'.$username);
			$view->file_put_contents('/encryption.key',$enckey);
			OC_FileProxy::$enabled=true;
		}
	}

	public static function changekeypasscode($oldPassword, $newPassword) {
		if(OC_User::isLoggedIn()){
			$username=OC_USER::getUser();
			$view=new OC_FilesystemView('/'.$username);

			// read old key
			$key=$view->file_get_contents('/encryption.key');

			// decrypt key with old passcode
			$key=OC_Crypt::decrypt($key, $oldPassword);

			// encrypt again with new passcode
			$key=OC_Crypt::encrypt($key, $newPassword);

			// store the new key
			$view->file_put_contents('/encryption.key', $key );
		}
	}

	/**
	 * @brief encrypts an content
	 * @param $content the cleartext message you want to encrypt
	 * @param $key the encryption key (optional)
	 * @returns encrypted content
	 *
	 * This function encrypts an content
	 */
	public static function encrypt( $content, $key='') {
		$bf = self::getBlowfish($key);
		return($bf->encrypt($content));
	}

	/**
	* @brief decryption of an content
	* @param $content the cleartext message you want to decrypt
	* @param $key the encryption key (optional)
	* @returns cleartext content
	*
	* This function decrypts an content
	*/
	public static function decrypt( $content, $key='') {
		$bf = self::getBlowfish($key);
		return($bf->encrypt($contents));
	}

	/**
	* @brief encryption of a file
	* @param $filename
	* @param $key the encryption key
	*
	* This function encrypts a file
	*/
	public static function encryptfile( $filename, $key) {
		$handleread  = fopen($filename, "rb");
		if($handleread<>FALSE) {
			$handlewrite = fopen($filename.OC_Crypt::$encription_extension, "wb");
			while (!feof($handleread)) {
				$content = fread($handleread, 8192);
				$enccontent=OC_CRYPT::encrypt( $content, $key);
				fwrite($handlewrite, $enccontent);
			}
			fclose($handlewrite);
			unlink($filename);
		}
		fclose($handleread);
	}


        /**
         * @brief decryption of a file
         * @param $filename
         * @param $key the decryption key
         *
         * This function decrypts a file
         */
	public static function decryptfile( $filename, $key) {
		$handleread  = fopen($filename.OC_Crypt::$encription_extension, "rb");
		if($handleread<>FALSE) {
			$handlewrite = fopen($filename, "wb");
			while (!feof($handleread)) {
				$content = fread($handleread, 8192);
				$enccontent=OC_CRYPT::decrypt( $content, $key);
				fwrite($handlewrite, $enccontent);
			}
			fclose($handlewrite);
			unlink($filename.OC_Crypt::$encription_extension);
		}
		fclose($handleread);
	}
	
	/**
	 * encrypt data in 8192b sized blocks
	 */
	public static function blockEncrypt($data){
		$result='';
		while(strlen($data)){
			$result=self::encrypt(substr($data,0,8192));
			$data=substr($data,8192);
		}
		return $result;
	}
	
	/**
	 * decrypt data in 8192b sized blocks
	 */
	public static function blockDecrypt($data){
		$result='';
		while(strlen($data)){
			$result=self::decrypt(substr($data,0,8192));
			$data=substr($data,8192);
		}
		return $result;
	}
}