Finally fixing encryption with public share

apps/encryption/lib/keymanager.php

@@ -23,6 +23,7 @@ namespace OCA\Encryption;
 
 
 use OC\Encryption\Exceptions\DecryptionFailedException;
+use OCA\Encryption\Exceptions\FileKeyMissingException;
 use OCA\Encryption\Exceptions\PrivateKeyMissingException;
 use OC\Encryption\Exceptions\PublicKeyMissingException;
 use OCA\Encryption\Crypto\Crypt;
@@ -114,6 +115,8 @@ class KeyManager {
 		$this->keyStorage = $keyStorage;
 		$this->crypt = $crypt;
 		$this->config = $config;
+		$this->log = $log;
+
 		$this->recoveryKeyId = $this->config->getAppValue('encryption',
 			'recoveryKeyId');
 		if (empty($this->recoveryKeyId)) {
@@ -123,34 +126,24 @@ class KeyManager {
 				$this->recoveryKeyId);
 		}
 
-
 		$this->publicShareKeyId = $this->config->getAppValue('encryption',
 			'publicShareKeyId');
-		$this->log = $log;
-
 		if (empty($this->publicShareKeyId)) {
 			$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption',
-				'publicShareKeyId',
-				$this->publicShareKeyId);
+			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
+		}
 
+		$shareKey = $this->getPublicShareKey();
+		if (empty($shareKey)) {
 			$keyPair = $this->crypt->createKeyPair();
 
 			// Save public key
 			$this->keyStorage->setSystemUserKey(
-				$this->publicShareKeyId . '.publicKey',
-				$keyPair['publicKey']);
+				$this->publicShareKeyId . '.publicKey', $keyPair['publicKey']);
 
 			// Encrypt private key empty passphrase
-			$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
-				'');
-			if ($encryptedKey) {
-				$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey',
-					$encryptedKey);
-			} else {
-				$this->log->error('Could not create public share keys');
-			}
-
+			$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], '');
+			$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey);
 		}
 
 		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
@@ -161,7 +154,8 @@ class KeyManager {
 	 * @return bool
 	 */
 	public function recoveryKeyExists() {
-		return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey')));
+		$key = $this->getRecoveryKey();
+		return (!empty($key));
 	}
 
 	/**
@@ -340,19 +334,25 @@ class KeyManager {
 	 * @return string
 	 */
 	public function getFileKey($path, $uid) {
-		$key = '';
-		$encryptedFileKey = $this->keyStorage->getFileKey($path,
-			$this->fileKeyId);
-		$shareKey = $this->getShareKey($path, $uid);
-		$privateKey = $this->session->getPrivateKey();
+		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId);
+
+		if (is_null($uid)) {
+			$uid = $this->getPublicShareKeyId();
+			$shareKey = $this->getShareKey($path, $uid);
+			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey');
+			$privateKey = $this->crypt->symmetricDecryptFileContent($privateKey);
+		} else {
+			$shareKey = $this->getShareKey($path, $uid);
+			$privateKey = $this->session->getPrivateKey();
+		}
 
 		if ($encryptedFileKey && $shareKey && $privateKey) {
-			$key = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+			return $this->crypt->multiKeyDecrypt($encryptedFileKey,
 				$shareKey,
 				$privateKey);
 		}
 
-		return $key;
+		throw new FileKeyMissingException();
 	}
 
 	/**
@@ -412,7 +412,7 @@ class KeyManager {
 	}
 
 	/**
-	 * get public key  for public link shares
+	 * get public key for public link shares
 	 *
 	 * @return string
 	 */
@@ -504,7 +504,11 @@ class KeyManager {
 	 */
 	public function addSystemKeys(array $accessList, array $publicKeys) {
 		if (!empty($accessList['public'])) {
-			$publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey();
+			$publicShareKey = $this->getPublicShareKey();
+			if (empty($publicShareKey)) {
+				throw new PublicKeyMissingException();
+			}
+			$publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
 		}
 
 		if ($this->recoveryKeyExists() &&

lib/private/encryption/update.php

@@ -93,25 +93,25 @@ class Update {
 	 * @param int $fileSource file source id
 	 */
 	private function update($fileSource) {
-			$path = \OC\Files\Filesystem::getPath($fileSource);
-			$absPath = '/' . $this->uid . '/files' . $path;
+		$path = \OC\Files\Filesystem::getPath($fileSource);
+		$absPath = '/' . $this->uid . '/files' . $path;
 
-			$mount = $this->mountManager->find($path);
-			$mountPoint = $mount->getMountPoint();
+		$mount = $this->mountManager->find($path);
+		$mountPoint = $mount->getMountPoint();
 
-			// if a folder was shared, get a list of all (sub-)folders
-			if ($this->view->is_dir($absPath)) {
-				$allFiles = $this->util->getAllFiles($absPath, $mountPoint);
-			} else {
-				$allFiles = array($absPath);
-			}
+		// if a folder was shared, get a list of all (sub-)folders
+		if ($this->view->is_dir($absPath)) {
+			$allFiles = $this->util->getAllFiles($absPath, $mountPoint);
+		} else {
+			$allFiles = array($absPath);
+		}
 
-			$encryptionModule = $this->encryptionManager->getDefaultEncryptionModule();
+		$encryptionModule = $this->encryptionManager->getDefaultEncryptionModule();
 
-			foreach ($allFiles as $path) {
-				$usersSharing = $this->file->getAccessList($path);
-				$encryptionModule->update($absPath, $this->uid, $usersSharing);
-			}
+		foreach ($allFiles as $path) {
+			$usersSharing = $this->file->getAccessList($path);
+			$encryptionModule->update($absPath, $this->uid, $usersSharing);
+		}
 	}
 
-}
+}

lib/private/files/stream/encryption.php

@@ -198,7 +198,7 @@ class Encryption extends Wrapper {
 		$context = parent::loadContext($name);
 
 		foreach ($this->expectedContextProperties as $property) {
-			if (isset($context[$property])) {
+			if (array_key_exists($property, $context)) {
 				$this->{$property} = $context[$property];
 			} else {
 				throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set');