From 92f06243be62945b5ff5e7542e9984f7bb45d74b Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Mon, 11 Feb 2013 10:21:23 +0000 Subject: Implementing sharing support New file-specific methods in lib/public/share Changes to how keyfiles are stored --- apps/files_encryption/lib/crypt.php | 41 +++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 11 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index e3d23023db3..fdee03eeaf5 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -370,22 +370,41 @@ class Crypt { /** * @brief Create asymmetrically encrypted keyfile content using a generated key * @param string $plainContent content to be encrypted - * @returns array keys: key, encrypted - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file + * @param array $publicKeys array keys must be the userId of corresponding user + * @returns array keys: keys (array, key = userId), encrypted + * @note symmetricDecryptFileContent() can decrypt files created using this method */ public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { - + + // openssl_seal returns false without errors if $plainContent + // is empty, so trigger our own error + if ( empty( $plainContent ) ) { + + trigger_error( "Cannot mutliKeyEncrypt empty plain content" ); + throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' ); + + } + // Set empty vars to be set by openssl by reference $sealed = ''; - $envKeys = array(); + $shareKeys = array(); - if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) { + if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { + + $i = 0; + + // Ensure each shareKey is labelled with its + // corresponding userId + foreach ( $publicKeys as $userId => $publicKey ) { + + $mappedShareKeys[$userId] = $shareKeys[$i]; + $i++; + + } return array( - 'keys' => $envKeys - , 'encrypted' => $sealed + 'keys' => $mappedShareKeys + , 'data' => $sealed ); } else { @@ -404,7 +423,7 @@ class Crypt { * * This function decrypts a file */ - public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) { + public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) { if ( !$encryptedContent ) { @@ -412,7 +431,7 @@ class Crypt { } - if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) { + if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) { return $plainContent; -- cgit v1.2.3 From 3e3cee98c87e90ece7a4a908b6cbbc7cbc94aac7 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Mon, 11 Feb 2013 13:28:37 +0100 Subject: - moved the enrcyption of the filekey ifg file gets shared from the post shared hook to Crypt::encKeyfileToMultipleUsers() because this can be reused if files get unshared - switch from preUnshare hook to postUnshare hook because afterward we can simply get the updated list of users with access to the file and call Crypt::encKeyfileToMultipleUsers() --- apps/files_encryption/appinfo/app.php | 4 +-- apps/files_encryption/hooks/hooks.php | 47 ++++++++--------------------------- apps/files_encryption/lib/crypt.php | 42 +++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 39 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index f83109a18ea..6778e1faa3c 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -16,8 +16,8 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set // Sharing-related hooks OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); -OCP\Util::connectHook( 'OCP\Share', 'pre_unshare', 'OCA\Encryption\Hooks', 'preUnshare' ); -OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' ); +OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); +OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' ); // Webdav-related hooks OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index b0075a3ada7..c8565964ba9 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -179,7 +179,6 @@ class Hooks { $view = new \OC_FilesystemView( '/' ); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); - $session = new Session(); $shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 ); @@ -207,55 +206,29 @@ class Hooks { } } - - $userPubKeys = Keymanager::getPublicKeys( $view, $userIds ); - - \OC_FileProxy::$enabled = false; - - // get the keyfile - $encKeyfile = Keymanager::getFileKey( $view, $userId, $params['fileTarget'] ); - - $privateKey = $session->getPrivateKey(); - - // decrypt the keyfile - $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); - - // re-enc keyfile to sharekeys - $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); - - // save sharekeys - if ( ! Keymanager::setShareKeys( $view, $params['fileTarget'], $shareKeys['keys'] ) ) { - - trigger_error( "SET Share keys failed" ); - - } - - // Delete existing keyfile - // Do this last to ensure file is recoverable in case of error -// Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] ); - - \OC_FileProxy::$enabled = true; - - return true; + + return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']); } /** * @brief */ - public static function preUnshare( $params ) { - - // Delete existing catfile + public static function postUnshare( $params ) { + $shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 ); - // Generate new catfile and env keys + $userIds = array(); + foreach ( $shares as $share ) { + $userIds[] = $share['userId']; + } - // Save env keys to user folders + return Crypt::encKeyfileToMultipleUsers($userIDs, $params['fileTarget']); } /** * @brief */ - public static function preUnshareAll( $params ) { + public static function postUnshareAll( $params ) { trigger_error( "preUnshareAll" ); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index fdee03eeaf5..6704ea6bf18 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -744,4 +744,46 @@ class Crypt { } + + /** + * @brief encrypt file key to multiple users + * @param $users list of users which should be able to access the file + * @param $fileTarget target of the file + */ + public static function encKeyfileToMultipleUsers($users, $fileTarget) { + $view = new \OC_FilesystemView( '/' ); + $userId = \OCP\User::getUser(); + $util = new Util( $view, $userId ); + $session = new Session(); + + $userPubKeys = Keymanager::getPublicKeys( $view, $users ); + + \OC_FileProxy::$enabled = false; + + // get the keyfile + $encKeyfile = Keymanager::getFileKey( $view, $userId, $fileTarget ); + + $privateKey = $session->getPrivateKey(); + + // decrypt the keyfile + $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); + + // re-enc keyfile to sharekeys + $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); + + // save sharekeys + if ( ! Keymanager::setShareKeys( $view, $fileTarget, $shareKeys['keys'] ) ) { + + trigger_error( "SET Share keys failed" ); + + } + + // Delete existing keyfile + // Do this last to ensure file is recoverable in case of error + // Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] ); + + \OC_FileProxy::$enabled = true; + + return true; + } } \ No newline at end of file -- cgit v1.2.3 From 8eef919a754ff3404df1065d616e66cb9b1ff437 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 12 Feb 2013 12:08:34 +0100 Subject: take group shares into account if we retrieve the list a all recipients --- apps/files_encryption/hooks/hooks.php | 35 ++++--------------- apps/files_encryption/lib/crypt.php | 30 ++++++++++++++-- lib/public/share.php | 65 ++++++++++++++++------------------- 3 files changed, 63 insertions(+), 67 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 17bcb9238ac..c14ce3e91db 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -167,44 +167,21 @@ class Hooks { * @brief */ public static function postShared( $params ) { - error_log("post shared triggered!"); + // NOTE: $params is an array with these keys: // itemSource -> int, filecache file ID // shareWith -> string, uid of user being shared to // fileTarget -> path of file being shared // uidOwner -> owner of the original file being shared + //TODO: We don't deal with shared folder yet, need to recursively update every file in the folder + $view = new \OC_FilesystemView( '/' ); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); - $shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 ); - - $userIds = array(); - - foreach ( $shares as $share ) { - - $util = new Util( $view, $share['userId'] ); - - // Check that the user is encryption capable - // TODO create encryption key when user gets created - if ( $util->ready() ) { - - // Construct array of just UIDs for Keymanager{} - $userIds[] = $share['userId']; - - } else { - - // Log warning; we can't do necessary setup here - // because we don't have the user passphrase - // TODO: Provide user feedback indicating that - // sharing failed - \OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$share['userId'].'" is not setup for encryption', \OC_Log::WARN ); - - } + $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); - } - return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']); } @@ -213,11 +190,11 @@ class Hooks { * @brief */ public static function preUnshare( $params ) { - $items = \OCP\Share::getItemSharedWithBySource($params['itemType'], $params['itemSource']); - $shares = \OCP\Share::getUsersSharingFile( $item[0]['file_target'], 1 ); + $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); $userIds = array(); foreach ( $shares as $share ) { + error_log("keek user id: " . $share['userId']); $userIds[] = $share['userId']; } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 6704ea6bf18..a8cc2b3726d 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -752,16 +752,40 @@ class Crypt { */ public static function encKeyfileToMultipleUsers($users, $fileTarget) { $view = new \OC_FilesystemView( '/' ); - $userId = \OCP\User::getUser(); + $owner = \OCP\User::getUser(); $util = new Util( $view, $userId ); $session = new Session(); + + $userIds = array(); + + foreach ( $users as $user ) { + + $util = new Util( $view, $user ); + + // Check that the user is encryption capable + if ( $util->ready() ) { + // Construct array of just UIDs for Keymanager{} + $userIds[] = $user; + + } else { + + // Log warning; we can't do necessary setup here + // because we don't have the user passphrase + // TODO: Provide user feedback indicating that + // sharing failed + \OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$user.'" is not setup for encryption', \OC_Log::WARN ); + + } + + } + - $userPubKeys = Keymanager::getPublicKeys( $view, $users ); + $userPubKeys = Keymanager::getPublicKeys( $view, $userIds ); \OC_FileProxy::$enabled = false; // get the keyfile - $encKeyfile = Keymanager::getFileKey( $view, $userId, $fileTarget ); + $encKeyfile = Keymanager::getFileKey( $view, $owner, $fileTarget ); $privateKey = $session->getPrivateKey(); diff --git a/lib/public/share.php b/lib/public/share.php index 4170783d71e..841240692d8 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -149,62 +149,57 @@ class Share { * @note $path needs to be relative to user data dir, e.g. 'file.txt' * not '/admin/data/file.txt' */ - public static function getUsersSharingFile( $path, $includeOwner = 0 ) { - - $fPath = self::prepFileTarget( $path ); - + public static function getUsersSharingFile( $source, $includeOwner = 0 ) { + //TODO get also the recipients from folders which are shared above the current file // Fetch all shares of this file path from DB $query = \OC_DB::prepare( - 'SELECT - share_type - , share_with - , uid_owner - , permissions + 'SELECT share_with FROM `*PREFIX*share` WHERE - file_target = ?' + item_source = ? AND share_type = ? AND uid_owner = ?' ); - $result = $query->execute( array( $fPath ) ); + $result = $query->execute( array( $source, self::SHARE_TYPE_USER, \OCP\User::getUser() ) ); if ( \OC_DB::isError( $result ) ) { - - \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result) . ', path=' . $fPath, \OC_Log::ERROR ); - + \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); } $shares = array(); while( $row = $result->fetchRow() ) { + $shares[] = $row['share_with']; + } - // Set helpful array keys - $shares[] = array( - 'userId' => $row['share_with'] - , 'owner' => $row['uid_owner'] // we just set this so it can be used once, hugly hack :/ - , 'shareType' => $row['share_type'] - , 'permissions' => $row['permissions'] - ); + // We also need to take group shares into account + + $query = \OC_DB::prepare( + 'SELECT share_with + FROM + `*PREFIX*share` + WHERE + item_source = ? AND share_type = ? AND uid_owner = ?' + ); + $result = $query->execute( array( $source, self::SHARE_TYPE_GROUP, \OCP\User::getUser() ) ); + + if ( \OC_DB::isError( $result ) ) { + \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); } + while( $row = $result->fetchRow() ) { + $usersInGroup = \OC_Group::usersInGroup($row['share_with']); + $shares = array_merge($shares, $usersInGroup); + } + if ( ! empty( $shares ) ) { - // Include owner in list of users, if requested if ( $includeOwner == 1 ) { - - // NOTE: The values are incorrect for shareType and - // permissions of the owner; we just include them for - // optional convenience - $shares[] = array( - 'userId' => $shares[0]['owner'] - , 'shareType' => 0 - , 'permissions' => 0 - ); - + $shares[] = \OCP\User::getUser(); } - - return $shares; + + return array_unique($shares); } else { @@ -235,7 +230,7 @@ class Share { public static function getItemSharedWith($itemType, $itemTarget, $format = self::FORMAT_NONE, $parameters = null, $includeCollections = false) { return self::getItems($itemType, $itemTarget, self::$shareTypeUserAndGroups, \OC_User::getUser(), null, $format, $parameters, 1, $includeCollections); } - + /** * @brief Get the item of item type shared with the current user by source * @param string Item type -- cgit v1.2.3 From 1e5d03da800e5ad36e7b5adbab7eef03a2add80c Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 12 Feb 2013 12:45:54 +0100 Subject: use right location of the file is the source and not the target it is shared to --- apps/files_encryption/hooks/hooks.php | 32 +++++++++++++++++++------------- apps/files_encryption/lib/crypt.php | 6 +++--- 2 files changed, 22 insertions(+), 16 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index c14ce3e91db..ebc345a47e7 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -163,6 +163,20 @@ class Hooks { } + /** + * @brief get path of a file. + * @param $fileId id of the file + * @return path of the file + */ + private static function getFilePath($fileId) { + $query = \OC_DB::prepare('SELECT `path`' + .' FROM `*PREFIX*filecache`' + .' WHERE `fileid` = ?'); + $result = $query->execute(array($fileId)); + $row = $result->fetchRow(); + return $row['path']; + } + /** * @brief */ @@ -182,7 +196,7 @@ class Hooks { $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); - return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']); + return Crypt::encKeyfileToMultipleUsers($shares, self::getFilePath($params['itemSource'])); } @@ -191,25 +205,17 @@ class Hooks { */ public static function preUnshare( $params ) { $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); - - $userIds = array(); - foreach ( $shares as $share ) { - error_log("keek user id: " . $share['userId']); - $userIds[] = $share['userId']; - } - // remove the user from the list from which the file will be unshared - unset($userIds[$params['shareWith']]); - - return Crypt::encKeyfileToMultipleUsers($userIDs, $item[0]['file_target']); + unset($shares[$params['shareWith']]); + + return Crypt::encKeyfileToMultipleUsers($shares, self::getFilePath($params['itemSource'])); } /** * @brief */ public static function preUnshareAll( $params ) { - $items = \OCP\Share::getItemSharedWithBySource($params['itemType'], $params['itemSource']); - return Crypt::encKeyfileToMultipleUsers(array($items[0]['uid_owner']), $items[0]['file_target']); + return Crypt::encKeyfileToMultipleUsers(array(\OCP\User::getUser()), self::getFilePath($params['itemSource'])); } } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index a8cc2b3726d..cbdae323e56 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -750,7 +750,7 @@ class Crypt { * @param $users list of users which should be able to access the file * @param $fileTarget target of the file */ - public static function encKeyfileToMultipleUsers($users, $fileTarget) { + public static function encKeyfileToMultipleUsers($users, $filePath) { $view = new \OC_FilesystemView( '/' ); $owner = \OCP\User::getUser(); $util = new Util( $view, $userId ); @@ -785,7 +785,7 @@ class Crypt { \OC_FileProxy::$enabled = false; // get the keyfile - $encKeyfile = Keymanager::getFileKey( $view, $owner, $fileTarget ); + $encKeyfile = Keymanager::getFileKey( $view, $owner, $filePath ); $privateKey = $session->getPrivateKey(); @@ -796,7 +796,7 @@ class Crypt { $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); // save sharekeys - if ( ! Keymanager::setShareKeys( $view, $fileTarget, $shareKeys['keys'] ) ) { + if ( ! Keymanager::setShareKeys( $view, $filePath, $shareKeys['keys'] ) ) { trigger_error( "SET Share keys failed" ); -- cgit v1.2.3 From d1bbb30385260d77b01bc5998465ebe68ccd83d7 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 12 Feb 2013 16:48:04 +0100 Subject: also find users with access to the file if a folder above the actual file was already shared --- apps/files_encryption/hooks/hooks.php | 30 ++++------- apps/files_encryption/lib/crypt.php | 2 - apps/files_encryption/lib/util.php | 14 +++++ lib/public/share.php | 97 ++++++++++++++++++----------------- 4 files changed, 75 insertions(+), 68 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index ebc345a47e7..ffd3e4544f1 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -164,21 +164,7 @@ class Hooks { } /** - * @brief get path of a file. - * @param $fileId id of the file - * @return path of the file - */ - private static function getFilePath($fileId) { - $query = \OC_DB::prepare('SELECT `path`' - .' FROM `*PREFIX*filecache`' - .' WHERE `fileid` = ?'); - $result = $query->execute(array($fileId)); - $row = $result->fetchRow(); - return $row['path']; - } - - /** - * @brief + * @brief get all users with access to the file and encrypt the file key to each of them */ public static function postShared( $params ) { @@ -194,9 +180,11 @@ class Hooks { $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); - $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); + $path = Util::getFilePath($params['itemSource']); + + $shares = \OCP\Share::getUsersSharingFile( $path, 1 ); - return Crypt::encKeyfileToMultipleUsers($shares, self::getFilePath($params['itemSource'])); + return Crypt::encKeyfileToMultipleUsers($shares, $path); } @@ -204,18 +192,20 @@ class Hooks { * @brief */ public static function preUnshare( $params ) { - $shares = \OCP\Share::getUsersSharingFile( $params['itemSource'], 1 ); + + $path = Util::getFilePath($params['itemSource']); + $shares = \OCP\Share::getUsersSharingFile( $path, 1 ); // remove the user from the list from which the file will be unshared unset($shares[$params['shareWith']]); - return Crypt::encKeyfileToMultipleUsers($shares, self::getFilePath($params['itemSource'])); + return Crypt::encKeyfileToMultipleUsers($shares, $path ); } /** * @brief */ public static function preUnshareAll( $params ) { - return Crypt::encKeyfileToMultipleUsers(array(\OCP\User::getUser()), self::getFilePath($params['itemSource'])); + return Crypt::encKeyfileToMultipleUsers(array(\OCP\User::getUser()), Util::getFilePath($params['itemSource'])); } } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index cbdae323e56..ba9f0cb9a2a 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -450,9 +450,7 @@ class Crypt { * @returns encrypted file */ public static function keyEncrypt( $plainContent, $publicKey ) { - openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); - return $encryptedContent; } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 52bc74db27a..843727d7ab4 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -472,5 +472,19 @@ class Util { } } + + /** + * @brief get path of a file. + * @param $fileId id of the file + * @return path of the file + */ + public static function getFilePath($fileId) { + $query = \OC_DB::prepare('SELECT `path`' + .' FROM `*PREFIX*filecache`' + .' WHERE `fileid` = ?'); + $result = $query->execute(array($fileId)); + $row = $result->fetchRow(); + return substr($row['path'], 5); + } } diff --git a/lib/public/share.php b/lib/public/share.php index 841240692d8..55ff4d4738f 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -149,64 +149,69 @@ class Share { * @note $path needs to be relative to user data dir, e.g. 'file.txt' * not '/admin/data/file.txt' */ - public static function getUsersSharingFile( $source, $includeOwner = 0 ) { - //TODO get also the recipients from folders which are shared above the current file - // Fetch all shares of this file path from DB - $query = \OC_DB::prepare( - 'SELECT share_with - FROM - `*PREFIX*share` - WHERE - item_source = ? AND share_type = ? AND uid_owner = ?' - ); - - $result = $query->execute( array( $source, self::SHARE_TYPE_USER, \OCP\User::getUser() ) ); - - if ( \OC_DB::isError( $result ) ) { - \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); - } - + public static function getUsersSharingFile( $path, $includeOwner = 0 ) { + + $user = \OCP\User::getUser(); + $path_parts = explode(DIRECTORY_SEPARATOR, trim($path, DIRECTORY_SEPARATOR)); + $path = ''; $shares = array(); - while( $row = $result->fetchRow() ) { - $shares[] = $row['share_with']; - } - - // We also need to take group shares into account - - $query = \OC_DB::prepare( - 'SELECT share_with - FROM - `*PREFIX*share` - WHERE - item_source = ? AND share_type = ? AND uid_owner = ?' - ); + foreach ($path_parts as $p) { + $path .= '/'.