server/apps/files_encryption/lib/crypt.php

576 lines
16 KiB
PHP
Raw Normal View History

<?php
/**
* ownCloud
*
* @author Sam Tuke, Frank Karlitschek, Robin Appelman
2013-05-19 23:24:36 +00:00
* @copyright 2012 Sam Tuke samtuke@owncloud.com,
* Robin Appelman icewind@owncloud.com, Frank Karlitschek
* frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption;
/**
* Class for common cryptography functionality
*/
2013-05-27 15:26:58 +00:00
class Crypt {
const ENCRYPTION_UNKNOWN_ERROR = -1;
const ENCRYPTION_NOT_INITIALIZED_ERROR = 1;
const ENCRYPTION_PRIVATE_KEY_NOT_VALID_ERROR = 2;
const ENCRYPTION_NO_SHARE_KEY_FOUND = 3;
2014-07-21 11:02:28 +00:00
const BLOCKSIZE = 8192; // block size will always be 8192 for a PHP stream https://bugs.php.net/bug.php?id=21641
const DEFAULT_CIPHER = 'AES-256-CFB';
const HEADERSTART = 'HBEGIN';
const HEADEREND = 'HEND';
/**
* return encryption mode client or server side encryption
2013-05-19 23:24:36 +00:00
* @param string $user name (use system wide setting if name=null)
* @return string 'client' or 'server'
* @note at the moment we only support server side encryption
*/
2013-05-27 15:26:58 +00:00
public static function mode($user = null) {
return 'server';
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Create a new encryption keypair
2013-05-19 23:24:36 +00:00
* @return array publicKey, privatekey
*/
2013-05-23 21:56:31 +00:00
public static function createKeypair() {
2013-05-19 23:24:36 +00:00
2013-06-19 14:55:31 +00:00
$return = false;
$res = Helper::getOpenSSLPkey();
if ($res === false) {
\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
while ($msg = openssl_error_string()) {
\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails: ' . $msg, \OCP\Util::ERROR);
}
} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
// Get public key
$keyDetails = openssl_pkey_get_details($res);
$publicKey = $keyDetails['key'];
2013-05-19 23:24:36 +00:00
2013-06-19 14:55:31 +00:00
$return = array(
'publicKey' => $publicKey,
'privateKey' => $privateKey
);
2013-06-19 13:58:34 +00:00
} else {
\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
while($errMsg = openssl_error_string()) {
\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
}
}
2013-05-19 23:24:36 +00:00
2013-06-19 14:55:31 +00:00
return $return;
}
2013-05-19 23:24:36 +00:00
/**
* Add arbitrary padding to encrypted data
2013-05-19 23:24:36 +00:00
* @param string $data data to be padded
* @return string padded data
* @note In order to end up with data exactly 8192 bytes long we must
* add two letters. It is impossible to achieve exactly 8192 length
* blocks with encryption alone, hence padding is added to achieve the
* required length.
