return $result;\r
\r
}\r
-\r
- /**\r
- * @brief Encrypts content symmetrically and generates keyfile asymmetrically\r
- * @returns array containing catfile and new keyfile. \r
- * keys: data, key\r
- * @note this method is a wrapper for combining other crypt class methods\r
- */\r
- public static function keyEncryptKeyfile( $plainContent, $publicKey, $path ) {\r
-\r
- $user = \OCP\User::getUser();\r
- $view = new \OC_FilesystemView('/');\r
- $util = new Util($view, $user);\r
-\r
- // Encrypt plain data, generate keyfile & encrypted file\r
- $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );\r
- \r
- // Encrypt keyfile\r
-\r
- $sharingEnabled = \OCP\Share::isEnabled();\r
-\r
- // if file exists try to get sharing users\r
- if($view->file_exists($path)) {\r
- $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $path, $user );\r
- } else {\r
- $uniqueUserIds[] = $user;\r
- }\r
-\r
- // Fetch public keys for all users who will share the file\r
- $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );\r
-\r
- // Encrypt plain keyfile to multiple sharefiles\r
- $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );\r
-\r
- return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );\r
- \r
- }\r
- \r
- /**\r
- * @brief Takes catfile, keyfile, and private key, and\r
- * performs decryption\r
- * @returns decrypted content\r
- * @note this method is a wrapper for combining other crypt class methods\r
- */\r
- public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) {\r
- \r
- // Decrypt the keyfile with the user's private key\r
- $decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey );\r
\r
- // Decrypt the catfile symmetrically using the decrypted keyfile\r
- $decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile );\r
- \r
- return $decryptedData;\r
- \r
- }\r
- \r
/**\r
* @brief Symmetrically encrypt a file by combining encrypted component data blocks\r
*/\r
\r
}\r
\r
- public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase, $path ) {\r
+ public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) {\r
\r
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );\r
- \r
- $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey, $path );\r
- \r
- return $recrypted;\r
+\r
+ // Encrypt plain data, generate keyfile & encrypted file\r
+ $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );\r
+\r
+ // Encrypt plain keyfile to multiple sharefiles\r
+ $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );\r
+\r
+ return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );\r
\r
}\r
\r
* @param string $dirPath the directory whose files will be encrypted
* @note Encryption is recursive
*/
- public function encryptAll( $publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null ) {
-
- if ( $found = $this->findEncFiles( $dirPath ) ) {
-
+ public function encryptAll($publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null) {
+
+ if ($found = $this->findEncFiles($dirPath)) {
+
// Disable proxy to prevent file being encrypted twice
\OC_FileProxy::$enabled = false;
-
+
// Encrypt unencrypted files
- foreach ( $found['plain'] as $plainFile ) {
-
+ foreach ($found['plain'] as $plainFile) {
+
//relative to data/<user>/file
$relPath = $plainFile['path'];
-
+
//relative to /data
- $rawPath = $this->userId . '/files/' . $plainFile['path'];
-
+ $rawPath = $this->userId . '/files/' . $plainFile['path'];
+
// Open plain file handle for binary reading
- $plainHandle1 = $this->view->fopen( $rawPath, 'rb' );
-
+ $plainHandle1 = $this->view->fopen($rawPath, 'rb');
+
// 2nd handle for moving plain file - view->rename() doesn't work, this is a workaround
- $plainHandle2 = $this->view->fopen( $rawPath . '.plaintmp', 'wb' );
-
+ $plainHandle2 = $this->view->fopen($rawPath . '.plaintmp', 'wb');
+
// Move plain file to a temporary location
- stream_copy_to_stream( $plainHandle1, $plainHandle2 );
-
+ stream_copy_to_stream($plainHandle1, $plainHandle2);
+
// Close access to original file
// $this->view->fclose( $plainHandle1 ); // not implemented in view{}
-
// Delete original plain file so we can rename enc file later
- $this->view->unlink( $rawPath );
-
+ $this->view->unlink($rawPath);
+
// Open enc file handle for binary writing, with same filename as original plain file
- $encHandle = fopen( 'crypt://' . $relPath, 'wb' );
-
