Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
68985 Commits
570 Branches
1160 Tags
4.1 GiB
Tree: 3e176f58af
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3e176f58af'
${ noResults }
nextcloud-server/apps/encryption/lib/Crypto/Crypt.php

840 lines
24 KiB
Raw Normal View History

Initial commit
11 years ago
Fix apps/
9 years ago
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Update license headers
10 years ago
Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
fixing license headers - encryption code related
11 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Fix apps/
9 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Update license headers
10 years ago
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
fixing license headers - encryption code related
11 years ago
Initial commit
11 years ago
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Initial commit
11 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
fix exception handling
11 years ago
cleaning up exception mess
11 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Initial commit
11 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
9 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
Clarify documentation
10 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
Initial commit
11 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
9 years ago
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Initial commit
11 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
9 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Initial commit
11 years ago
add unit test for crypt.php
11 years ago
PHPDoc cleanup - clean code \o/
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
add unit test for crypt.php
11 years ago
Fix psalm issues related to signature changes from PHP 8.0 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Initial commit
11 years ago
add unit test for crypt.php
11 years ago
Initial commit
11 years ago
Use an actual 16 byte long IV The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
10 years ago
Initial commit
11 years ago
Adapt code to new encryption system fileKey gets deleted upon save as it’s stored in shareKeys instead now. We use presence of a fileKey to detect if a file is using the legacy system or the new one, because we do not always have access to header data. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Initial commit
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
fix exception handling
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
SSE enhancement Do not blind concatenate ints. Lets add a _ between them. So that we can distrinquis them properly Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
fix exception handling
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Simplify return statement Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Initial commit
11 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
Initial commit
11 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Updating keystorage movement and fixing hooks
11 years ago
fix exception handling
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
Remember current cipher Signed-off-by: J0WI <J0WI@users.noreply.github.com>
4 years ago
add unit test for crypt.php
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Remember current cipher Signed-off-by: J0WI <J0WI@users.noreply.github.com>
4 years ago
Replace getSystemValue in encryption app Signed-off-by: J0WI <J0WI@users.noreply.github.com>
3 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
Initial commit
11 years ago
Remember current cipher Signed-off-by: J0WI <J0WI@users.noreply.github.com>
4 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Use constant for supported formats Signed-off-by: J0WI <J0WI@users.noreply.github.com>
5 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
Remove workarounds specific to 7.4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Use AES-256-CTR as default CTR is recommended over CFB mode.
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
fall back to the ownCloud default encryption module and aes128 if we read a encrypted file without a header
11 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
fall back to the ownCloud default encryption module and aes128 if we read a encrypted file without a header
11 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Initial commit
11 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
Add note about the addPadding function
10 years ago
Initial commit
11 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
use uid as additional information for salt
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
use uid as additional information for salt
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Use PHP polyfills
10 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Use PHP polyfills
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
use uid as additional information for salt
10 years ago
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
use uid as additional information for salt
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
use uid as additional information for salt
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
Use number of chunk for HMAC as well Prevents switching single blocks within the encrypted file.
10 years ago
Adapt code to new encryption system fileKey gets deleted upon save as it’s stored in shareKeys instead now. We use presence of a fileKey to detect if a file is using the legacy system or the new one, because we do not always have access to header data. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Initial commit
11 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
PHPDoc cleanup - clean code \o/
11 years ago
use uid as additional information for salt
10 years ago
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
10 years ago
Initial commit
11 years ago
use uid as additional information for salt
10 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Increase from 100000 to 600000 iterations for hash_pbkdf2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Initial commit
11 years ago
read cipher from key header and always write a key header if a new private key is stored
11 years ago
fix reading of private key
11 years ago
Initial commit
11 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
Updating keystorage movement and fixing hooks
11 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
10 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Initial commit
11 years ago
Remove workarounds specific to 7.4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Initial commit
11 years ago
return false if private key is not valid
10 years ago
Initial commit
11 years ago
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
10 years ago
fix exception handling
11 years ago
Initial commit
11 years ago
Keep track of file version This way it is not possible anymore for an external storage admin to put up old versions of the file.