$p; + $meta = \OC\Files\Filesystem::getFileInfo(\OC_Filesystem::normalizePath($path)); + $source = $meta['fileid']; - $result = $query->execute( array( $source, self::SHARE_TYPE_GROUP, \OCP\User::getUser() ) ); - - if ( \OC_DB::isError( $result ) ) { - \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); - } - - while( $row = $result->fetchRow() ) { - $usersInGroup = \OC_Group::usersInGroup($row['share_with']); - $shares = array_merge($shares, $usersInGroup); + // Fetch all shares of this file path from DB + $query = \OC_DB::prepare( + 'SELECT share_with + FROM + `*PREFIX*share` + WHERE + item_source = ? AND share_type = ? AND uid_owner = ?' + ); + + $result = $query->execute( array( $source, self::SHARE_TYPE_USER, $user ) ); + + if ( \OC_DB::isError( $result ) ) { + \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); + } + + while( $row = $result->fetchRow() ) { + $shares[] = $row['share_with']; + } + + // We also need to take group shares into account + + $query = \OC_DB::prepare( + 'SELECT share_with + FROM + `*PREFIX*share` + WHERE + item_source = ? AND share_type = ? AND uid_owner = ?' + ); + + $result = $query->execute( array( $source, self::SHARE_TYPE_GROUP, $user ) ); + + if ( \OC_DB::isError( $result ) ) { + \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); + } + + while( $row = $result->fetchRow() ) { + $usersInGroup = \OC_Group::usersInGroup($row['share_with']); + $shares = array_merge($shares, $usersInGroup); + } } - + if ( ! empty( $shares ) ) { // Include owner in list of users, if requested if ( $includeOwner == 1 ) { - $shares[] = \OCP\User::getUser(); + $shares[] = $user; } - return array_unique($shares); - } else { - return false; - } - + } /** -- cgit v1.2.3 From 4952dfe95657ba52f1b39f958100659539831ba8 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Wed, 13 Feb 2013 14:56:39 +0100 Subject: add post_unshare hook, also add public link shares to the list of user with access to a file --- apps/files_encryption/appinfo/app.php | 2 +- apps/files_encryption/hooks/hooks.php | 9 ++++----- apps/files_encryption/lib/crypt.php | 4 +++- lib/public/share.php | 35 ++++++++++++++++++++++++++++------- 4 files changed, 36 insertions(+), 14 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index f83109a18ea..932e8855d07 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -16,7 +16,7 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set // Sharing-related hooks OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); -OCP\Util::connectHook( 'OCP\Share', 'pre_unshare', 'OCA\Encryption\Hooks', 'preUnshare' ); +OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' ); // Webdav-related hooks diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 5e06948aa50..ae05ba78012 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -176,6 +176,8 @@ class Hooks { //TODO: We don't deal with shared folder yet, need to recursively update every file in the folder + if ($params['shareType'] == \OCP\Share::SHARE_TYPE_LINK) + $view = new \OC_FilesystemView( '/' ); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); @@ -191,12 +193,9 @@ class Hooks { /** * @brief */ - public static function preUnshare( $params ) { - + public static function postUnshare( $params ) { $path = Util::getFilePath($params['itemSource']); - $shares = \OCP\Share::getUsersSharingFile( $path, true, false ); - // remove the user from the list from which the file will be unshared - unset($shares[$params['shareWith']]); + $shares = \OCP\Share::getUsersSharingFile( $path, true ); return Crypt::encKeyfileToMultipleUsers(array_unique($shares), $path ); } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ba9f0cb9a2a..0f465d7d95a 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -450,7 +450,9 @@ class Crypt { * @returns encrypted file */ public static function keyEncrypt( $plainContent, $publicKey ) { - openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); + + if (openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey )) error_log("feinifeine"); else error_log("ups"); + return $encryptedContent; } diff --git a/lib/public/share.php b/lib/public/share.php index 68f5e93baa7..f691ae9b39f 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -147,7 +147,6 @@ class Share { * @brief Find which users can access a shared item * @param $path to the file * @param include owner to the list of users with access to the file - * @param remove duplicates in the result * @return array * @note $path needs to be relative to user data dir, e.g. 'file.txt' * not '/admin/data/file.txt' @@ -203,6 +202,25 @@ class Share { $usersInGroup = \OC_Group::usersInGroup($row['share_with']); $shares = array_merge($shares, $usersInGroup); } + + //check for public link shares + $query = \OC_DB::prepare( + 'SELECT share_with + FROM + `*PREFIX*share` + WHERE + item_source = ? AND share_type = ? AND uid_owner = ?' + ); + + $result = $query->execute( array( $source, self::SHARE_TYPE_LINK, $user ) ); + + if ( \OC_DB::isError( $result ) ) { + \OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR ); + } + + if ($result->fetchRow()) { + $shares[] = self::SHARE_TYPE_LINK; + } } if ( ! empty( $shares ) ) { @@ -212,11 +230,8 @@ class Share { } } - if ( $removeDuplicates ) - return array_unique($shares); - else { - return $shares; - } + return array_unique($shares); + } /** @@ -475,8 +490,14 @@ class Share { 'itemSource' => $itemSource, 'shareType' => $shareType, 'shareWith' => $shareWith, - )); + )); self::delete($item['id']); + \OC_Hook::emit('OCP\Share', 'post_unshare', array( + 'itemType' => $itemType, + 'itemSource' => $itemSource, + 'shareType' => $shareType, + 'shareWith' => $shareWith, + )); return true; } return false; -- cgit v1.2.3 From 9356f9a6bf6e9bd048e31e787d5fcb621de8eebc Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Wed, 13 Feb 2013 17:23:27 +0100 Subject: add post_unshareALll hook, update recursively all keyfiles if a folder was shared/unshared --- apps/files_encryption/appinfo/app.php | 2 +- apps/files_encryption/hooks/hooks.php | 15 ++++++--------- apps/files_encryption/lib/crypt.php | 36 ++++++++++++++++++++++++++++++++++- lib/public/share.php | 5 +++++ 4 files changed, 47 insertions(+), 11 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 932e8855d07..6778e1faa3c 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -17,7 +17,7 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set // Sharing-related hooks OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); -OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' ); +OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' ); // Webdav-related hooks OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index ae05ba78012..34ed11c7e24 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -176,17 +176,13 @@ class Hooks { //TODO: We don't deal with shared folder yet, need to recursively update every file in the folder - if ($params['shareType'] == \OCP\Share::SHARE_TYPE_LINK) - $view = new \OC_FilesystemView( '/' ); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); $path = Util::getFilePath($params['itemSource']); - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - - return Crypt::encKeyfileToMultipleUsers($shares, $path); + return Crypt::updateKeyfile($path); } @@ -195,16 +191,17 @@ class Hooks { */ public static function postUnshare( $params ) { $path = Util::getFilePath($params['itemSource']); - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - return Crypt::encKeyfileToMultipleUsers(array_unique($shares), $path ); + return Crypt::updateKeyfile($path); } /** * @brief */ - public static function preUnshareAll( $params ) { - return Crypt::encKeyfileToMultipleUsers(array(\OCP\User::getUser()), Util::getFilePath($params['itemSource'])); + public static function postUnshareAll( $params ) { + $path = Util::getFilePath($params['itemSource']); + + return Crypt::updateKeyfile($path); } } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 0f465d7d95a..18e9535bf35 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -750,7 +750,7 @@ class Crypt { * @param $users list of users which should be able to access the file * @param $fileTarget target of the file */ - public static function encKeyfileToMultipleUsers($users, $filePath) { + private static function encKeyfileToMultipleUsers($users, $filePath) { $view = new \OC_FilesystemView( '/' ); $owner = \OCP\User::getUser(); $util = new Util( $view, $userId ); @@ -810,4 +810,38 @@ class Crypt { return true; } + + /** + * @brief update keyfile encryption for given path and all sub folders/files + * @param path which needs to be updated + * @return bool success + */ + public static function updateKeyfile($path) { + + $filesView = \OCP\Files::getStorage('files'); + + $result = true; + + if ( $filesView->is_dir($path) ) { + $content = $filesView->getDirectoryContent($path); + foreach ( $content as $c) { + $path = substr($c['path'], 5); + if ( $filesView->is_dir($path) ) { + error_log("dive into $path"); + $result &= self::updateKeyfile($path); + } else { + error_log("encKeyFileToMultipleUsers $path"); + $shares = \OCP\Share::getUsersSharingFile( $path, true ); + $result &= self::encKeyfileToMultipleUsers($shares, $path); + } + } + } else { + error_log("encKeyFileToMultipleUsers single file: " . $path); + $shares = \OCP\Share::getUsersSharingFile( $path, true ); + $result = self::encKeyfileToMultipleUsers($shares, $path); + } + + return $result; + + } } \ No newline at end of file diff --git a/lib/public/share.php b/lib/public/share.php index f691ae9b39f..d1297c6e59e 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -520,6 +520,11 @@ class Share { foreach ($shares as $share) { self::delete($share['id']); } + \OC_Hook::emit('OCP\Share', 'post_unshareAll', array( + 'itemType' => $itemType, + 'itemSource' => $itemSource, + 'shares' => $shares + )); return true; } return false; -- cgit v1.2.3 From 5005195db005fd0d7c8fdf1a73e12c4a4619acb9 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Wed, 13 Feb 2013 17:57:45 +0100 Subject: create keypair for ownCloud with empty passphrase, will be used for public link shares --- apps/files_encryption/lib/crypt.php | 5 +---- apps/files_encryption/lib/session.php | 28 ++++++++++++++++++++++++++++ lib/public/share.php | 2 +- 3 files changed, 30 insertions(+), 5 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 18e9535bf35..2e5912a8683 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -763,7 +763,7 @@ class Crypt { $util = new Util( $view, $user ); // Check that the user is encryption capable - if ( $util->ready() ) { + if ( $util->ready() && $user == 'ownCloud' ) { // Construct array of just UIDs for Keymanager{} $userIds[] = $user; @@ -827,16 +827,13 @@ class Crypt { foreach ( $content as $c) { $path = substr($c['path'], 5); if ( $filesView->is_dir($path) ) { - error_log("dive into $path"); $result &= self::updateKeyfile($path); } else { - error_log("encKeyFileToMultipleUsers $path"); $shares = \OCP\Share::getUsersSharingFile( $path, true ); $result &= self::encKeyfileToMultipleUsers($shares, $path); } } } else { - error_log("encKeyFileToMultipleUsers single file: " . $path); $shares = \OCP\Share::getUsersSharingFile( $path, true ); $result = self::encKeyfileToMultipleUsers($shares, $path); } diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index 769a40b359f..ebf7edcd715 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -27,6 +27,34 @@ namespace OCA\Encryption; */ class Session { + + /** + * @brief if session is started, check if ownCloud key pair is set up, if not create it + * + * The ownCloud key pair is used to allow public link sharing even if encryption is enabled + */ + public function __construct() { + $view = new \OC\Files\View('/'); + if (!$view->is_dir('owncloud_private_key')) { + $view->mkdir('owncloud_private_key'); + } + + if (!$view->file_exists("/public-keys/owncloud.public.key") || !$view->file_exists("/owncloud_private_key/owncloud.private.key") ) { + + $keypair = Crypt::createKeypair(); + + \OC_FileProxy::$enabled = false; + // Save public key + $view->file_put_contents( '/public-keys/owncloud.public.key', $keypair['publicKey'] ); + // Encrypt private key empthy passphrase + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' ); + // Save private key + error_log("encrypted private key: " . $encryptedPrivateKey ); + $view->file_put_contents( '/owncloud_private_key/owncloud.private.key', $encryptedPrivateKey ); + + \OC_FileProxy::$enabled = true; + } + } /** * @brief Sets user private key to session diff --git a/lib/public/share.php b/lib/public/share.php index d1297c6e59e..720337c3c38 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -219,7 +219,7 @@ class Share { } if ($result->fetchRow()) { - $shares[] = self::SHARE_TYPE_LINK; + $shares[] = "ownCloud"; } } -- cgit v1.2.3 From fd629983fa61ad7fdc1c6696e6b2fa1739ae6f28 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 19 Feb 2013 17:10:32 +0100 Subject: remove debug output --- apps/files_encryption/lib/crypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 2e5912a8683..a1684fc95f6 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -451,7 +451,7 @@ class Crypt { */ public static function keyEncrypt( $plainContent, $publicKey ) { - if (openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey )) error_log("feinifeine"); else error_log("ups"); + openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); return $encryptedContent; -- cgit v1.2.3 From 14ae373dfe86b34b3e027306b5f857a3f38ff418 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Tue, 19 Feb 2013 17:41:38 +0000 Subject: Fixed wrong array key reference --- apps/files_encryption/lib/crypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index a1684fc95f6..49b75c17f6a 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -371,7 +371,7 @@ class Crypt { * @brief Create asymmetrically encrypted keyfile content using a generated key * @param string $plainContent content to be encrypted * @param array $publicKeys array keys must be the userId of corresponding user - * @returns array keys: keys (array, key = userId), encrypted + * @returns array keys: keys (array, key = userId), data * @note symmetricDecryptFileContent() can decrypt files created using this method */ public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { -- cgit v1.2.3 From 1b880f2f96df514c68a17e90141cff9620c2ddb5 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Tue, 19 Feb 2013 19:16:50 +0000 Subject: Moved dependencies out of Crypt methods (encKeyfileToMultipleUsers)(DI) Fixed bug preventing sharing with users other than 'ownCloud' Added comments Moved functionality into filterShareReadyUsers() Other changes --- apps/files_encryption/appinfo/app.php | 2 +- apps/files_encryption/hooks/hooks.php | 23 ++++++--- apps/files_encryption/lib/crypt.php | 97 ++++++++++++++++++----------------- apps/files_encryption/lib/util.php | 41 +++++++++++++++ 4 files changed, 109 insertions(+), 54 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 6778e1faa3c..742e4add8f1 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -20,7 +20,7 @@ OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'pos OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' ); // Webdav-related hooks -OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' ); +OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfileFromClient' ); stream_wrapper_register( 'crypt', 'OCA\Encryption\Stream' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 50207246576..1ebfdb1ae0a 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -139,7 +139,7 @@ class Hooks { /** * @brief update the encryption key of the file uploaded by the client */ - public static function updateKeyfile( $params ) { + public static function updateKeyfileFromClient( $params ) { if ( Crypt::mode() == 'client' ) { @@ -175,12 +175,13 @@ class Hooks { // uidOwner -> owner of the original file being shared $view = new \OC_FilesystemView( '/' ); + $session = new Session(); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); - $path = Util::getFilePath($params['itemSource']); + $path = Util::getFilePath( $params['itemSource'] ); - return Crypt::updateKeyfile($path); + return Crypt::updateKeyfile( $view, $session, $path ); } @@ -188,18 +189,26 @@ class Hooks { * @brief */ public static function postUnshare( $params ) { - $path = Util::getFilePath($params['itemSource']); + + $view = new \OC_FilesystemView( '/' ); + $session = new Session(); + $path = Util::getFilePath( $params['itemSource'] ); + + return Crypt::updateKeyfile( $view, $session, $path ); - return Crypt::updateKeyfile($path); } /** * @brief */ public static function postUnshareAll( $params ) { - $path = Util::getFilePath($params['itemSource']); + + $view = new \OC_FilesystemView( '/' ); + $session = new Session(); + $path = Util::getFilePath( $params['itemSource'] ); + + return Crypt::updateKeyfile( $view, $session, $path ); - return Crypt::updateKeyfile($path); } } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 49b75c17f6a..1b0167834e1 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -746,52 +746,44 @@ class Crypt { /** - * @brief encrypt file key to multiple users - * @param $users list of users which should be able to access the file - * @param $fileTarget target of the file + * @brief Encrypt keyfile to multiple users + * @param array $users list of users which should be able to access the file + * @param string $filePath path of the file to be shared */ - private static function encKeyfileToMultipleUsers($users, $filePath) { - $view = new \OC_FilesystemView( '/' ); - $owner = \OCP\User::getUser(); - $util = new Util( $view, $userId ); - $session = new Session(); + private static function encKeyfileToMultipleUsers( \OC_FilesystemView $view, Util $util, Session $session, $userId, array $users, $filePath ) { + + // Make sure users are capable of sharing + $filteredUids = $util->filterShareReadyUsers( $users ); - $userIds = array(); + // Get public keys for each user, ready for generating sharekeys + $userPubKeys = Keymanager::getPublicKeys( $view, $filteredUids ); // TODO: check this includes the owner's public key + + \OC_FileProxy::$enabled = false; + + // Get the current users's private key for decrypting existing keyfile + $privateKey = $session->getPrivateKey(); - foreach ( $users as $user ) { + // We need to get a decrypted key for the file + // Determine how to decrypt the keyfile by checking if current user is owner + if ( $userId == \OC\Files\Filesystem::getOwner( $filePath ) ) { - $util = new Util( $view, $user ); - - // Check that the user is encryption capable - if ( $util->ready() && $user == 'ownCloud' ) { - // Construct array of just UIDs for Keymanager{} - $userIds[] = $user; - - } else { - - // Log warning; we can't do necessary setup here - // because we don't have the user passphrase - // TODO: Provide user feedback indicating that - // sharing failed - \OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$user.'" is not setup for encryption', \OC_Log::WARN ); + // If current user is owner, decrypt without using sharekey - } + } else { + + // Current user is resharing a file they don't own + // Decrypt keyfile using sharekey } - - $userPubKeys = Keymanager::getPublicKeys( $view, $userIds ); - - \OC_FileProxy::$enabled = false; - - // get the keyfile + // get the existing keyfile $encKeyfile = Keymanager::getFileKey( $view, $owner, $filePath ); - $privateKey = $session->getPrivateKey(); - - // decrypt the keyfile + // decrypt the existing keyfile $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); - + + trigger_error("PUBKEYS = ". var_export($userPubKeys, 1)); + // re-enc keyfile to sharekeys $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); @@ -816,29 +808,42 @@ class Crypt { * @param path which needs to be updated * @return bool success */ - public static function updateKeyfile($path) { + public static function updateKeyfile( \OC_FilesystemView $view, Util $util, Session $session, $path ) { - $filesView = \OCP\Files::getStorage('files'); + // Make path include 'files' dir for OC_FSV operations + $fPath = 'files' . $path; $result = true; - if ( $filesView->is_dir($path) ) { - $content = $filesView->getDirectoryContent($path); - foreach ( $content as $c) { + if ( ! $view->is_dir( $fPath ) ) { + + $shares = \OCP\Share::getUsersSharingFile( $path, true ); + $result = self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); + + } else { + + $content = $view->getDirectoryContent( $fPath ); + + foreach ( $content as $c ) { + $path = substr($c['path'], 5); - if ( $filesView->is_dir($path) ) { - $result &= self::updateKeyfile($path); + + if ( $view->is_dir( $fPath ) ) { + + $result &= self::updateKeyfile( $path ); + } else { + $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result &= self::encKeyfileToMultipleUsers($shares, $path); + $result &= self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); + } } - } else { - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result = self::encKeyfileToMultipleUsers($shares, $path); + } return $result; } + } \ No newline at end of file diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 843727d7ab4..8ca51c95d77 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -486,5 +486,46 @@ class Util { $row = $result->fetchRow(); return substr($row['path'], 5); } + + /** + * @brief Filter an array of UIDs to return only ones ready for sharing + * @param array $unfilteredUsers users to be checked for sharing readiness + * @return array $userIds filtered users + */ + public function filterShareReadyUsers( $unfilteredUsers ) { + + // This array will collect the filtered IDs + $userIds = array(); + + // Loop through users and create array of UIDs that need new keyfiles + foreach ( $unfilteredUsers as $user ) { + + $util = new Util( $this->view, $user ); + + // Check that the user is encryption capable, or is the + // public system user 'ownCloud' (for public shares) + if ( + $util->ready() + or $user == 'ownCloud' + ) { + + // Construct array of just UIDs for Keymanager{} + $userIds[] = $user; + + } else { + + // Log warning; we can't do necessary setup here + // because we don't have the user passphrase + // TODO: Provide user feedback indicating that + // sharing failed + \OC_Log::write( 'Encryption library', '"'.