open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixes after review from @DeepDiver1975

Browse Source
remotes/origin/stable6
Florin Peter 12 years ago
parent adc930d9f9
commit 6c8de5ae6d
13 changed files with 752 additions and 876 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/files_encryption/hooks/hooks.php
  2. 2
      apps/files_encryption/js/settings-admin.js
  3. 2
      apps/files_encryption/js/settings-personal.js
  4. 246
      apps/files_encryption/lib/crypt.php
  5. 92
      apps/files_encryption/lib/helper.php
  6. 230
      apps/files_encryption/lib/keymanager.php
  7. 204
      apps/files_encryption/lib/proxy.php
  8. 64
      apps/files_encryption/lib/session.php
  9. 170
      apps/files_encryption/lib/stream.php
  10. 601
      apps/files_encryption/lib/util.php
  11. 1
      apps/files_encryption/settings-admin.php
  12. 1
      apps/files_encryption/settings-personal.php
  13. 13
      apps/files_encryption/templates/settings-personal.php

2
apps/files_encryption/hooks/hooks.php
Unescape View File

@ -189,7 +189,7 @@ class Hooks {
// Save public key
$view->file_put_contents( '/public-keys/'.$user.'.public.key', $keypair['publicKey'] );
// Encrypt private key empthy passphrase
// Encrypt private key empty passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $newUserPassword );
// Save private key

2
apps/files_encryption/js/settings-admin.js
Unescape View File

@ -99,4 +99,4 @@ $(document).ready(function(){
);
});
})
});

2
apps/files_encryption/js/settings-personal.js
Unescape View File

@ -57,4 +57,4 @@ $(document).ready(function(){
}
);
})
});