10 years ago
The encryption decrypt position can be int or string The public API said string, internally we treated it as int. In reality both are used. Let's reflect that in the documented argument type. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
fix exception handling
11 years ago
Initial commit
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Adding a check to see if keyFileContents is empty: * this fixes a download error and an exception if the data content for encryption is empty * #3958: for recovering encrypted files with a damaged signature this is necessary in addition to turning the signature check off Signed-off-by: Stefan Weiberg <sweiberg@suse.com>
7 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
fixing unit tests
10 years ago
SSE enhancement Do not blind concatenate ints. Lets add a _ between them. So that we can distrinquis them properly Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
fix exception handling
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
fix exception handling
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
add unit test for crypt.php
11 years ago
always throw a encryption exception Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
9 years ago
Initial commit
11 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Replace getSystemValue in encryption app Signed-off-by: J0WI <J0WI@users.noreply.github.com>
3 years ago
Allow to disable the signature check This allows you to recover encryption files even if the signature is broken Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
improve variable naming Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
Allow to disable the signature check This allows you to recover encryption files even if the signature is broken Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
Cleanup signature checking logic in encryption Signed-off-by: jld3103 <jld3103yt@gmail.com>
3 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
Adapt code to new encryption system fileKey gets deleted upon save as it’s stored in shareKeys instead now. We use presence of a fileKey to detect if a file is using the legacy system or the new one, because we do not always have access to header data. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Use hash with appended "a" of the original password for the authentication
10 years ago
Simplify return statement Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
make it backward compatible to work with signed and un-signed files
10 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
always throw a encryption exception Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
9 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Improve typing as suggested by review Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Replace getSystemValue in encryption app Signed-off-by: J0WI <J0WI@users.noreply.github.com>
3 years ago
in case 'encryption_skip_signature_check' was set to true we accept if the file doesn't has a signature Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
meta data are at the end of the file
10 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Make legacy cipher opt in * Systems that upgrade have this enabled by default * New systems disable it * We'll have to add some wargning in the setup checks if this is enabled Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Remember current cipher Signed-off-by: J0WI <J0WI@users.noreply.github.com>
4 years ago
in case 'encryption_skip_signature_check' was set to true we accept if the file doesn't has a signature Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
always throw a encryption exception Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
9 years ago
sign all encrypted blocks and check signature on decrypt
10 years ago
Initial commit
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Updating keystorage movement and fixing hooks
11 years ago
fix exception handling
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
Updating keystorage movement and fixing hooks
11 years ago
Initial commit
11 years ago
fix exception handling
11 years ago
Initial commit
11 years ago
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
10 years ago
Initial commit
11 years ago
use password hash instead of the plain password to encrypt the private key
10 years ago
Initial commit
11 years ago
PHPDoc cleanup - clean code \o/
11 years ago
Initial commit
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
PHPDoc cleanup - clean code \o/
11 years ago
Initial commit
11 years ago
Fix comparisons in encryption app Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Initial commit
11 years ago
add unit test for crypt.php
11 years ago
Initial commit
11 years ago
Migrate away from ILogger in encryption And modernize code a bit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2 years ago
Use an actual 16 byte long IV The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
10 years ago
Initial commit
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
write encrypted file to disc
11 years ago
Use hash with appended "a" of the original password for the authentication
10 years ago
Fix typos and some other adjustments
11 years ago
write encrypted file to disc
11 years ago
Fix typos and some other adjustments
11 years ago
write encrypted file to disc
11 years ago
method shouldn't be static
11 years ago
Use hash with appended "a" of the original password for the authentication
10 years ago
write encrypted file to disc
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
Getting rid of openssl_seal and rc4 in server side encryption Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
fix exception handling
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Getting rid of openssl_seal and rc4 in server side encryption Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Add a test for multiKeyEncrypt/Decrypt methods Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Getting rid of openssl_seal and rc4 in server side encryption Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
Fix typos and some other adjustments
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Add a test for multiKeyEncrypt/Decrypt methods Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
Getting rid of openssl_seal and rc4 in server side encryption Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Updating keystorage movement and fixing hooks
11 years ago
fix exception handling
11 years ago
Updating keystorage movement and fixing hooks
11 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Save encrypted files in binary format Default to the more space-efficient binary encoding for newly encrypted files instead of the traditional base64 encoding, eliminating the 33% overhead. The new option 'encryption.use_legacy_encoding' allows to force the legacy encoding format if needed. Files encoded in the old format remain readable. Based on https://github.com/owncloud/encryption/pull/224 and https://github.com/owncloud/core/pull/38249 by karakayasemi. Signed-off-by: plumbeo <plumbeo@users.noreply.github.com>
4 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Add a test for multiKeyEncrypt/Decrypt methods Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Set functions as private to be able to refactor later Also a few comment fixes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Strong type custom openssl_seal implementation Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Move to phpseclib implementation of RC4 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Always wrap rc4, and throws on unknown cipher Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
introduce wrapped_openssl_seal() and wrapped_openssl_open() to circument RC4 problems with OpenSSL v3 Signed-off-by: Kevin Niehage <k.niehage@syseleven.de>
3 years ago
Initial commit
11 years ago
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Clark Tomlinson <fallen013@gmail.com>
  9. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  10. * @author Joas Schilling <coding@schilljs.com>
  11. * @author Kevin Niehage <kevin@niehage.name>
  12. * @author Lukas Reschke <lukas@statuscode.ch>
  13. * @author Morris Jobke <hey@morrisjobke.de>
  14. * @author Roeland Jago Douma <roeland@famdouma.nl>
  15. * @author Stefan Weiberg <sweiberg@suse.com>
  16. * @author Thomas Müller <thomas.mueller@tmit.eu>
  17. *
  18. * @license AGPL-3.0
  19. *
  20. * This code is free software: you can redistribute it and/or modify
  21. * it under the terms of the GNU Affero General Public License, version 3,
  22. * as published by the Free Software Foundation.