$user.'" is not setup for encryption', \OC_Log::WARN ); + + } + + } + + return $userIds; + + } } -- cgit v1.2.3 From 2d267501a10642e5c601ca87748b692ca58e4094 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 20 Feb 2013 19:18:00 +0000 Subject: Development snapshot Added comments Added methods --- apps/files_encryption/hooks/hooks.php | 54 +++++++--- apps/files_encryption/lib/crypt.php | 102 ------------------- apps/files_encryption/lib/keymanager.php | 4 +- apps/files_encryption/lib/proxy.php | 43 ++++++-- apps/files_encryption/lib/util.php | 169 +++++++++++++++++++++++++++++-- apps/files_encryption/test/util.php | 4 +- 6 files changed, 240 insertions(+), 136 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 1ebfdb1ae0a..6d982b2c3b0 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -178,10 +178,34 @@ class Hooks { $session = new Session(); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); + $path = $util->fileIdToPath( $params['itemSource'] ); - $path = Util::getFilePath( $params['itemSource'] ); - - return Crypt::updateKeyfile( $view, $session, $path ); + $usersSharing = \OCP\Share::getUsersSharingFile( $path, true ); + + $allPaths = $util->getPaths( $path ); + + $failed = array(); + + foreach ( $allPaths as $path ) { + + if ( ! $util->setSharedFileKeyfiles( $session, $usersSharing, $path ) ) { + + $failed[] = $path; + + } + + } + + // If no attempts to set keyfiles failed + if ( empty( $failed ) ) { + + return true; + + } else { + + return false; + + } } @@ -190,11 +214,13 @@ class Hooks { */ public static function postUnshare( $params ) { - $view = new \OC_FilesystemView( '/' ); - $session = new Session(); - $path = Util::getFilePath( $params['itemSource'] ); - - return Crypt::updateKeyfile( $view, $session, $path ); +// $view = new \OC_FilesystemView( '/' ); +// $session = new Session(); +// $userId = \OCP\User::getUser(); +// $util = new Util( $view, $userId ); +// $path = $util->fileIdToPath( $params['itemSource'] ); +// +// return Crypt::updateKeyfile( $view, $util, $session, $userId, $path ); } @@ -203,11 +229,13 @@ class Hooks { */ public static function postUnshareAll( $params ) { - $view = new \OC_FilesystemView( '/' ); - $session = new Session(); - $path = Util::getFilePath( $params['itemSource'] ); - - return Crypt::updateKeyfile( $view, $session, $path ); +// $view = new \OC_FilesystemView( '/' ); +// $session = new Session(); +// $userId = \OCP\User::getUser(); +// $util = new Util( $view, $userId ); +// $path = $util->fileIdToPath( $params['itemSource'] ); +// +// return Crypt::updateKeyfile( $view, $util, $session, $userId, $path ); } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 1b0167834e1..a677de950ae 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -744,106 +744,4 @@ class Crypt { } - - /** - * @brief Encrypt keyfile to multiple users - * @param array $users list of users which should be able to access the file - * @param string $filePath path of the file to be shared - */ - private static function encKeyfileToMultipleUsers( \OC_FilesystemView $view, Util $util, Session $session, $userId, array $users, $filePath ) { - - // Make sure users are capable of sharing - $filteredUids = $util->filterShareReadyUsers( $users ); - - // Get public keys for each user, ready for generating sharekeys - $userPubKeys = Keymanager::getPublicKeys( $view, $filteredUids ); // TODO: check this includes the owner's public key - - \OC_FileProxy::$enabled = false; - - // Get the current users's private key for decrypting existing keyfile - $privateKey = $session->getPrivateKey(); - - // We need to get a decrypted key for the file - // Determine how to decrypt the keyfile by checking if current user is owner - if ( $userId == \OC\Files\Filesystem::getOwner( $filePath ) ) { - - // If current user is owner, decrypt without using sharekey - - } else { - - // Current user is resharing a file they don't own - // Decrypt keyfile using sharekey - - } - - // get the existing keyfile - $encKeyfile = Keymanager::getFileKey( $view, $owner, $filePath ); - - // decrypt the existing keyfile - $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); - - trigger_error("PUBKEYS = ". var_export($userPubKeys, 1)); - - // re-enc keyfile to sharekeys - $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); - - // save sharekeys - if ( ! Keymanager::setShareKeys( $view, $filePath, $shareKeys['keys'] ) ) { - - trigger_error( "SET Share keys failed" ); - - } - - // Delete existing keyfile - // Do this last to ensure file is recoverable in case of error - // Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] ); - - \OC_FileProxy::$enabled = true; - - return true; - } - - /** - * @brief update keyfile encryption for given path and all sub folders/files - * @param path which needs to be updated - * @return bool success - */ - public static function updateKeyfile( \OC_FilesystemView $view, Util $util, Session $session, $path ) { - - // Make path include 'files' dir for OC_FSV operations - $fPath = 'files' . $path; - - $result = true; - - if ( ! $view->is_dir( $fPath ) ) { - - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result = self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); - - } else { - - $content = $view->getDirectoryContent( $fPath ); - - foreach ( $content as $c ) { - - $path = substr($c['path'], 5); - - if ( $view->is_dir( $fPath ) ) { - - $result &= self::updateKeyfile( $path ); - - } else { - - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result &= self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); - - } - } - - } - - return $result; - - } - } \ No newline at end of file diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 5f9eea1a0bc..ec1fdd1fd55 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -305,8 +305,8 @@ class Keymanager { /** * @brief retrieve shareKey for an encrypted file * @param \OC_FilesystemView $view - * @param $userId - * @param $filePath + * @param string $userId + * @param string $filePath * @internal param \OCA\Encryption\file $string name * @return string file key or false * @note The sharekey returned is encrypted. Decryption diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 3e4178e8a87..9e6a11d9d48 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -169,6 +169,24 @@ class Proxy extends \OC_FileProxy { * @param string $data Data that has been read from file */ public function postFile_get_contents( $path, $data ) { + + // FIXME: $path for shared files is just /uid/files/Shared/filepath + + $userId = \OCP\USER::getUser(); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); + + if ( $util->isSharedPath( $path ) ) { + + $relPath = $util->stripSharedFilePath( $path ); + + } else { + + $relPath = $util->stripUserFilesPath( $path ); + + } + + // TODO check for existing key file and reuse it if possible to avoid problems with versioning etc. // Disable encryption proxy to prevent recursive calls \OC_FileProxy::$enabled = false; @@ -178,27 +196,34 @@ class Proxy extends \OC_FileProxy { Crypt::mode() == 'server' && Crypt::isCatfile( $data ) ) { - $view = new \OC_FilesystemView( '/' ); + // TODO use get owner to find correct location of key files for shared files - $userId = \OCP\USER::getUser(); $session = new Session(); - $util = new Util( $view, $userId ); - $filePath = $util->stripUserFilesPath( $path ); $privateKey = $session->getPrivateKey( $userId ); + // Get the file owner so we can retrieve its keyfile + $fileOwner = \OC\Files\Filesystem::getOwner( $relPath ); //NOTE: This might be false! make sure the path passed to it is right + $fileOwner = 'admin'; // FIXME: Manually set the correct UID for now + // Get the encrypted keyfile - $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ); + $encKeyfile = Keymanager::getFileKey( $view, $fileOwner, $relPath ); - // Check if key is shared or not - if ( \OCP\Share::isSharedFile( $filePath ) ) { + trigger_error("\$encKeyfile = ". var_export($encKeyfile, 1)); + + // Attempt to fetch the user's shareKey + $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); + + trigger_error("\$shareKey = ".var_export($shareKey, 1)); - // If key is shared, fetch the user's shareKey - $shareKey = Keymanager::getShareKey( $view, $userId, $filePath ); + // Check if key is shared or not + if ( $shareKey ) { \OC_FileProxy::$enabled = false; // Decrypt keyfile with shareKey $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); + + trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1)); } else { diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 8ca51c95d77..ac098cd877d 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -224,7 +224,7 @@ class Util { * @note $directory needs to be a path relative to OC data dir. e.g. * /admin/files NOT /backup OR /home/www/oc/data/admin/files */ - public function findFiles( $directory ) { + public function findEncFiles( $directory ) { // Disable proxy - we don't want files to be decrypted before // we handle them @@ -251,7 +251,7 @@ class Util { // its contents if ( $this->view->is_dir( $filePath ) ) { - $this->findFiles( $filePath ); + $this->findEncFiles( $filePath ); // If the path is a file, determine // its encryption status @@ -348,6 +348,38 @@ class Util { } + /** + * @brief Format a shared path to be relative to the /user/files/ directory + * @note Expects a path like /uid/files/Shared/filepath + */ + public function stripSharedFilePath( $path ) { + + $trimmed = ltrim( $path, '/' ); + $split = explode( '/', $trimmed ); + $sliced = array_slice( $split, 3 ); + $relPath = implode( '/', $sliced ); + + return $relPath; + + } + + public function isSharedPath( $path ) { + + $trimmed = ltrim( $path, '/' ); + $split = explode( '/', $trimmed ); + + if ( $split[2] == "Shared" ) { + + return true; + + } else { + + return false; + + } + + } + /** * @brief Encrypt all files in a directory * @param string $publicKey the public key to encrypt files with @@ -356,7 +388,7 @@ class Util { */ public function encryptAll( $publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null ) { - if ( $found = $this->findFiles( $dirPath ) ) { + if ( $found = $this->findEncFiles( $dirPath ) ) { // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; @@ -478,13 +510,18 @@ class Util { * @param $fileId id of the file * @return path of the file */ - public static function getFilePath($fileId) { - $query = \OC_DB::prepare('SELECT `path`' + public static function fileIdToPath( $fileId ) { + + $query = \OC_DB::prepare( 'SELECT `path`' .' FROM `*PREFIX*filecache`' - .' WHERE `fileid` = ?'); - $result = $query->execute(array($fileId)); + .' WHERE `fileid` = ?' ); + + $result = $query->execute( array( $fileId ) ); + $row = $result->fetchRow(); - return substr($row['path'], 5); + + return substr( $row['path'], 5 ); + } /** @@ -527,5 +564,121 @@ class Util { return $userIds; } + + /** + * @brief Expand given path to all sub files & folders + * @param Session $session + * @param string $path path which needs to be updated + * @return bool outcome of attempt to set keyfiles + */ + public function getPaths( $path ) { + + // Default return value is success + $result = true; + + // Make path include 'files' dir for OC_FSV operations + $fPath = 'files' . $path; + + // If we're handling a single file + if ( ! $this->view->is_dir( $fPath ) ) { + + $pathsArray[] = $path; + + // If we're handling a folder (recursively) + } else { + + $subFiles = $this->view->getDirectoryContent( $fPath ); + + foreach ( $subFiles as $file ) { + + $filePath = substr( $file['path'], 5 ); + + // If this is a nested file + if ( ! $this->view->is_dir( $fPath ) ) { + + // Add the file path to array + $pathsArray[] = $path; + + } else { + + // If this is a nested folder + $dirPaths = $this->getPaths( $filePath ); + + // Add all subfiles & folders to the array + $pathsArray = array_merge( $dirPaths, $pathsArray ); + + } + } + + } + + return $pathsArray; + + } + + /** + * @brief Encrypt keyfile to multiple users + * @param array $users list of users which should be able to access the file + * @param string $filePath path of the file to be shared + */ + public function setSharedFileKeyfiles( Session $session, array $users, $filePath ) { + + // Make sure users are capable of sharing + $filteredUids = $this->filterShareReadyUsers( $users ); + + // Get public keys for each user, ready for generating sharekeys + $userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids ); // TODO: check this includes the owner's public key + + \OC_FileProxy::$enabled = false; + + // Get the current users's private key for decrypting existing keyfile + $privateKey = $session->getPrivateKey(); + + $fileOwner = \OC\Files\Filesystem::getOwner( $filePath ); + + // Get the encrypted keyfile + // NOTE: the keyfile format depends on how it was encrypted! At + // this stage we don't know how it was encrypted + $encKeyfile = Keymanager::getFileKey( $this->view, $this->userId, $filePath ); + + // We need to decrypt the keyfile + // Has the file been shared yet? + if ( + $this->userId == $fileOwner + && ! Keymanager::getShareKey( $this->view, $this->userId, $filePath ) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true + ) { + + // The file has no shareKey, and its keyfile must be + // decrypted conventionally + $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); + + + } else { + + // The file has a shareKey and must use it for decryption + $shareKey = Keymanager::getShareKey( $this->view, $this->userId, $filePath ); + + $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); + + } + + // Re-enc keyfile to (additional) sharekeys + $newShareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); + + // Save new sharekeys to all necessary user folders + if ( ! Keymanager::setShareKeys( $this->view, $filePath, $newShareKeys['keys'] ) ) { + + trigger_error( "SET Share keys failed" ); + + } + + // Delete existing keyfile + // Do this last to ensure file is recoverable in case of error + // Keymanager::deleteFileKey( $this->view, $this->userId, $params['fileTarget'] ); + + \OC_FileProxy::$enabled = true; + + return true; + } } diff --git a/apps/files_encryption/test/util.php b/apps/files_encryption/test/util.php index 1cdeff8008d..275e60f4bd6 100755 --- a/apps/files_encryption/test/util.php +++ b/apps/files_encryption/test/util.php @@ -150,13 +150,13 @@ class Test_Enc_Util extends \PHPUnit_Framework_TestCase { } - function testFindFiles() { + function testFindEncFiles() { // $this->view->chroot( "/data/{$this->userId}/files" ); $util = new Encryption\Util( $this->view, $this->userId ); - $files = $util->findFiles( '/', 'encrypted' ); + $files = $util->findEncFiles( '/', 'encrypted' ); var_dump( $files ); -- cgit v1.2.3 From 4550ae6a69c00aeab2f54d0210ae5dee90f7ee82 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Tue, 26 Feb 2013 18:11:29 +0000 Subject: Shared encrypted files now readable by both sharer and sharee --- apps/files_encryption/lib/crypt.php | 2 ++ apps/files_encryption/lib/keymanager.php | 20 +++++++++++++---- apps/files_encryption/lib/proxy.php | 15 +++++++------ apps/files_encryption/lib/util.php | 37 ++++++++++++++++++++++---------- 4 files changed, 53 insertions(+), 21 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index a677de950ae..5a2d99df546 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -391,6 +391,8 @@ class Crypt { if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { +// trigger_error("SEALED = $sealed"); + $i = 0; // Ensure each shareKey is labelled with its diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index d35ad8f4d5e..ec4057d0983 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -105,6 +105,8 @@ class Keymanager { */ public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { + \OC_FileProxy::$enabled = false; + \OC\Files\Filesystem::initMountPoints($userId); $basePath = '/' . $userId . '/files_encryption/keyfiles'; @@ -112,15 +114,19 @@ class Keymanager { if ( $view->is_dir( $basePath . '/' . $targetPath ) ) { - + // FIXME: write me } else { // Save the keyfile in parallel directory - return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); + $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); } + \OC_FileProxy::$enabled = true; + + return $result; + } /** @@ -140,16 +146,22 @@ class Keymanager { $keyfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key'; + \OC_FileProxy::$enabled = false; + if ( $view->file_exists( $keyfilePath ) ) { - return $view->file_get_contents( $keyfilePath ); + $result = $view->file_get_contents( $keyfilePath ); } else { - return false; + $result = false; } + \OC_FileProxy::$enabled = true; + + return $result; + } /** diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 56c9000bfb0..29207dce07d 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -91,7 +91,8 @@ class Proxy extends \OC_FileProxy { return false; } - public function preFile_put_contents( $path, &$data ) { + public function preFile_put_contents( $path, &$data ) { + // TODO check for existing key file and reuse it if possible to avoid problems with versioning etc. if ( self::shouldEncrypt( $path ) ) { @@ -204,22 +205,22 @@ class Proxy extends \OC_FileProxy { // Get the encrypted keyfile $encKeyfile = Keymanager::getFileKey( $view, $fileOwner, $relPath ); - trigger_error("\$encKeyfile = ". var_export($encKeyfile, 1)); - // Attempt to fetch the user's shareKey $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); - trigger_error("\$shareKey = ".var_export($shareKey, 1)); - // Check if key is shared or not if ( $shareKey ) { \OC_FileProxy::$enabled = false; +// trigger_error("\$encKeyfile = $encKeyfile, \$shareKey = $shareKey, \$privateKey = $privateKey"); + // Decrypt keyfile with shareKey $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1)); +// $plainKeyfile = $encKeyfile; + +// trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1)); } else { @@ -229,6 +230,8 @@ class Proxy extends \OC_FileProxy { } $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile ); + +// trigger_error("PLAINDATA = ". var_export($plainData, 1)); } elseif ( Crypt::mode() == 'server' diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ac098cd877d..920ff3eb159 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -21,17 +21,28 @@ * */ -// Todo: +# Bugs +# ---- +# Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer +# Deleting files if keyfile is missing fails +# When encryption app is disabled files become unreadable +# Timeouts on first login due to encryption of very large files +# MultiKeyEncrypt() may be failing + + +# Missing features +# ---------------- +# Unshare a file +# Re-use existing keyfiles so they don't need version control +# Make sure user knows if large files weren't encrypted +# Trashbin support + + +// Old Todo: // - Crypt/decrypt button in the userinterface // - Setting if crypto should be on by default // - Add a setting "Don´t encrypt files larger than xx because of performance // reasons" -// - Transparent decrypt/encrypt in filesystem.php. Autodetect if a file is -// encrypted (.encrypted extension) -// - Don't use a password directly as encryption key. but a key which is -// stored on the server and encrypted with the user password. -> password -// change faster -// - IMPORTANT! Check if the block lenght of the encrypted data stays the same namespace OCA\Encryption; @@ -663,10 +674,14 @@ class Util { } // Re-enc keyfile to (additional) sharekeys - $newShareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); - - // Save new sharekeys to all necessary user folders - if ( ! Keymanager::setShareKeys( $this->view, $filePath, $newShareKeys['keys'] ) ) { + $multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); + + // Save the recrypted key to it's owner's keyfiles directory + // Save new sharekeys to all necessary user directory + if ( + ! Keymanager::setFileKey( $this->view, $filePath, $fileOwner, $multiEncKey['data'] ) + || ! Keymanager::setShareKeys( $this->view, $filePath, $multiEncKey['keys'] ) + ) { trigger_error( "SET Share keys failed" ); -- cgit v1.2.3 From 69bc42f920324ef02ade5dff6bd52f2ddde113a2 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 27 Feb 2013 16:15:03 +0000 Subject: Deleting encrypted files with missing keyfiles/shareKeys now succeeds --- apps/files_encryption/hooks/hooks.php | 9 ++------- apps/files_encryption/lib/crypt.php | 2 -- apps/files_encryption/lib/proxy.php | 27 +++++++++++++++++++++------ apps/files_encryption/lib/util.php | 3 --- 4 files changed, 23 insertions(+), 18 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index fb3545208d2..590ba7b1b97 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -279,13 +279,8 @@ class Hooks { */ public static function postUnshareAll( $params ) { -// $view = new \OC_FilesystemView( '/' ); -// $session = new Session(); -// $userId = \OCP\User::getUser(); -// $util = new Util( $view, $userId ); -// $path = $util->fileIdToPath( $params['itemSource'] ); -// -// return Crypt::updateKeyfile( $view, $util, $session, $userId, $path ); + // NOTE: It appears that this is never called for files, so + // we may not need to implement it } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 5a2d99df546..a138f5f3cb0 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -390,8 +390,6 @@ class Crypt { $shareKeys = array(); if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { - -// trigger_error("SEALED = $sealed"); $i = 0; diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 29207dce07d..92a70499367 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -272,23 +272,38 @@ class Proxy extends \OC_FileProxy { $split = explode( '/', $trimmed ); $sliced = array_slice( $split, 2 ); $relPath = implode( '/', $sliced ); + $filePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/'. $relPath; if ( $view->is_dir( $path ) ) { // Dirs must be handled separately as deleteFileKey // doesn't handle them - $view->unlink( $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/'. $relPath ); + $view->unlink( $filePath ); } else { - // Delete keyfile so it isn't orphaned - $result = Keymanager::deleteFileKey( $view, $userId, $relPath ); - - \OC_FileProxy::$enabled = true; + // Delete keyfile & shareKey so it isn't orphaned + if ( + ! ( + Keymanager::deleteFileKey( $view, $userId, $relPath ) + && Keymanager::delShareKey( $view, $userId, $relPath ) + ) + ) { + + \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "'.$filePath.'"', \OC_Log::ERROR ); + + + } + - return $result; } + + \OC_FileProxy::$enabled = true; + + // If we don't return true then file delete will fail; better + // to leave orphaned keyfiles than to disallow file deletion + return true; } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 02c62e160c8..31ce3a413cc 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -24,15 +24,12 @@ # Bugs # ---- # Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer -# Deleting files if keyfile is missing fails # When encryption app is disabled files become unreadable # Timeouts on first login due to encryption of very large files -# MultiKeyEncrypt() may be failing # Missing features # ---------------- -# Unshare a file # Re-use existing keyfiles so they don't need version control # Make sure user knows if large files weren't encrypted # Trashbin support -- cgit v1.2.3 From e65e6a12f1270faec377363f02f27ddd7d68b8e9 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Mon, 4 Mar 2013 15:33:38 +0100 Subject: define key size in constructor, otherwise the key size will depend on the servers openssl conf --- apps/files_encryption/lib/crypt.