246
apps/files_encryption/lib/crypt.php
Unescape View File

@ -26,7 +26,7 @@
namespace OCA\Encryption;
//require_once '../3rdparty/Crypt_Blowfish/Blowfish.php';
require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php');
require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' );
/**
* Class for common cryptography functionality
@ -40,8 +40,7 @@ class Crypt
* @param string $user name (use system wide setting if name=null)
* @return string 'client' or 'server'
*/
public static function mode($user = null)
{
public static function mode( $user = null ) {
return 'server';
@ -51,20 +50,19 @@ class Crypt
* @brief Create a new encryption keypair
* @return array publicKey, privatekey
*/
public static function createKeypair()
{
public static function createKeypair() {
$res = openssl_pkey_new(array('private_key_bits' => 4096));
$res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) );
// Get private key
openssl_pkey_export($res, $privateKey);
openssl_pkey_export( $res, $privateKey );
// Get public key
$publicKey = openssl_pkey_get_details($res);
$publicKey = openssl_pkey_get_details( $res );
$publicKey = $publicKey['key'];
return (array('publicKey' => $publicKey, 'privateKey' => $privateKey));
return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
}
@ -77,8 +75,7 @@ class Crypt
* blocks with encryption alone, hence padding is added to achieve the
* required length.
*/
public static function addPadding($data)
{
public static function addPadding( $data ) {
$padded = $data . 'xx';
@ -91,12 +88,11 @@ class Crypt
* @param string $padded padded data to remove padding from
* @return string unpadded data on success, false on error
*/
public static function removePadding($padded)
{
public static function removePadding( $padded ) {
if (substr($padded, -2) == 'xx') {
if ( substr( $padded, -2 ) == 'xx' ) {
$data = substr($padded, 0, -2);
$data = substr( $padded, 0, -2 );
return $data;
@ -115,27 +111,26 @@ class Crypt
* @return boolean
* @note see also OCA\Encryption\Util->isEncryptedPath()
*/
public static function isCatfileContent($content)
{
public static function isCatfileContent( $content ) {
if (!$content) {
if ( !$content ) {
return false;
}
$noPadding = self::removePadding($content);
$noPadding = self::removePadding( $content );
// Fetch encryption metadata from end of file
$meta = substr($noPadding, -22);
$meta = substr( $noPadding, -22 );
// Fetch IV from end of file
$iv = substr($meta, -16);
$iv = substr( $meta, -16 );
// Fetch identifier from start of metadata
$identifier = substr($meta, 0, 6);
$identifier = substr( $meta, 0, 6 );
if ($identifier == '00iv00') {
if ( $identifier == '00iv00' ) {
return true;
@ -152,16 +147,15 @@ class Crypt
* @param string $path
* @return bool
*/
public static function isEncryptedMeta($path)
{
public static function isEncryptedMeta( $path ) {
// TODO: Use DI to get \OC\Files\Filesystem out of here
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo($path);
$metadata = \OC\Files\Filesystem::getFileInfo( $path );
// Return encryption status
return isset($metadata['encrypted']) and ( bool )$metadata['encrypted'];
return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
}
@ -172,19 +166,18 @@ class Crypt
* e.g. filename or /Docs/filename, NOT admin/files/filename
* @return boolean
*/
public static function isLegacyEncryptedContent($data, $relPath)
{
public static function isLegacyEncryptedContent( $data, $relPath ) {
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo($relPath, '');
$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
// If a file is flagged with encryption in DB, but isn't a
// valid content + IV combination, it's probably using the
// legacy encryption system
if (
isset($metadata['encrypted'])
isset( $metadata['encrypted'] )
and $metadata['encrypted'] === true
and !self::isCatfileContent($data)
and !self::isCatfileContent( $data )
) {
return true;
@ -199,18 +192,20 @@ class Crypt
/**
* @brief Symmetrically encrypt a string
* @param $plainContent
* @param $iv
* @param string $passphrase
* @return string encrypted file content
*/
public static function encrypt($plainContent, $iv, $passphrase = '')
{
public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) {
if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $encryptedContent;
} else {
\OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR);
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
return false;
@ -220,21 +215,21 @@ class Crypt
/**
* @brief Symmetrically decrypt a string
* @param $encryptedContent
* @param $iv
* @param $passphrase
* @throws \Exception
* @return string decrypted file content
*/
public static function decrypt($encryptedContent, $iv, $passphrase)
{
public static function decrypt( $encryptedContent, $iv, $passphrase ) {
if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) {
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $plainContent;
} else {
throw new \Exception('Encryption library: Decryption (symmetric) of content failed');
return false;
throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
}
@ -246,8 +241,7 @@ class Crypt
* @param string $iv IV to be concatenated
* @returns string concatenated content
*/
public static function concatIv($content, $iv)
{
public static function concatIv( $content, $iv ) {
$combined = $content . '00iv00' . $iv;
@ -260,17 +254,16 @@ class Crypt
* @param string $catFile concatenated data to be split
* @returns array keys: encrypted, iv
*/
public static function splitIv($catFile)
{
public static function splitIv( $catFile ) {
// Fetch encryption metadata from end of file
$meta = substr($catFile, -22);
$meta = substr( $catFile, -22 );
// Fetch IV from end of file
$iv = substr($meta, -16);
$iv = substr( $meta, -16 );
// Remove IV and IV identifier text to expose encrypted content
$encrypted = substr($catFile, 0, -22);
$encrypted = substr( $catFile, 0, -22 );
$split = array(
'encrypted' => $encrypted
@ -290,10 +283,9 @@ class Crypt
* @note IV need not be specified, as it will be stored in the returned keyfile
* and remain accessible therein.
*/
public static function symmetricEncryptFileContent($plainContent, $passphrase = '')
{
public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
if (!$plainContent) {
if ( !$plainContent ) {
return false;
@ -301,18 +293,18 @@ class Crypt
$iv = self::generateIv();
if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) {
if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
// Combine content to encrypt with IV identifier and actual IV
$catfile = self::concatIv($encryptedContent, $iv);
$catfile = self::concatIv( $encryptedContent, $iv );
$padded = self::addPadding($catfile);
$padded = self::addPadding( $catfile );
return $padded;
} else {
\OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR);
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
return false;
@ -334,25 +326,26 @@ class Crypt
*
* This function decrypts a file
*/
public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '')
{
public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
if (!$keyfileContent) {
if ( !$keyfileContent ) {
throw new \Exception('Encryption library: no data provided for decryption');
throw new \Exception( 'Encryption library: no data provided for decryption' );
}
// Remove padding
$noPadding = self::removePadding($keyfileContent);
$noPadding = self::removePadding( $keyfileContent );
// Split into enc data and catfile
$catfile = self::splitIv($noPadding);
$catfile = self::splitIv( $noPadding );
if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) {
if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
return $plainContent;
} else {
return false;
}
}
@ -365,16 +358,15 @@ class Crypt
*
* This function decrypts a file
*/
public static function symmetricEncryptFileContentKeyfile($plainContent)
{
public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
$key = self::generateKey();
if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) {
if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
return array(
'key' => $key
, 'encrypted' => $encryptedContent
'key' => $key,
'encrypted' => $encryptedContent
);
} else {
@ -392,29 +384,28 @@ class Crypt
* @returns array keys: keys (array, key = userId), data
* @note symmetricDecryptFileContent() can decrypt files created using this method
*/
public static function multiKeyEncrypt($plainContent, array $publicKeys)
{
public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
// openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error
if (empty($plainContent)) {
if ( empty( $plainContent ) ) {
trigger_error("Cannot mutliKeyEncrypt empty plain content");
throw new \Exception('Cannot mutliKeyEncrypt empty plain content');
throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' );
}
// Set empty vars to be set by openssl by reference
$sealed = '';
$shareKeys = array();
$mappedShareKeys = array();
if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) {
if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {
$i = 0;
// Ensure each shareKey is labelled with its
// corresponding userId
foreach ($publicKeys as $userId => $publicKey) {
foreach ( $publicKeys as $userId => $publicKey ) {
$mappedShareKeys[$userId] = $shareKeys[$i];
$i++;
@ -422,8 +413,8 @@ class Crypt
}
return array(
'keys' => $mappedShareKeys
, 'data' => $sealed
'keys' => $mappedShareKeys,
'data' => $sealed
);
} else {
@ -446,22 +437,21 @@ class Crypt
*
* This function decrypts a file
*/
public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey)
{
public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) {
if (!$encryptedContent) {
if ( !$encryptedContent ) {
return false;
}
if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) {
return $plainContent;
} else {
\OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR);
\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
return false;
@ -473,10 +463,9 @@ class Crypt
* @brief Asymetrically encrypt a string using a public key
* @return string encrypted file
*/
public static function keyEncrypt($plainContent, $publicKey)
{
public static function keyEncrypt( $plainContent, $publicKey ) {
openssl_public_encrypt($plainContent, $encryptedContent, $publicKey);
openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
return $encryptedContent;
@ -486,12 +475,11 @@ class Crypt
* @brief Asymetrically decrypt a file using a private key
* @return string decrypted file
*/
public static function keyDecrypt($encryptedContent, $privatekey)
{
public static function keyDecrypt( $encryptedContent, $privatekey ) {
$result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey);
$result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
if ($result) {
if ( $result ) {
return $plainContent;
}
@ -503,27 +491,26 @@ class Crypt
* @brief Generates a pseudo random initialisation vector
* @return String $iv generated IV
*/
public static function generateIv()
{
public static function generateIv() {
if ($random = openssl_random_pseudo_bytes(12, $strong)) {
if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
if (!$strong) {
if ( !$strong ) {
// If OpenSSL indicates randomness is insecure, log error
\OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN);
\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
}
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
$iv = base64_encode($random);
$iv = base64_encode( $random );
return $iv;
} else {
throw new \Exception('Generating IV failed');
throw new \Exception( 'Generating IV failed' );
}
@ -533,16 +520,15 @@ class Crypt
* @brief Generate a pseudo random 1024kb ASCII key
* @returns $key Generated key
*/
public static function generateKey()
{
public static function generateKey() {
// Generate key
if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) {
if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
if (!$strong) {
if ( !$strong ) {
// If OpenSSL indicates randomness is insecure, log error
throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');
throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
}
@ -563,12 +549,11 @@ class Crypt
*
* if the key is left out, the default handeler will be used
*/
public static function getBlowfish($key = '')
{
public static function getBlowfish( $key = '' ) {
if ($key) {
if ( $key ) {
return new \Crypt_Blowfish($key);
return new \Crypt_Blowfish( $key );
} else {
@ -582,14 +567,13 @@ class Crypt
* @param $passphrase
* @return mixed
*/
public static function legacyCreateKey($passphrase)
{
public static function legacyCreateKey( $passphrase ) {
// Generate a random integer
$key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999);
$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
// Encrypt the key with the passphrase
$legacyEncKey = self::legacyEncrypt($key, $passphrase);
$legacyEncKey = self::legacyEncrypt( $key, $passphrase );
return $legacyEncKey;
@ -605,12 +589,11 @@ class Crypt
*
* This function encrypts an content
*/
public static function legacyEncrypt($content, $passphrase = '')
{
public static function legacyEncrypt( $content, $passphrase = '' ) {
$bf = self::getBlowfish($passphrase);
$bf = self::getBlowfish( $passphrase );
return $bf->encrypt($content);
return $bf->encrypt( $content );
}
@ -624,14 +607,13 @@ class Crypt
*
* This function decrypts an content
*/
public static function legacyDecrypt($content, $passphrase = '')
{
public static function legacyDecrypt( $content, $passphrase = '' ) {
$bf = self::getBlowfish($passphrase);
$bf = self::getBlowfish( $passphrase );
$decrypted = $bf->decrypt($content);
$decrypted = $bf->decrypt( $content );
return rtrim($decrypted, "\0");;
return rtrim( $decrypted, "\0" );;
}
@ -641,17 +623,16 @@ class Crypt
* @param int $maxLength
* @return string
*/
private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0)
{
private static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) {
$result = '';
while (strlen($data)) {
$result .= self::legacyDecrypt(substr($data, 0, 8192), $key);
$data = substr($data, 8192);
while ( strlen( $data ) ) {
$result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key );
$data = substr( $data, 8192 );
}
if ($maxLength > 0) {
return substr($result, 0, $maxLength);
if ( $maxLength > 0 ) {
return substr( $result, 0, $maxLength );
} else {
return rtrim($result, "\0");
return rtrim( $result, "\0" );
}
}
@ -663,18 +644,17 @@ class Crypt
* @param $path
* @return array
*/
public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path)
{
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) {
$decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);
$decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase );
// Encrypt plain data, generate keyfile & encrypted file
$cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);
$cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );
// Encrypt plain keyfile to multiple sharefiles
$multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);
$multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
return array('data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys']);
return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
}