  23. *
  24. * This program is distributed in the hope that it will be useful,
  25. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27. * GNU Affero General Public License for more details.
  28. *
  29. * You should have received a copy of the GNU Affero General Public License, version 3,
  30. * along with this program. If not, see <http://www.gnu.org/licenses/>
  31. *
  32. */
  33. namespace OCA\Encryption\Crypto;
  35. use OC\Encryption\Exceptions\DecryptionFailedException;
  36. use OC\Encryption\Exceptions\EncryptionFailedException;
  37. use OC\ServerNotAvailableException;
  38. use OCA\Encryption\Exceptions\MultiKeyDecryptException;
  39. use OCA\Encryption\Exceptions\MultiKeyEncryptException;
  40. use OCP\Encryption\Exceptions\GenericEncryptionException;
  41. use OCP\IConfig;
  42. use OCP\IL10N;
  43. use OCP\IUserSession;
  44. use Psr\Log\LoggerInterface;
  45. use phpseclib\Crypt\RC4;
  47. /**
  48. * Class Crypt provides the encryption implementation of the default Nextcloud
  49. * encryption module. As default AES-256-CTR is used, it does however offer support
  50. * for the following modes:
  51. *
  52. * - AES-256-CTR
  53. * - AES-128-CTR
  54. * - AES-256-CFB
  55. * - AES-128-CFB
  56. *
  57. * For integrity protection Encrypt-Then-MAC using HMAC-SHA256 is used.
  58. *
  59. * @package OCA\Encryption\Crypto
  60. */
  61. class Crypt {
  62. public const SUPPORTED_CIPHERS_AND_KEY_SIZE = [
  63. 'AES-256-CTR' => 32,
  64. 'AES-128-CTR' => 16,
  65. 'AES-256-CFB' => 32,
  66. 'AES-128-CFB' => 16,
  67. ];
  68. // one out of SUPPORTED_CIPHERS_AND_KEY_SIZE
  69. public const DEFAULT_CIPHER = 'AES-256-CTR';
  70. // default cipher from old Nextcloud versions
  71. public const LEGACY_CIPHER = 'AES-128-CFB';
  73. public const SUPPORTED_KEY_FORMATS = ['hash2', 'hash', 'password'];
  74. // one out of SUPPORTED_KEY_FORMATS
  75. public const DEFAULT_KEY_FORMAT = 'hash2';
  76. // default key format, old Nextcloud version encrypted the private key directly
  77. // with the user password
  78. public const LEGACY_KEY_FORMAT = 'password';
  80. public const HEADER_START = 'HBEGIN';
  81. public const HEADER_END = 'HEND';
  83. // default encoding format, old Nextcloud versions used base64
  84. public const BINARY_ENCODING_FORMAT = 'binary';
  86. private string $user;
  88. private ?string $currentCipher = null;
  90. private bool $supportLegacy;
  92. /**
  93. * Use the legacy base64 encoding instead of the more space-efficient binary encoding.
