From c00e728e5f77722bceaa0bba25a02128039d7127 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 26 Mar 2015 09:58:31 +0100
Subject: [PATCH] encryption app: remove legacy code, we do only server-side
 encryption

---
 apps/encryption/lib/crypto/crypt.php |  8 ---
 apps/encryption/lib/keymanager.php   | 99 ++++++++++++----------------
 2 files changed, 42 insertions(+), 65 deletions(-)

diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index f9fe4f9bece..9fb93485ef7 100644
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -68,14 +68,6 @@ class Crypt {
 		$this->config = $config;
 	}
 
-	/**
-	 * @param null $user
-	 * @return string
-	 */
-	public function mode($user = null) {
-		return 'server';
-	}
-
 	/**
 	 *
 	 */
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 83b24c79b8c..c1c1f9811dc 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -239,78 +239,63 @@ class KeyManager {
 	 */
 	public function setPassphrase($params, IUserSession $user, Util $util) {
 
-		// Only attempt to change passphrase if server-side encryption
-		// is in use (client-side encryption does not have access to
-		// the necessary keys)
-		if ($this->crypt->mode() === 'server') {
+		// Get existing decrypted private key
+		$privateKey = self::$cacheFactory->get('privateKey');
 
-			// Get existing decrypted private key
-			$privateKey = self::$cacheFactory->get('privateKey');
+		if ($params['uid'] === $user->getUser()->getUID() && $privateKey) {
 
-			if ($params['uid'] === $user->getUser()->getUID() && $privateKey) {
+			// Encrypt private key with new user pwd as passphrase
+			$encryptedPrivateKey = $this->crypt->symmetricEncryptFileContent($privateKey, $params['password']);
 
-				// Encrypt private key with new user pwd as passphrase
-				$encryptedPrivateKey = $this->crypt->symmetricEncryptFileContent($privateKey,
-					$params['password']);
-
-				// Save private key
-				if ($encryptedPrivateKey) {
-					$this->setPrivateKey($user->getUser()->getUID(),
-						$encryptedPrivateKey);
-				} else {
-					$this->log->error('Encryption could not update users encryption password');
-				}
-
-				// NOTE: Session does not need to be updated as the
-				// private key has not changed, only the passphrase
-				// used to decrypt it has changed
-
-
-			} else { // admin changed the password for a different user, create new keys and reencrypt file keys
-
-				$user = $params['uid'];
-				$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
+			// Save private key
+			if ($encryptedPrivateKey) {
+				$this->setPrivateKey($user->getUser()->getUID(), $encryptedPrivateKey);
+			} else {
+				$this->log->error('Encryption could not update users encryption password');
+			}
 
-				// we generate new keys if...
-				// ...we have a recovery password and the user enabled the recovery key
-				// ...encryption was activated for the first time (no keys exists)
-				// ...the user doesn't have any files
-				if (($util->recoveryEnabledForUser() && $recoveryPassword)
+			// NOTE: Session does not need to be updated as the
+			// private key has not changed, only the passphrase
+			// used to decrypt it has changed
+		} else { // admin changed the password for a different user, create new keys and reencrypt file keys
+			$user = $params['uid'];
+			$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
 
-					|| !$this->userHasKeys($user)
-					|| !$util->userHasFiles($user)
-				) {
+			// we generate new keys if...
+			// ...we have a recovery password and the user enabled the recovery key
+			// ...encryption was activated for the first time (no keys exists)
+			// ...the user doesn't have any files
+			if (($util->recoveryEnabledForUser() && $recoveryPassword) || !$this->userHasKeys($user) || !$util->userHasFiles($user)
+			) {
 
-					// backup old keys
-					$this->backupAllKeys('recovery');
+				// backup old keys
+				$this->backupAllKeys('recovery');
 
-					$newUserPassword = $params['password'];
+				$newUserPassword = $params['password'];
 
-					$keypair = $this->crypt->createKeyPair();
+				$keypair = $this->crypt->createKeyPair();
 
-					// Disable encryption proxy to prevent recursive calls
-					$proxyStatus = \OC_FileProxy::$enabled;
-					\OC_FileProxy::$enabled = false;
+				// Disable encryption proxy to prevent recursive calls
+				$proxyStatus = \OC_FileProxy::$enabled;
+				\OC_FileProxy::$enabled = false;
 
-					// Save public key
-					$this->setPublicKey($user, $keypair['publicKey']);
+				// Save public key
+				$this->setPublicKey($user, $keypair['publicKey']);
 
-					// Encrypt private key with new password
-					$encryptedKey = $this->crypt->symmetricEncryptFileContent($keypair['privateKey'],
-						$newUserPassword);
+				// Encrypt private key with new password
+				$encryptedKey = $this->crypt->symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
 
-					if ($encryptedKey) {
-						$this->setPrivateKey($user, $encryptedKey);
+				if ($encryptedKey) {
+					$this->setPrivateKey($user, $encryptedKey);
 
-						if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
-							$util->recoverUsersFiles($recoveryPassword);
-						}
-					} else {
-						$this->log->error('Encryption Could not update users encryption password');
+					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
+						$util->recoverUsersFiles($recoveryPassword);
 					}
-
-					\OC_FileProxy::$enabled = $proxyStatus;
+				} else {
+					$this->log->error('Encryption Could not update users encryption password');
 				}
+
+				\OC_FileProxy::$enabled = $proxyStatus;
 			}
 		}
 	}
-- 
2.39.5