92
apps/files_encryption/lib/helper.php
Unescape View File

@ -37,35 +37,32 @@ class Helper
* @brief register share related hooks
*
*/
public static function registerShareHooks()
{
public static function registerShareHooks() {
\OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared');
\OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared');
\OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare');
\OCP\Util::connectHook( 'OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared' );
\OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
\OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' );
}
/**
* @brief register user related hooks
*
*/
public static function registerUserHooks()
{
public static function registerUserHooks() {
\OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login');
\OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase');
\OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser');
\OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser');
\OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' );
\OCP\Util::connectHook( 'OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' );
\OCP\Util::connectHook( 'OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser' );
\OCP\Util::connectHook( 'OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser' );
}
/**
* @brief register filesystem related hooks
*
*/
public static function registerFilesystemHooks()
{
public static function registerFilesystemHooks() {
\OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename');
\OCP\Util::connectHook( 'OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename' );
}
/**
@ -75,14 +72,13 @@ class Helper
* @param string $password
* @return bool
*/
public static function setupUser($util, $password)
{
public static function setupUser( $util, $password ) {
// Check files_encryption infrastructure is ready for action
if (!$util->ready()) {
if ( !$util->ready() ) {
\OC_Log::write('Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG);
\OC_Log::write( 'Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG );
if (!$util->setupServerSide($password)) {
if ( !$util->setupServerSide( $password ) ) {
return false;
}
}
@ -99,22 +95,21 @@ class Helper
* @internal param string $password
* @return bool
*/
public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword)
{
$view = new \OC\Files\View('/');
public static function adminEnableRecovery( $recoveryKeyId, $recoveryPassword ) {
$view = new \OC\Files\View( '/' );
if ($recoveryKeyId === null) {
$recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8);
\OC_Appconfig::setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
if ( $recoveryKeyId === null ) {
$recoveryKeyId = 'recovery_' . substr( md5( time() ), 0, 8 );
\OC_Appconfig::setValue( 'files_encryption', 'recoveryKeyId', $recoveryKeyId );
}
if (!$view->is_dir('/owncloud_private_key')) {
$view->mkdir('/owncloud_private_key');
if ( !$view->is_dir( '/owncloud_private_key' ) ) {
$view->mkdir( '/owncloud_private_key' );
}
if (
(!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
|| !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
( !$view->file_exists( "/public-keys/" . $recoveryKeyId . ".public.key" )
|| !$view->file_exists( "/owncloud_private_key/" . $recoveryKeyId . ".private.key" ) )
) {
$keypair = \OCA\Encryption\Crypt::createKeypair();
@ -123,37 +118,37 @@ class Helper
// Save public key
if (!$view->is_dir('/public-keys')) {
$view->mkdir('/public-keys');
if ( !$view->is_dir( '/public-keys' ) ) {
$view->mkdir( '/public-keys' );
}
$view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
$view->file_put_contents( '/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey'] );
// Encrypt private key empthy passphrase
$encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword);
$encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $recoveryPassword );
// Save private key
$view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey);
$view->file_put_contents( '/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey );
// create control file which let us check later on if the entered password was correct.
$encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']);
if (!$view->is_dir('/control-file')) {
$view->mkdir('/control-file');
$encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt( "ownCloud", $keypair['publicKey'] );
if ( !$view->is_dir( '/control-file' ) ) {
$view->mkdir( '/control-file' );
}
$view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData);
$view->file_put_contents( '/control-file/controlfile.enc', $encryptedControlData );
\OC_FileProxy::$enabled = true;
// Set recoveryAdmin as enabled
\OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
\OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );
$return = true;
} else { // get recovery key and check the password
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
$return = $util->checkRecoveryPassword($_POST['recoveryPassword']);
if ($return) {
\OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
$util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() );
$return = $util->checkRecoveryPassword( $_POST['recoveryPassword'] );
if ( $return ) {
\OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );
}
}
@ -167,14 +162,13 @@ class Helper
* @param $recoveryPassword
* @return bool
*/
public static function adminDisableRecovery($recoveryPassword)
{
$util = new Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
$return = $util->checkRecoveryPassword($recoveryPassword);
public static function adminDisableRecovery( $recoveryPassword ) {
$util = new Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() );
$return = $util->checkRecoveryPassword( $recoveryPassword );
if ($return) {
if ( $return ) {
// Set recoveryAdmin as disabled
\OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0);
\OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 );
}
return $return;