*/
private static function addPadding($data) {
2013-05-19 23:24:36 +00:00
$padded = $data . 'xx';
2013-05-19 23:24:36 +00:00
return $padded;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Remove arbitrary padding to encrypted data
2013-05-19 23:24:36 +00:00
* @param string $padded padded data to remove padding from
* @return string unpadded data on success, false on error
*/
private static function removePadding($padded) {
2013-05-19 23:24:36 +00:00
if (substr($padded, -2) === 'xx') {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
$data = substr($padded, 0, -2);
2013-05-19 23:24:36 +00:00
return $data;
2013-05-19 23:24:36 +00:00
} else {
2013-05-19 23:24:36 +00:00
// TODO: log the fact that unpadded data was submitted for removal of padding
return false;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Check if a file's contents contains an IV and is symmetrically encrypted
2014-05-13 11:29:25 +00:00
* @param string $content
2013-05-19 23:24:36 +00:00
* @return boolean
* @note see also OCA\Encryption\Util->isEncryptedPath()
*/
2013-05-27 15:26:58 +00:00
public static function isCatfileContent($content) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$content) {
2013-05-19 23:24:36 +00:00
return false;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
$noPadding = self::removePadding($content);
2013-05-19 23:24:36 +00:00
// Fetch encryption metadata from end of file
2013-05-27 15:26:58 +00:00
$meta = substr($noPadding, -22);
2013-05-19 23:24:36 +00:00
// Fetch IV from end of file
2013-05-27 15:26:58 +00:00
$iv = substr($meta, -16);
2013-05-19 23:24:36 +00:00
// Fetch identifier from start of metadata
2013-05-27 15:26:58 +00:00
$identifier = substr($meta, 0, 6);
2013-05-19 23:24:36 +00:00
if ($identifier === '00iv00') {
2013-05-19 23:24:36 +00:00
return true;
2013-05-19 23:24:36 +00:00
} else {
2013-05-19 23:24:36 +00:00
return false;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
2012-11-22 14:08:19 +00:00
/**
* Check if a file is encrypted according to database file cache
* @param string $path
* @return bool
*/
2013-05-27 15:26:58 +00:00
public static function isEncryptedMeta($path) {
2013-05-19 23:24:36 +00:00
// TODO: Use DI to get \OC\Files\Filesystem out of here
2013-05-19 23:24:36 +00:00
2012-11-22 14:08:19 +00:00
// Fetch all file metadata from DB
2013-05-27 15:26:58 +00:00
$metadata = \OC\Files\Filesystem::getFileInfo($path);
2013-05-19 23:24:36 +00:00
2012-11-22 14:08:19 +00:00
// Return encryption status
return isset($metadata['encrypted']) && ( bool )$metadata['encrypted'];
2013-05-19 23:24:36 +00:00
2012-11-22 14:08:19 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Symmetrically encrypt a string
* @param string $plainContent
* @param string $iv
2013-05-23 21:56:31 +00:00
* @param string $passphrase
2014-07-21 11:02:28 +00:00
* @param string $cypher used for encryption, currently we support AES-128-CFB and AES-256-CFB
2013-05-19 23:24:36 +00:00
* @return string encrypted file content
2014-07-21 11:02:28 +00:00
* @throws \OCA\Encryption\Exceptions\EncryptionException
2013-05-19 23:24:36 +00:00
*/
2014-07-21 11:02:28 +00:00
private static function encrypt($plainContent, $iv, $passphrase = '', $cipher = Crypt::DEFAULT_CIPHER) {
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
$encryptedContent = openssl_encrypt($plainContent, $cipher, $passphrase, false, $iv);
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
if (!$encryptedContent) {
$error = "Encryption (symmetric) of content failed: " . openssl_error_string();
\OCP\Util::writeLog('Encryption library', $error, \OCP\Util::ERROR);
throw new Exceptions\EncryptionException($error, 50);
}
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
return $encryptedContent;
}
2013-05-19 23:24:36 +00:00
/**
* Symmetrically decrypt a string
* @param string $encryptedContent
* @param string $iv
* @param string $passphrase
2014-07-21 11:02:28 +00:00
