diff options
Diffstat (limited to 'apps/files_encryption/lib')
| -rwxr-xr-x | apps/files_encryption/lib/crypt.php | 16 | ||||
| -rwxr-xr-x | apps/files_encryption/lib/helper.php | 20 | ||||
| -rw-r--r-- | apps/files_encryption/lib/proxy.php | 50 | ||||
| -rw-r--r-- | apps/files_encryption/lib/stream.php | 15 |
4 files changed, 58 insertions, 43 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index c009718160a..9155d238c77 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -33,6 +33,12 @@ require_once __DIR__ . '/../3rdparty/Crypt_Blowfish/Blowfish.php'; class Crypt {
+ const ENCRYPTION_UNKNOWN_ERROR = -1;
+ const ENCRYPTION_NOT_INITIALIZED_ERROR = 1;
+ const ENCRYPTION_PRIVATE_KEY_NOT_VALID_ERROR = 2;
+ const ENCRYPTION_NO_SHARE_KEY_FOUND = 3;
+
+
/**
* @brief return encryption mode client or server side encryption
* @param string $user name (use system wide setting if name=null)
@@ -183,8 +189,8 @@ class Crypt { // Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo($relPath, '');
- // If a file is flagged with encryption in DB, but isn't a
- // valid content + IV combination, it's probably using the
+ // If a file is flagged with encryption in DB, but isn't a
+ // valid content + IV combination, it's probably using the
// legacy encryption system
if (isset($metadata['encrypted'])
&& $metadata['encrypted'] === true
@@ -388,7 +394,7 @@ class Crypt { */
public static function multiKeyEncrypt($plainContent, array $publicKeys) {
- // openssl_seal returns false without errors if $plainContent
+ // openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error
if (empty($plainContent)) {
@@ -405,7 +411,7 @@ class Crypt { $i = 0;
- // Ensure each shareKey is labelled with its
+ // Ensure each shareKey is labelled with its
// corresponding userId
foreach ($publicKeys as $userId => $publicKey) {
@@ -476,7 +482,7 @@ class Crypt { }
- // We encode the iv purely for string manipulation
+ // We encode the iv purely for string manipulation
// purposes - it gets decoded before use
$iv = base64_encode($random);
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index ebfc00157f7..a754f9f28c4 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -235,16 +235,28 @@ class Helper { /** * @brief redirect to a error page */ - public static function redirectToErrorPage($session) { - - $init = $session->getInitialized(); + public static function redirectToErrorPage($session, $errorCode = null) { + + if ($errorCode === null) { + $init = $session->getInitialized(); + switch ($init) { + case \OCA\Encryption\Session::INIT_EXECUTED: + $errorCode = \OCA\Encryption\Crypt::ENCRYPTION_PRIVATE_KEY_NOT_VALID_ERROR; + break; + case \OCA\Encryption\Session::NOT_INITIALIZED: + $errorCode = \OCA\Encryption\Crypt::ENCRYPTION_NOT_INITIALIZED_ERROR; + break; + default: + $errorCode = \OCA\Encryption\Crypt::ENCRYPTION_UNKNOWN_ERROR; + } + } $location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php'); $post = 0; if(count($_POST) > 0) { $post = 1; } - header('Location: ' . $location . '?p=' . $post . '&i=' . $init); + header('Location: ' . $location . '?p=' . $post . '&errorCode=' . $errorCode); exit(); } diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 6f630c83a3f..6dc5c9ce1b8 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -38,8 +38,6 @@ class Proxy extends \OC_FileProxy { private static $blackList = null; //mimetypes blacklisted from encryption - private static $enableEncryption = null; - /** * Check if a file requires encryption * @param string $path @@ -49,46 +47,23 @@ class Proxy extends \OC_FileProxy { */ private static function shouldEncrypt($path) { - if (is_null(self::$enableEncryption)) { - if ( - \OCP\App::isEnabled('files_encryption') === true - && Crypt::mode() === 'server' - ) { - - self::$enableEncryption = true; - - } else { - - self::$enableEncryption = false; - - } - - } - - if (!self::$enableEncryption) { - + if (\OCP\App::isEnabled('files_encryption') === false || Crypt::mode() !== 'server' || + strpos($path, '/' . \OCP\User::getUser() . '/files') !== 0) { return false; - } if (is_null(self::$blackList)) { - self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', '')); - } if (Crypt::isCatfileContent($path)) { - return true; - } $extension = substr($path, strrpos($path, '.') + 1); if (array_search($extension, self::$blackList) === false) { - return true; - } return false; @@ -342,6 +317,16 @@ class Proxy extends \OC_FileProxy { $view = new \OC_FilesystemView('/'); + $userId = \OCP\User::getUser(); + $util = new Util($view, $userId); + + // if encryption is no longer enabled or if the files aren't migrated yet + // we return the default file size + if(!\OCP\App::isEnabled('files_encryption') || + $util->getMigrationStatus() !== Util::MIGRATION_COMPLETED) { + return $size; + } + // if path is a folder do nothing if ($view->is_dir($path)) { return $size; @@ -363,6 +348,15 @@ class Proxy extends \OC_FileProxy { // if file is encrypted return real file size if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { + // try to fix unencrypted file size if it doesn't look plausible + if ((int)$fileInfo['size'] > 0 && (int)$fileInfo['unencrypted_size'] === 0 ) { + $fixSize = $util->getFileSize($path); + $fileInfo['unencrypted_size'] = $fixSize; + // put file info if not .part file + if (!Keymanager::isPartialFilePath($relativePath)) { + $view->putFileInfo($path, $fileInfo); + } + } $size = $fileInfo['unencrypted_size']; } else { // self healing if file was removed from file cache @@ -370,8 +364,6 @@ class Proxy extends \OC_FileProxy { $fileInfo = array(); } - $userId = \OCP\User::getUser(); - $util = new Util($view, $userId); $fixSize = $util->getFileSize($path); if ($fixSize > 0) { $size = $fixSize; diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 02955bb064e..5ce5caf80ce 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -254,16 +254,20 @@ class Stream { // If a keyfile already exists if ($this->encKeyfile) { + $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); + // if there is no valid private key return false if ($this->privateKey === false) { - // if private key is not valid redirect user to a error page - \OCA\Encryption\Helper::redirectToErrorPage(); - + \OCA\Encryption\Helper::redirectToErrorPage($this->session); return false; } - $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); + if ($shareKey === false) { + // if no share key is available redirect user to a error page + \OCA\Encryption\Helper::redirectToErrorPage($this->session, \OCA\Encryption\Crypt::ENCRYPTION_NO_SHARE_KEY_FOUND); + return false; + } $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $this->privateKey); @@ -506,9 +510,10 @@ class Stream { // Get all users sharing the file includes current user $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); + $checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds); // Fetch public keys for all sharing users - $publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds); + $publicKeys = Keymanager::getPublicKeys($this->rootView, $checkedUserIds['ready']); // Encrypt enc key for all sharing users $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); |