more work on encryption
This commit is contained in:
parent
4a334f0d12
commit
aa582ec43a
|
@ -24,9 +24,10 @@
|
||||||
|
|
||||||
// Todo:
|
// Todo:
|
||||||
// Crypt/decrypt button in the userinterface
|
// Crypt/decrypt button in the userinterface
|
||||||
|
// setting if crypto should be on by default
|
||||||
// transparent decrypt/encrpt in filesystem.php
|
// transparent decrypt/encrpt in filesystem.php
|
||||||
// don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
|
// don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
|
||||||
|
// check if the block lenght of the encrypted data stays the same
|
||||||
|
|
||||||
|
|
||||||
require_once('Crypt_Blowfish/Blowfish.php');
|
require_once('Crypt_Blowfish/Blowfish.php');
|
||||||
|
@ -38,15 +39,50 @@ class OC_Crypt {
|
||||||
|
|
||||||
static $encription_extension='.encrypted';
|
static $encription_extension='.encrypted';
|
||||||
|
|
||||||
public static function createkey( $passcode) {
|
public static function init($login,$password) {
|
||||||
// generate a random key
|
$_SESSION['user_password'] = $password; // save the password as passcode for the encryption
|
||||||
$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
|
if(OC_User::isLoggedIn()){
|
||||||
|
// does key exist?
|
||||||
|
if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){
|
||||||
|
OC_Crypt::createkey($_SESSION['user_password']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// encrypt the key with the passcode of the user
|
|
||||||
$enckey=OC_Crypt::encrypt($key,$passcode);
|
|
||||||
|
|
||||||
// Write the file
|
|
||||||
file_put_contents( "$SERVERROOT/config/encryption.key", $enckey );
|
public static function createkey($passcode) {
|
||||||
|
if(OC_User::isLoggedIn()){
|
||||||
|
// generate a random key
|
||||||
|
$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
|
||||||
|
|
||||||
|
// encrypt the key with the passcode of the user
|
||||||
|
$enckey=OC_Crypt::encrypt($key,$passcode);
|
||||||
|
|
||||||
|
// Write the file
|
||||||
|
$username=OC_USER::getUser();
|
||||||
|
file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function changekeypasscode( $newpasscode) {
|
||||||
|
if(OC_User::isLoggedIn()){
|
||||||
|
$username=OC_USER::getUser();
|
||||||
|
|
||||||
|
// read old key
|
||||||
|
$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');
|
||||||
|
|
||||||
|
// decrypt key with old passcode
|
||||||
|
$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);
|
||||||
|
|
||||||
|
// encrypt again with new passcode
|
||||||
|
$key=OC_Crypt::encrypt($key,$newpassword);
|
||||||
|
|
||||||
|
// store the new key
|
||||||
|
file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );
|
||||||
|
|
||||||
|
$_SESSION['user_password']=$newpasscode;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -59,7 +95,7 @@ class OC_Crypt {
|
||||||
*/
|
*/
|
||||||
public static function encrypt( $content, $key) {
|
public static function encrypt( $content, $key) {
|
||||||
$bf = new Crypt_Blowfish($key);
|
$bf = new Crypt_Blowfish($key);
|
||||||
return($bf->encrypt($contents));
|
return($bf->encrypt($content));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -193,6 +193,7 @@ class OC_User {
|
||||||
|
|
||||||
if( $run && self::checkPassword( $uid, $password )){
|
if( $run && self::checkPassword( $uid, $password )){
|
||||||
$_SESSION['user_id'] = $uid;
|
$_SESSION['user_id'] = $uid;
|
||||||
|
OC_Crypt::init($uid,$password);
|
||||||
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
|
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -190,7 +190,7 @@ class OC_Util {
|
||||||
global $SERVERROOT;
|
global $SERVERROOT;
|
||||||
global $CONFIG_DATADIRECTORY;
|
global $CONFIG_DATADIRECTORY;
|
||||||
|
|
||||||
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );;
|
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );
|
||||||
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" );
|
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" );
|
||||||
$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
|
$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
|
||||||
$errors=array();
|
$errors=array();
|
||||||
|
|
|
@ -29,6 +29,7 @@ if( !OC_User::checkPassword( $_SESSION["user_id"], $_POST["oldpassword"] )){
|
||||||
// Change password
|
// Change password
|
||||||
if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){
|
if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){
|
||||||
echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") )));
|
echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") )));
|
||||||
|
OC_Crypt::changekeypasscode( $_POST["password"]) {
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") )));
|
echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") )));
|
||||||
|
|
Loading…
Reference in New Issue