* @param string $cipher cipher user for decryption, currently we support aes128 and aes256
2013-05-23 21:56:31 +00:00
* @throws \Exception
2013-05-19 23:24:36 +00:00
* @return string decrypted file content
*/
2014-07-21 11:02:28 +00:00
private static function decrypt($encryptedContent, $iv, $passphrase, $cipher = Crypt::DEFAULT_CIPHER) {
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
$plainContent = openssl_decrypt($encryptedContent, $cipher, $passphrase, false, $iv);
2014-07-21 11:02:28 +00:00
if ($plainContent) {
return $plainContent;
} else {
2013-05-27 15:26:58 +00:00
throw new \Exception('Encryption library: Decryption (symmetric) of content failed');
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Concatenate encrypted data with its IV and padding
2013-05-19 23:24:36 +00:00
* @param string $content content to be concatenated
* @param string $iv IV to be concatenated
2014-05-13 10:36:01 +00:00
* @return string concatenated content
2013-05-19 23:24:36 +00:00
*/
private static function concatIv($content, $iv) {
2013-05-19 23:24:36 +00:00
$combined = $content . '00iv00' . $iv;
2013-05-19 23:24:36 +00:00
return $combined;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Split concatenated data and IV into respective parts
2013-05-19 23:24:36 +00:00
* @param string $catFile concatenated data to be split
2014-05-13 10:36:01 +00:00
* @return array keys: encrypted, iv
2013-05-19 23:24:36 +00:00
*/
private static function splitIv($catFile) {
2013-05-19 23:24:36 +00:00
// Fetch encryption metadata from end of file
2013-05-27 15:26:58 +00:00
$meta = substr($catFile, -22);
2013-05-19 23:24:36 +00:00
// Fetch IV from end of file
2013-05-27 15:26:58 +00:00
$iv = substr($meta, -16);
2013-05-19 23:24:36 +00:00
// Remove IV and IV identifier text to expose encrypted content
2013-05-27 15:26:58 +00:00
$encrypted = substr($catFile, 0, -22);
2013-05-19 23:24:36 +00:00
$split = array(
'encrypted' => $encrypted,
2013-05-27 15:26:58 +00:00
'iv' => $iv
);
2013-05-19 23:24:36 +00:00
return $split;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Symmetrically encrypts a string and returns keyfile content
2013-05-19 23:24:36 +00:00
* @param string $plainContent content to be encrypted in keyfile
* @param string $passphrase
2014-07-21 11:02:28 +00:00
* @param string $cypher used for encryption, currently we support AES-128-CFB and AES-256-CFB
* @return false|string encrypted content combined with IV
2013-05-19 23:24:36 +00:00
* @note IV need not be specified, as it will be stored in the returned keyfile
* and remain accessible therein.
*/
2014-07-21 11:02:28 +00:00
public static function symmetricEncryptFileContent($plainContent, $passphrase = '', $cipher = Crypt::DEFAULT_CIPHER) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$plainContent) {
\OCP\Util::writeLog('Encryption library', 'symmetrically encryption failed, no content given.', \OCP\Util::ERROR);
return false;
}
2013-05-19 23:24:36 +00:00
$iv = self::generateIv();
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
try {
$encryptedContent = self::encrypt($plainContent, $iv, $passphrase, $cipher);
2013-05-19 23:24:36 +00:00
// Combine content to encrypt with IV identifier and actual IV
2013-05-27 15:26:58 +00:00
$catfile = self::concatIv($encryptedContent, $iv);
$padded = self::addPadding($catfile);
2013-05-19 23:24:36 +00:00
return $padded;
2014-07-21 11:02:28 +00:00
} catch (OCA\Encryption\Exceptions\EncryptionException $e) {
$message = 'Could not encrypt file content (code: ' . $e->getCode . '): ';
\OCP\Util::writeLog('files_encryption', $message . $e->getMessage, \OCP\Util::ERROR);
return false;
}
2013-05-19 23:24:36 +00:00
}
/**
* Symmetrically decrypts keyfile content
2014-05-13 11:29:25 +00:00
* @param string $keyfileContent
2013-05-19 23:24:36 +00:00
* @param string $passphrase
2014-07-21 11:02:28 +00:00
* @param string $cipher cipher used for decryption, currently aes128 and aes256 is supported.