  94. */
  95. private bool $useLegacyBase64Encoding;
  97. public function __construct(
  98. private LoggerInterface $logger,
  99. IUserSession $userSession,
  100. private IConfig $config,
  101. private IL10N $l,
  102. ) {
  103. $this->user = $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
  104. $this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
  105. $this->useLegacyBase64Encoding = $this->config->getSystemValueBool('encryption.use_legacy_base64_encoding', false);
  106. }
  108. /**
  109. * create new private/public key-pair for user
  110. *
  111. * @return array|bool
  112. */
  113. public function createKeyPair() {
  114. $res = $this->getOpenSSLPKey();
  116. if (!$res) {
  117. $this->logger->error("Encryption Library couldn't generate users key-pair for {$this->user}",
  118. ['app' => 'encryption']);
  120. if (openssl_error_string()) {
  121. $this->logger->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
  122. ['app' => 'encryption']);
  123. }
  124. } elseif (openssl_pkey_export($res,
  125. $privateKey,
  126. null,
  127. $this->getOpenSSLConfig())) {
  128. $keyDetails = openssl_pkey_get_details($res);
  129. $publicKey = $keyDetails['key'];
  131. return [
  132. 'publicKey' => $publicKey,
  133. 'privateKey' => $privateKey
  134. ];
  135. }
  136. $this->logger->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
  137. ['app' => 'encryption']);
  138. if (openssl_error_string()) {
  139. $this->logger->error('Encryption Library:' . openssl_error_string(),
  140. ['app' => 'encryption']);
  141. }
  143. return false;
  144. }
  146. /**
  147. * Generates a new private key
  148. *
  149. * @return \OpenSSLAsymmetricKey|false
  150. */
  151. public function getOpenSSLPKey() {
  152. $config = $this->getOpenSSLConfig();
  153. return openssl_pkey_new($config);
  154. }
  156. private function getOpenSSLConfig(): array {
  157. $config = ['private_key_bits' => 4096];
  158. $config = array_merge(
  159. $config,
  160. $this->config->getSystemValue('openssl', [])
  161. );
  162. return $config;
  163. }
  165. /**
  166. * @throws EncryptionFailedException
  167. */
  168. public function symmetricEncryptFileContent(string $plainContent, string $passPhrase, int $version, string $position): string|false {
  169. if (!$plainContent) {
  170. $this->logger->error('Encryption Library, symmetrical encryption failed no content given',
  171. ['app' => 'encryption']);
  172. return false;
  173. }
  175. $iv = $this->generateIv();
  177. $encryptedContent = $this->encrypt($plainContent,
  178. $iv,
  179. $passPhrase,
  180. $this->getCipher());
  182. // Create a signature based on the key as well as the current version
  183. $sig = $this->createSignature($encryptedContent, $passPhrase.'_'.$version.'_'.$position);
  185. // combine content to encrypt the IV identifier and actual IV
  186. $catFile = $this->concatIV($encryptedContent, $iv);
  187. $catFile = $this->concatSig($catFile, $sig);
  188. return $this->addPadding($catFile);
  189. }
  191. /**
  192. * generate header for encrypted file
  193. *
  194. * @param string $keyFormat see SUPPORTED_KEY_FORMATS
  195. * @return string
  196. * @throws \InvalidArgumentException
  197. */
  198. public function generateHeader($keyFormat = self::DEFAULT_KEY_FORMAT) {
  199. if (in_array($keyFormat, self::SUPPORTED_KEY_FORMATS, true) === false) {
  200. throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
  201. }
  203. $header = self::HEADER_START
  204. . ':cipher:' . $this->getCipher()
  205. . ':keyFormat:' . $keyFormat;
  207. if ($this->useLegacyBase64Encoding !== true) {
  208. $header .= ':encoding:' . self::BINARY_ENCODING_FORMAT;
  209. }
  211. $header .= ':' . self::HEADER_END;
  213. return $header;
  214. }
  216. /**
  217. * @throws EncryptionFailedException
  218. */
  219. private function encrypt(string $plainContent, string $iv, string $passPhrase = '', string $cipher = self::DEFAULT_CIPHER): string {
  220. $options = $this->useLegacyBase64Encoding ? 0 : OPENSSL_RAW_DATA;
  221. $encryptedContent = openssl_encrypt($plainContent,
  222. $cipher,
  223. $passPhrase,
  224. $options,
  225. $iv);
  227. if (!$encryptedContent) {
  228. $error = 'Encryption (symmetric) of content failed';
  229. $this->logger->error($error . openssl_error_string(),
  230. ['app' => 'encryption']);
  231. throw new EncryptionFailedException($error);
  232. }
  234. return $encryptedContent;
  235. }
  237. /**
  238. * return cipher either from config.php or the default cipher defined in
  239. * this class
  240. */
  241. private function getCachedCipher(): string {