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index a138f5f3cb0..2be6e3ae5d9 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -56,7 +56,7 @@ class Crypt { */ public static function createKeypair() { - $res = openssl_pkey_new(); + $res = openssl_pkey_new(array('private_key_bits' => 4096)); // Get private key openssl_pkey_export( $res, $privateKey ); @@ -450,7 +450,7 @@ class Crypt { * @returns encrypted file */ public static function keyEncrypt( $plainContent, $publicKey ) { - + openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); return $encryptedContent; -- cgit v1.2.3 From c1f1fbda08b464b286e309283ed81d16f30a5ca6 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Sat, 9 Mar 2013 19:18:34 +0100 Subject: Fixed stream wrapper bugs Switched encryptAll() to use stream-based instead of file-at-a-time encryption Development snapshot --- apps/files_encryption/lib/crypt.php | 4 +- apps/files_encryption/lib/proxy.php | 10 ++--- apps/files_encryption/lib/stream.php | 60 +++++++++++---------------- apps/files_encryption/lib/util.php | 78 ++++++++++++++++++++++++++++++------ apps/files_encryption/test/crypt.php | 6 +-- 5 files changed, 99 insertions(+), 59 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 2be6e3ae5d9..f92930c2cbd 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -114,7 +114,7 @@ class Crypt { * @return true / false * @note see also OCA\Encryption\Util->isEncryptedPath() */ - public static function isCatfile( $content ) { + public static function isCatfileContent( $content ) { if ( !$content ) { @@ -179,7 +179,7 @@ class Crypt { if ( isset( $metadata['encrypted'] ) and $metadata['encrypted'] === true - and ! self::isCatfile( $data ) + and ! self::isCatfileContent( $data ) ) { return true; diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index c5b1c8154c4..2a738c80e38 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -74,7 +74,7 @@ class Proxy extends \OC_FileProxy { } - if ( Crypt::isCatfile( $path ) ) { + if ( Crypt::isCatfileContent( $path ) ) { return true; @@ -209,7 +209,7 @@ class Proxy extends \OC_FileProxy { // If data is a catfile if ( Crypt::mode() == 'server' - && Crypt::isCatfile( $data ) + && Crypt::isCatfileContent( $data ) ) { // TODO use get owner to find correct location of key files for shared files @@ -439,7 +439,7 @@ class Proxy extends \OC_FileProxy { public function postGetMimeType( $path, $mime ) { - if ( Crypt::isCatfile( $path ) ) { + if ( Crypt::isCatfileContent( $path ) ) { $mime = \OCP\Files::getMimeType( 'crypt://' . $path, 'w' ); @@ -451,7 +451,7 @@ class Proxy extends \OC_FileProxy { public function postStat( $path, $data ) { - if ( Crypt::isCatfile( $path ) ) { + if ( Crypt::isCatfileContent( $path ) ) { $cached = \OC\Files\Filesystem::getFileInfo( $path, '' ); @@ -464,7 +464,7 @@ class Proxy extends \OC_FileProxy { public function postFileSize( $path, $size ) { - if ( Crypt::isCatfile( $path ) ) { + if ( Crypt::isCatfileContent( $path ) ) { $cached = \OC\Files\Filesystem::getFileInfo( $path, '' ); diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 6074638ab39..0b2e6ab3e64 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -68,42 +68,33 @@ class Stream { private $rootView; // a fsview object set to '/' public function stream_open( $path, $mode, $options, &$opened_path ) { - - $this->userId = \OCP\User::getUser(); - // Get access to filesystem via filesystemview object - if ( !self::$view ) { - - self::$view = new \OC_FilesystemView( $this->userId . '/' ); - - } + $this->userId = \OCP\User::getUser(); - // Set rootview object if necessary - if ( ! $this->rootView ) { + if ( ! isset( $this->rootView ) ) { - $this->rootView = new \OC_FilesystemView( $this->userId . '/' ); + $this->rootView = new \OC_FilesystemView( '/' ); } - // Get the bare file path - $path = str_replace( 'crypt://', '', $path ); + // Strip identifier text from path + $this->rawPath = str_replace( 'crypt://', '', $path ); - $this->rawPath = $path; - - $this->path_f = $this->userId . '/files/' . $path; + // Set file path relative to user files dir + $this->relPath = $this->userId . '/files/' . $this->rawPath; if ( - dirname( $path ) == 'streams' - and isset( self::$sourceStreams[basename( $path )] ) + dirname( $this->rawPath ) == 'streams' + and isset( self::$sourceStreams[basename( $this->rawPath )] ) ) { // Is this just for unit testing purposes? - $this->handle = self::$sourceStreams[basename( $path )]['stream']; + $this->handle = self::$sourceStreams[basename( $this->rawPath )]['stream']; - $this->path = self::$sourceStreams[basename( $path )]['path']; + $this->path = self::$sourceStreams[basename( $this->rawPath )]['path']; - $this->size = self::$sourceStreams[basename( $path )]['size']; + $this->size = self::$sourceStreams[basename( $this->rawPath )]['size']; } else { @@ -114,41 +105,38 @@ class Stream { or $mode == 'wb+' ) { + // We're writing a new file so start write counter with 0 bytes $this->size = 0; } else { + $this->size = $this->rootView->filesize( $this->relPath, $mode ); - - $this->size = self::$view->filesize( $this->path_f, $mode ); - - //$this->size = filesize( $path ); + //$this->size = filesize( $this->rawPath ); } // Disable fileproxies so we can open the source file without recursive encryption \OC_FileProxy::$enabled = false; - //$this->handle = fopen( $path, $mode ); + //$this->handle = fopen( $this->rawPath, $mode ); - $this->handle = self::$view->fopen( $this->path_f, $mode ); + $this->handle = $this->rootView->fopen( $this->relPath, $mode ); \OC_FileProxy::$enabled = true; - if ( !is_resource( $this->handle ) ) { + if ( ! is_resource( $this->handle ) ) { - \OCP\Util::writeLog( 'files_encryption', 'failed to open '.$path, \OCP\Util::ERROR ); + \OCP\Util::writeLog( 'files_encryption', 'failed to open file "'.$this->rootView . '"', \OCP\Util::ERROR ); + } else { + + $this->meta = stream_get_meta_data( $this->handle ); + } } - if ( is_resource( $this->handle ) ) { - - $this->meta = stream_get_meta_data( $this->handle ); - - } - return is_resource( $this->handle ); } @@ -238,7 +226,7 @@ class Stream { // If a keyfile already exists for a file named identically to // file to be written - if ( self::$view->file_exists( $this->userId . '/'. 'files_encryption' . '/' . 'keyfiles' . '/' . $this->rawPath . '.key' ) ) { + if ( $this->rootView->file_exists( $this->userId . '/'. 'files_encryption' . '/' . 'keyfiles' . '/' . $this->rawPath . '.key' ) ) { // TODO: add error handling for when file exists but no // keyfile diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 6a18feea7df..e8b5be2de15 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -24,13 +24,12 @@ # Bugs # ---- # Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer -# When encryption app is disabled files become unreadable # Timeouts on first login due to encryption of very large files # Missing features # ---------------- -# Re-use existing keyfiles so they don't need version control +# Re-use existing keyfiles so they don't need version control (part implemented, stream{} and util{} remain) # Make sure user knows if large files weren't encrypted # Trashbin support @@ -280,14 +279,14 @@ class Util { // will eat server resources :( if ( Keymanager::getFileKey( $this->view, $this->userId, $file ) - && Crypt::isCatfile( $data ) + && Crypt::isCatfileContent( $data ) ) { $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); // If the file uses old // encryption system - } elseif ( Crypt::isLegacyEncryptedContent( $this->view->file_get_contents( $filePath ), $relPath ) ) { + } elseif ( Crypt::isLegacyEncryptedContent( $this->tail( $filePath, 3 ), $relPath ) ) { $found['legacy'][] = array( 'name' => $file, 'path' => $filePath ); @@ -324,6 +323,49 @@ class Util { } + /** + * @brief Fetch the last lines of a file efficiently + * @note Safe to use on large files; does not read entire file to memory + * @note Derivative of http://tekkie.flashbit.net/php/tail-functionality-in-php + */ + public function tail( $filename, $numLines ) { + + \OC_FileProxy::$enabled = false; + + $text = ''; + $pos = -1; + $handle = $this->view->fopen( $filename, 'r' ); + + while ( $numLines > 0 ) { + + --$pos; + + if( fseek( $handle, $pos, SEEK_END ) !== 0 ) { + + rewind( $handle ); + $numLines = 0; + + } elseif ( fgetc( $handle ) === "\n" ) { + + --$numLines; + + } + + $block_size = ( -$pos ) % 8192; + if ( $block_size === 0 || $numLines === 0 ) { + + $text = fread( $handle, ( $block_size === 0 ? 8192 : $block_size ) ) . $text; + + } + } + + fclose( $handle ); + + \OC_FileProxy::$enabled = true; + + return $text; + } + /** * @brief Check if a given path identifies an encrypted file * @return true / false @@ -338,7 +380,7 @@ class Util { \OC_FileProxy::$enabled = true; - return Crypt::isCatfile( $data ); + return Crypt::isCatfileContent( $data ); } @@ -403,22 +445,32 @@ class Util { // Encrypt unencrypted files foreach ( $found['plain'] as $plainFile ) { + + // Open plain file handle + + + // Open enc file handle + - // Fetch data from file - $plainData = $this->view->file_get_contents( $plainFile['path'] ); + // Read plain file in chunks - // Encrypt data, generate catfile - $encrypted = Crypt::keyEncryptKeyfile( $plainData, $publicKey ); $relPath = $this->stripUserFilesPath( $plainFile['path'] ); - // Save keyfile - Keymanager::setFileKey( $this->view, $relPath, $this->userId, $encrypted['key'] ); + // Open handle with for binary reading + $plainHandle = $this->view->fopen( $plainFile['path'], 'rb' ); + // Open handle with for binary writing + $encHandle = fopen( 'crypt://' . 'var/www/oc6/data/' . $plainFile['path'] . '.tmp', 'ab' ); // Overwrite the existing file with the encrypted one - $this->view->file_put_contents( $plainFile['path'], $encrypted['data'] ); + //$this->view->file_put_contents( $plainFile['path'], $encrypted['data'] ); + $size = stream_copy_to_stream( $plainHandle, $encHandle ); + + // Fetch the key that has just been set/updated by the stream + $encKey = Keymanager::getFileKey( $relPath ); - $size = strlen( $encrypted['data'] ); + // Save keyfile + Keymanager::setFileKey( $this->view, $relPath, $this->userId, $encKey ); // Add the file to the cache \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' ); diff --git a/apps/files_encryption/test/crypt.php b/apps/files_encryption/test/crypt.php index 48ad2ee0075..b02e63b2ffc 100755 --- a/apps/files_encryption/test/crypt.php +++ b/apps/files_encryption/test/crypt.php @@ -416,13 +416,13 @@ class Test_Crypt extends \PHPUnit_Framework_TestCase { function testIsEncryptedContent() { - $this->assertFalse( Encryption\Crypt::isCatfile( $this->dataUrl ) ); + $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->dataUrl ) ); - $this->assertFalse( Encryption\Crypt::isCatfile( $this->legacyEncryptedData ) ); + $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->legacyEncryptedData ) ); $keyfileContent = Encryption\Crypt::symmetricEncryptFileContent( $this->dataUrl, 'hat' ); - $this->assertTrue( Encryption\Crypt::isCatfile( $keyfileContent ) ); + $this->assertTrue( Encryption\Crypt::isCatfileContent( $keyfileContent ) ); } -- cgit v1.2.3 From 5b160edebba2a10de83b09a8010a811321dd6370 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Wed, 15 May 2013 14:02:13 +0200 Subject: check if the user knows the correct recovery password before changing the recovery key settings --- .gitignore | 1 + apps/files_encryption/ajax/adminrecovery.php | 63 +++++++++++++++++++++------- apps/files_encryption/hooks/hooks.php | 3 +- apps/files_encryption/js/settings-admin.js | 6 ++- apps/files_encryption/lib/crypt.php | 10 +++-- 5 files changed, 63 insertions(+), 20 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/.gitignore b/.gitignore index b57dd3d2058..bc0c1d53a55 100644 --- a/.gitignore +++ b/.gitignore @@ -77,3 +77,4 @@ data-autotest /tests/coverage* /tests/autoconfig* /tests/autotest* +/l10n/.tx/ \ No newline at end of file diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php index 6a056dc7b3d..520c7156c89 100644 --- a/apps/files_encryption/ajax/adminrecovery.php +++ b/apps/files_encryption/ajax/adminrecovery.php @@ -15,16 +15,37 @@ use OCA\Encryption; $return = false; +function checkPassword($view, $password, $recoveryKeyId) { + $pathKey = '/owncloud_private_key/'. $recoveryKeyId . ".private.key"; + $pathControlData = '/control-file/controlfile.enc'; + + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + $recoveryKey = $view->file_get_contents( $pathKey ); + + $decryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricDecryptFileContent($recoveryKey, $password); + + $controlData = $view->file_get_contents($pathControlData); + $decryptedControlData = \OCA\Encryption\Crypt::keyDecrypt($controlData, $decryptedRecoveryKey); + + \OC_FileProxy::$enabled = $proxyStatus; + + if ($decryptedControlData === 'ownCloud') { + return true; + } else { + return false; + } +} + + // Enable recoveryAdmin -if ( - isset($_POST['adminEnableRecovery']) - && 1 == $_POST['adminEnableRecovery'] -) { +$recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); - $view = new \OC\Files\View('/'); +if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1){ - $recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + $view = new \OC\Files\View('/'); if ($recoveryKeyId === null) { $recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8); @@ -38,8 +59,6 @@ if ( if ( (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key") || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key")) - && isset($_POST['recoveryPassword']) - && !empty($_POST['recoveryPassword']) ) { $keypair = \OCA\Encryption\Crypt::createKeypair(); @@ -60,25 +79,39 @@ if ( // Save private key $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey); + // create control file which let us check later on if the entered password was correct. + $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']); + if (!$view->is_dir('/control-file')) { + $view->mkdir('/control-file'); + } + $view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData); + \OC_FileProxy::$enabled = true; - } + // Set recoveryAdmin as enabled + OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); - // Set recoveryAdmin as enabled - OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); + $return = true; - $return = true; + } else { // get recovery key and check the password + $return = checkPassword($view, $_POST['recoveryPassword'] ,$recoveryKeyId); + if ($return) { + OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); + } + } // Disable recoveryAdmin } elseif ( isset($_POST['adminEnableRecovery']) && 0 == $_POST['adminEnableRecovery'] ) { + $view = new \OC\Files\View('/'); + $return = checkPassword($view, $_POST['recoveryPassword'], $recoveryKeyId); - // Set recoveryAdmin as enabled + if ($return) { + // Set recoveryAdmin as disabled OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0); - - $return = true; + } } // Return success or failure diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 31175d1c346..ed254fd8d8b 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -59,7 +59,8 @@ class Hooks { \OC_FileProxy::$enabled = true; - $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] ); + //$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] ); + $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, "helloworld" ); $session = new Session( $view ); diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js index 2fffcf77b32..fa353901c3f 100644 --- a/apps/files_encryption/js/settings-admin.js +++ b/apps/files_encryption/js/settings-admin.js @@ -25,12 +25,16 @@ $(document).ready(function(){ function() { var recoveryStatus = $( this ).val(); + var oldStatus = (1+parseInt(recoveryStatus)) % 2; var recoveryPassword = $( '#recoveryPassword' ).val(); $.post( OC.filePath( 'files_encryption', 'ajax', 'adminrecovery.php' ) , { adminEnableRecovery: recoveryStatus, recoveryPassword: recoveryPassword } , function( data ) { - alert( data ); + if (data.status == "error") { + alert("Couldn't switch recovery key mode, please check your recovery key password!"); + $('input:radio[name="adminEnableRecovery"][value="'+oldStatus.toString()+'"]').attr("checked", "true"); + } } ); } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index f92930c2cbd..5267ba81f57 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -217,7 +217,7 @@ class Crypt { * @returns decrypted file */ public static function decrypt( $encryptedContent, $iv, $passphrase ) { - + if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { return $plainContent; @@ -463,9 +463,13 @@ class Crypt { */ public static function keyDecrypt( $encryptedContent, $privatekey ) { - openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); + $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); - return $plainContent; + if ( $result ) { + return $plainContent; + } + + return $result; } -- cgit v1.2.3 From ca6a77d39b738aeead0bbbfdfdf2a06382431f6f Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Fri, 17 May 2013 11:15:36 +0200 Subject: upgrade from old encryption to the new one needs to generate share keys too --- apps/files_encryption/hooks/hooks.php | 5 +++-- apps/files_encryption/lib/crypt.php | 32 +++++++++++++++++++++++++------- apps/files_encryption/lib/util.php | 15 +++++++++------ 3 files changed, 37 insertions(+), 15 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 0af0845d7c1..a91bd9183f5 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -97,9 +97,10 @@ class Hooks { ); } - + + // DISABLED JUST FOR TESTING PURPOSE, ACTIVATE AGAIN! // Register successful migration in DB - $util->setMigrationStatus( 1 ); + //$util->setMigrationStatus( 1 ); } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 5267ba81f57..74f8a1ffa3b 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -479,15 +479,33 @@ class Crypt { * keys: data, key * @note this method is a wrapper for combining other crypt class methods */ - public static function keyEncryptKeyfile( $plainContent, $publicKey ) { - + public static function keyEncryptKeyfile( $plainContent, $publicKey, $path ) { + + $user = \OCP\User::getUser(); + $view = new \OC_FilesystemView('/'); + $util = new Util($view, $user); + // Encrypt plain data, generate keyfile & encrypted file $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent ); // Encrypt keyfile - $cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey ); - - return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey ); + + $sharingEnabled = \OCP\Share::isEnabled(); + + // if file exists try to get sharing users + if($view->file_exists($path)) { + $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $path, $user ); + } else { + $uniqueUserIds[] = $user; + } + + // Fetch public keys for all users who will share the file + $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); + + // Encrypt plain keyfile to multiple sharefiles + $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); + + return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); } @@ -725,11 +743,11 @@ class Crypt { } - public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) { + public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase, $path ) { $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase ); - $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey ); + $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey, $path ); return $recrypted; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index fab807b0141..5a6583465e0 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -714,16 +714,19 @@ class Util { // Fetch data from file $legacyData = $this->view->file_get_contents( $legacyFile['path'] ); - + // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase ); + $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'] ); - $relPath = $legacyFile['path']; - $rawPath = $this->userId . '/files/' . $plainFile['path']; + $rawPath = $legacyFile['path']; + $relPath = $this->stripUserFilesPath($rawPath); // Save keyfile - Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['key'] ); - + Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] ); + + // Save sharekeys to user folders + Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] ); + // Overwrite the existing file with the encrypted one $this->view->file_put_contents( $rawPath, $recrypted['data'] ); -- cgit v1.2.3 From 93771f735b2347eb851941a414220af7b6ccd066 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Fri, 17 May 2013 14:13:05 +0200 Subject: gremove unused code --- apps/files_encryption/lib/crypt.php | 68 +++----------------- apps/files_encryption/lib/util.php | 113 ++++++++++++++++++---------------- apps/files_encryption/tests/crypt.php | 41 ------------ 3 files changed, 68 insertions(+), 154 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 74f8a1ffa3b..708d1719d73 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -472,61 +472,7 @@ class Crypt { return $result; } - - /** - * @brief Encrypts content symmetrically and generates keyfile asymmetrically - * @returns array containing catfile and new keyfile. - * keys: data, key - * @note this method is a wrapper for combining other crypt class methods - */ - public static function keyEncryptKeyfile( $plainContent, $publicKey, $path ) { - - $user = \OCP\User::getUser(); - $view = new \OC_FilesystemView('/'); - $util = new Util($view, $user); - - // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent ); - - // Encrypt keyfile - - $sharingEnabled = \OCP\Share::isEnabled(); - - // if file exists try to get sharing users - if($view->file_exists($path)) { - $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $path, $user ); - } else { - $uniqueUserIds[] = $user; - } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); - - // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); - - return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); - - } - - /** - * @brief Takes catfile, keyfile, and private key, and - * performs decryption - * @returns decrypted content - * @note this method is a wrapper for combining other crypt class methods - */ - public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) { - - // Decrypt the keyfile with the user's private key - $decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey ); - // Decrypt the catfile symmetrically using the decrypted keyfile - $decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile ); - - return $decryptedData; - - } - /** * @brief Symmetrically encrypt a file by combining encrypted component data blocks */ @@ -743,13 +689,17 @@ class Crypt { } - public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase, $path ) { + public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) { $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase ); - - $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey, $path ); - - return $recrypted; + + // Encrypt plain data, generate keyfile & encrypted file + $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted ); + + // Encrypt plain keyfile to multiple sharefiles + $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); + + return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index b312b502c14..a2dee1ca71f 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -656,103 +656,108 @@ class Util { * @param string $dirPath the directory whose files will be