more work on encryption

This commit is contained in:
Frank Karlitschek 2011-08-11 17:49:36 +02:00
parent 4a334f0d12
commit aa582ec43a
4 changed files with 48 additions and 10 deletions

View File

@ -24,9 +24,10 @@
// Todo:
// Crypt/decrypt button in the userinterface
// setting if crypto should be on by default
// transparent decrypt/encrpt in filesystem.php
// don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
// check if the block lenght of the encrypted data stays the same
require_once('Crypt_Blowfish/Blowfish.php');
@ -38,7 +39,20 @@ class OC_Crypt {
static $encription_extension='.encrypted';
public static function createkey( $passcode) {
public static function init($login,$password) {
$_SESSION['user_password'] = $password; // save the password as passcode for the encryption
if(OC_User::isLoggedIn()){
// does key exist?
if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){
OC_Crypt::createkey($_SESSION['user_password']);
}
}
}
public static function createkey($passcode) {
if(OC_User::isLoggedIn()){
// generate a random key
$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
@ -46,7 +60,29 @@ class OC_Crypt {
$enckey=OC_Crypt::encrypt($key,$passcode);
// Write the file
file_put_contents( "$SERVERROOT/config/encryption.key", $enckey );
$username=OC_USER::getUser();
file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );
}
}
public static function changekeypasscode( $newpasscode) {
if(OC_User::isLoggedIn()){
$username=OC_USER::getUser();
// read old key
$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');
// decrypt key with old passcode
$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);
// encrypt again with new passcode
$key=OC_Crypt::encrypt($key,$newpassword);
// store the new key
file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );
$_SESSION['user_password']=$newpasscode;
}
}
/**
@ -59,7 +95,7 @@ class OC_Crypt {
*/
public static function encrypt( $content, $key) {
$bf = new Crypt_Blowfish($key);
return($bf->encrypt($contents));
return($bf->encrypt($content));
}

View File

@ -193,6 +193,7 @@ class OC_User {
if( $run && self::checkPassword( $uid, $password )){
$_SESSION['user_id'] = $uid;
OC_Crypt::init($uid,$password);
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
return true;
}

View File

@ -190,7 +190,7 @@ class OC_Util {
global $SERVERROOT;
global $CONFIG_DATADIRECTORY;
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );;
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" );
$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
$errors=array();

View File

@ -29,6 +29,7 @@ if( !OC_User::checkPassword( $_SESSION["user_id"], $_POST["oldpassword"] )){
// Change password
if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){
echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") )));
OC_Crypt::changekeypasscode( $_POST["password"]) {
}
else{
echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") )));