  242. if (isset($this->currentCipher)) {
  243. return $this->currentCipher;
  244. }
  246. // Get cipher either from config.php or the default cipher defined in this class
  247. $cipher = $this->config->getSystemValueString('cipher', self::DEFAULT_CIPHER);
  248. if (!isset(self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher])) {
  249. $this->logger->warning(
  250. sprintf(
  251. 'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
  252. $cipher,
  253. self::DEFAULT_CIPHER
  254. ),
  255. ['app' => 'encryption']
  256. );
  257. $cipher = self::DEFAULT_CIPHER;
  258. }
  260. // Remember current cipher to avoid frequent lookups
  261. $this->currentCipher = $cipher;
  262. return $this->currentCipher;
  263. }
  265. /**
  266. * return current encryption cipher
  267. *
  268. * @return string
  269. */
  270. public function getCipher() {
  271. return $this->getCachedCipher();
  272. }
  274. /**
  275. * get key size depending on the cipher
  276. *
  277. * @param string $cipher
  278. * @return int
  279. * @throws \InvalidArgumentException
  280. */
  281. protected function getKeySize($cipher) {
  282. if (isset(self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher])) {
  283. return self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher];
  284. }
  286. throw new \InvalidArgumentException(
  287. sprintf(
  288. 'Unsupported cipher (%s) defined.',
  289. $cipher
  290. )
  291. );
  292. }
  294. /**
  295. * get legacy cipher
  296. *
  297. * @return string
  298. */
  299. public function getLegacyCipher() {
  300. if (!$this->supportLegacy) {
  301. throw new ServerNotAvailableException('Legacy cipher is no longer supported!');
  302. }
  304. return self::LEGACY_CIPHER;
  305. }
  307. private function concatIV(string $encryptedContent, string $iv): string {
  308. return $encryptedContent . '00iv00' . $iv;
  309. }
  311. private function concatSig(string $encryptedContent, string $signature): string {
  312. return $encryptedContent . '00sig00' . $signature;
  313. }
  315. /**
  316. * Note: This is _NOT_ a padding used for encryption purposes. It is solely
  317. * used to achieve the PHP stream size. It has _NOTHING_ to do with the
  318. * encrypted content and is not used in any crypto primitive.
  319. */
  320. private function addPadding(string $data): string {
  321. return $data . 'xxx';
  322. }
  324. /**
  325. * generate password hash used to encrypt the users private key
  326. *
  327. * @param string $uid only used for user keys
  328. */
  329. protected function generatePasswordHash(string $password, string $cipher, string $uid = '', int $iterations = 600000): string {
  330. $instanceId = $this->config->getSystemValue('instanceid');
  331. $instanceSecret = $this->config->getSystemValue('secret');
  332. $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
  333. $keySize = $this->getKeySize($cipher);
  335. return hash_pbkdf2(
  336. 'sha256',
  337. $password,
  338. $salt,
  339. $iterations,
  340. $keySize,
  341. true
  342. );
  343. }
  345. /**
  346. * encrypt private key
  347. *
  348. * @param string $privateKey
  349. * @param string $password
  350. * @param string $uid for regular users, empty for system keys
  351. * @return false|string
  352. */
  353. public function encryptPrivateKey($privateKey, $password, $uid = '') {
  354. $cipher = $this->getCipher();
  355. $hash = $this->generatePasswordHash($password, $cipher, $uid);
  356. $encryptedKey = $this->symmetricEncryptFileContent(
  357. $privateKey,
  358. $hash,
  359. 0,
  360. '0'
  361. );
  363. return $encryptedKey;
  364. }
  366. /**
  367. * @param string $privateKey
  368. * @param string $password
  369. * @param string $uid for regular users, empty for system keys
  370. * @return false|string
  371. */
  372. public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
  373. $header = $this->parseHeader($privateKey);
  375. if (isset($header['cipher'])) {
  376. $cipher = $header['cipher'];
  377. } else {
  378. $cipher = $this->getLegacyCipher();
  379. }
  381. if (isset($header['keyFormat'])) {
  382. $keyFormat = $header['keyFormat'];
  383. } else {
  384. $keyFormat = self::LEGACY_KEY_FORMAT;
  385. }
  387. if ($keyFormat === 'hash') {
  388. $password = $this->generatePasswordHash($password, $cipher, $uid, 100000);
  389. } elseif ($keyFormat === 'hash2') {
  390. $password = $this->generatePasswordHash($password, $cipher, $uid, 600000);
  391. }
  393. $binaryEncoding = isset($header['encoding']) && $header['encoding'] === self::BINARY_ENCODING_FORMAT;
  395. // If we found a header we need to remove it from the key we want to decrypt