encrypted * @note Encryption is recursive */ - public function encryptAll( $publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null ) { - - if ( $found = $this->findEncFiles( $dirPath ) ) { - + public function encryptAll($publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null) { + + if ($found = $this->findEncFiles($dirPath)) { + // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; - + // Encrypt unencrypted files - foreach ( $found['plain'] as $plainFile ) { - + foreach ($found['plain'] as $plainFile) { + //relative to data//file $relPath = $plainFile['path']; - + //relative to /data - $rawPath = $this->userId . '/files/' . $plainFile['path']; - + $rawPath = $this->userId . '/files/' . $plainFile['path']; + // Open plain file handle for binary reading - $plainHandle1 = $this->view->fopen( $rawPath, 'rb' ); - + $plainHandle1 = $this->view->fopen($rawPath, 'rb'); + // 2nd handle for moving plain file - view->rename() doesn't work, this is a workaround - $plainHandle2 = $this->view->fopen( $rawPath . '.plaintmp', 'wb' ); - + $plainHandle2 = $this->view->fopen($rawPath . '.plaintmp', 'wb'); + // Move plain file to a temporary location - stream_copy_to_stream( $plainHandle1, $plainHandle2 ); - + stream_copy_to_stream($plainHandle1, $plainHandle2); + // Close access to original file // $this->view->fclose( $plainHandle1 ); // not implemented in view{} - // Delete original plain file so we can rename enc file later - $this->view->unlink( $rawPath ); - + $this->view->unlink($rawPath); + // Open enc file handle for binary writing, with same filename as original plain file - $encHandle = fopen( 'crypt://' . $relPath, 'wb' ); - + $encHandle = fopen('crypt://' . $relPath, 'wb'); + // Save data from plain stream to new encrypted file via enc stream // NOTE: Stream{} will be invoked for handling // the encryption, and should handle all keys // and their generation etc. automatically - $size = stream_copy_to_stream( $plainHandle2, $encHandle ); - + $size = stream_copy_to_stream($plainHandle2, $encHandle); + // Delete temporary plain copy of file - $this->view->unlink( $rawPath . '.plaintmp' ); - + $this->view->unlink($rawPath . '.plaintmp'); + // Add the file to the cache - \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' ); - + \OC\Files\Filesystem::putFileInfo($plainFile['path'], array('encrypted' => true, 'size' => $size), ''); } - + // Encrypt legacy encrypted files - if ( - ! empty( $legacyPassphrase ) - && ! empty( $newPassphrase ) + if ( + !empty($legacyPassphrase) + && !empty($newPassphrase) ) { - - foreach ( $found['legacy'] as $legacyFile ) { - + + foreach ($found['legacy'] as $legacyFile) { + // Fetch data from file - $legacyData = $this->view->file_get_contents( $legacyFile['path'] ); + $legacyData = $this->view->file_get_contents($legacyFile['path']); + + $sharingEnabled = \OCP\Share::isEnabled(); + + // if file exists try to get sharing users + if ($view->file_exists($legacyFile['path'])) { + $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); + } else { + $uniqueUserIds[] = $this->userId; + } + + // Fetch public keys for all users who will share the file + $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'] ); - + $recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'], $publicKeys); + $rawPath = $legacyFile['path']; $relPath = $this->stripUserFilesPath($rawPath); - + // Save keyfile - Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] ); + Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); // Save sharekeys to user folders - Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] ); + Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); // Overwrite the existing file with the encrypted one - $this->view->file_put_contents( $rawPath, $recrypted['data'] ); - - $size = strlen( $recrypted['data'] ); - + $this->view->file_put_contents($rawPath, $recrypted['data']); + + $size = strlen($recrypted['data']); + // Add the file to the cache - \OC\Files\Filesystem::putFileInfo( $rawPath, array( 'encrypted'=>true, 'size' => $size ), '' ); - + \OC\Files\Filesystem::putFileInfo($rawPath, array('encrypted' => true, 'size' => $size), ''); } - } - + \OC_FileProxy::$enabled = true; - + // If files were found, return true return true; - } else { - + // If no files were found, return false return false; - } - } - + /** * @brief Return important encryption related paths * @param string $pathName Name of the directory to return the path of diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index bfb5ca0ec8b..69fd99d9a82 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -513,48 +513,7 @@ class Test_Crypt extends \PHPUnit_Framework_TestCase { $this->assertEquals( $this->dataUrl, $decrypt ); } - - // What is the point of this test? It doesn't use keyEncryptKeyfile() - function testKeyEncryptKeyfile() { - - # TODO: Don't repeat encryption from previous tests, use PHPUnit test interdependency instead - - // Generate keypair - $pair1 = Encryption\Crypt::createKeypair(); - - // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->dataUrl ); - - // Encrypt keyfile - $cryptedKey = Encryption\Crypt::keyEncrypt( $cryptedData['key'], $pair1['publicKey'] ); - - // Decrypt keyfile - $decryptKey = Encryption\Crypt::keyDecrypt( $cryptedKey, $pair1['privateKey'] ); - - // Decrypt encrypted file - $decryptData = Encryption\Crypt::symmetricDecryptFileContent( $cryptedData['encrypted'], $decryptKey ); - - $this->assertEquals( $this->dataUrl, $decryptData ); - - } - - /** - * @brief test functionality of keyEncryptKeyfile() and - * keyDecryptKeyfile() - */ - function testKeyDecryptKeyfile() { - - $encrypted = Encryption\Crypt::keyEncryptKeyfile( $this->dataShort, $this->genPublicKey ); - - $this->assertNotEquals( $encrypted['data'], $this->dataShort ); - $decrypted = Encryption\Crypt::keyDecryptKeyfile( $encrypted['data'], $encrypted['key'], $this->genPrivateKey ); - - $this->assertEquals( $decrypted, $this->dataShort ); - - } - - /** * @brief test encryption using legacy blowfish method */ -- cgit v1.2.3 From eaa61b8539bcd1f428d8fad1d67894e8cb4f271a Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Fri, 17 May 2013 17:29:32 +0200 Subject: fix migration to new encryption --- apps/files_encryption/ajax/encryptall.php | 40 ------------------------------- apps/files_encryption/hooks/hooks.php | 2 +- apps/files_encryption/lib/crypt.php | 21 ++++++++++++---- apps/files_encryption/lib/util.php | 3 +-- 4 files changed, 18 insertions(+), 48 deletions(-) delete mode 100644 apps/files_encryption/ajax/encryptall.php (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/ajax/encryptall.php b/apps/files_encryption/ajax/encryptall.php deleted file mode 100644 index ce613ca4435..00000000000 --- a/apps/files_encryption/ajax/encryptall.php +++ /dev/null @@ -1,40 +0,0 @@ - - * This file is licensed under the Affero General Public License version 3 or later. - * See the COPYING-README file. - * - * @brief Script to handle manual trigger of \OCA\Encryption\Util{}->encryptAll() - */ - -use OCA\Encryption; - -\OCP\JSON::checkAppEnabled( 'files_encryption' ); -\OCP\JSON::callCheck(); - -$return = false; - -if ( - isset( $_POST['encryptAll'] ) - && ! empty( $_POST['userPassword'] ) -) { - - $view = new \OC_FilesystemView( '' ); - $userId = \OCP\User::getUser(); - $util = new \OCA\Encryption\Util( $view, $userId ); - $session = new \OCA\Encryption\Session( $view ); - $publicKey = \OCA\Encryption\Keymanager::getPublicKey( $view, $userId ); - $path = '/' . $userId . '/' . 'files'; - - $util->encryptAll( $publicKey, $path, $session->getLegacyKey(), $_POST['userPassword'] ); - - $return = true; - -} else { - - $return = false; - -} - -// Return success or failure -( $return ) ? \OCP\JSON::success() : \OCP\JSON::error(); \ No newline at end of file diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 76a19ff968c..72334559b8c 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -88,7 +88,7 @@ class Hooks { // This serves to upgrade old versions of the encryption // app (see appinfo/spec.txt) if ( - $util->encryptAll( $publicKey, '/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'] ) + $util->encryptAll( '/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'] ) ) { \OC_Log::write( diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 708d1719d73..56dacc94b0c 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -169,7 +169,7 @@ class Crypt { * @return true / false */ public static function isLegacyEncryptedContent( $data, $relPath ) { - + // Fetch all file metadata from DB $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' ); @@ -683,15 +683,26 @@ class Crypt { $decrypted = $bf->decrypt( $content ); - $trimmed = rtrim( $decrypted, "\0" ); - - return $trimmed; + return $decrypted; } + + private static function legacyBlockDecrypt($data, $key='',$maxLength=0) { + $result = ''; + while (strlen($data)) { + $result.=self::legacyDecrypt(substr($data, 0, 8192), $key); + $data = substr($data, 8192); + } + if ($maxLength > 0) { + return substr($result, 0, $maxLength); + } else { + return rtrim($result, "\0"); + } + } public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) { - $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase ); + $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase ); // Encrypt plain data, generate keyfile & encrypted file $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted ); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index f1042ed759a..9588db8d647 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -652,11 +652,10 @@ class Util { /** * @brief Encrypt all files in a directory - * @param string $publicKey the public key to encrypt files with * @param string $dirPath the directory whose files will be encrypted * @note Encryption is recursive */ - public function encryptAll($publicKey, $dirPath, $legacyPassphrase = null, $newPassphrase = null) { + public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) { if ($found = $this->findEncFiles($dirPath)) { -- cgit v1.2.3 From cea9208ceccda86a33ec294926d39adecb962ed2 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 17 May 2013 21:59:53 +0200 Subject: fix broken legacy tests --- apps/files_encryption/lib/crypt.php | 4 ++-- apps/files_encryption/tests/crypt.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 56dacc94b0c..046b4601b06 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -652,7 +652,7 @@ class Crypt { return $legacyEncKey; } - + /** * @brief encrypts content using legacy blowfish system * @param $content the cleartext message you want to encrypt @@ -683,7 +683,7 @@ class Crypt { $decrypted = $bf->decrypt( $content ); - return $decrypted; + return rtrim($decrypted, "\0");; } diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 69fd99d9a82..9737eefb96c 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -595,7 +595,7 @@ class Test_Crypt extends \PHPUnit_Framework_TestCase { */ function testLegacyKeyRecryptKeyfileEncrypt( $crypted ) { - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile( $crypted, $this->pass, $this->genPublicKey, $this->pass ); + $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile( $crypted, $this->pass, array($this->genPublicKey), $this->pass, ''); $this->assertNotEquals( $this->dataLong, $recrypted['data'] ); -- cgit v1.2.3 From 3aa48616a6cc960896d8a17e7854a71ee6f308a7 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 17 May 2013 22:44:45 +0200 Subject: remove unused code --- apps/files_encryption/lib/crypt.php | 123 +++--------------------------------- 1 file changed, 9 insertions(+), 114 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 046b4601b06..ba588819d06 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -155,7 +155,7 @@ class Crypt { // TODO: Use DI to get \OC\Files\Filesystem out of here // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $path, '' ); + $metadata = \OC\Files\Filesystem::getFileInfo( $path); // Return encryption status return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted']; @@ -474,78 +474,9 @@ class Crypt { } /** - * @brief Symmetrically encrypt a file by combining encrypted component data blocks - */ - public static function symmetricBlockEncryptFileContent( $plainContent, $key ) { - - $crypted = ''; - - $remaining = $plainContent; - - $testarray = array(); - - while( strlen( $remaining ) ) { - - //echo "\n\n\$block = ".substr( $remaining, 0, 6126 ); - - // Encrypt a chunk of unencrypted data and add it to the rest - $block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key ); - - $padded = self::addPadding( $block ); - - $crypted .= $block; - - $testarray[] = $block; - - // Remove the data already encrypted from remaining unencrypted data - $remaining = substr( $remaining, 6126 ); - - } - - //echo "hags "; - - //echo "\n\n\n\$crypted = $crypted\n\n\n"; - - //print_r($testarray); - - return $crypted; - - } - - - /** - * @brief Symmetrically decrypt a file by combining encrypted component data blocks - */ - public static function symmetricBlockDecryptFileContent( $crypted, $key ) { - - $decrypted = ''; - - $remaining = $crypted; - - $testarray = array(); - - while( strlen( $remaining ) ) { - - $testarray[] = substr( $remaining, 0, 8192 ); - - // Decrypt a chunk of unencrypted data and add it to the rest - $decrypted .= self::symmetricDecryptFileContent( $remaining, $key ); - - // Remove the data already encrypted from remaining unencrypted data - $remaining = substr( $remaining, 8192 ); - - } - - //echo "\n\n\$testarray = "; print_r($testarray); - - return $decrypted; - - } - - /** - * @brief Generates a pseudo random initialisation vector - * @return String $iv generated IV - */ + * @brief Generates a pseudo random initialisation vector + * @return String $iv generated IV + */ public static function generateIv() { if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { @@ -571,10 +502,10 @@ class Crypt { } - /** - * @brief Generate a pseudo random 1024kb ASCII key - * @returns $key Generated key - */ + /** + * @brief Generate a pseudo random 1024kb ASCII key + * @returns $key Generated key + */ public static function generateKey() { // Generate key @@ -597,29 +528,6 @@ class Crypt { } - public static function changekeypasscode( $oldPassword, $newPassword ) { - - if ( \OCP\User::isLoggedIn() ) { - - $key = Keymanager::getPrivateKey( $user, $view ); - - if ( ( $key = Crypt::symmetricDecryptFileContent($key,$oldpasswd) ) ) { - - if ( ( $key = Crypt::symmetricEncryptFileContent( $key, $newpasswd ) ) ) { - - Keymanager::setPrivateKey( $key ); - - return true; - } - - } - - } - - return false; - - } - /** * @brief Get the blowfish encryption handeler for a key * @param $key string (optional) @@ -713,18 +621,5 @@ class Crypt { return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); } - - /** - * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV - * @param $legacyContent the legacy encrypted content to re-encrypt - * @returns cleartext content - * - * This function decrypts an content - */ - public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) { - - // TODO: write me - - } - + } \ No newline at end of file -- cgit v1.2.3 From 3b850a2524471030da27227cba18b31ffc998aa4 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Mon, 20 May 2013 01:24:36 +0200 Subject: reformat code added and changed phpdoc --- apps/files_encryption/lib/crypt.php | 827 +++++++++--------- apps/files_encryption/lib/helper.php | 134 +-- apps/files_encryption/lib/keymanager.php | 517 +++++------ apps/files_encryption/lib/proxy.php | 677 ++++++++------- apps/files_encryption/lib/session.php | 167 ++-- apps/files_encryption/lib/stream.php | 562 ++++++------ apps/files_encryption/lib/util.php | 1294 +++++++++++++++------------- apps/files_encryption/tests/crypt.php | 911 ++++++++++---------- apps/files_encryption/tests/keymanager.php | 147 ++-- apps/files_encryption/tests/share.php | 640 +++++++------- apps/files_encryption/tests/util.php | 192 +++-- 11 files changed, 3154 insertions(+), 2914 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ba588819d06..783c19d2542 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -4,8 +4,8 @@ * ownCloud * * @author Sam Tuke, Frank Karlitschek, Robin Appelman - * @copyright 2012 Sam Tuke samtuke@owncloud.com, - * Robin Appelman icewind@owncloud.com, Frank Karlitschek + * @copyright 2012 Sam Tuke samtuke@owncloud.com, + * Robin Appelman icewind@owncloud.com, Frank Karlitschek * frank@owncloud.org * * This library is free software; you can redistribute it and/or @@ -27,505 +27,532 @@ namespace OCA\Encryption; require_once 'Crypt_Blowfish/Blowfish.php'; -// Todo: -// - Add a setting "Don´t encrypt files larger than xx because of performance" -// - Don't use a password directly as encryption key. but a key which is -// stored on the server and encrypted with the user password. -> change pass -// faster - /** * Class for common cryptography functionality */ -class Crypt { +class Crypt +{ /** * @brief return encryption mode client or server side encryption - * @param string user name (use system wide setting if name=null) + * @param string $user name (use system wide setting if name=null) * @return string 'client' or 'server' */ - public static function mode( $user = null ) { + public static function mode($user = null) + { return 'server'; - + } - - /** - * @brief Create a new encryption keypair - * @return array publicKey, privatekey - */ - public static function createKeypair() { - + + /** + * @brief Create a new encryption keypair + * @return array publicKey, privatekey + */ + public static function createKeypair() + { + $res = openssl_pkey_new(array('private_key_bits' => 4096)); // Get private key - openssl_pkey_export( $res, $privateKey ); + openssl_pkey_export($res, $privateKey); // Get public key - $publicKey = openssl_pkey_get_details( $res ); - + $publicKey = openssl_pkey_get_details($res); + $publicKey = $publicKey['key']; - - return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) ); - + + return (array('publicKey' => $publicKey, 'privateKey' => $privateKey)); + } - - /** - * @brief Add arbitrary padding to encrypted data - * @param string $data data to be padded - * @return padded data - * @note In order to end up with data exactly 8192 bytes long we must - * add two letters. It is impossible to achieve exactly 8192 length - * blocks with encryption alone, hence padding is added to achieve the - * required length. - */ - public static function addPadding( $data ) { - + + /** + * @brief Add arbitrary padding to encrypted data + * @param string $data data to be padded + * @return string padded data + * @note In order to end up with data exactly 8192 bytes long we must + * add two letters. It is impossible to achieve exactly 8192 length + * blocks with encryption alone, hence padding is added to achieve the + * required length. + */ + public static function addPadding($data) + { + $padded = $data . 'xx'; - + return $padded; - + } - - /** - * @brief Remove arbitrary padding to encrypted data - * @param string $padded padded data to remove padding from - * @return unpadded data on success, false on error - */ - public static function removePadding( $padded ) { - - if ( substr( $padded, -2 ) == 'xx' ) { - - $data = substr( $padded, 0, -2 ); - + + /** + * @brief Remove arbitrary padding to encrypted data + * @param string $padded padded data to remove padding from + * @return string unpadded data on success, false on error + */ + public static function removePadding($padded) + { + + if (substr($padded, -2) == 'xx') { + + $data = substr($padded, 0, -2); + return $data; - + } else { - + // TODO: log the fact that unpadded data was submitted for removal of padding return false; - + } - + } - - /** - * @brief Check if a file's contents contains an IV and is symmetrically encrypted - * @return true / false - * @note see also OCA\Encryption\Util->isEncryptedPath() - */ - public static function isCatfileContent( $content ) { - - if ( !$content ) { - + + /** + * @brief Check if a file's contents contains an IV and is symmetrically encrypted + * @param $content + * @return boolean + * @note see also OCA\Encryption\Util->isEncryptedPath() + */ + public static function isCatfileContent($content) + { + + if (!