From 06847f609b09f118b552d70e6f837a92008db570 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Thu, 31 Jan 2013 19:40:51 +0000 Subject: [PATCH] Improved support for detecting and recrypting legacy files. Bugs remain. --- apps/files_encryption/hooks/hooks.php | 4 +-- apps/files_encryption/lib/crypt.php | 13 +++++----- apps/files_encryption/lib/session.php | 2 +- apps/files_encryption/lib/util.php | 35 +++++++++++++++++++++------ 4 files changed, 37 insertions(+), 17 deletions(-) diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index dafa14fc000..cb9993b2389 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -70,7 +70,7 @@ class Hooks { $view1->file_exists( 'encryption.key' ) && $encLegacyKey = $view1->file_get_contents( 'encryption.key' ) ) { - + $plainLegacyKey = Crypt::legacyDecrypt( $encLegacyKey, $params['password'] ); $session->setLegacyKey( $plainLegacyKey ); @@ -87,7 +87,7 @@ class Hooks { ) { \OC_Log::write( - 'Encryption library', 'Encryption of file belonging to "' . $params['uid'] . '" was started at login' + 'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" started at login' , \OC_Log::INFO ); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 106b757307d..6fbbd412b89 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -184,19 +184,18 @@ class Crypt { * @brief Check if a file is encrypted via legacy system * @return true / false */ - public static function isLegacyEncryptedContent( $content ) { + public static function isLegacyEncryptedContent( $data, $path ) { // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $content, '' ); - + $metadata = \OC\Files\Filesystem::getFileInfo( $path, '' ); + // If a file is flagged with encryption in DB, but isn't a // valid content + IV combination, it's probably using the // legacy encryption system if ( - $content - and isset( $metadata['encrypted'] ) - and $metadata['encrypted'] === true - and ! self::isCatfile( $content ) + isset( $metadata['encrypted'] ) + and $metadata['encrypted'] === true + and ! self::isCatfile( $data ) ) { return true; diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index 4abc8be689f..bda22ee3a03 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -70,7 +70,7 @@ class Session { */ public function setLegacyKey( $legacyKey ) { - $_SESSION['legacyKey'] = $LegacyKey; + $_SESSION['legacyKey'] = $legacyKey; return true; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 2a69bba43c9..b1c128cf8c4 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -37,8 +37,9 @@ namespace OCA\Encryption; /** * @brief Class for utilities relating to encrypted file storage system - * @param $view OC_FilesystemView object, expected to have OC '/' as root path - * @param $client flag indicating status of client side encryption. Currently + * @param OC_FilesystemView $view expected to have OC '/' as root path + * @param string $userId ID of the logged in user + * @param int $client indicating status of client side encryption. Currently * unused, likely to become obsolete shortly */ @@ -262,17 +263,25 @@ class Util { } elseif ( $this->view->is_file( $filePath ) ) { // Disable proxies again, some- - // how they get re-enabled :/ + // where they got re-enabled :/ \OC_FileProxy::$enabled = false; + $data = $this->view->file_get_contents( $filePath ); + // If the file is encrypted - if ( Keymanager::getFileKey( $this->view, $this->userId, $file ) ) { + // NOTE: If the userId is + // empty or not set, file will + // detected as plain + if ( + Keymanager::getFileKey( $this->view, $this->userId, $file ) + && Crypt::isCatfile( $filePath ) + ) { $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); // If the file uses old // encryption system - } elseif ( Crypt::isLegacyEncryptedContent( $this->view->file_get_contents( $filePath ) ) ) { + } elseif ( Crypt::isLegacyEncryptedContent( $this->view->file_get_contents( $filePath ), $filePath ) ) { $found['legacy'][] = array( 'name' => $file, 'path' => $filePath ); @@ -355,11 +364,16 @@ class Util { $sliced = array_slice( $split, 2 ); $relPath = implode( '/', $sliced ); - // Save catfile + // Save keyfile Keymanager::setFileKey( $this->view, $relPath, $this->userId, $encrypted['key'] ); // Overwrite the existing file with the encrypted one $this->view->file_put_contents( $plainFile['path'], $encrypted['data'] ); + + $size = strlen( $encrypted['data'] ); + + // Add the file to the cache + \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' ); } @@ -370,6 +384,8 @@ class Util { && ! empty( $newPassphrase ) ) { + trigger_error("LEGACY FOUND"); + foreach ( $found['legacy'] as $legacyFilePath ) { // Fetch data from file @@ -378,11 +394,16 @@ class Util { // Recrypt data, generate catfile $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase ); - // Save catfile + // Save keyfile Keymanager::setFileKey( $this->view, $plainFile['path'], $this->userId, $recrypted['key'] ); // Overwrite the existing file with the encrypted one $this->view->file_put_contents( $plainFile['path'], $recrypted['data'] ); + + $size = strlen( $recrypted['data'] ); + + // Add the file to the cache + \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' ); } -- 2.39.5