230
apps/files_encryption/lib/keymanager.php
Unescape View File

@ -38,15 +38,14 @@ class Keymanager
* @return string private key or false (hopefully)
* @note the key returned by this method must be decrypted before use
*/
public static function getPrivateKey(\OC_FilesystemView $view, $user)
{
public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key';
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$key = $view->file_get_contents($path);
$key = $view->file_get_contents( $path );
\OC_FileProxy::$enabled = $proxyStatus;
@ -59,13 +58,12 @@ class Keymanager
* @param $userId
* @return string public key or false
*/
public static function getPublicKey(\OC_FilesystemView $view, $userId)
{
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$result = $view->file_get_contents('/public-keys/' . $userId . '.public.key');
$result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' );
\OC_FileProxy::$enabled = $proxyStatus;
@ -79,12 +77,11 @@ class Keymanager
* @param $userId
* @return array keys: privateKey, publicKey
*/
public static function getUserKeys(\OC_FilesystemView $view, $userId)
{
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
return array(
'publicKey' => self::getPublicKey($view, $userId)
, 'privateKey' => self::getPrivateKey($view, $userId)
'publicKey' => self::getPublicKey( $view, $userId )
, 'privateKey' => self::getPrivateKey( $view, $userId )
);
}
@ -95,14 +92,13 @@ class Keymanager
* @param array $userIds
* @return array of public keys for the specified users
*/
public static function getPublicKeys(\OC_FilesystemView $view, array $userIds)
{
public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) {
$keys = array();
foreach ($userIds as $userId) {
foreach ( $userIds as $userId ) {
$keys[$userId] = self::getPublicKey($view, $userId);
$keys[$userId] = self::getPublicKey( $view, $userId );
}
@ -122,41 +118,40 @@ class Keymanager
* @note The keyfile is not encrypted here. Client code must
* asymmetrically encrypt the keyfile before passing it to this method
*/
public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile)
{
public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
$util = new Util($view, \OCP\User::getUser());
list($owner, $filename) = $util->getUidAndFilename($path);
$util = new Util( $view, \OCP\User::getUser() );
list( $owner, $filename ) = $util->getUidAndFilename( $path );
$basePath = '/' . $owner . '/files_encryption/keyfiles';
$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
$targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner );
if (!$view->is_dir($basePath . '/' . $targetPath)) {
if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) {
// create all parent folders
$info = pathinfo($basePath . '/' . $targetPath);
$keyfileFolderName = $view->getLocalFolder($info['dirname']);
$info = pathinfo( $basePath . '/' . $targetPath );
$keyfileFolderName = $view->getLocalFolder( $info['dirname'] );
if (!file_exists($keyfileFolderName)) {
if ( !file_exists( $keyfileFolderName ) ) {
mkdir($keyfileFolderName, 0750, true);
mkdir( $keyfileFolderName, 0750, true );
}
}
// try reusing key file if part file
if (self::isPartialFilePath($targetPath)) {
if ( self::isPartialFilePath( $targetPath ) ) {
$result = $view->file_put_contents($basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile);
$result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile );
} else {
$result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile);
$result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
}
@ -172,13 +167,12 @@ class Keymanager
* @return string File path without .part extension
* @note this is needed for reusing keys
*/
public static function fixPartialFilePath($path)
{
public static function fixPartialFilePath( $path ) {
if (preg_match('/\.part$/', $path)) {
if ( preg_match( '/\.part$/', $path ) ) {
$newLength = strlen($path) - 5;
$fPath = substr($path, 0, $newLength);
$newLength = strlen( $path ) - 5;
$fPath = substr( $path, 0, $newLength );
return $fPath;
@ -195,10 +189,9 @@ class Keymanager
* @param string $path Path that may identify a .part file
* @return bool
*/
public static function isPartialFilePath($path)
{
public static function isPartialFilePath( $path ) {
if (preg_match('/\.part$/', $path)) {
if ( preg_match( '/\.part$/', $path ) ) {
return true;
@ -220,15 +213,14 @@ class Keymanager
* @note The keyfile returned is asymmetrically encrypted. Decryption
* of the keyfile must be performed by client code
*/
public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath)
{
public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
// try reusing key file if part file
if (self::isPartialFilePath($filePath)) {
if ( self::isPartialFilePath( $filePath ) ) {
$result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath));
$result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) );
if ($result) {
if ( $result ) {
return $result;
@ -236,19 +228,19 @@ class Keymanager
}
$util = new Util($view, \OCP\User::getUser());
$util = new Util( $view, \OCP\User::getUser() );
list($owner, $filename) = $util->getUidAndFilename($filePath);
$filePath_f = ltrim($filename, '/');
list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
$filePath_f = ltrim( $filename, '/' );
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($view->file_exists($keyfilePath)) {
if ( $view->file_exists( $keyfilePath ) ) {
$result = $view->file_get_contents($keyfilePath);
$result = $view->file_get_contents( $keyfilePath );
} else {
@ -272,27 +264,26 @@ class Keymanager
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
* /data/admin/files/mydoc.txt
*/
public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path)
{
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
$trimmed = ltrim($path, '/');
$trimmed = ltrim( $path, '/' );
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed;
$result = false;
if ($view->is_dir($keyPath)) {
if ( $view->is_dir( $keyPath ) ) {
$result = $view->unlink($keyPath);
$result = $view->unlink( $keyPath );
} else if ($view->file_exists($keyPath . '.key')) {
} else if ( $view->file_exists( $keyPath . '.key' ) ) {
$result = $view->unlink($keyPath . '.key');
$result = $view->unlink( $keyPath . '.key' );
}
if (!$result) {
if ( !$result ) {
\OC_Log::write('Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR);
\OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
}
@ -307,19 +298,19 @@ class Keymanager
* @note Encryption of the private key must be performed by client code
* as no encryption takes place here
*/
public static function setPrivateKey($key)
{
public static function setPrivateKey( $key ) {
$user = \OCP\User::getUser();
$view = new \OC_FilesystemView('/' . $user . '/files_encryption');
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if (!$view->file_exists('')) $view->mkdir('');
if ( !$view->file_exists( '' ) )
$view->mkdir( '' );
$result = $view->file_put_contents($user . '.private.key', $key);
$result = $view->file_put_contents( $user . '.private.key', $key );
\OC_FileProxy::$enabled = $proxyStatus;
@ -340,22 +331,21 @@ class Keymanager
* @note The keyfile is not encrypted here. Client code must
* asymmetrically encrypt the keyfile before passing it to this method
*/
public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey)
{
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