$content) { + return false; - + } - - $noPadding = self::removePadding( $content ); - + + $noPadding = self::removePadding($content); + // Fetch encryption metadata from end of file - $meta = substr( $noPadding, -22 ); - + $meta = substr($noPadding, -22); + // Fetch IV from end of file - $iv = substr( $meta, -16 ); - + $iv = substr($meta, -16); + // Fetch identifier from start of metadata - $identifier = substr( $meta, 0, 6 ); - - if ( $identifier == '00iv00') { - + $identifier = substr($meta, 0, 6); + + if ($identifier == '00iv00') { + return true; - + } else { - + return false; - + } - + } - + /** * Check if a file is encrypted according to database file cache * @param string $path * @return bool */ - public static function isEncryptedMeta( $path ) { - + public static function isEncryptedMeta($path) + { + // TODO: Use DI to get \OC\Files\Filesystem out of here - + // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $path); - + $metadata = \OC\Files\Filesystem::getFileInfo($path); + // Return encryption status - return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted']; - + return isset($metadata['encrypted']) and ( bool )$metadata['encrypted']; + } - - /** - * @brief Check if a file is encrypted via legacy system - * @param string $relPath The path of the file, relative to user/data; - * e.g. filename or /Docs/filename, NOT admin/files/filename - * @return true / false - */ - public static function isLegacyEncryptedContent( $data, $relPath ) { + + /** + * @brief Check if a file is encrypted via legacy system + * @param $data + * @param string $relPath The path of the file, relative to user/data; + * e.g. filename or /Docs/filename, NOT admin/files/filename + * @return boolean + */ + public static function isLegacyEncryptedContent($data, $relPath) + { // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' ); - + $metadata = \OC\Files\Filesystem::getFileInfo($relPath, ''); + // If a file is flagged with encryption in DB, but isn't a // valid content + IV combination, it's probably using the // legacy encryption system - if ( - isset( $metadata['encrypted'] ) - and $metadata['encrypted'] === true - and ! self::isCatfileContent( $data ) + if ( + isset($metadata['encrypted']) + and $metadata['encrypted'] === true + and !self::isCatfileContent($data) ) { - + return true; - + } else { - + return false; - + } - + } - - /** - * @brief Symmetrically encrypt a string - * @returns encrypted file - */ - public static function encrypt( $plainContent, $iv, $passphrase = '' ) { - - if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { + + /** + * @brief Symmetrically encrypt a string + * @return string encrypted file content + */ + public static function encrypt($plainContent, $iv, $passphrase = '') + { + + if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) { return $encryptedContent; - + } else { - - \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR ); - + + \OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR); + return false; - + } - + } - - /** - * @brief Symmetrically decrypt a string - * @returns decrypted file - */ - public static function decrypt( $encryptedContent, $iv, $passphrase ) { - - if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { + + /** + * @brief Symmetrically decrypt a string + * @return string decrypted file content + */ + public static function decrypt($encryptedContent, $iv, $passphrase) + { + + if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) { return $plainContent; - - + + } else { - - throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' ); - + + throw new \Exception('Encryption library: Decryption (symmetric) of content failed'); + return false; - + } - + } - - /** - * @brief Concatenate encrypted data with its IV and padding - * @param string $content content to be concatenated - * @param string $iv IV to be concatenated - * @returns string concatenated content - */ - public static function concatIv ( $content, $iv ) { - + + /** + * @brief Concatenate encrypted data with its IV and padding + * @param string $content content to be concatenated + * @param string $iv IV to be concatenated + * @returns string concatenated content + */ + public static function concatIv($content, $iv) + { + $combined = $content . '00iv00' . $iv; - + return $combined; - + } - - /** - * @brief Split concatenated data and IV into respective parts - * @param string $catFile concatenated data to be split - * @returns array keys: encrypted, iv - */ - public static function splitIv ( $catFile ) { - + + /** + * @brief Split concatenated data and IV into respective parts + * @param string $catFile concatenated data to be split + * @returns array keys: encrypted, iv + */ + public static function splitIv($catFile) + { + // Fetch encryption metadata from end of file - $meta = substr( $catFile, -22 ); - + $meta = substr($catFile, -22); + // Fetch IV from end of file - $iv = substr( $meta, -16 ); - + $iv = substr($meta, -16); + // Remove IV and IV identifier text to expose encrypted content - $encrypted = substr( $catFile, 0, -22 ); - + $encrypted = substr($catFile, 0, -22); + $split = array( 'encrypted' => $encrypted - , 'iv' => $iv + , 'iv' => $iv ); - + return $split; - + } - - /** - * @brief Symmetrically encrypts a string and returns keyfile content - * @param $plainContent content to be encrypted in keyfile - * @returns encrypted content combined with IV - * @note IV need not be specified, as it will be stored in the returned keyfile - * and remain accessible therein. - */ - public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) { - - if ( !$plainContent ) { - + + /** + * @brief Symmetrically encrypts a string and returns keyfile content + * @param string $plainContent content to be encrypted in keyfile + * @param string $passphrase + * @return bool|string + * @return string encrypted content combined with IV + * @note IV need not be specified, as it will be stored in the returned keyfile + * and remain accessible therein. + */ + public static function symmetricEncryptFileContent($plainContent, $passphrase = '') + { + + if (!$plainContent) { + return false; - + } - + $iv = self::generateIv(); - - if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) { - - // Combine content to encrypt with IV identifier and actual IV - $catfile = self::concatIv( $encryptedContent, $iv ); - - $padded = self::addPadding( $catfile ); - - return $padded; - + + if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) { + + // Combine content to encrypt with IV identifier and actual IV + $catfile = self::concatIv($encryptedContent, $iv); + + $padded = self::addPadding($catfile); + + return $padded; + } else { - - \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR ); - + + \OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR); + return false; - + } - + } /** - * @brief Symmetrically decrypts keyfile content - * @param string $source - * @param string $target - * @param string $key the decryption key - * @returns decrypted content - * - * This function decrypts a file - */ - public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) { - - if ( !$keyfileContent ) { - - throw new \Exception( 'Encryption library: no data provided for decryption' ); - + * @brief Symmetrically decrypts keyfile content + * @param $keyfileContent + * @param string $passphrase + * @throws \Exception + * @return bool|string + * @internal param string $source + * @internal param string $target + * @internal param string $key the decryption key + * @returns string decrypted content + * + * This function decrypts a file + */ + public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '') + { + + if (!$keyfileContent) { + + throw new \Exception('Encryption library: no data provided for decryption'); + } - + // Remove padding - $noPadding = self::removePadding( $keyfileContent ); - + $noPadding = self::removePadding($keyfileContent); + // Split into enc data and catfile - $catfile = self::splitIv( $noPadding ); - - if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) { - + $catfile = self::splitIv($noPadding); + + if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) { + return $plainContent; - + } - + } - + /** - * @brief Creates symmetric keyfile content using a generated key - * @param string $plainContent content to be encrypted - * @returns array keys: key, encrypted - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file - */ - public static function symmetricEncryptFileContentKeyfile( $plainContent ) { - + * @brief Creates symmetric keyfile content using a generated key + * @param string $plainContent content to be encrypted + * @returns array keys: key, encrypted + * @note symmetricDecryptFileContent() can be used to decrypt files created using this method + * + * This function decrypts a file + */ + public static function symmetricEncryptFileContentKeyfile($plainContent) + { + $key = self::generateKey(); - - if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) { - + + if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) { + return array( 'key' => $key - , 'encrypted' => $encryptedContent + , 'encrypted' => $encryptedContent ); - + } else { - + return false; - + } - + } - + /** - * @brief Create asymmetrically encrypted keyfile content using a generated key - * @param string $plainContent content to be encrypted - * @param array $publicKeys array keys must be the userId of corresponding user - * @returns array keys: keys (array, key = userId), data - * @note symmetricDecryptFileContent() can decrypt files created using this method - */ - public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { - + * @brief Create asymmetrically encrypted keyfile content using a generated key + * @param string $plainContent content to be encrypted + * @param array $publicKeys array keys must be the userId of corresponding user + * @returns array keys: keys (array, key = userId), data + * @note symmetricDecryptFileContent() can decrypt files created using this method + */ + public static function multiKeyEncrypt($plainContent, array $publicKeys) + { + // openssl_seal returns false without errors if $plainContent // is empty, so trigger our own error - if ( empty( $plainContent ) ) { - - trigger_error( "Cannot mutliKeyEncrypt empty plain content" ); - throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' ); - + if (empty($plainContent)) { + + trigger_error("Cannot mutliKeyEncrypt empty plain content"); + throw new \Exception('Cannot mutliKeyEncrypt empty plain content'); + } - + // Set empty vars to be set by openssl by reference $sealed = ''; $shareKeys = array(); - - if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { - + + if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) { + $i = 0; - + // Ensure each shareKey is labelled with its // corresponding userId - foreach ( $publicKeys as $userId => $publicKey ) { - + foreach ($publicKeys as $userId => $publicKey) { + $mappedShareKeys[$userId] = $shareKeys[$i]; $i++; - + } - + return array( 'keys' => $mappedShareKeys - , 'data' => $sealed + , 'data' => $sealed ); - + } else { - + return false; - + } - + } - + /** - * @brief Asymmetrically encrypt a file using multiple public keys - * @param string $plainContent content to be encrypted - * @returns string $plainContent decrypted string - * @note symmetricDecryptFileContent() can be used to decrypt files created using this method - * - * This function decrypts a file - */ - public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) { - - if ( !$encryptedContent ) { - + * @brief Asymmetrically encrypt a file using multiple public keys + * @param $encryptedContent + * @param $shareKey + * @param $privateKey + * @return bool + * @internal param string $plainContent content to be encrypted + * @returns string $plainContent decrypted string + * @note symmetricDecryptFileContent() can be used to decrypt files created using this method + * + * This function decrypts a file + */ + public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) + { + + if (!$encryptedContent) { + return false; - + } - - if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) { - + + if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { + return $plainContent; - + } else { - - \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR ); - + + \OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR); + return false; - + } - + } - - /** - * @brief Asymetrically encrypt a string using a public key - * @returns encrypted file - */ - public static function keyEncrypt( $plainContent, $publicKey ) { - - openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); - + + /** + * @brief Asymetrically encrypt a string using a public key + * @return string encrypted file + */ + public static function keyEncrypt($plainContent, $publicKey) + { + + openssl_public_encrypt($plainContent, $encryptedContent, $publicKey); + return $encryptedContent; - + } - - /** - * @brief Asymetrically decrypt a file using a private key - * @returns decrypted file - */ - public static function keyDecrypt( $encryptedContent, $privatekey ) { - - $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); - - if ( $result ) { + + /** + * @brief Asymetrically decrypt a file using a private key + * @return string decrypted file + */ + public static function keyDecrypt($encryptedContent, $privatekey) + { + + $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey); + + if ($result) { return $plainContent; } return $result; - + } - + /** * @brief Generates a pseudo random initialisation vector * @return String $iv generated IV */ - public static function generateIv() { - - if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { - - if ( !$strong ) { - + public static function generateIv() + { + + if ($random = openssl_random_pseudo_bytes(12, $strong)) { + + if (!$strong) { + // If OpenSSL indicates randomness is insecure, log error - \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN ); - + \OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN); + } - + // We encode the iv purely for string manipulation // purposes - it gets decoded before use - $iv = base64_encode( $random ); - + $iv = base64_encode($random); + return $iv; - + } else { - - throw new Exception( 'Generating IV failed' ); - + + throw new \Exception('Generating IV failed'); + } - + } - + /** * @brief Generate a pseudo random 1024kb ASCII key * @returns $key Generated key */ - public static function generateKey() { - + public static function generateKey() + { + // Generate key - if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) { - - if ( !$strong ) { - + if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) { + + if (!$strong) { + // If OpenSSL indicates randomness is insecure, log error - throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); - + throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()'); + } - + return $key; - + } else { - + return false; - + } - + } /** @@ -535,70 +562,89 @@ class Crypt { * * if the key is left out, the default handeler will be used */ - public static function getBlowfish( $key = '' ) { - - if ( $key ) { - - return new \Crypt_Blowfish( $key ); - + public static function getBlowfish($key = '') + { + + if ($key) { + + return new \Crypt_Blowfish($key); + } else { - + return false; - + } - + } - - public static function legacyCreateKey( $passphrase ) { - + + /** + * @param $passphrase + * @return mixed + */ + public static function legacyCreateKey($passphrase) + { + // Generate a random integer - $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ); + $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999); // Encrypt the key with the passphrase - $legacyEncKey = self::legacyEncrypt( $key, $passphrase ); + $legacyEncKey = self::legacyEncrypt($key, $passphrase); return $legacyEncKey; - + } /** * @brief encrypts content using legacy blowfish system - * @param $content the cleartext message you want to encrypt - * @param $key the encryption key (optional) - * @returns encrypted content + * @param string $content the cleartext message you want to encrypt + * @param string $passphrase + * @return + * @internal param \OCA\Encryption\the $key encryption key (optional) + * @returns string encrypted content * * This function encrypts an content */ - public static function legacyEncrypt( $content, $passphrase = '' ) { - - $bf = self::getBlowfish( $passphrase ); - - return $bf->encrypt( $content ); - + public static function legacyEncrypt($content, $passphrase = '') + { + + $bf = self::getBlowfish($passphrase); + + return $bf->encrypt($content); + } - + /** - * @brief decrypts content using legacy blowfish system - * @param $content the cleartext message you want to decrypt - * @param $key the encryption key (optional) - * @returns cleartext content - * - * This function decrypts an content - */ - public static function legacyDecrypt( $content, $passphrase = '' ) { - - $bf = self::getBlowfish( $passphrase ); - - $decrypted = $bf->decrypt( $content ); - + * @brief decrypts content using legacy blowfish system + * @param string $content the cleartext message you want to decrypt + * @param string $passphrase + * @return string + * @internal param \OCA\Encryption\the $key encryption key (optional) + * @return string cleartext content + * + * This function decrypts an content + */ + public static function legacyDecrypt($content, $passphrase = '') + { + + $bf = self::getBlowfish($passphrase); + + $decrypted = $bf->decrypt($content); + return rtrim($decrypted, "\0");; - + } - private static function legacyBlockDecrypt($data, $key='',$maxLength=0) { + /** + * @param $data + * @param string $key + * @param int $maxLength + * @return string + */ + private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0) + { $result = ''; while (strlen($data)) { - $result.=self::legacyDecrypt(substr($data, 0, 8192), $key); + $result .= self::legacyDecrypt(substr($data, 0, 8192), $key); $data = substr($data, 8192); } if ($maxLength > 0) { @@ -607,19 +653,28 @@ class Crypt { return rtrim($result, "\0"); } } - - public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) { - - $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase ); + + /** + * @param $legacyEncryptedContent + * @param $legacyPassphrase + * @param $publicKeys + * @param $newPassphrase + * @param $path + * @return array + */ + public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path) + { + + $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted ); + $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); + $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); + + return array('data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys']); - return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); - } } \ No newline at end of file diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index a04c65e251f..c57f0bc0092 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -23,76 +23,82 @@ namespace OCA\Encryption; -/** - * @brief Class to manage registration of hooks an various helper methods - */ + /** + * @brief Class to manage registration of hooks an various helper methods + */ /** * Class Helper * @package OCA\Encryption */ -class Helper { - +class Helper +{ + /** * @brief register share related hooks - * + * + */ + public static function registerShareHooks() + { + + \OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared'); + \OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared'); + \OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare'); + } + + /** + * @brief register user related hooks + * */ - public static function registerShareHooks() { + public static function registerUserHooks() + { - \OCP\Util::connectHook( 'OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared' ); - \OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); - \OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); + \OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login'); + \OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase'); + \OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser'); + \OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser'); } - /** - * @brief register user related hooks - * - */ - public static function registerUserHooks() { - - \OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); - \OCP\Util::connectHook( 'OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' ); - \OCP\Util::connectHook( 'OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser' ); - \OCP\Util::connectHook( 'OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser' ); - } - - /** - * @brief register webdav related hooks - * - */ - public static function registerWebdavHooks() { - - - } - - /** - * @brief register filesystem related hooks - * - */ - public static function registerFilesystemHooks() { - - \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename'); - } - - /** - * @brief setup user for files_encryption - * - * @param Util $util - * @param string $password - * @return bool - */ - public static function setupUser($util, $password) { - // Check files_encryption infrastructure is ready for action - if ( ! $util->ready() ) { - - \OC_Log::write( 'Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG ); - - if(!$util->setupServerSide( $password )) { - return false; - } - } - - return true; - } + /** + * @brief register webdav related hooks + * + */ + public static function registerWebdavHooks() + { + + + } + + /** + * @brief register filesystem related hooks + * + */ + public static function registerFilesystemHooks() + { + + \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename'); + } + + /** + * @brief setup user for files_encryption + * + * @param Util $util + * @param string $password + * @return bool + */ + public static function setupUser($util, $password) + { + // Check files_encryption infrastructure is ready for action + if (!$util->ready()) { + + \OC_Log::write('Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG); + + if (!$util->setupServerSide($password)) { + return false; + } + } + + return true; + } /** * @brief enable recovery @@ -103,7 +109,8 @@ class Helper { * @internal param string $password * @return bool */ - public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) { + public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) + { $view = new \OC\Files\View('/'); if ($recoveryKeyId === null) { @@ -139,7 +146,7 @@ class Helper { $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey); // create control file which let us check later on if the entered password was correct. - $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']); + $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']); if (!$view->is_dir('/control-file')) { $view->mkdir('/control-file'); } @@ -170,7 +177,8 @@ class Helper { * @param $recoveryPassword * @return bool */ - public static function adminDisableRecovery($recoveryPassword) { + public static function adminDisableRecovery($recoveryPassword) + { $util = new Util(new \OC_FilesystemView('/'), \OCP\User::getUser()); $return = $util->checkRecoveryPassword($recoveryPassword); diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index b422ff099b1..1bc334e7a17 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -27,7 +27,8 @@ namespace OCA\Encryption; * @brief Class to manage storage and retrieval of encryption keys * @note Where a method requires a view object, it's root must be '/' */ -class Keymanager { +class Keymanager +{ /** * @brief retrieve the ENCRYPTED private key from a user @@ -37,17 +38,18 @@ class Keymanager { * @return string private key or false (hopefully) * @note the key returned by this method must be decrypted before use */ - public static function getPrivateKey( \OC_FilesystemView $view, $user ) { - - $path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key'; + public static function getPrivateKey(\OC_FilesystemView $view, $user) + { - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key'; - $key = $view->file_get_contents( $path ); + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + $key = $view->file_get_contents($path); + + \OC_FileProxy::$enabled = $proxyStatus; - \OC_FileProxy::$enabled = $proxyStatus; - return $key; } @@ -57,104 +59,111 @@ class Keymanager { * @param $userId * @return string public key or false */ - public static function getPublicKey( \OC_FilesystemView $view, $userId ) { + public static function getPublicKey(\OC_FilesystemView $view, $userId) + { - $proxyStatus = \OC_FileProxy::$enabled; + $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - - $result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' ); - + + $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key'); + \OC_FileProxy::$enabled = $proxyStatus; - return $result; - + return $result; + } - + /** * @brief Retrieve a user's public and private key * @param \OC_FilesystemView $view * @param $userId * @return array keys: privateKey, publicKey */ - public static function getUserKeys( \OC_FilesystemView $view, $userId ) { - + public static function getUserKeys(\OC_FilesystemView $view, $userId) + { + return array( - 'publicKey' => self::getPublicKey( $view, $userId ) - , 'privateKey' => self::getPrivateKey( $view, $userId ) + 'publicKey' => self::getPublicKey($view, $userId) + , 'privateKey' => self::getPrivateKey($view, $userId) ); - + } - + /** * @brief Retrieve public keys for given users * @param \OC_FilesystemView $view * @param array $userIds * @return array of public keys for the specified users */ - public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) { - + public static function getPublicKeys(\OC_FilesystemView $view, array $userIds) + { + $keys = array(); - - foreach ( $userIds as $userId ) { - - $keys[$userId] = self::getPublicKey( $view, $userId ); - + + foreach ($userIds as $userId) { + + $keys[$userId] = self::getPublicKey($view, $userId); + } - + return $keys; - + } - + /** * @brief store file encryption key * + * @param \OC_FilesystemView $view * @param string $path relative path of the file, including filename - * @param string $key + * @param $userId + * @param $catfile + * @internal param string $key * @return bool true/false - * @note The keyfile is not encrypted here. Client code must + * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { - + public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) + { + $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + $util = new Util($view, \OCP\User::getUser()); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/keyfiles'; - - $targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); - - if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) { + + $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner); + + if (!