2013-05-19 23:24:36 +00:00
* @throws \Exception
* @return string|false
2013-05-19 23:24:36 +00:00
* @internal param string $source
* @internal param string $target
* @internal param string $key the decryption key
2014-05-13 10:36:01 +00:00
* @return string decrypted content
2013-05-19 23:24:36 +00:00
*
* This function decrypts a file
*/
2014-07-21 21:36:20 +00:00
public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '', $cipher = Crypt::DEFAULT_CIPHER) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$keyfileContent) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
throw new \Exception('Encryption library: no data provided for decryption');
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
// Remove padding
2013-05-27 15:26:58 +00:00
$noPadding = self::removePadding($keyfileContent);
2013-05-19 23:24:36 +00:00
// Split into enc data and catfile
2013-05-27 15:26:58 +00:00
$catfile = self::splitIv($noPadding);
2013-05-19 23:24:36 +00:00
2014-07-21 11:02:28 +00:00
if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase, $cipher)) {
2013-05-19 23:24:36 +00:00
return $plainContent;
2013-05-19 23:24:36 +00:00
2013-05-23 21:56:31 +00:00
} else {
return false;
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Decrypt private key and check if the result is a valid keyfile
2014-07-21 11:02:28 +00:00
*
* @param string $encryptedKey encrypted keyfile
* @param string $passphrase to decrypt keyfile
2014-05-13 11:29:25 +00:00
* @return string|false encrypted private key or false
*
* This function decrypts a file
*/
public static function decryptPrivateKey($encryptedKey, $passphrase) {
2014-07-21 11:02:28 +00:00
$header = self::parseHeader($encryptedKey);
$cipher = self::getCipher($header);
// if we found a header we need to remove it from the key we want to decrypt
if (!empty($header)) {
$encryptedKey = substr($encryptedKey, strpos($encryptedKey, self::HEADEREND) + strlen(self::HEADEREND));
}
$plainKey = self::symmetricDecryptFileContent($encryptedKey, $passphrase, $cipher);
// check if this a valid private key
$res = openssl_pkey_get_private($plainKey);
2013-06-03 16:42:13 +00:00
if (is_resource($res)) {
$sslInfo = openssl_pkey_get_details($res);
2013-06-03 16:42:13 +00:00
if (!isset($sslInfo['key'])) {
$plainKey = false;
}
} else {
$plainKey = false;
}
return $plainKey;
}
/**
* Create asymmetrically encrypted keyfile content using a generated key
2013-05-19 23:24:36 +00:00
* @param string $plainContent content to be encrypted
* @param array $publicKeys array keys must be the userId of corresponding user
2014-05-13 10:36:01 +00:00
* @return array keys: keys (array, key = userId), data
* @throws \OCA\Encryption\Exceptions\\MultiKeyEncryptException if encryption failed
2013-05-19 23:24:36 +00:00
* @note symmetricDecryptFileContent() can decrypt files created using this method
*/
2013-05-27 15:26:58 +00:00
public static function multiKeyEncrypt($plainContent, array $publicKeys) {
2013-05-19 23:24:36 +00:00
// openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error
2013-05-27 15:26:58 +00:00
if (empty($plainContent)) {
throw new Exceptions\MultiKeyEncryptException('Cannot mutliKeyEncrypt empty plain content', 10);
}
2013-05-19 23:24:36 +00:00
// Set empty vars to be set by openssl by reference
$sealed = '';
$shareKeys = array();
2013-05-23 21:56:31 +00:00
$mappedShareKeys = array();
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) {
2013-05-19 23:24:36 +00:00
$i = 0;
2013-05-19 23:24:36 +00:00
// Ensure each shareKey is labelled with its
// corresponding userId
2013-05-27 15:26:58 +00:00
foreach ($publicKeys as $userId => $publicKey) {
2013-05-19 23:24:36 +00:00
$mappedShareKeys[$userId] = $shareKeys[$i];
$i++;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
return array(
2013-05-23 21:56:31 +00:00
'keys' => $mappedShareKeys,
'data' => $sealed
);
2013-05-19 23:24:36 +00:00
} else {
throw new Exceptions\MultiKeyEncryptException('multi key encryption failed: ' . openssl_error_string(), 20);
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Asymmetrically encrypt a file using multiple public keys
2014-05-13 11:29:25 +00:00
* @param string $encryptedContent