// Here we need the currently logged in user, while userId can be a different user
$util = new Util($view, \OCP\User::getUser());
$util = new Util( $view, \OCP\User::getUser() );
list($owner, $filename) = $util->getUidAndFilename($path);
list( $owner, $filename ) = $util->getUidAndFilename( $path );
$basePath = '/' . $owner . '/files_encryption/share-keys';
$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
$shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner );
// try reusing key file if part file
if (self::isPartialFilePath($shareKeyPath)) {
if ( self::isPartialFilePath( $shareKeyPath ) ) {
$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
$writePath = $basePath . '/' . self::fixPartialFilePath( $shareKeyPath ) . '.' . $userId . '.shareKey';
} else {
@ -366,12 +356,12 @@ class Keymanager
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$result = $view->file_put_contents($writePath, $shareKey);
$result = $view->file_put_contents( $writePath, $shareKey );
\OC_FileProxy::$enabled = $proxyStatus;
if (
is_int($result)
is_int( $result )
&& $result > 0
) {
@ -392,17 +382,16 @@ class Keymanager
* @param array $shareKeys
* @return bool
*/
public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys)
{
public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) {
// $shareKeys must be an array with the following format:
// [userId] => [encrypted key]
$result = true;
foreach ($shareKeys as $userId => $shareKey) {
foreach ( $shareKeys as $userId => $shareKey ) {
if (!self::setShareKey($view, $path, $userId, $shareKey)) {
if ( !self::setShareKey( $view, $path, $userId, $shareKey ) ) {
// If any of the keys are not set, flag false
$result = false;
@ -426,15 +415,14 @@ class Keymanager
* @note The sharekey returned is encrypted. Decryption
* of the keyfile must be performed by client code
*/
public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath)
{
public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) {
// try reusing key file if part file
if (self::isPartialFilePath($filePath)) {
if ( self::isPartialFilePath( $filePath ) ) {
$result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath));
$result = self::getShareKey( $view, $userId, self::fixPartialFilePath( $filePath ) );
if ($result) {
if ( $result ) {
return $result;
@ -446,14 +434,14 @@ class Keymanager
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
$util = new Util($view, \OCP\User::getUser());
$util = new Util( $view, \OCP\User::getUser() );
list($owner, $filename) = $util->getUidAndFilename($filePath);
$shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
$shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey' );
if ($view->file_exists($shareKeyPath)) {
if ( $view->file_exists( $shareKeyPath ) ) {
$result = $view->file_get_contents($shareKeyPath);
$result = $view->file_get_contents( $shareKeyPath );
} else {
@ -473,16 +461,18 @@ class Keymanager
* @param string $userId owner of the file
* @param string $filePath path to the file, relative to the owners file dir
*/
public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath)
{
public static function delAllShareKeys( \OC_FilesystemView $view, $userId, $filePath ) {
if ($view->is_dir($userId . '/files/' . $filePath)) {
$view->unlink($userId . '/files_encryption/share-keys/' . $filePath);
if ( $view->is_dir( $userId . '/files/' . $filePath ) ) {
$view->unlink( $userId . '/files_encryption/share-keys/' . $filePath );
} else {
$localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath);
$matches = glob(preg_quote($localKeyPath) . '*.shareKey');
foreach ($matches as $ma) {
unlink($ma);
$localKeyPath = $view->getLocalFile( $userId . '/files_encryption/share-keys/' . $filePath );
$matches = glob( preg_quote( $localKeyPath ) . '*.shareKey' );
foreach ( $matches as $ma ) {
$result = unlink( $ma );
if ( !$result ) {
\OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR );
}
}
}
}
@ -490,30 +480,29 @@ class Keymanager
/**
* @brief Delete a single user's shareKey for a single file
*/
public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath)
{
public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
$util = new Util($view, \OCP\User::getUser());
$util = new Util( $view, \OCP\User::getUser() );
list($owner, $filename) = $util->getUidAndFilename($filePath);
list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
$shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename);
$shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename );
if ($view->is_dir($shareKeyPath)) {
if ( $view->is_dir( $shareKeyPath ) ) {
$localPath = \OC\Files\Filesystem::normalizePath($view->getLocalFolder($shareKeyPath));
self::recursiveDelShareKeys($localPath, $userIds);
$localPath = \OC\Files\Filesystem::normalizePath( $view->getLocalFolder( $shareKeyPath ) );
self::recursiveDelShareKeys( $localPath, $userIds );
} else {
foreach ($userIds as $userId) {
foreach ( $userIds as $userId ) {
if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) {
\OC_Log::write('Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR);
if ( !$view->unlink( $shareKeyPath . '.' . $userId . '.shareKey' ) ) {
\OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR );
}
}
@ -528,45 +517,42 @@ class Keymanager
* @param string $dir directory
* @param array $userIds user ids for which the share keys should be deleted
*/
private static function recursiveDelShareKeys($dir, $userIds)
{
foreach ($userIds as $userId) {
$completePath = $dir . '/.*' . '.' . $userId . '.shareKey';
$matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey'));
private static function recursiveDelShareKeys( $dir, $userIds ) {
foreach ( $userIds as $userId ) {
$matches = glob( preg_quote( $dir ) . '/*' . preg_quote( '.' . $userId . '.shareKey' ) );
}
/** @var $matches array */
foreach ($matches as $ma) {
if (!unlink($ma)) {
\OC_Log::write('Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR);
foreach ( $matches as $ma ) {
if ( !unlink( $ma ) ) {
\OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR );
}
}
$subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR);
foreach ($subdirs as $subdir) {
self::recursiveDelShareKeys($subdir, $userIds);
$subdirs = $directories = glob( preg_quote( $dir ) . '/*', GLOB_ONLYDIR );
foreach ( $subdirs as $subdir ) {
self::recursiveDelShareKeys( $subdir, $userIds );
}
}
/**
* @brief Make preparations to vars and filesystem for saving a keyfile
*/
public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId)
{
public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
$targetPath = ltrim($path, '/');
$targetPath = ltrim( $path, '/' );
$path_parts = pathinfo($targetPath);
$path_parts = pathinfo( $targetPath );
// If the file resides within a subdirectory, create it
if (
isset($path_parts['dirname'])
&& !$view->file_exists($basePath . '/' . $path_parts['dirname'])
isset( $path_parts['dirname'] )
&& !$view->file_exists( $basePath . '/' . $path_parts['dirname'] )
) {
$sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']);
$sub_dirs = explode( DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname'] );
$dir = '';
foreach ($sub_dirs as $sub_dir) {
foreach ( $sub_dirs as $sub_dir ) {
$dir .= '/' . $sub_dir;
if (!$view->is_dir($dir)) {
$view->mkdir($dir);
if ( !$view->is_dir( $dir ) ) {
$view->mkdir( $dir );
}
}
}