$view->is_dir($basePath . '/' . $targetPath)) { // create all parent folders - $info = pathinfo( $basePath . '/' . $targetPath ); - $keyfileFolderName = $view->getLocalFolder( $info['dirname'] ); - - if ( ! file_exists( $keyfileFolderName ) ) { - - mkdir( $keyfileFolderName, 0750, true ); - + $info = pathinfo($basePath . '/' . $targetPath); + $keyfileFolderName = $view->getLocalFolder($info['dirname']); + + if (!file_exists($keyfileFolderName)) { + + mkdir($keyfileFolderName, 0750, true); + } } // try reusing key file if part file - if ( self::isPartialFilePath( $targetPath ) ) { - - $result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile ); - + if (self::isPartialFilePath($targetPath)) { + + $result = $view->file_put_contents($basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile); + } else { - - $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); - + + $result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile); + } - + \OC_FileProxy::$enabled = $proxyStatus; - + return $result; - + } /** @@ -163,15 +172,16 @@ class Keymanager { * @return string File path without .part extension * @note this is needed for reusing keys */ - public static function fixPartialFilePath( $path ) { - + public static function fixPartialFilePath($path) + { + if (preg_match('/\.part$/', $path)) { $newLength = strlen($path) - 5; $fPath = substr($path, 0, $newLength); return $fPath; - + } else { return $path; @@ -185,19 +195,21 @@ class Keymanager { * @param string $path Path that may identify a .part file * @return bool */ - public static function isPartialFilePath( $path ) { - - if ( preg_match('/\.part$/', $path ) ) { - + public static function isPartialFilePath($path) + { + + if (preg_match('/\.part$/', $path)) { + return true; - + } else { - + return false; - + } } + /** * @brief retrieve keyfile for an encrypted file * @param \OC_FilesystemView $view @@ -208,227 +220,239 @@ class Keymanager { * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) + { // try reusing key file if part file - if ( self::isPartialFilePath( $filePath ) ) { - - $result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); - - if ( $result ) { - + if (self::isPartialFilePath($filePath)) { + + $result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath)); + + if ($result) { + return $result; - + } - + } $util = new Util($view, \OCP\User::getUser()); list($owner, $filename) = $util->getUidAndFilename($filePath); - $filePath_f = ltrim( $filename, '/' ); + $filePath_f = ltrim($filename, '/'); $keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - - if ( $view->file_exists( $keyfilePath ) ) { - $result = $view->file_get_contents( $keyfilePath ); - + if ($view->file_exists($keyfilePath)) { + + $result = $view->file_get_contents($keyfilePath); + } else { - - $result = false; - + + $result = false; + } - + \OC_FileProxy::$enabled = $proxyStatus; - + return $result; - + } - + /** * @brief Delete a keyfile * - * @param OC_FilesystemView $view + * @param \OC_FilesystemView $view * @param string $userId username * @param string $path path of the file the key belongs to * @return bool Outcome of unlink operation * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT * /data/admin/files/mydoc.txt */ - public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { - - $trimmed = ltrim( $path, '/' ); - $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed; + public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) + { + + $trimmed = ltrim($path, '/'); + $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed; $result = false; - if ( $view->is_dir($keyPath) ) { + if ($view->is_dir($keyPath)) { $result = $view->unlink($keyPath); - } else if ( $view->file_exists( $keyPath.'.key' ) ) { + } else if ($view->file_exists($keyPath . '.key')) { - $result = $view->unlink( $keyPath.'.key' ); + $result = $view->unlink($keyPath . '.key'); } - if ( !$result ) { - - \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR ); + if (!$result) { + + \OC_Log::write('Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR); } return $result; - + } - + /** * @brief store private key from the user - * @param string key + * @param string $key * @return bool * @note Encryption of the private key must be performed by client code * as no encryption takes place here */ - public static function setPrivateKey( $key ) { - + public static function setPrivateKey($key) + { + $user = \OCP\User::getUser(); - - $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); + + $view = new \OC_FilesystemView('/' . $user . '/files_encryption'); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - - if ( !$view->file_exists( '' ) ) $view->mkdir( '' ); - - $result = $view->file_put_contents( $user . '.private.key', $key ); - + + if (!$view->file_exists('')) $view->mkdir(''); + + $result = $view->file_put_contents($user . '.private.key', $key); + \OC_FileProxy::$enabled = $proxyStatus; return $result; - + } - + /** * @brief store private keys from the user * - * @param string privatekey - * @param string publickey + * @param string $privatekey + * @param string $publickey * @return bool true/false */ - public static function setUserKeys($privatekey, $publickey) { - - return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) ); - + public static function setUserKeys($privatekey, $publickey) + { + + return (self::setPrivateKey($privatekey) && self::setPublicKey($publickey)); + } - + /** * @brief store public key of the user * - * @param string key + * @param string $key * @return bool true/false */ - public static function setPublicKey( $key ) { - - $view = new \OC_FilesystemView( '/public-keys' ); + public static function setPublicKey($key) + { + + $view = new \OC_FilesystemView('/public-keys'); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - - if ( !$view->file_exists( '' ) ) $view->mkdir( '' ); - - $result = $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key ); - + + if (!$view->file_exists('')) $view->mkdir(''); + + $result = $view->file_put_contents(\OCP\User::getUser() . '.public.key', $key); + \OC_FileProxy::$enabled = $proxyStatus; return $result; - + } - + /** * @brief store share key * + * @param \OC_FilesystemView $view * @param string $path relative path of the file, including filename - * @param string $key - * @param null $view - * @param string $dbClassName + * @param $userId + * @param $shareKey + * @internal param string $key + * @internal param string $dbClassName * @return bool true/false * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { + public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) + { // Here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/share-keys'; - - $shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); + + $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner); // try reusing key file if part file - if(self::isPartialFilePath($shareKeyPath)) { - + if (self::isPartialFilePath($shareKeyPath)) { + $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey'; - + } else { - + $writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey'; - + } $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_put_contents( $writePath, $shareKey ); + $result = $view->file_put_contents($writePath, $shareKey); \OC_FileProxy::$enabled = $proxyStatus; - if ( - is_int( $result ) + if ( + is_int($result) && $result > 0 ) { - + return true; - + } else { - + return false; - + } - + } - + /** * @brief store multiple share keys for a single file + * @param \OC_FilesystemView $view + * @param $path + * @param array $shareKeys * @return bool */ - public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) { + public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) + { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] - + $result = true; - - foreach ( $shareKeys as $userId => $shareKey ) { - - if ( ! self::setShareKey( $view, $path, $userId, $shareKey ) ) { - + + foreach ($shareKeys as $userId => $shareKey) { + + if (!self::setShareKey($view, $path, $userId, $shareKey)) { + // If any of the keys are not set, flag false $result = false; - + } - + } - + // Returns false if any of the keys weren't set return $result; - + } - + /** * @brief retrieve shareKey for an encrypted file * @param \OC_FilesystemView $view @@ -439,59 +463,61 @@ class Keymanager { * @note The sharekey returned is encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) + { // try reusing key file if part file - if(self::isPartialFilePath($filePath)) { - + if (self::isPartialFilePath($filePath)) { + $result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath)); - - if($result) { - + + if ($result) { + return $result; - + } - + } $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); list($owner, $filename) = $util->getUidAndFilename($filePath); $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey'); - if ( $view->file_exists( $shareKeyPath ) ) { - - $result = $view->file_get_contents( $shareKeyPath ); - + if ($view->file_exists($shareKeyPath)) { + + $result = $view->file_get_contents($shareKeyPath); + } else { - + $result = false; - + } - + \OC_FileProxy::$enabled = $proxyStatus; - + return $result; - + } /** * @brief delete all share keys of a given file * @param \OC_FilesystemView $view - * @param type $userId owner of the file - * @param type $filePath path to the file, relative to the owners file dir + * @param string $userId owner of the file + * @param string $filePath path to the file, relative to the owners file dir */ - public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) { - - if ($view->is_dir($userId.'/files/'.$filePath)) { - $view->unlink($userId.'/files_encryption/share-keys/'.$filePath); + public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) + { + + if ($view->is_dir($userId . '/files/' . $filePath)) { + $view->unlink($userId . '/files_encryption/share-keys/' . $filePath); } else { - $localKeyPath = $view->getLocalFile($userId.'/files_encryption/share-keys/'.$filePath); - $matches = glob(preg_quote($localKeyPath).'*.shareKey'); + $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath); + $matches = glob(preg_quote($localKeyPath) . '*.shareKey'); foreach ($matches as $ma) { unlink($ma); } @@ -501,13 +527,14 @@ class Keymanager { /** * @brief Delete a single user's shareKey for a single file */ - public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) { + public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath) + { - $proxyStatus = \OC_FileProxy::$enabled; + $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); list($owner, $filename) = $util->getUidAndFilename($filePath); @@ -515,7 +542,7 @@ class Keymanager { $result = false; - if ( $view->is_dir($shareKeyPath) ) { + if ($view->is_dir($shareKeyPath)) { $localPath = \OC_Filesystem::normalizePath($view->getLocalFolder($shareKeyPath)); $result = self::recursiveDelShareKeys($localPath, $userIds); @@ -523,40 +550,42 @@ class Keymanager { } else { foreach ($userIds as $userId) { - $view->unlink($shareKeyPath.'.'.$userId.'.shareKey'); + $view->unlink($shareKeyPath . '.' . $userId . '.shareKey'); } $result = true; } - if ( ! $result ) { - - \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath, \OC_Log::ERROR ); - + if (!$result) { + + \OC_Log::write('Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath, \OC_Log::ERROR); + } - + \OC_FileProxy::$enabled = $proxyStatus; - + return $result; - + } /** * @brief recursively delete share keys from given users * - * @param type $dir directory - * @param type $userIds user ids for which the share keys should be deleted + * @param string $dir directory + * @param array $userIds user ids for which the share keys should be deleted */ - private static function recursiveDelShareKeys($dir, $userIds) { + private static function recursiveDelShareKeys($dir, $userIds) + { foreach ($userIds as $userId) { - $completePath = $dir.'/.*'.'.'.$userId.'.shareKey'; - $matches = glob(preg_quote($dir).'/*'.preg_quote('.'.$userId.'.shareKey')); + $completePath = $dir . '/.*' . '.' . $userId . '.shareKey'; + $matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey')); } - foreach ($matches as $ma) { + /** @var $matches array */ + foreach ($matches as $ma) { unlink($ma); } - $subdirs = $directories = glob(preg_quote($dir) . '/*' , GLOB_ONLYDIR); - foreach ( $subdirs as $subdir ) { + $subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR); + foreach ($subdirs as $subdir) { self::recursiveDelShareKeys($subdir, $userIds); } return true; @@ -565,16 +594,17 @@ class Keymanager { /** * @brief Make preparations to vars and filesystem for saving a keyfile */ - public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { - - $targetPath = ltrim( $path, '/' ); - - $path_parts = pathinfo( $targetPath ); - + public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) + { + + $targetPath = ltrim($path, '/'); + + $path_parts = pathinfo($targetPath); + // If the file resides within a subdirectory, create it - if ( - isset( $path_parts['dirname'] ) - && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] ) + if ( + isset($path_parts['dirname']) + && !$view->file_exists($basePath . '/' . $path_parts['dirname']) ) { $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']); $dir = ''; @@ -585,41 +615,26 @@ class Keymanager { } } } - + return $targetPath; - - } - - /** - * @brief change password of private encryption key - * - * @param string $oldpasswd old password - * @param string $newpasswd new password - * @return bool true/false - */ - public static function changePasswd($oldpasswd, $newpasswd) { - - if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) { - return Crypt::changekeypasscode($oldpasswd, $newpasswd); - } - return false; - + } - + /** * @brief Fetch the legacy encryption key from user files - * @param string $login used to locate the legacy key - * @param string $passphrase used to decrypt the legacy key - * @return true / false + * @internal param string $login used to locate the legacy key + * @internal param string $passphrase used to decrypt the legacy key + * @return boolean * * if the key is left out, the default handeler will be used */ - public function getLegacyKey() { - + public function getLegacyKey() + { + $user = \OCP\User::getUser(); - $view = new \OC_FilesystemView( '/' . $user ); - return $view->file_get_contents( 'encryption.key' ); - + $view = new \OC_FilesystemView('/' . $user); + return $view->file_get_contents('encryption.key'); + } - + } \ No newline at end of file diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 1d60770b4d7..55ad882a8f9 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -1,41 +1,46 @@ . -* -*/ + * ownCloud + * + * @author Sam Tuke, Robin Appelman + * @copyright 2012 Sam Tuke samtuke@owncloud.com, Robin Appelman + * icewind1991@gmail.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see . + * + */ /** -* @brief Encryption proxy which handles filesystem operations before and after -* execution and encrypts, and handles keyfiles accordingly. Used for -* webui. -*/ + * @brief Encryption proxy which handles filesystem operations before and after + * execution and encrypts, and handles keyfiles accordingly. Used for + * webui. + */ namespace OCA\Encryption; -class Proxy extends \OC_FileProxy { +/** + * Class Proxy + * @package OCA\Encryption + */ +class Proxy extends \OC_FileProxy +{ private static $blackList = null; //mimetypes blacklisted from encryption - + private static $enableEncryption = null; - + /** * Check if a file requires encryption * @param string $path @@ -43,461 +48,481 @@ class Proxy extends \OC_FileProxy { * * Tests if server side encryption is enabled, and file is allowed by blacklists */ - private static function shouldEncrypt( $path ) { - - if ( is_null( self::$enableEncryption ) ) { - - if ( - \OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true' - && Crypt::mode() == 'server' + private static function shouldEncrypt($path) + { + + if (is_null(self::$enableEncryption)) { + + if ( + \OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') == 'true' + && Crypt::mode() == 'server' ) { - + self::$enableEncryption = true; - + } else { - + self::$enableEncryption = false; - + } - + } - - if ( !self::$enableEncryption ) { - + + if (!self::$enableEncryption) { + return false; - + } - - if ( is_null(self::$blackList ) ) { - - self::$blackList = explode(',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) ); - + + if (is_null(self::$blackList)) { + + self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', '')); + } - - if ( Crypt::isCatfileContent( $path ) ) { - + + if (Crypt::isCatfileContent($path)) { + return true; - + } - - $extension = substr( $path, strrpos( $path, '.' ) +1 ); - - if ( array_search( $extension, self::$blackList ) === false ) { - + + $extension = substr($path, strrpos($path, '.') + 1); + + if (array_search($extension, self::$blackList) === false) { + return true; - + } - + return false; } - - public function preFile_put_contents( $path, &$data ) { - if ( self::shouldEncrypt( $path ) ) { + /** + * @param $path + * @param $data + * @return bool + */ + public function preFile_put_contents($path, &$data) + { + + if (self::shouldEncrypt($path)) { // Stream put contents should have been converted to fopen - if ( !is_resource( $data ) ) { + if (!is_resource($data)) { $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView( '/' ); - $util = new Util( $view, $userId ); - $session = new Session( $view ); + $view = new \OC_FilesystemView('/'); + $util = new Util($view, $userId); + $session = new Session($view); $privateKey = $session->getPrivateKey(); - $filePath = $util->stripUserFilesPath( $path ); + $filePath = $util->stripUserFilesPath($path); // Set the filesize for userland, before encrypting - $size = strlen( $data ); - + $size = strlen($data); + // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - + // Check if there is an existing key we can reuse - if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) { - + if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) { + // Fetch shareKey - $shareKey = Keymanager::getShareKey( $view, $userId, $filePath ); - + $shareKey = Keymanager::getShareKey($view, $userId, $filePath); + // Decrypt the keyfile - $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - + $plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + } else { - + // Make a new key $plainKey = Crypt::generateKey(); - + } - + // Encrypt data - $encData = Crypt::symmetricEncryptFileContent( $data, $plainKey ); - + $encData = Crypt::symmetricEncryptFileContent($data, $plainKey); + $sharingEnabled = \OCP\Share::isEnabled(); // if file exists try to get sharing users - if($view->file_exists($path)) { - $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId ); + if ($view->file_exists($path)) { + $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId); } else { $uniqueUserIds[] = $userId; } // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); + $publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds); // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys ); - + $multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys); + // Save sharekeys to user folders - Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] ); - + Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']); + // Set encrypted keyfile as common varname $encKey = $multiEncrypted['data']; - + // Save keyfile for newly encrypted file in parallel directory tree - Keymanager::setFileKey( $view, $filePath, $userId, $encKey ); + Keymanager::setFileKey($view, $filePath, $userId, $encKey); // Replace plain content with encrypted content by reference $data = $encData; - + // Update the file cache with file info - \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' ); + \OC\Files\Filesystem::putFileInfo($filePath, array('encrypted' => true, 'size' => strlen($size), 'unencrypted_size' => $size), ''); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; - + } } return true; - + } - + /** * @param string $path Path of file from which has been read * @param string $data Data that has been read from file */ - public function postFile_get_contents( $path, $data ) { + public function postFile_get_contents($path, $data) + { + + // FIXME: $path for shared files is just /uid/files/Shared/filepath - // FIXME: $path for shared files is just /uid/files/Shared/filepath - $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView( '/' ); - $util = new Util( $view, $userId ); - - $relPath = $util->stripUserFilesPath( $path ); - - + $view = new \OC_FilesystemView('/'); + $util = new Util($view, $userId); + + $relPath = $util->stripUserFilesPath($path); + + // TODO check for existing key file and reuse it if possible to avoid problems with versioning etc. // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // If data is a catfile - if ( - Crypt::mode() == 'server' - && Crypt::isCatfileContent( $data ) // TODO: Do we really need this check? Can't we assume it is properly encrypted? + // If data is a catfile + if ( + Crypt::mode() == 'server' + && Crypt::isCatfileContent($data) // TODO: Do we really need this check? Can't we assume it is properly encrypted? ) { - + // TODO: use get owner to find correct location of key files for shared files - $session = new Session( $view ); - $privateKey = $session->getPrivateKey( $userId ); - + $session = new Session($view); + $privateKey = $session->getPrivateKey($userId); + // Get the encrypted keyfile - $encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath ); - + $encKeyfile = Keymanager::getFileKey($view, $userId, $relPath); + // Attempt to fetch the user's shareKey - $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); - + $shareKey = Keymanager::getShareKey($view, $userId, $relPath); + // Decrypt keyfile with shareKey - $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - - $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile ); + $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + + $plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile); } elseif ( - Crypt::mode() == 'server' - && isset( $_SESSION['legacyenckey'] ) - && Crypt::isEncryptedMeta( $path ) + Crypt::mode() == 'server' + && isset($_SESSION['legacyenckey']) + && Crypt::isEncryptedMeta($path) ) { - - $plainData = Crypt::legacyDecrypt( $data, $session->getLegacyKey() ); - + + $plainData = Crypt::legacyDecrypt($data, $session->getLegacyKey()); + } - + \OC_FileProxy::$enabled = $proxyStatus; - - if ( ! isset( $plainData ) ) { - + + if (!isset($plainData)) { + $plainData = $data; - + } - + return $plainData; - + } - + /** * @brief When a file is deleted, remove its keyfile also */ - public function preUnlink( $path ) { - + public function preUnlink($path) + { + // let the trashbin handle this - if ( \OCP\App::isEnabled('files_trashbin') ) { - return true; + if (\OCP\App::isEnabled('files_trashbin')) { + return true; } - + // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $view = new \OC_FilesystemView( '/' ); + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + $view = new \OC_FilesystemView('/'); $userId = \OCP\USER::getUser(); - $util = new Util( $view, $userId ); + $util = new Util($view, $userId); // Format path to be relative to user files dir - $relPath = $util->stripUserFilesPath( $path ); + $relPath = $util->stripUserFilesPath($path); - list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath ); + list($owner, $ownerPath) = $util->getUidAndFilename($relPath); // Delete keyfile & shareKey so it isn't orphaned if ( - ! ( - Keymanager::deleteFileKey( $view, $owner, $ownerPath ) - && Keymanager::delAllShareKeys( $view, $owner, $ownerPath ) + !