diff options
| -rw-r--r-- | apps/files_encryption/hooks/hooks.php | 8 | ||||
| -rw-r--r-- | apps/files_encryption/lib/keymanager.php | 10 | ||||
| -rw-r--r-- | apps/files_encryption/lib/proxy.php | 14 | ||||
| -rw-r--r-- | apps/files_encryption/lib/util.php | 4 | ||||
| -rw-r--r-- | apps/files_encryption/tests/keymanager.php | 1 |
5 files changed, 25 insertions, 12 deletions
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index e23e3a09d46..b37c974b9c1 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -39,6 +39,8 @@ class Hooks { if ( Crypt::mode( $params['uid'] ) == 'server' ) {
+ # TODO: use lots of dependency injection here
+
$view = new \OC_FilesystemView( '/' );
$util = new Util( $view, $params['uid'] );
@@ -49,8 +51,12 @@ class Hooks { }
- $encryptedKey = Keymanager::getPrivateKey( $params['uid'] );
+ \OC_FileProxy::$enabled = false;
+
+ $encryptedKey = Keymanager::getPrivateKey( $params['uid'], $view );
+ \OC_FileProxy::$enabled = true;
+
$_SESSION['enckey'] = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] );
}
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index ea6e4872d4b..b06226397e8 100644 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -30,14 +30,14 @@ class Keymanager { # TODO: make all dependencies (including static classes) explicit, such as ocfsview objects, by adding them as method arguments (dependency injection)
/**
- * @brief retrieve private key from a user
+ * @brief retrieve the ENCRYPTED private key from a user
*
* @return string private key or false
+ * @note the key returned by this method must be decrypted before use
*/
- public static function getPrivateKey() {
+ public static function getPrivateKey( $user, $view ) {
- $user = \OCP\User::getUser();
- $view = new \OC_FilesystemView( '/' . $user . '/' . 'files_encryption' );
+ $view->chroot( '/' . $user . '/' . 'files_encryption' );
return $view->file_get_contents( '/' . $user.'.private.key' );
}
@@ -121,7 +121,7 @@ class Keymanager { * @return string file key or false
*/
public static function getFileKey( $path ) {
- trigger_error("div ".$path);
+
$keypath = ltrim( $path, '/' );
$user = \OCP\User::getUser();
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 51ed889d129..5b0369bde9b 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -135,6 +135,8 @@ class Proxy extends \OC_FileProxy { public function postFile_get_contents( $path, $data ) { + # TODO: Use dependency injection to add required args for view and user etc. to this method + if ( Crypt::mode() == 'server' && Crypt::isEncryptedContent( $data ) ) { $filePath = explode( '/', $path ); @@ -150,9 +152,7 @@ class Proxy extends \OC_FileProxy { $keyFile = Keymanager::getFileKey( $filePath ); - $privateKey = Keymanager::getPrivateKey(); - - $data = Crypt::keyDecryptKeyfile( $data, $keyFile, $privateKey ); + $data = Crypt::keyDecryptKeyfile( $data, $keyFile, $_SESSION['enckey'] ); \OC_FileProxy::$enabled = true; @@ -175,9 +175,15 @@ class Proxy extends \OC_FileProxy { // If file is encrypted, decrypt using crypto protocol if ( Crypt::mode() == 'server' && Crypt::isEncryptedContent( $path ) ) { + $keyFile = Keymanager::getFileKey( $filePath ); + + $tmp = tmpfile(); + + file_put_contents( $tmp, Crypt::keyDecryptKeyfile( $result, $keyFile, $_SESSION['enckey'] ) ); + fclose ( $result ); - $result = fopen( 'crypt://'.$path, $meta['mode'] ); + $result = fopen( $tmp ); } elseif ( self::shouldEncrypt( $path ) diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 609f7871241..b919c56a2eb 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -222,9 +222,9 @@ class Util { } - public function encryptAll( OC_FilesystemView $view ) { + public function encryptAll( $directory ) { - $plainFiles = $this->findPlainFiles( $view ); + $plainFiles = $this->findFiles( $this->view, 'plain' ); if ( $this->encryptFiles( $plainFiles ) ) { diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index 51b49c5da57..e0ce7a1d6ad 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -43,6 +43,7 @@ class Test_Keymanager extends \PHPUnit_Framework_TestCase { $key = Keymanager::getPrivateKey( $this->user, $this->view ); + # TODO: replace call to Crypt with a mock object? $decrypted = Crypt::symmetricDecryptFileContent( $key, $this->passphrase ); $this->assertEquals( 1708, strlen( $decrypted ) ); |