204
apps/files_encryption/lib/proxy.php
Unescape View File

@ -48,13 +48,12 @@ class Proxy extends \OC_FileProxy
*
* Tests if server side encryption is enabled, and file is allowed by blacklists
*/
private static function shouldEncrypt($path)
{
private static function shouldEncrypt( $path ) {
if (is_null(self::$enableEncryption)) {
if ( is_null( self::$enableEncryption ) ) {
if (
\OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') == 'true'
\OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true'
&& Crypt::mode() == 'server'
) {
@ -68,27 +67,27 @@ class Proxy extends \OC_FileProxy
}
if (!self::$enableEncryption) {
if ( !self::$enableEncryption ) {
return false;
}
if (is_null(self::$blackList)) {
if ( is_null( self::$blackList ) ) {
self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', ''));
self::$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) );
}
if (Crypt::isCatfileContent($path)) {
if ( Crypt::isCatfileContent( $path ) ) {
return true;
}
$extension = substr($path, strrpos($path, '.') + 1);
$extension = substr( $path, strrpos( $path, '.' ) + 1 );
if (array_search($extension, self::$blackList) === false) {
if ( array_search( $extension, self::$blackList ) === false ) {
return true;
@ -102,35 +101,34 @@ class Proxy extends \OC_FileProxy
* @param $data
* @return bool
*/
public function preFile_put_contents($path, &$data)
{
public function preFile_put_contents( $path, &$data ) {
if (self::shouldEncrypt($path)) {
if ( self::shouldEncrypt( $path ) ) {
// Stream put contents should have been converted to fopen
if (!is_resource($data)) {
if ( !is_resource( $data ) ) {
$userId = \OCP\USER::getUser();
$view = new \OC_FilesystemView('/');
$util = new Util($view, $userId);
$session = new Session($view);
$view = new \OC_FilesystemView( '/' );
$util = new Util( $view, $userId );
$session = new Session( $view );
$privateKey = $session->getPrivateKey();
$filePath = $util->stripUserFilesPath($path);
$filePath = $util->stripUserFilesPath( $path );
// Set the filesize for userland, before encrypting
$size = strlen($data);
$size = strlen( $data );
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Check if there is an existing key we can reuse
if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) {
if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) {
// Fetch shareKey
$shareKey = Keymanager::getShareKey($view, $userId, $filePath);
$shareKey = Keymanager::getShareKey( $view, $userId, $filePath );
// Decrypt the keyfile
$plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
$plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
} else {
@ -140,37 +138,37 @@ class Proxy extends \OC_FileProxy
}
// Encrypt data
$encData = Crypt::symmetricEncryptFileContent($data, $plainKey);
$encData = Crypt::symmetricEncryptFileContent( $data, $plainKey );
$sharingEnabled = \OCP\Share::isEnabled();
// if file exists try to get sharing users
if ($view->file_exists($path)) {
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId);
if ( $view->file_exists( $path ) ) {
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
} else {
$uniqueUserIds[] = $userId;
}
// Fetch public keys for all users who will share the file
$publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds);
$publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
// Encrypt plain keyfile to multiple sharefiles
$multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys);
$multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
// Save sharekeys to user folders
Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']);
Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] );
// Set encrypted keyfile as common varname
$encKey = $multiEncrypted['data'];
// Save keyfile for newly encrypted file in parallel directory tree
Keymanager::setFileKey($view, $filePath, $userId, $encKey);
Keymanager::setFileKey( $view, $filePath, $userId, $encKey );
// Replace plain content with encrypted content by reference
$data = $encData;
// Update the file cache with file info
\OC\Files\Filesystem::putFileInfo($filePath, array('encrypted' => true, 'size' => strlen($data), 'unencrypted_size' => $size), '');
\OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted' => true, 'size' => strlen( $data ), 'unencrypted_size' => $size ), '' );
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
@ -186,52 +184,51 @@ class Proxy extends \OC_FileProxy
* @param string $path Path of file from which has been read
* @param string $data Data that has been read from file
*/
public function postFile_get_contents($path, $data)
{
public function postFile_get_contents( $path, $data ) {
$userId = \OCP\USER::getUser();
$view = new \OC_FilesystemView('/');
$util = new Util($view, $userId);
$view = new \OC_FilesystemView( '/' );
$util = new Util( $view, $userId );
$relPath = $util->stripUserFilesPath($path);
$relPath = $util->stripUserFilesPath( $path );
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// init session
$session = new Session($view);
$session = new Session( $view );
// If data is a catfile
if (
Crypt::mode() == 'server'
&& Crypt::isCatfileContent($data)
&& Crypt::isCatfileContent( $data )
) {
$privateKey = $session->getPrivateKey($userId);
$privateKey = $session->getPrivateKey( $userId );
// Get the encrypted keyfile
$encKeyfile = Keymanager::getFileKey($view, $userId, $relPath);
$encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath );
// Attempt to fetch the user's shareKey
$shareKey = Keymanager::getShareKey($view, $userId, $relPath);
$shareKey = Keymanager::getShareKey( $view, $userId, $relPath );
// Decrypt keyfile with shareKey
$plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
$plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
$plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile);
$plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile );
} elseif (
Crypt::mode() == 'server'
&& isset($_SESSION['legacyenckey'])
&& Crypt::isEncryptedMeta($path)
&& isset( $_SESSION['legacyenckey'] )
&& Crypt::isEncryptedMeta( $path )
) {
$plainData = Crypt::legacyDecrypt($data, $session->getLegacyKey());
$plainData = Crypt::legacyDecrypt( $data, $session->getLegacyKey() );
}
\OC_FileProxy::$enabled = $proxyStatus;
if (!isset($plainData)) {
if ( !isset( $plainData ) ) {
$plainData = $data;
@ -244,11 +241,10 @@ class Proxy extends \OC_FileProxy
/**
* @brief When a file is deleted, remove its keyfile also
*/
public function preUnlink($path)
{
public function preUnlink( $path ) {
// let the trashbin handle this
if (\OCP\App::isEnabled('files_trashbin')) {
if ( \OCP\App::isEnabled( 'files_trashbin' ) ) {
return true;
}
@ -256,29 +252,24 @@ class Proxy extends \OC_FileProxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$view = new \OC_FilesystemView('/');
$view = new \OC_FilesystemView( '/' );
$userId = \OCP\USER::getUser();
$util = new Util($view, $userId);
$util = new Util( $view, $userId );
// Format path to be relative to user files dir
$relPath = $util->stripUserFilesPath($path);
$relPath = $util->stripUserFilesPath( $path );
list($owner, $ownerPath) = $util->getUidAndFilename($relPath);
list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath );
// Delete keyfile & shareKey so it isn't orphaned
if (
!(
Keymanager::deleteFileKey($view, $owner, $ownerPath)
&& Keymanager::delAllShareKeys($view, $owner, $ownerPath)
)
) {
\OC_Log::write('Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR);
if ( !Keymanager::deleteFileKey( $view, $owner, $ownerPath ) ) {
\OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR );
}
Keymanager::delAllShareKeys( $view, $owner, $ownerPath );
\OC_FileProxy::$enabled = $proxyStatus;
// If we don't return true then file delete will fail; better
@ -291,9 +282,8 @@ class Proxy extends \OC_FileProxy
* @param $path
* @return bool
*/
public function postTouch($path)
{
$this->handleFile($path);
public function postTouch( $path ) {
$this->handleFile( $path );
return true;
}
@ -303,21 +293,20 @@ class Proxy extends \OC_FileProxy
* @param $result
* @return resource
*/
public function postFopen($path, &$result)
{
public function postFopen( $path, &$result ) {
if (!$result) {
if ( !$result ) {
return $result;
}
// Reformat path for use with OC_FSV
$path_split = explode('/', $path);
$path_f = implode('/', array_slice($path_split, 3));
$path_split = explode( '/', $path );
$path_f = implode( '/', array_slice( $path_split, 3 ) );
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
if ($path_split[2] == 'cache') {
if ( count($path_split) >= 2 && $path_split[2] == 'cache' ) {
return $result;
}
@ -325,31 +314,31 @@ class Proxy extends \OC_FileProxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$meta = stream_get_meta_data($result);
$meta = stream_get_meta_data( $result );
$view = new \OC_FilesystemView('');
$view = new \OC_FilesystemView( '' );
$util = new Util($view, \OCP\USER::getUser());
$util = new Util( $view, \OCP\USER::getUser() );
// If file is already encrypted, decrypt using crypto protocol
if (
Crypt::mode() == 'server'
&& $util->isEncryptedPath($path)
&& $util->isEncryptedPath( $path )
) {
// Close the original encrypted file
fclose($result);
fclose( $result );
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
$result = fopen('crypt://' . $path_f, $meta['mode']);
$result = fopen( 'crypt://' . $path_f, $meta['mode'] );
} elseif (
self::shouldEncrypt($path)
self::shouldEncrypt( $path )
and $meta ['mode'] != 'r'
and $meta['mode'] != 'rb'
) {
$result = fopen('crypt://' . $path_f, $meta['mode']);
$result = fopen( 'crypt://' . $path_f, $meta['mode'] );
}
// Re-enable the proxy
@ -364,18 +353,17 @@ class Proxy extends \OC_FileProxy
* @param $data
* @return array
*/
public function postGetFileInfo($path, $data)
{
public function postGetFileInfo( $path, $data ) {
// if path is a folder do nothing
if (is_array($data) && array_key_exists('size', $data)) {
if ( is_array( $data ) && array_key_exists( 'size', $data ) ) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get file size
$data['size'] = self::postFileSize($path, $data['size']);
$data['size'] = self::postFileSize( $path, $data['size'] );
// Re-enable the proxy
\OC_FileProxy::$enabled = $proxyStatus;
@ -389,52 +377,51 @@ class Proxy extends \OC_FileProxy
* @param $size
* @return bool
*/
public function postFileSize($path, $size)
{
public function postFileSize( $path, $size ) {
$view = new \OC_FilesystemView('/');
$view = new \OC_FilesystemView( '/' );
// if path is a folder do nothing
if ($view->is_dir($path)) {
if ( $view->is_dir( $path ) ) {
return $size;
}
// Reformat path for use with OC_FSV
$path_split = explode('/', $path);
$path_f = implode('/', array_slice($path_split, 3));
$path_split = explode( '/', $path );
$path_f = implode( '/', array_slice( $path_split, 3 ) );
// if path is empty we cannot resolve anything
if (empty($path_f)) {
if ( empty( $path_f ) ) {
return $size;
}
$fileInfo = false;
// get file info from database/cache if not .part file
if(!Keymanager::isPartialFilePath($path)) {
$fileInfo = $view->getFileInfo($path);
if ( !Keymanager::isPartialFilePath( $path ) ) {
$fileInfo = $view->getFileInfo( $path );
}
// if file is encrypted return real file size
if (is_array($fileInfo) && $fileInfo['encrypted'] === true) {
if ( is_array( $fileInfo ) && $fileInfo['encrypted'] === true ) {
$size = $fileInfo['unencrypted_size'];
} else {
// self healing if file was removed from file cache
if (!is_array($fileInfo)) {
if ( !is_array( $fileInfo ) ) {
$fileInfo = array();
}
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
$fixSize = $util->getFileSize($path);
if ($fixSize > 0) {
$util = new Util( $view, $userId );
$fixSize = $util->getFileSize( $path );
if ( $fixSize > 0 ) {
$size = $fixSize;
$fileInfo['encrypted'] = true;
$fileInfo['unencrypted_size'] = $size;
// put file info if not .part file
if(!Keymanager::isPartialFilePath($path_f)) {
$view->putFileInfo($path, $fileInfo);
if ( !Keymanager::isPartialFilePath( $path_f ) ) {
$view->putFileInfo( $path, $fileInfo );
}
}
@ -445,33 +432,32 @@ class Proxy extends \OC_FileProxy
/**
* @param $path
*/
public function handleFile($path)
{
public function handleFile( $path ) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$view = new \OC_FilesystemView('/');
$session = new Session($view);
$view = new \OC_FilesystemView( '/' );
$session = new Session( $view );
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
$util = new Util( $view, $userId );
// Reformat path for use with OC_FSV
$path_split = explode('/', $path);
$path_f = implode('/', array_slice($path_split, 3));
$path_split = explode( '/', $path );
$path_f = implode( '/', array_slice( $path_split, 3 ) );
// only if file is on 'files' folder fix file size and sharing
if ($path_split[2] == 'files' && $util->fixFileSize($path)) {
if ( count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize( $path ) ) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f);
$usersSharing = $util->getSharingUsersArray( $sharingEnabled, $path_f );
// update sharing-keys
$util->setSharedFileKeyfiles($session, $usersSharing, $path_f);
$util->setSharedFileKeyfiles( $session, $usersSharing, $path_f );
}
\OC_FileProxy::$enabled = $proxyStatus;