* @param string $shareKey
* @param mixed $privateKey
* @throws \OCA\Encryption\Exceptions\\MultiKeyDecryptException if decryption failed
* @internal param string $plainContent contains decrypted content
2014-05-13 10:36:01 +00:00
* @return string $plainContent decrypted string
2013-05-19 23:24:36 +00:00
* @note symmetricDecryptFileContent() can be used to decrypt files created using this method
*
* This function decrypts a file
*/
2013-05-27 15:26:58 +00:00
public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$encryptedContent) {
throw new Exceptions\MultiKeyDecryptException('Cannot mutliKeyDecrypt empty plain content', 10);
}
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
2013-05-19 23:24:36 +00:00
return $plainContent;
2013-05-19 23:24:36 +00:00
} else {
throw new Exceptions\MultiKeyDecryptException('multiKeyDecrypt with share-key' . $shareKey . 'failed: ' . openssl_error_string(), 20);
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
/**
* Generates a pseudo random initialisation vector
2013-05-17 20:44:45 +00:00
* @return String $iv generated IV
*/
private static function generateIv() {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if ($random = openssl_random_pseudo_bytes(12, $strong)) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$strong) {
2013-05-19 23:24:36 +00:00
// If OpenSSL indicates randomness is insecure, log error
2013-05-27 18:51:52 +00:00
\OCP\Util::writeLog('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OCP\Util::WARN);
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
2013-05-27 15:26:58 +00:00
$iv = base64_encode($random);
2013-05-19 23:24:36 +00:00
return $iv;
2013-05-19 23:24:36 +00:00
} else {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
throw new \Exception('Generating IV failed');
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
2013-05-17 20:44:45 +00:00
/**
* Generate a pseudo random 256-bit ASCII key, used as file key
2014-05-13 11:29:25 +00:00
* @return string|false Generated key
2013-05-17 20:44:45 +00:00
*/
2013-05-23 21:56:31 +00:00
public static function generateKey() {
2013-05-19 23:24:36 +00:00
// Generate key
if ($key = base64_encode(openssl_random_pseudo_bytes(32, $strong))) {
2013-05-19 23:24:36 +00:00
2013-05-27 15:26:58 +00:00
if (!$strong) {
2013-05-19 23:24:36 +00:00
// If OpenSSL indicates randomness is insecure, log error
2013-05-27 15:26:58 +00:00
throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
return $key;
2013-05-19 23:24:36 +00:00
} else {
2013-05-19 23:24:36 +00:00
return false;
2013-05-19 23:24:36 +00:00
}
2013-05-19 23:24:36 +00:00
}
2014-07-21 11:02:28 +00:00
/**
* read header into array
*
* @param string $data
* @return array
*/
public static function parseHeader($data) {
$result = array();
if (substr($data, 0, strlen(self::HEADERSTART)) === self::HEADERSTART) {
$endAt = strpos($data, self::HEADEREND);
$header = substr($data, 0, $endAt + strlen(self::HEADEREND));
// +1 to not start with an ':' which would result in empty element at the beginning
$exploded = explode(':', substr($header, strlen(self::HEADERSTART)+1));
$element = array_shift($exploded);
while ($element !== self::HEADEREND) {
$result[$element] = array_shift($exploded);
$element = array_shift($exploded);
}
}
return $result;
}
/**
* check if data block is the header
*
* @param string $data
* @return boolean
*/
public static function isHeader($data) {
if (substr($data, 0, strlen(self::HEADERSTART)) === self::HEADERSTART) {
return true;
}
return false;
}
/**
* get chiper from header
*
* @param array $header
* @throws \OCA\Encryption\Exceptions\EncryptionException
*/
public static function getCipher($header) {
$cipher = isset($header['cipher']) ? $header['cipher'] : 'AES-128-CFB';
if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') {
throw new \OCA\Encryption\Exceptions\EncryptionException('file header broken, no supported cipher defined', 40);
}
return $cipher;
}
/**
* generate header for encrypted file
*/
public static function generateHeader() {
$cipher = Helper::getCipher();
$header = self::HEADERSTART . ':cipher:' . $cipher . ':' . self::HEADEREND;
return $header;
}
2013-08-08 13:08:58 +00:00
}