Merge branch 'master' into files_encryption_check_private_key

Conflicts:
	apps/files_encryption/appinfo/app.php
	apps/files_encryption/lib/util.php

3 files changed, 60 insertions, 74 deletions

diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index ecbec2e8b2b..cd41390d1c5 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -636,7 +636,7 @@ class Crypt {
 	 *

 	 * This function decrypts an content

 	 */

-	private static function legacyDecrypt($content, $passphrase = '') {

+	public static function legacyDecrypt($content, $passphrase = '') {

 

 		$bf = self::getBlowfish($passphrase);

 

@@ -665,28 +665,4 @@ class Crypt {
 		}

 	}

 

-	/**

-	 * @param $legacyEncryptedContent

-	 * @param $legacyPassphrase

-	 * @param $publicKeys

-	 * @return array

-	 */

-	public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) {

-

-		$decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);

-

-		// Encrypt plain data, generate keyfile & encrypted file

-		$cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);

-

-		// Encrypt plain keyfile to multiple sharefiles

-		$multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);

-

-		return array(

-			'data' => $cryptedData['encrypted'],

-			'filekey' => $multiEncrypted['data'],

-			'sharekeys' => $multiEncrypted['keys']

-		);

-

-	}

-

 }
\ No newline at end of file
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index 0df34a38bd7..735eba911a9 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -256,6 +256,8 @@ class Proxy extends \OC_FileProxy {
 	 */
 	public function postFopen($path, &$result) {
 
+		$path = \OC\Files\Filesystem::normalizePath($path);
+
 		if (!$result) {
 
 			return $result;
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index d5a5ce774d2..94defa726a9 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -96,10 +96,13 @@ class Util {
 	//// DONE: test new encryption with sharing
 	//// TODO: test new encryption with proxies
 
+	const MIGRATION_COMPLETED = 1;    // migration to new encryption completed
+	const MIGRATION_IN_PROGRESS = -1; // migration is running
+	const MIGRATION_OPEN = 0;         // user still needs to be migrated
+
 
 	private $view; // OC_FilesystemView object for filesystem operations
 	private $userId; // ID of the currently logged-in user
-	private $pwd; // User Password
 	private $client; // Client side encryption mode flag
 	private $publicKeyDir; // Dir containing all public user keys
 	private $encryptionDir; // Dir containing user's files_encryption
@@ -728,40 +731,28 @@ class Util {
 					// Fetch data from file
 					$legacyData = $this->view->file_get_contents($legacyFile['path']);
 
-					$sharingEnabled = \OCP\Share::isEnabled();
-
-					// if file exists try to get sharing users
-					if ($this->view->file_exists($legacyFile['path'])) {
-						$uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId);
-					} else {
-						$uniqueUserIds[] = $this->userId;
-					}
-
-					// Fetch public keys for all users who will share the file
-					$publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds);
-
-					// Recrypt data, generate catfile
-					$recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKeys);
+					// decrypt data, generate catfile
+					$decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase);
 
 					$rawPath = $legacyFile['path'];
-					$relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath);
 
-					// Save keyfile
-					Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
+					// enable proxy the ensure encryption is handled
+					\OC_FileProxy::$enabled = true;
+
+					// Open enc file handle for binary writing, with same filename as original plain file
+					$encHandle = $this->view->fopen( $rawPath, 'wb' );
 
-					// Save sharekeys to user folders
-					Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']);
+					if (is_resource($encHandle)) {
 
-					// Overwrite the existing file with the encrypted one
-					$this->view->file_put_contents($rawPath, $recrypted['data']);
+						// write data to stream
+						fwrite($encHandle, $decrypted);
 
-					$size = strlen($recrypted['data']);
+						// close stream
+						fclose($encHandle);
+					}
 
-					// Add the file to the cache
-					\OC\Files\Filesystem::putFileInfo($rawPath, array(
-																	 'encrypted' => true,
-																	 'size' => $size
-																), '');
+					// disable proxy to prevent file being encrypted twice
+					\OC_FileProxy::$enabled = false;
 				}
 			}
 
@@ -1060,36 +1051,56 @@ class Util {
 	}
 
 	/**
-	 * @brief Set file migration status for user
-	 * @param $status
-	 * @return bool
+	 * @brief start migration mode to initially encrypt users data
+	 * @return boolean
 	 */
-	public function setMigrationStatus($status) {
-
-		$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
+	public function beginMigration() {
 
-		$args = array(
-			$status,
-			$this->userId
-		);
+		$return = false;
 
+		$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?';
+		$args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN);
 		$query = \OCP\DB::prepare($sql);
+		$result = $query->execute($args);
+		$manipulatedRows = $result->numRows();
 
-		if ($query->execute($args)) {
+		if ($manipulatedRows === 1) {
+			$return = true;
+			\OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO);
+		} else {
+			\OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN);
+		}
 
-			return true;
+		return $return;
+	}
 
-		} else {
+	/**
+	 * @brief close migration mode after users data has been encrypted successfully
+	 * @return boolean
+	 */
+	public function finishMigration() {
 
-			return false;
+		$return = false;
+
+		$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?';
+		$args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS);
+		$query = \OCP\DB::prepare($sql);
+		$result = $query->execute($args);
+		$manipulatedRows = $result->numRows();
 
+		if ($manipulatedRows === 1) {
+			$return = true;
+			\OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO);
+		} else {
+			\OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN);
 		}
 
+		return $return;
 	}
 
 	/**
-	 * @brief Check whether pwd recovery is enabled for a given user
-	 * @return bool 1 = yes, 0 = no, false = no record
+	 * @brief check if files are already migrated to the encryption system
+	 * @return migration status, false = in case of no record
 	 * @note If records are not being returned, check for a hidden space
 	 *       at the start of the uid in db
 	 */
@@ -1118,14 +1129,11 @@ class Util {
 
 		// If no record is found
 		if (empty($migrationStatus)) {
-
+			\OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
 			return false;
-
 			// If a record is found
 		} else {
-
-			return $migrationStatus[0];
-
+			return (int)$migrationStatus[0];
 		}
 
 	}