64
apps/files_encryption/lib/session.php
Unescape View File

@ -37,27 +37,26 @@ class Session
*
* @note The ownCloud key pair is used to allow public link sharing even if encryption is enabled
*/
public function __construct($view)
{
public function __construct( $view ) {
$this->view = $view;
if (!$this->view->is_dir('owncloud_private_key')) {
if ( !$this->view->is_dir( 'owncloud_private_key' ) ) {
$this->view->mkdir('owncloud_private_key');
$this->view->mkdir( 'owncloud_private_key' );
}
$publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
$publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' );
if ($publicShareKeyId === null) {
$publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
\OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
if ( $publicShareKeyId === null ) {
$publicShareKeyId = 'pubShare_' . substr( md5( time() ), 0, 8 );
\OC_Appconfig::setValue( 'files_encryption', 'publicShareKeyId', $publicShareKeyId );
}
if (
!$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key")
|| !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key")
!$this->view->file_exists( "/public-keys/" . $publicShareKeyId . ".public.key" )
|| !$this->view->file_exists( "/owncloud_private_key/" . $publicShareKeyId . ".private.key" )
) {
$keypair = Crypt::createKeypair();
@ -68,32 +67,33 @@ class Session
// Save public key
if (!$view->is_dir('/public-keys')) {
$view->mkdir('/public-keys');
if ( !$view->is_dir( '/public-keys' ) ) {
$view->mkdir( '/public-keys' );
}
$this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']);
$this->view->file_put_contents( '/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey'] );
// Encrypt private key empthy passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], '');
// Encrypt private key empty passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' );
// Save private key
$this->view->file_put_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey);
$this->view->file_put_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey );
\OC_FileProxy::$enabled = $proxyStatus;
}
if (\OCP\USER::getUser() === false ||
(isset($_GET['service']) && $_GET['service'] == 'files' &&
isset($_GET['t']))) {
if ( \OCP\USER::getUser() === false ||
( isset( $_GET['service'] ) && $_GET['service'] == 'files' &&
isset( $_GET['t'] ) )
) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$encryptedKey = $this->view->file_get_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key');
$privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, '');
$this->setPrivateKey($privateKey);
$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
$this->setPrivateKey( $privateKey );
\OC_FileProxy::$enabled = $proxyStatus;
}
@ -104,8 +104,7 @@ class Session
* @param string $privateKey
* @return bool
*/
public function setPrivateKey($privateKey)
{
public function setPrivateKey( $privateKey ) {
$_SESSION['privateKey'] = $privateKey;
@ -118,12 +117,11 @@ class Session
* @returns string $privateKey The user's plaintext private key
*
*/
public function getPrivateKey()
{
public function getPrivateKey() {
if (
isset($_SESSION['privateKey'])
&& !empty($_SESSION['privateKey'])
isset( $_SESSION['privateKey'] )
&& !empty( $_SESSION['privateKey'] )
) {
return $_SESSION['privateKey'];
@ -141,8 +139,7 @@ class Session
* @param $legacyKey
* @return bool
*/
public function setLegacyKey($legacyKey)
{
public function setLegacyKey( $legacyKey ) {
$_SESSION['legacyKey'] = $legacyKey;
@ -154,12 +151,11 @@ class Session
* @returns string $legacyKey The user's plaintext legacy key
*
*/
public function getLegacyKey()
{
public function getLegacyKey() {
if (
isset($_SESSION['legacyKey'])
&& !empty($_SESSION['legacyKey'])
isset( $_SESSION['legacyKey'] )
&& !empty( $_SESSION['legacyKey'] )
) {
return $_SESSION['legacyKey'];