+ $encHandle = fopen('crypt://' . $relPath, 'wb');
+
// Save data from plain stream to new encrypted file via enc stream
// NOTE: Stream{} will be invoked for handling
// the encryption, and should handle all keys
// and their generation etc. automatically
- $size = stream_copy_to_stream( $plainHandle2, $encHandle );
-
+ $size = stream_copy_to_stream($plainHandle2, $encHandle);
+
// Delete temporary plain copy of file
- $this->view->unlink( $rawPath . '.plaintmp' );
-
+ $this->view->unlink($rawPath . '.plaintmp');
+
// Add the file to the cache
- \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' );
-
+ \OC\Files\Filesystem::putFileInfo($plainFile['path'], array('encrypted' => true, 'size' => $size), '');
}
-
+
// Encrypt legacy encrypted files
- if (
- ! empty( $legacyPassphrase )
- && ! empty( $newPassphrase )
+ if (
+ !empty($legacyPassphrase)
+ && !empty($newPassphrase)
) {
-
- foreach ( $found['legacy'] as $legacyFile ) {
-
+
+ foreach ($found['legacy'] as $legacyFile) {
+
// Fetch data from file
- $legacyData = $this->view->file_get_contents( $legacyFile['path'] );
+ $legacyData = $this->view->file_get_contents($legacyFile['path']);
+
+ $sharingEnabled = \OCP\Share::isEnabled();
+
+ // if file exists try to get sharing users
+ if ($view->file_exists($legacyFile['path'])) {
+ $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId);
+ } else {
+ $uniqueUserIds[] = $this->userId;
+ }
+
+ // Fetch public keys for all users who will share the file
+ $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds);
// Recrypt data, generate catfile
- $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'] );
-
+ $recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'], $publicKeys);
+
$rawPath = $legacyFile['path'];
$relPath = $this->stripUserFilesPath($rawPath);
-
+
// Save keyfile
- Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] );
+ Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
// Save sharekeys to user folders
- Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] );
+ Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']);
// Overwrite the existing file with the encrypted one
- $this->view->file_put_contents( $rawPath, $recrypted['data'] );
-
- $size = strlen( $recrypted['data'] );
-
+ $this->view->file_put_contents($rawPath, $recrypted['data']);
+
+ $size = strlen($recrypted['data']);
+
// Add the file to the cache
- \OC\Files\Filesystem::putFileInfo( $rawPath, array( 'encrypted'=>true, 'size' => $size ), '' );
-
+ \OC\Files\Filesystem::putFileInfo($rawPath, array('encrypted' => true, 'size' => $size), '');
}
-
}
-
+
\OC_FileProxy::$enabled = true;
-
+
// If files were found, return true
return true;
-
} else {
-
+
// If no files were found, return false
return false;
-
}
-
}
-
+
/**
* @brief Return important encryption related paths
* @param string $pathName Name of the directory to return the path of
$this->assertEquals( $this->dataUrl, $decrypt );
}
-
- // What is the point of this test? It doesn't use keyEncryptKeyfile()
- function testKeyEncryptKeyfile() {
-
- # TODO: Don't repeat encryption from previous tests, use PHPUnit test interdependency instead
-
- // Generate keypair
- $pair1 = Encryption\Crypt::createKeypair();
-
- // Encrypt plain data, generate keyfile & encrypted file
- $cryptedData = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->dataUrl );
-
- // Encrypt keyfile
- $cryptedKey = Encryption\Crypt::keyEncrypt( $cryptedData['key'], $pair1['publicKey'] );
-
- // Decrypt keyfile
- $decryptKey = Encryption\Crypt::keyDecrypt( $cryptedKey, $pair1['privateKey'] );
-
- // Decrypt encrypted file
- $decryptData = Encryption\Crypt::symmetricDecryptFileContent( $cryptedData['encrypted'], $decryptKey );
-
- $this->assertEquals( $this->dataUrl, $decryptData );
-
- }
-
- /**
- * @brief test functionality of keyEncryptKeyfile() and
- * keyDecryptKeyfile()
- */
- function testKeyDecryptKeyfile() {
-
- $encrypted = Encryption\Crypt::keyEncryptKeyfile( $this->dataShort, $this->genPublicKey );
-
- $this->assertNotEquals( $encrypted['data'], $this->dataShort );
- $decrypted = Encryption\Crypt::keyDecryptKeyfile( $encrypted['data'], $encrypted['key'], $this->genPrivateKey );
-
- $this->assertEquals( $decrypted, $this->dataShort );
-
- }
-
-
/**
* @brief test encryption using legacy blowfish method
*/
projects / nextcloud-server.git / commitdiff