  396. if (!empty($header)) {
  397. $privateKey = substr($privateKey,
  398. strpos($privateKey,
  399. self::HEADER_END) + strlen(self::HEADER_END));
  400. }
  402. $plainKey = $this->symmetricDecryptFileContent(
  403. $privateKey,
  404. $password,
  405. $cipher,
  406. 0,
  407. 0,
  408. $binaryEncoding
  409. );
  411. if ($this->isValidPrivateKey($plainKey) === false) {
  412. return false;
  413. }
  415. return $plainKey;
  416. }
  418. /**
  419. * check if it is a valid private key
  420. *
  421. * @param string $plainKey
  422. * @return bool
  423. */
  424. protected function isValidPrivateKey($plainKey) {
  425. $res = openssl_get_privatekey($plainKey);
  426. if (is_object($res) && get_class($res) === 'OpenSSLAsymmetricKey') {
  427. $sslInfo = openssl_pkey_get_details($res);
  428. if (isset($sslInfo['key'])) {
  429. return true;
  430. }
  431. }
  433. return false;
  434. }
  436. /**
  437. * @param string $keyFileContents
  438. * @param string $passPhrase
  439. * @param string $cipher
  440. * @param int $version
  441. * @param int|string $position
  442. * @param boolean $binaryEncoding
  443. * @return string
  444. * @throws DecryptionFailedException
  445. */
  446. public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0, bool $binaryEncoding = false) {
  447. if ($keyFileContents == '') {
  448. return '';
  449. }
  451. $catFile = $this->splitMetaData($keyFileContents, $cipher);
  453. if ($catFile['signature'] !== false) {
  454. try {
  455. // First try the new format
  456. $this->checkSignature($catFile['encrypted'], $passPhrase . '_' . $version . '_' . $position, $catFile['signature']);
  457. } catch (GenericEncryptionException $e) {
  458. // For compatibility with old files check the version without _
  459. $this->checkSignature($catFile['encrypted'], $passPhrase . $version . $position, $catFile['signature']);
  460. }
  461. }
  463. return $this->decrypt($catFile['encrypted'],
  464. $catFile['iv'],
  465. $passPhrase,
  466. $cipher,
  467. $binaryEncoding);
  468. }
  470. /**
  471. * check for valid signature
  472. *
  473. * @throws GenericEncryptionException
  474. */
  475. private function checkSignature(string $data, string $passPhrase, string $expectedSignature): void {
  476. $enforceSignature = !$this->config->getSystemValueBool('encryption_skip_signature_check', false);
  478. $signature = $this->createSignature($data, $passPhrase);
  479. $isCorrectHash = hash_equals($expectedSignature, $signature);
  481. if (!$isCorrectHash) {
  482. if ($enforceSignature) {
  483. throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
  484. } else {
  485. $this->logger->info("Signature check skipped", ['app' => 'encryption']);
  486. }
  487. }
  488. }
  490. /**
  491. * create signature
  492. */
  493. private function createSignature(string $data, string $passPhrase): string {
  494. $passPhrase = hash('sha512', $passPhrase . 'a', true);
  495. return hash_hmac('sha256', $data, $passPhrase);
  496. }
  499. /**
  500. * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
  501. */
  502. private function removePadding(string $padded, bool $hasSignature = false): string|false {
  503. if ($hasSignature === false && substr($padded, -2) === 'xx') {
  504. return substr($padded, 0, -2);
  505. } elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
  506. return substr($padded, 0, -3);
  507. }
  508. return false;
  509. }
  511. /**
  512. * split meta data from encrypted file
  513. * Note: for now, we assume that the meta data always start with the iv
  514. * followed by the signature, if available
  515. */
  516. private function splitMetaData(string $catFile, string $cipher): array {
  517. if ($this->hasSignature($catFile, $cipher)) {
  518. $catFile = $this->removePadding($catFile, true);
  519. $meta = substr($catFile, -93);
  520. $iv = substr($meta, strlen('00iv00'), 16);
  521. $sig = substr($meta, 22 + strlen('00sig00'));
  522. $encrypted = substr($catFile, 0, -93);
  523. } else {
  524. $catFile = $this->removePadding($catFile);
  525. $meta = substr($catFile, -22);
  526. $iv = substr($meta, -16);
  527. $sig = false;
  528. $encrypted = substr($catFile, 0, -22);
  529. }
  531. return [
  532. 'encrypted' => $encrypted,
  533. 'iv' => $iv,
  534. 'signature' => $sig
  535. ];
  536. }
  538. /**
  539. * check if encrypted block is signed
  540. *
  541. * @throws GenericEncryptionException
  542. */
  543. private function hasSignature(string $catFile, string $cipher): bool {
  544. $skipSignatureCheck = $this->config->getSystemValueBool('encryption_skip_signature_check', false);