170
apps/files_encryption/lib/stream.php
Unescape View File

@ -77,19 +77,18 @@ class Stream
* @param $opened_path
* @return bool
*/
public function stream_open($path, $mode, $options, &$opened_path)
{
public function stream_open( $path, $mode, $options, &$opened_path ) {
if (!isset($this->rootView)) {
$this->rootView = new \OC_FilesystemView('/');
if ( !isset( $this->rootView ) ) {
$this->rootView = new \OC_FilesystemView( '/' );
}
$util = new Util($this->rootView, \OCP\USER::getUser());
$util = new Util( $this->rootView, \OCP\USER::getUser() );
$this->userId = $util->getUserId();
// Strip identifier text from path, this gives us the path relative to data/<user>/files
$this->relPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
$this->relPath = \OC\Files\Filesystem::normalizePath( str_replace( 'crypt://', '', $path ) );
// rawPath is relative to the data directory
$this->rawPath = $util->getUserFilesDir() . $this->relPath;
@ -111,26 +110,25 @@ class Stream
} else {
$this->size = $this->rootView->filesize($this->rawPath, $mode);
$this->size = $this->rootView->filesize( $this->rawPath, $mode );
}
$this->handle = $this->rootView->fopen($this->rawPath, $mode);
$this->handle = $this->rootView->fopen( $this->rawPath, $mode );
\OC_FileProxy::$enabled = $proxyStatus;
if (!is_resource($this->handle)) {
if ( !is_resource( $this->handle ) ) {
\OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
\OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR );
} else {
$this->meta = stream_get_meta_data($this->handle);
$this->meta = stream_get_meta_data( $this->handle );
}
return is_resource($this->handle);
return is_resource( $this->handle );
}
@ -138,12 +136,11 @@ class Stream
* @param $offset
* @param int $whence
*/
public function stream_seek($offset, $whence = SEEK_SET)
{
public function stream_seek( $offset, $whence = SEEK_SET ) {
$this->flush();
fseek($this->handle, $offset, $whence);
fseek( $this->handle, $offset, $whence );
}
@ -152,37 +149,36 @@ class Stream
* @return bool|string
* @throws \Exception
*/
public function stream_read($count)
{
public function stream_read( $count ) {
$this->writeCache = '';
if ($count != 8192) {
if ( $count != 8192 ) {
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
\OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
\OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL );
die();
}
// Get the data from the file handle
$data = fread($this->handle, 8192);
$data = fread( $this->handle, 8192 );
$result = '';
if (strlen($data)) {
if ( strlen( $data ) ) {
if (!$this->getKey()) {
if ( !$this->getKey() ) {
// Error! We don't have a key to decrypt the file with
throw new \Exception('Encryption key not found for "' . $this->rawPath . '" during attempted read via stream');
throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream' );
}
// Decrypt data
$result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
$result = Crypt::symmetricDecryptFileContent( $data, $this->plainKey );
}
@ -196,11 +192,10 @@ class Stream
* @param string $key key to use for encryption
* @return string encrypted data on success, false on failure
*/
public function preWriteEncrypt($plainData, $key)
{
public function preWriteEncrypt( $plainData, $key ) {
// Encrypt data to 'catfile', which includes IV
if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key)) {
if ( $encrypted = Crypt::symmetricEncryptFileContent( $plainData, $key ) ) {
return $encrypted;
@ -217,11 +212,10 @@ class Stream
* @internal param bool $generate if true, a new key will be generated if none can be found
* @return bool true on key found and set, false on key not found and new key generated and set
*/
public function getKey()
{
public function getKey() {
// Check if key is already set
if (isset($this->plainKey) && isset($this->encKeyfile)) {
if ( isset( $this->plainKey ) && isset( $this->encKeyfile ) ) {
return true;
@ -229,18 +223,18 @@ class Stream
// Fetch and decrypt keyfile
// Fetch existing keyfile
$this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath);
$this->encKeyfile = Keymanager::getFileKey( $this->rootView, $this->userId, $this->relPath );
// If a keyfile already exists
if ($this->encKeyfile) {
if ( $this->encKeyfile ) {
$session = new Session($this->rootView);
$session = new Session( $this->rootView );
$privateKey = $session->getPrivateKey($this->userId);
$privateKey = $session->getPrivateKey( $this->userId );
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
$shareKey = Keymanager::getShareKey( $this->rootView, $this->userId, $this->relPath );
$this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey);
$this->plainKey = Crypt::multiKeyDecrypt( $this->encKeyfile, $shareKey, $privateKey );
return true;
@ -261,8 +255,7 @@ class Stream
* @note Padding is added to each encrypted block to ensure that the resulting block is exactly 8192 bytes. This is removed during stream_read
* @note PHP automatically updates the file pointer after writing data to reflect it's length. There is generally no need to update the poitner manually using fseek
*/
public function stream_write($data)
{
public function stream_write( $data ) {
// Disable the file proxies so that encryption is not
// automatically attempted when the file is written to disk -
@ -272,16 +265,16 @@ class Stream
\OC_FileProxy::$enabled = false;
// Get the length of the unencrypted data that we are handling
$length = strlen($data);
$length = strlen( $data );
// Find out where we are up to in the writing of data to the
// file
$pointer = ftell($this->handle);
$pointer = ftell( $this->handle );
// Get / generate the keyfile for the file we're handling
// If we're writing a new file (not overwriting an existing
// one), save the newly generated keyfile
if (!$this->getKey()) {
if ( !$this->getKey() ) {
$this->plainKey = Crypt::generateKey();
@ -289,27 +282,27 @@ class Stream
// If extra data is left over from the last round, make sure it
// is integrated into the next 6126 / 8192 block
if ($this->writeCache) {
if ( $this->writeCache ) {
// Concat writeCache to start of $data
$data = $this->writeCache . $data;
// Clear the write cache, ready for resuse - it has been
// Clear the write cache, ready for reuse - it has been
// flushed and its old contents processed
$this->writeCache = '';
}
// While there still remains somed data to be processed & written
while (strlen($data) > 0) {
// While there still remains some data to be processed & written
while ( strlen( $data ) > 0 ) {
// Remaining length for this iteration, not of the
// Remaining length for this iteration, not of the
// entire file (may be greater than 8192 bytes)
$remainingLength = strlen($data);
$remainingLength = strlen( $data );
// If data remaining to be written is less than the
// If data remaining to be written is less than the
// size of 1 6126 byte block
if ($remainingLength < 6126) {
if ( $remainingLength < 6126 ) {
// Set writeCache to contents of $data
// The writeCache will be carried over to the
@ -327,25 +320,25 @@ class Stream
} else {
// Read the chunk from the start of $data
$chunk = substr($data, 0, 6126);
$chunk = substr( $data, 0, 6126 );
$encrypted = $this->preWriteEncrypt($chunk, $this->plainKey);
$encrypted = $this->preWriteEncrypt( $chunk, $this->plainKey );
// Write the data chunk to disk. This will be
// attended to the last data chunk if the file
// being handled totals more than 6126 bytes
fwrite($this->handle, $encrypted);
fwrite( $this->handle, $encrypted );
// Remove the chunk we just processed from
// $data, leaving only unprocessed data in $data
// var, for handling on the next round
$data = substr($data, 6126);
$data = substr( $data, 6126 );
}
}
$this->size = max($this->size, $pointer + $length);
$this->size = max( $this->size, $pointer + $length );
$this->unencryptedSize += $length;
\OC_FileProxy::$enabled = $proxyStatus;
@ -360,18 +353,17 @@ class Stream
* @param $arg1
* @param $arg2
*/
public function stream_set_option($option, $arg1, $arg2)
{
public function stream_set_option( $option, $arg1, $arg2 ) {
$return = false;
switch ($option) {
switch ( $option ) {
case STREAM_OPTION_BLOCKING:
$return = stream_set_blocking($this->handle, $arg1);
$return = stream_set_blocking( $this->handle, $arg1 );
break;
case STREAM_OPTION_READ_TIMEOUT:
$return = stream_set_timeout($this->handle, $arg1, $arg2);
$return = stream_set_timeout( $this->handle, $arg1, $arg2 );
break;
case STREAM_OPTION_WRITE_BUFFER:
$return = stream_set_write_buffer($this->handle, $arg1);
$return = stream_set_write_buffer( $this->handle, $arg1 );
}
return $return;
@ -380,26 +372,23 @@ class Stream
/**
* @return array
*/
public function stream_stat()
{
return fstat($this->handle);
public function stream_stat() {
return fstat( $this->handle );
}
/**
* @param $mode
*/
public function stream_lock($mode)
{
return flock($this->handle, $mode);
public function stream_lock( $mode ) {
return flock( $this->handle, $mode );
}
/**
* @return bool
*/
public function stream_flush()
{
public function stream_flush() {
return fflush($this->handle);
return fflush( $this->handle );
// Not a typo: http://php.net/manual/en/function.fflush.php
}
@ -407,22 +396,20 @@ class Stream
/**
* @return bool
*/
public function stream_eof()
{
return feof($this->handle);
public function stream_eof() {
return feof( $this->handle );
}
private function flush()
{
private function flush() {
if ($this->writeCache) {
if ( $this->writeCache ) {
// Set keyfile property for file in question
$this->getKey();
$encrypted = $this->preWriteEncrypt($this->writeCache, $this->plainKey);
$encrypted = $this->preWriteEncrypt( $this->writeCache, $this->plainKey );
fwrite($this->handle, $encrypted);
fwrite( $this->handle, $encrypted );
$this->writeCache = '';
@ -433,8 +420,7 @@ class Stream
/**
* @return bool
*/
public function stream_close()
{
public function stream_close() {
$this->flush();
@ -448,33 +434,33 @@ class Stream
\OC_FileProxy::$enabled = false;
// Fetch user's public key
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId);
$this->publicKey = Keymanager::getPublicKey( $this->rootView, $this->userId );
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
$util = new Util($this->rootView, $this->userId);
$util = new Util( $this->rootView, $this->userId );
// Get all users sharing the file includes current user
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $this->relPath, $this->userId );
// Fetch public keys for all sharing users
$publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds);
$publicKeys = Keymanager::getPublicKeys( $this->rootView, $uniqueUserIds );
// Encrypt enc key for all sharing users
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
$this->encKeyfiles = Crypt::multiKeyEncrypt( $this->plainKey, $publicKeys );
$view = new \OC_FilesystemView('/');
$view = new \OC_FilesystemView( '/' );
// Save the new encrypted file key
Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']);
Keymanager::setFileKey( $this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data'] );
// Save the sharekeys
Keymanager::setShareKeys($view, $this->relPath, $this->encKeyfiles['keys']);
Keymanager::setShareKeys( $view, $this->relPath, $this->encKeyfiles['keys'] );
// get file info
$fileInfo = $view->getFileInfo($this->rawPath);
if (!is_array($fileInfo)) {
$fileInfo = $view->getFileInfo( $this->rawPath );
if ( !is_array( $fileInfo ) ) {
$fileInfo = array();
}
@ -487,10 +473,10 @@ class Stream
$fileInfo['unencrypted_size'] = $this->unencryptedSize;
// set fileinfo
$view->putFileInfo($this->rawPath, $fileInfo);
$view->putFileInfo( $this->rawPath, $fileInfo );
}
return fclose($this->handle);
return fclose( $this->handle );
}

601
apps/files_encryption/lib/util.php
View File

File diff suppressed because it is too large Load Diff

1
apps/files_encryption/settings-admin.php
Unescape View File

@ -15,7 +15,6 @@ $view = new OC_FilesystemView( '' );
$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
$tmpl->assign( 'encryption_mode', \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' ) );
$tmpl->assign( 'recoveryEnabled', $recoveryAdminEnabled );
\OCP\Util::addscript( 'files_encryption', 'settings-admin' );

1
apps/files_encryption/settings-personal.php
Unescape View File

@ -26,4 +26,3 @@ $tmpl->assign( 'recoveryEnabledForUser', $recoveryEnabledForUser );
return $tmpl->fetchPage();
return null;

13
apps/files_encryption/templates/settings-personal.php
Unescape View File

@ -29,18 +29,5 @@
</p>
<?php endif; ?>
<br />
<!--
<p>
<label for="encryptAll"><?php p( $l->t( "Scan for unencrypted files and encrypt them" ) ); ?></label>
<br />
<em><?php p( $l->t( "Use this if you suspect that you still have files which are unencrypted, or encrypted using ownCloud 4 or older." ) ); ?></em>
<br />
<input type="submit" id="encryptAll" name="encryptAll" value="<?php p( $l->t( 'Scan and encrypt files' ) ); ?>" />
<input type="password" name="userPassword" id="userPassword" />
<label for="encryptAll"><?php p( $l->t( "Account password" ) ); ?></label>
<div id="encryptAllSuccess"><?php p( $l->t( 'Scan complete' ) );?></div>
<div id="encryptAllError"><?php p( $l->t( 'Unable to scan and encrypt files' ) );?></div>
</p>
-->
</fieldset>
</form>

Write Preview
Loading…
Cancel
Save