From aa582ec43a9060f5f9fba6540d1ea4e24bc70330 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 11 Aug 2011 17:49:36 +0200 Subject: [PATCH] more work on encryption --- lib/crypt.php | 54 ++++++++++++++++++++++++++------ lib/user.php | 1 + lib/util.php | 2 +- settings/ajax/changepassword.php | 1 + 4 files changed, 48 insertions(+), 10 deletions(-) diff --git a/lib/crypt.php b/lib/crypt.php index d75515cf2d..83e6ac4cde 100755 --- a/lib/crypt.php +++ b/lib/crypt.php @@ -24,9 +24,10 @@ // Todo: // Crypt/decrypt button in the userinterface +// setting if crypto should be on by default // transparent decrypt/encrpt in filesystem.php // don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster - +// check if the block lenght of the encrypted data stays the same require_once('Crypt_Blowfish/Blowfish.php'); @@ -38,15 +39,50 @@ class OC_Crypt { static $encription_extension='.encrypted'; - public static function createkey( $passcode) { - // generate a random key - $key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999); + public static function init($login,$password) { + $_SESSION['user_password'] = $password; // save the password as passcode for the encryption + if(OC_User::isLoggedIn()){ + // does key exist? + if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){ + OC_Crypt::createkey($_SESSION['user_password']); + } + } + } - // encrypt the key with the passcode of the user - $enckey=OC_Crypt::encrypt($key,$passcode); - // Write the file - file_put_contents( "$SERVERROOT/config/encryption.key", $enckey ); + + public static function createkey($passcode) { + if(OC_User::isLoggedIn()){ + // generate a random key + $key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999); + + // encrypt the key with the passcode of the user + $enckey=OC_Crypt::encrypt($key,$passcode); + + // Write the file + $username=OC_USER::getUser(); + file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey ); + } + } + + public static function changekeypasscode( $newpasscode) { + if(OC_User::isLoggedIn()){ + $username=OC_USER::getUser(); + + // read old key + $key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key'); + + // decrypt key with old passcode + $key=OC_Crypt::decrypt($key, $_SESSION['user_password']); + + // encrypt again with new passcode + $key=OC_Crypt::encrypt($key,$newpassword); + + // store the new key + file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key ); + + $_SESSION['user_password']=$newpasscode; + } } /** @@ -59,7 +95,7 @@ class OC_Crypt { */ public static function encrypt( $content, $key) { $bf = new Crypt_Blowfish($key); - return($bf->encrypt($contents)); + return($bf->encrypt($content)); } diff --git a/lib/user.php b/lib/user.php index a2ede8234b..e53ba145c9 100644 --- a/lib/user.php +++ b/lib/user.php @@ -193,6 +193,7 @@ class OC_User { if( $run && self::checkPassword( $uid, $password )){ $_SESSION['user_id'] = $uid; + OC_Crypt::init($uid,$password); OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid )); return true; } diff --git a/lib/util.php b/lib/util.php index 8b8a27657b..83d39b3dd2 100644 --- a/lib/util.php +++ b/lib/util.php @@ -190,7 +190,7 @@ class OC_Util { global $SERVERROOT; global $CONFIG_DATADIRECTORY; - $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );; + $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" ); $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" ); $CONFIG_INSTALLED = OC_Config::getValue( "installed", false ); $errors=array(); diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index c8c1f74088..750edf1769 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -29,6 +29,7 @@ if( !OC_User::checkPassword( $_SESSION["user_id"], $_POST["oldpassword"] )){ // Change password if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){ echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") ))); + OC_Crypt::changekeypasscode( $_POST["password"]) { } else{ echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") )));