server/lib/crypt.php

166 строки
4.9 KiB
PHP
Executable File
Исходник Ответственный История

Этот файл содержит неоднозначные символы Юникода!

Этот файл содержит неоднозначные символы Юникода, которые могут быть перепутаны с другими в текущей локали. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы подсветить эти символы.

<?php
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
// Todo:
// - Crypt/decrypt button in the userinterface
// - Setting if crypto should be on by default
// - Add a setting "Don´t encrypt files larger than xx because of performance reasons"
// - Transparent decrypt/encrpt in filesystem.php. Autodetect if a file is encrypted (.encrypted extensio)
// - Don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
// - IMPORTANT! Check if the block lenght of the encrypted data stays the same
require_once('Crypt_Blowfish/Blowfish.php');
/**
* This class is for crypting and decrypting
*/
class OC_Crypt {
static $encription_extension='.encrypted';
public static function init($login,$password) {
$_SESSION['user_password'] = $password; // save the password as passcode for the encryption
if(OC_User::isLoggedIn()){
// does key exist?
if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){
OC_Crypt::createkey($_SESSION['user_password']);
}
}
}
public static function createkey($passcode) {
if(OC_User::isLoggedIn()){
// generate a random key
$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
// encrypt the key with the passcode of the user
$enckey=OC_Crypt::encrypt($key,$passcode);
// Write the file
$username=OC_USER::getUser();
@file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );
}
}
public static function changekeypasscode( $newpasscode) {
if(OC_User::isLoggedIn()){
$username=OC_USER::getUser();
// read old key
$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');
// decrypt key with old passcode
$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);
// encrypt again with new passcode
$key=OC_Crypt::encrypt($key,$newpassword);
// store the new key
file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );
$_SESSION['user_password']=$newpasscode;
}
}
/**
* @brief encrypts an content
* @param $content the cleartext message you want to encrypt
* @param $key the encryption key
* @returns encrypted content
*
* This function encrypts an content
*/
public static function encrypt( $content, $key) {
$bf = new Crypt_Blowfish($key);
return($bf->encrypt($content));
}
/**
* @brief decryption of an content
* @param $content the cleartext message you want to decrypt
* @param $key the encryption key
* @returns cleartext content
*
* This function decrypts an content
*/
public static function decrypt( $content, $key) {
$bf = new Crypt_Blowfish($key);
return($bf->encrypt($contents));
}
/**
* @brief encryption of a file
* @param $filename
* @param $key the encryption key
*
* This function encrypts a file
*/
public static function encryptfile( $filename, $key) {
$handleread = fopen($filename, "rb");
if($handleread<>FALSE) {
$handlewrite = fopen($filename.OC_Crypt::$encription_extension, "wb");
while (!feof($handleread)) {
$content = fread($handleread, 8192);
$enccontent=OC_CRYPT::encrypt( $content, $key);
fwrite($handlewrite, $enccontent);
}
fclose($handlewrite);
unlink($filename);
}
fclose($handleread);
}
/**
* @brief decryption of a file
* @param $filename
* @param $key the decryption key
*
* This function decrypts a file
*/
public static function decryptfile( $filename, $key) {
$handleread = fopen($filename.OC_Crypt::$encription_extension, "rb");
if($handleread<>FALSE) {
$handlewrite = fopen($filename, "wb");
while (!feof($handleread)) {
$content = fread($handleread, 8192);
$enccontent=OC_CRYPT::decrypt( $content, $key);
fwrite($handlewrite, $enccontent);
}
fclose($handlewrite);
unlink($filename.OC_Crypt::$encription_extension);
}
fclose($handleread);
}
}