From aa582ec43a9060f5f9fba6540d1ea4e24bc70330 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <karlitschek@kde.org>
Date: Thu, 11 Aug 2011 17:49:36 +0200
Subject: [PATCH] more work on encryption

---
 lib/crypt.php                    | 54 ++++++++++++++++++++++++++------
 lib/user.php                     |  1 +
 lib/util.php                     |  2 +-
 settings/ajax/changepassword.php |  1 +
 4 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/lib/crypt.php b/lib/crypt.php
index d75515cf2de..83e6ac4cde0 100755
--- a/lib/crypt.php
+++ b/lib/crypt.php
@@ -24,9 +24,10 @@
 
 // Todo:
 //  Crypt/decrypt button in the userinterface
+//  setting if crypto should be on by default
 //  transparent decrypt/encrpt in filesystem.php
 //  don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster
-
+//  check if the block lenght of the encrypted data stays the same
 
 
 require_once('Crypt_Blowfish/Blowfish.php');
@@ -38,15 +39,50 @@ class OC_Crypt {
 
         static $encription_extension='.encrypted';
 
-	public static function createkey( $passcode) {
-		// generate a random key
-		$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
+	public static function init($login,$password) {
+		$_SESSION['user_password'] = $password;  // save the password as passcode for the encryption
+		if(OC_User::isLoggedIn()){
+			// does key exist?
+			if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){
+				OC_Crypt::createkey($_SESSION['user_password']);
+			}
+		}
+	}
+
 
-		// encrypt the key with the passcode of the user
-		$enckey=OC_Crypt::encrypt($key,$passcode);
 
-		// Write the file
-		file_put_contents( "$SERVERROOT/config/encryption.key", $enckey );
+	public static function createkey($passcode) {
+		if(OC_User::isLoggedIn()){
+			// generate a random key
+			$key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999);
+
+			// encrypt the key with the passcode of the user
+			$enckey=OC_Crypt::encrypt($key,$passcode);
+
+			// Write the file
+		        $username=OC_USER::getUser();
+			file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey );
+		}
+	}
+
+	public static function changekeypasscode( $newpasscode) {
+		if(OC_User::isLoggedIn()){
+		        $username=OC_USER::getUser();
+
+			// read old key
+			$key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key');
+
+			// decrypt key with old passcode
+			$key=OC_Crypt::decrypt($key, $_SESSION['user_password']);
+
+			// encrypt again with new passcode
+			$key=OC_Crypt::encrypt($key,$newpassword);
+
+			// store the new key
+			file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key );
+
+			 $_SESSION['user_password']=$newpasscode;
+		}
 	}
 
 	/**
@@ -59,7 +95,7 @@ class OC_Crypt {
 	 */
 	public static function encrypt( $content, $key) {
 		$bf = new Crypt_Blowfish($key);
-		return($bf->encrypt($contents));
+		return($bf->encrypt($content));
 	}
 
 
diff --git a/lib/user.php b/lib/user.php
index a2ede8234be..e53ba145c9e 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -193,6 +193,7 @@ class OC_User {
 
 		if( $run && self::checkPassword( $uid, $password )){
 			$_SESSION['user_id'] = $uid;
+		        OC_Crypt::init($uid,$password);
 			OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
 			return true;
 		}
diff --git a/lib/util.php b/lib/util.php
index 8b8a27657b2..83d39b3dd21 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -190,7 +190,7 @@ class OC_Util {
 		global $SERVERROOT;
 		global $CONFIG_DATADIRECTORY;
 
-		$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );;
+		$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );
 		$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" );
 		$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
 		$errors=array();
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index c8c1f740889..750edf17696 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -29,6 +29,7 @@ if( !OC_User::checkPassword( $_SESSION["user_id"], $_POST["oldpassword"] )){
 // Change password
 if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){
 	echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") )));
+	OC_Crypt::changekeypasscode( $_POST["password"]) {
 }
 else{
 	echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") )));
-- 
GitLab