  546. $meta = substr($catFile, -93);
  547. $signaturePosition = strpos($meta, '00sig00');
  549. // If we no longer support the legacy format then everything needs a signature
  550. if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) {
  551. throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
  552. }
  554. // Enforce signature for the new 'CTR' ciphers
  555. if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
  556. throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
  557. }
  559. return ($signaturePosition !== false);
  560. }
  563. /**
  564. * @throws DecryptionFailedException
  565. */
  566. private function decrypt(string $encryptedContent, string $iv, string $passPhrase = '', string $cipher = self::DEFAULT_CIPHER, bool $binaryEncoding = false): string {
  567. $options = $binaryEncoding === true ? OPENSSL_RAW_DATA : 0;
  568. $plainContent = openssl_decrypt($encryptedContent,
  569. $cipher,
  570. $passPhrase,
  571. $options,
  572. $iv);
  574. if ($plainContent) {
  575. return $plainContent;
  576. } else {
  577. throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
  578. }
  579. }
  581. /**
  582. * @param string $data
  583. * @return array
  584. */
  585. protected function parseHeader($data) {
  586. $result = [];
  588. if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
  589. $endAt = strpos($data, self::HEADER_END);
  590. $header = substr($data, 0, $endAt + strlen(self::HEADER_END));
  592. // +1 not to start with an ':' which would result in empty element at the beginning
  593. $exploded = explode(':',
  594. substr($header, strlen(self::HEADER_START) + 1));
  596. $element = array_shift($exploded);
  598. while ($element !== self::HEADER_END) {
  599. $result[$element] = array_shift($exploded);
  600. $element = array_shift($exploded);
  601. }
  602. }
  604. return $result;
  605. }
  607. /**
  608. * generate initialization vector
  609. *
  610. * @throws GenericEncryptionException
  611. */
  612. private function generateIv(): string {
  613. return random_bytes(16);
  614. }
  616. /**
  617. * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
  618. * as file key
  619. *
  620. * @return string
  621. * @throws \Exception
  622. */
  623. public function generateFileKey() {
  624. return random_bytes(32);
  625. }
  627. /**
  628. * @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $privateKey
  629. * @throws MultiKeyDecryptException
  630. */
  631. public function multiKeyDecrypt(string $shareKey, $privateKey): string {
  632. $plainContent = '';
  634. // decrypt the intermediate key with RSA
  635. if (openssl_private_decrypt($shareKey, $intermediate, $privateKey, OPENSSL_PKCS1_OAEP_PADDING)) {
  636. return $intermediate;
  637. } else {
  638. throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
  639. }
  640. }
  642. /**
  643. * @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $privateKey
  644. * @throws MultiKeyDecryptException
  645. */
  646. public function multiKeyDecryptLegacy(string $encKeyFile, string $shareKey, $privateKey): string {
  647. if (!$encKeyFile) {
  648. throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
  649. }
  651. $plainContent = '';
  652. if ($this->opensslOpen($encKeyFile, $plainContent, $shareKey, $privateKey, 'RC4')) {
  653. return $plainContent;
  654. } else {
  655. throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
  656. }
  657. }
  659. /**
  660. * @param array<string,\OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string> $keyFiles
  661. * @throws MultiKeyEncryptException
  662. */
  663. public function multiKeyEncrypt(string $plainContent, array $keyFiles): array {
  664. if (empty($plainContent)) {
  665. throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
  666. }
  668. // Set empty vars to be set by openssl by reference
  669. $shareKeys = [];
  670. $mappedShareKeys = [];
  672. // make sure that there is at least one public key to use
  673. if (count($keyFiles) >= 1) {
  674. // prepare the encrypted keys
  675. $shareKeys = [];
  677. // iterate over the public keys and encrypt the intermediate
  678. // for each of them with RSA
  679. foreach ($keyFiles as $tmp_key) {
  680. if (openssl_public_encrypt($plainContent, $tmp_output, $tmp_key, OPENSSL_PKCS1_OAEP_PADDING)) {
  681. $shareKeys[] = $tmp_output;
  682. }
  683. }
  685. // set the result if everything worked fine
  686. if (count($keyFiles) === count($shareKeys)) {
  687. $i = 0;
  689. // Ensure each shareKey is labelled with its corresponding key id
  690. foreach ($keyFiles as $userId => $publicKey) {
  691. $mappedShareKeys[$userId] = $shareKeys[$i];
  692. $i++;
  693. }
  695. return $mappedShareKeys;
  696. }
  697. }
  698. throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
  699. }
  701. /**
  702. * @param string $plainContent
  703. * @param array $keyFiles
  704. * @return array
  705. * @throws MultiKeyEncryptException
  706. * @deprecated 27.0.0 use multiKeyEncrypt
  707. */
  708. public function multiKeyEncryptLegacy($plainContent, array $keyFiles) {
  709. // openssl_seal returns false without errors if plaincontent is empty
  710. // so trigger our own error
  711. if (empty($plainContent)) {
  712. throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
  713. }
  715. // Set empty vars to be set by openssl by reference
  716. $sealed = '';
  717. $shareKeys = [];
  718. $mappedShareKeys = [];
  720. if ($this->opensslSeal($plainContent, $sealed, $shareKeys, $keyFiles, 'RC4')) {
  721. $i = 0;
  723. // Ensure each shareKey is labelled with its corresponding key id
  724. foreach ($keyFiles as $userId => $publicKey) {
  725. $mappedShareKeys[$userId] = $shareKeys[$i];
  726. $i++;
  727. }
  729. return [
  730. 'keys' => $mappedShareKeys,
  731. 'data' => $sealed
  732. ];
  733. } else {
  734. throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
  735. }
  736. }
  738. /**
  739. * returns the value of $useLegacyBase64Encoding
  740. *
  741. * @return bool
  742. */
  743. public function useLegacyBase64Encoding(): bool {
  744. return $this->useLegacyBase64Encoding;
  745. }
  747. /**
  748. * Uses phpseclib RC4 implementation
  749. */
  750. private function rc4Decrypt(string $data, string $secret): string {
  751. $rc4 = new RC4();
  752. /** @psalm-suppress InternalMethod */
  753. $rc4->setKey($secret);
  755. return $rc4->decrypt($data);
  756. }
  758. /**
  759. * Uses phpseclib RC4 implementation
  760. */
  761. private function rc4Encrypt(string $data, string $secret): string {
  762. $rc4 = new RC4();
  763. /** @psalm-suppress InternalMethod */
  764. $rc4->setKey($secret);
  766. return $rc4->encrypt($data);
  767. }
  769. /**
  770. * Custom implementation of openssl_open()
  771. *
  772. * @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key
  773. * @throws DecryptionFailedException
  774. */
  775. private function opensslOpen(string $data, string &$output, string $encrypted_key, $private_key, string $cipher_algo): bool {
  776. $result = false;
  778. // check if RC4 is used
  779. if (strcasecmp($cipher_algo, "rc4") === 0) {
  780. // decrypt the intermediate key with RSA
  781. if (openssl_private_decrypt($encrypted_key, $intermediate, $private_key, OPENSSL_PKCS1_PADDING)) {
  782. // decrypt the file key with the intermediate key
  783. // using our own RC4 implementation
  784. $output = $this->rc4Decrypt($data, $intermediate);
  785. $result = (strlen($output) === strlen($data));
  786. }
  787. } else {
  788. throw new DecryptionFailedException('Unsupported cipher '.$cipher_algo);
  789. }
  791. return $result;
  792. }
  794. /**
  795. * Custom implementation of openssl_seal()
  796. *
  797. * @deprecated 27.0.0 use multiKeyEncrypt
  798. * @throws EncryptionFailedException
  799. */
  800. private function opensslSeal(string $data, string &$sealed_data, array &$encrypted_keys, array $public_key, string $cipher_algo): int|false {
  801. $result = false;
  803. // check if RC4 is used
  804. if (strcasecmp($cipher_algo, "rc4") === 0) {
  805. // make sure that there is at least one public key to use
  806. if (count($public_key) >= 1) {
  807. // generate the intermediate key
  808. $intermediate = openssl_random_pseudo_bytes(16, $strong_result);
  810. // check if we got strong random data
  811. if ($strong_result) {
  812. // encrypt the file key with the intermediate key
  813. // using our own RC4 implementation
  814. $sealed_data = $this->rc4Encrypt($data, $intermediate);
  815. if (strlen($sealed_data) === strlen($data)) {
  816. // prepare the encrypted keys
  817. $encrypted_keys = [];
  819. // iterate over the public keys and encrypt the intermediate
  820. // for each of them with RSA
  821. foreach ($public_key as $tmp_key) {
  822. if (openssl_public_encrypt($intermediate, $tmp_output, $tmp_key, OPENSSL_PKCS1_PADDING)) {
  823. $encrypted_keys[] = $tmp_output;
  824. }
  825. }
  827. // set the result if everything worked fine
  828. if (count($public_key) === count($encrypted_keys)) {
  829. $result = strlen($sealed_data);
  830. }
  831. }
  832. }
  833. }
  834. } else {
  835. throw new EncryptionFailedException('Unsupported cipher '.$cipher_algo);
  836. }
  838. return $result;
  839. }
  840. }