( + Keymanager::deleteFileKey($view, $owner, $ownerPath) + && Keymanager::delAllShareKeys($view, $owner, $ownerPath) ) ) { - - \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "'.$ownerPath.'"', \OC_Log::ERROR ); - + + \OC_Log::write('Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR); + } - + \OC_FileProxy::$enabled = $proxyStatus; - + // If we don't return true then file delete will fail; better // to leave orphaned keyfiles than to disallow file deletion return true; - + } /** - * @brief When a file is renamed, rename its keyfile also - * @return bool Result of rename() - * @note This is pre rather than post because using post didn't work - */ - public function postWrite( $path ) - { - $this->handleFile($path); + * @brief When a file is renamed, rename its keyfile also + * @param $path + * @return bool Result of rename() + * @note This is pre rather than post because using post didn't work + */ + public function postWrite($path) + { + $this->handleFile($path); - return true; - } + return true; + } + + /** + * @param $path + * @return bool + */ + public function postTouch($path) + { + $this->handleFile($path); - public function postTouch( $path ) - { - $this->handleFile($path); + return true; + } - return true; - } + /** + * @param $path + * @param $result + * @return resource + */ + public function postFopen($path, &$result) + { - public function postFopen( $path, &$result ){ + if (!$result) { - if ( !$result ) { - return $result; - + } - // Reformat path for use with OC_FSV - $path_split = explode( '/', $path ); - $path_f = implode( '/', array_slice( $path_split, 3 ) ); + // Reformat path for use with OC_FSV + $path_split = explode('/', $path); + $path_f = implode('/', array_slice($path_split, 3)); - // FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted - if($path_split[2] == 'cache') { - return $result; - } + // FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted + if ($path_split[2] == 'cache') { + return $result; + } // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $meta = stream_get_meta_data( $result ); - - $view = new \OC_FilesystemView( '' ); - - $util = new Util( $view, \OCP\USER::getUser()); - + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + $meta = stream_get_meta_data($result); + + $view = new \OC_FilesystemView(''); + + $util = new Util($view, \OCP\USER::getUser()); + // If file is already encrypted, decrypt using crypto protocol - if ( - Crypt::mode() == 'server' - && $util->isEncryptedPath( $path ) + if ( + Crypt::mode() == 'server' + && $util->isEncryptedPath($path) ) { - + // Close the original encrypted file - fclose( $result ); - + fclose($result); + // Open the file using the crypto stream wrapper // protocol and let it do the decryption work instead - $result = fopen( 'crypt://' . $path_f, $meta['mode'] ); - - - } elseif ( - self::shouldEncrypt( $path ) - and $meta ['mode'] != 'r' - and $meta['mode'] != 'rb' + $result = fopen('crypt://' . $path_f, $meta['mode']); + + + } elseif ( + self::shouldEncrypt($path) + and $meta ['mode'] != 'r' + and $meta['mode'] != 'rb' ) { - // If the file is not yet encrypted, but should be - // encrypted when it's saved (it's not read only) - - // NOTE: this is the case for new files saved via WebDAV - -// if ( -// $view->file_exists( $path ) -// and $view->filesize( $path ) > 0 -// ) { -// $x = $view->file_get_contents( $path ); -// -// $tmp = tmpfile(); - -// // Make a temporary copy of the original file -// \OCP\Files::streamCopy( $result, $tmp ); -// -// // Close the original stream, we'll return another one -// fclose( $result ); -// -// $view->file_put_contents( $path_f, $tmp ); -// -// fclose( $tmp ); - -// } - - $result = fopen( 'crypt://'.$path_f, $meta['mode'] ); - + $result = fopen('crypt://' . $path_f, $meta['mode']); } - + // Re-enable the proxy \OC_FileProxy::$enabled = $proxyStatus; - + return $result; - + } - public function postGetMimeType( $path, $mime ) { + /** + * @param $path + * @param $mime + * @return string + */ + public function postGetMimeType($path, $mime) + { + + if (Crypt::isCatfileContent($path)) { + + $mime = \OCP\Files::getMimeType('crypt://' . $path, 'w'); - if ( Crypt::isCatfileContent( $path ) ) { - - $mime = \OCP\Files::getMimeType( 'crypt://' . $path, 'w' ); - } - + return $mime; - - } - public function postGetFileInfo( $path, $data ) { + } - // if path is a folder do nothing - if(is_array($data) && array_key_exists('size', $data)) { + /** + * @param $path + * @param $data + * @return array + */ + public function postGetFileInfo($path, $data) + { - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // if path is a folder do nothing + if (is_array($data) && array_key_exists('size', $data)) { - // get file size - $data['size'] = self::postFileSize($path, $data['size']); + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // Re-enable the proxy - \OC_FileProxy::$enabled = $proxyStatus; - } + // get file size + $data['size'] = self::postFileSize($path, $data['size']); - return $data; - } + // Re-enable the proxy + \OC_FileProxy::$enabled = $proxyStatus; + } - public function postStat($path, $data) - { - // check if file is encrypted - if (Crypt::isCatfileContent($path)) { + return $data; + } - // get file info from cache - $cached = \OC\Files\Filesystem::getFileInfo($path, ''); + /** + * @param $path + * @param $data + * @return mixed + */ + public function postStat($path, $data) + { + // check if file is encrypted + if (Crypt::isCatfileContent($path)) { - // set the real file size - $data['size'] = $cached['unencrypted_size']; - } + // get file info from cache + $cached = \OC\Files\Filesystem::getFileInfo($path, ''); - return $data; - } + // set the real file size + $data['size'] = $cached['unencrypted_size']; + } - public function postFileSize($path, $size) - { + return $data; + } - $view = new \OC_FilesystemView('/'); + /** + * @param $path + * @param $size + * @return bool + */ + public function postFileSize($path, $size) + { - // if path is a folder do nothing - if ($view->is_dir($path)) { - return $size; - } + $view = new \OC_FilesystemView('/'); - // Reformat path for use with OC_FSV - $path_split = explode('/', $path); - $path_f = implode('/', array_slice($path_split, 3)); + // if path is a folder do nothing + if ($view->is_dir($path)) { + return $size; + } - // if path is empty we cannot resolve anything - if(empty($path_f)) { - return $size; - } + // Reformat path for use with OC_FSV + $path_split = explode('/', $path); + $path_f = implode('/', array_slice($path_split, 3)); - // get file info from database/cache - $fileInfo = \OC\Files\Filesystem::getFileInfo($path_f); + // if path is empty we cannot resolve anything + if (empty($path_f)) { + return $size; + } - // if file is encrypted return real file size - if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { - $size = $fileInfo['unencrypted_size']; - } else { - // self healing if file was removed from file cache - if(is_array($fileInfo)) { - $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId ); - $fixSize = $util->getFileSize($path); - if($fixSize > 0) { - $size = $fixSize; + // get file info from database/cache + $fileInfo = \OC\Files\Filesystem::getFileInfo($path_f); + + // if file is encrypted return real file size + if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { + $size = $fileInfo['unencrypted_size']; + } else { + // self healing if file was removed from file cache + if (is_array($fileInfo)) { + $userId = \OCP\User::getUser(); + $util = new Util($view, $userId); + $fixSize = $util->getFileSize($path); + if ($fixSize > 0) { + $size = $fixSize; + + $fileInfo['encrypted'] = true; + $fileInfo['unencrypted_size'] = $size; + + // put file info + $view->putFileInfo($path_f, $fileInfo); + } + } + } + return $size; + } - $fileInfo['encrypted'] = true; - $fileInfo['unencrypted_size'] = $size; + /** + * @param $path + */ + public function handleFile($path) + { - // put file info - $view->putFileInfo( $path_f, $fileInfo ); - } - } - } - return $size; - } + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - public function handleFile($path) { + $view = new \OC_FilesystemView('/'); + $session = new Session($view); + $userId = \OCP\User::getUser(); + $util = new Util($view, $userId); - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Reformat path for use with OC_FSV + $path_split = explode('/', $path); + $path_f = implode('/', array_slice($path_split, 3)); - $view = new \OC_FilesystemView('/'); - $session = new Session($view); - $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId ); + // only if file is on 'files' folder fix file size and sharing + if ($path_split[2] == 'files' && $util->fixFileSize($path)) { - // Reformat path for use with OC_FSV - $path_split = explode( '/', $path ); - $path_f = implode( '/', array_slice( $path_split, 3 ) ); + // get sharing app state + $sharingEnabled = \OCP\Share::isEnabled(); - // only if file is on 'files' folder fix file size and sharing - if($path_split[2] == 'files' && $util->fixFileSize($path)) { + // get users + $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f); - // get sharing app state - $sharingEnabled = \OCP\Share::isEnabled(); + // update sharing-keys + $util->setSharedFileKeyfiles($session, $usersSharing, $path_f); + } - // get users - $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f); - - // update sharing-keys - $util->setSharedFileKeyfiles($session, $usersSharing, $path_f); - } - - \OC_FileProxy::$enabled = $proxyStatus; - } - } + \OC_FileProxy::$enabled = $proxyStatus; + } +} diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index 8d604dc721e..8425cedd99f 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -26,73 +26,75 @@ namespace OCA\Encryption; * Class for handling encryption related session data */ -class Session { +class Session +{ private $view; - + /** * @brief if session is started, check if ownCloud key pair is set up, if not create it - * - * The ownCloud key pair is used to allow public link sharing even if encryption is enabled + * @param \OC_FilesystemView $view + * + * @note The ownCloud key pair is used to allow public link sharing even if encryption is enabled */ - public function __construct( $view ) { - + public function __construct($view) + { + $this->view = $view; + if (!$this->view->is_dir('owncloud_private_key')) { + + $this->view->mkdir('owncloud_private_key'); - if ( ! $this->view->is_dir( 'owncloud_private_key' ) ) { - - $this->view->mkdir( 'owncloud_private_key' ); - } $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); if ($publicShareKeyId === null) { - $publicShareKeyId = 'pubShare_'.substr(md5(time()),0,8); + $publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); \OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId); } - - if ( - ! $this->view->file_exists( "/public-keys/".$publicShareKeyId.".public.key" ) - || ! $this->view->file_exists( "/owncloud_private_key/".$publicShareKeyId.".private.key" ) + + if ( + !$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key") + || !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key") ) { - - $keypair = Crypt::createKeypair(); - - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - // Save public key - - if (!$view->is_dir('/public-keys')) { - $view->mkdir('/public-keys'); - } - - $this->view->file_put_contents( '/public-keys/'.$publicShareKeyId.'.public.key', $keypair['publicKey'] ); - - // Encrypt private key empthy passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' ); - - // Save private key - $this->view->file_put_contents( '/owncloud_private_key/'.$publicShareKeyId.'.private.key', $encryptedPrivateKey ); - + + $keypair = Crypt::createKeypair(); + + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + // Save public key + + if (!$view->is_dir('/public-keys')) { + $view->mkdir('/public-keys'); + } + + $this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']); + + // Encrypt private key empthy passphrase + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], ''); + + // Save private key + $this->view->file_put_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey); + \OC_FileProxy::$enabled = $proxyStatus; - + } - if(\OCP\USER::getUser() === false) { - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + if (\OCP\USER::getUser() === false) { + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - $encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/'.$publicShareKeyId.'.private.key' ); - $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' ); - $this->setPrivateKey($privateKey); + $encryptedKey = $this->view->file_get_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key'); + $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, ''); + $this->setPrivateKey($privateKey); - \OC_FileProxy::$enabled = $proxyStatus; - } + \OC_FileProxy::$enabled = $proxyStatus; + } } /** @@ -100,71 +102,72 @@ class Session { * @param string $privateKey * @return bool */ - public function setPrivateKey( $privateKey ) { - + public function setPrivateKey($privateKey) + { + $_SESSION['privateKey'] = $privateKey; - + return true; - + } - + /** * @brief Gets user private key from session * @returns string $privateKey The user's plaintext private key * */ - public function getPrivateKey() { - - if ( - isset( $_SESSION['privateKey'] ) - && !empty( $_SESSION['privateKey'] ) + public function getPrivateKey() + { + + if ( + isset($_SESSION['privateKey']) + && !empty($_SESSION['privateKey']) ) { - + return $_SESSION['privateKey']; - + } else { - + return false; - + } - + } - + /** * @brief Sets user legacy key to session + * @param $legacyKey * @return bool - * */ - public function setLegacyKey( $legacyKey ) { - - if ( $_SESSION['legacyKey'] = $legacyKey ) { - - return true; - - } - + public function setLegacyKey($legacyKey) + { + + $_SESSION['legacyKey'] = $legacyKey; + + return true; } - + /** * @brief Gets user legacy key from session * @returns string $legacyKey The user's plaintext legacy key * */ - public function getLegacyKey() { - - if ( - isset( $_SESSION['legacyKey'] ) - && !empty( $_SESSION['legacyKey'] ) + public function getLegacyKey() + { + + if ( + isset($_SESSION['legacyKey']) + && !empty($_SESSION['legacyKey']) ) { - + return $_SESSION['legacyKey']; - + } else { - + return false; - + } - + } } \ No newline at end of file diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index ab967835082..31546a2cc50 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -3,7 +3,7 @@ * ownCloud * * @author Robin Appelman - * @copyright 2012 Sam Tuke , 2011 Robin Appelman + * @copyright 2012 Sam Tuke , 2011 Robin Appelman * * * This library is free software; you can redistribute it and/or @@ -32,30 +32,31 @@ namespace OCA\Encryption; /** * @brief Provides 'crypt://' stream wrapper protocol. - * @note We use a stream wrapper because it is the most secure way to handle + * @note We use a stream wrapper because it is the most secure way to handle * decrypted content transfers. There is no safe way to decrypt the entire file * somewhere on the server, so we have to encrypt and decrypt blocks on the fly. * @note Paths used with this protocol MUST BE RELATIVE. Use URLs like: - * crypt://filename, or crypt://subdirectory/filename, NOT - * crypt:///home/user/owncloud/data. Otherwise keyfiles will be put in - * [owncloud]/data/user/files_encryption/keyfiles/home/user/owncloud/data and + * crypt://filename, or crypt://subdirectory/filename, NOT + * crypt:///home/user/owncloud/data. Otherwise keyfiles will be put in + * [owncloud]/data/user/files_encryption/keyfiles/home/user/owncloud/data and * will not be accessible to other methods. - * @note Data read and written must always be 8192 bytes long, as this is the - * buffer size used internally by PHP. The encryption process makes the input - * data longer, and input is chunked into smaller pieces in order to result in + * @note Data read and written must always be 8192 bytes long, as this is the + * buffer size used internally by PHP. The encryption process makes the input + * data longer, and input is chunked into smaller pieces in order to result in * a 8192 encrypted block size. - * @note When files are deleted via webdav, or when they are updated and the - * previous version deleted, this is handled by OC\Files\View, and thus the + * @note When files are deleted via webdav, or when they are updated and the + * previous version deleted, this is handled by OC\Files\View, and thus the * encryption proxies are used and keyfiles deleted. */ -class Stream { +class Stream +{ public static $sourceStreams = array(); + private $plainKey; + private $encKeyfiles; - // TODO: make all below properties private again once unit testing is - // configured correctly - public $rawPath; // The raw path relative to the data dir - public $relPath; // rel path to users file dir + private $rawPath; // The raw path relative to the data dir + private $relPath; // rel path to users file dir private $userId; private $handle; // Resource returned by fopen private $path; @@ -63,226 +64,238 @@ class Stream { private $meta = array(); // Header / meta for source stream private $count; private $writeCache; - public $size; - public $unencryptedSize; + private $size; + private $unencryptedSize; private $publicKey; private $keyfile; private $encKeyfile; private static $view; // a fsview object set to user dir private $rootView; // a fsview object set to '/' - public function stream_open( $path, $mode, $options, &$opened_path ) { + /** + * @param $path + * @param $mode + * @param $options + * @param $opened_path + * @return bool + */ + public function stream_open($path, $mode, $options, &$opened_path) + { - if ( ! isset( $this->rootView ) ) { - $this->rootView = new \OC_FilesystemView( '/' ); + if (!isset($this->rootView)) { + $this->rootView = new \OC_FilesystemView('/'); } - $util = new Util( $this->rootView, \OCP\USER::getUser()); + $util = new Util($this->rootView, \OCP\USER::getUser()); - $this->userId = $util->getUserId(); + $this->userId = $util->getUserId(); + + // Strip identifier text from path, this gives us the path relative to data//files + $this->relPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); - // Strip identifier text from path, this gives us the path relative to data//files - $this->relPath = \OC\Files\Filesystem::normalizePath(str_replace( 'crypt://', '', $path )); - // rawPath is relative to the data directory $this->rawPath = $util->getUserFilesDir() . $this->relPath; - + if ( - dirname( $this->rawPath ) == 'streams' - and isset( self::$sourceStreams[basename( $this->rawPath )] ) + dirname($this->rawPath) == 'streams' + and isset(self::$sourceStreams[basename($this->rawPath)]) ) { - + // Is this just for unit testing purposes? - $this->handle = self::$sourceStreams[basename( $this->rawPath )]['stream']; + $this->handle = self::$sourceStreams[basename($this->rawPath)]['stream']; - $this->path = self::$sourceStreams[basename( $this->rawPath )]['path']; + $this->path = self::$sourceStreams[basename($this->rawPath)]['path']; - $this->size = self::$sourceStreams[basename( $this->rawPath )]['size']; + $this->size = self::$sourceStreams[basename($this->rawPath)]['size']; } else { - // Disable fileproxies so we can get the file size and open the source file without recursive encryption - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Disable fileproxies so we can get the file size and open the source file without recursive encryption + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - if ( - $mode == 'w' - or $mode == 'w+' - or $mode == 'wb' - or $mode == 'wb+' + if ( + $mode == 'w' + or $mode == 'w+' + or $mode == 'wb' + or $mode == 'wb+' ) { // We're writing a new file so start write counter with 0 bytes $this->size = 0; - $this->unencryptedSize = 0; + $this->unencryptedSize = 0; } else { - - $this->size = $this->rootView->filesize( $this->rawPath, $mode ); - - //$this->size = filesize( $this->rawPath ); - + + $this->size = $this->rootView->filesize($this->rawPath, $mode); + } - //$this->handle = fopen( $this->rawPath, $mode ); - - $this->handle = $this->rootView->fopen( $this->rawPath, $mode ); - + $this->handle = $this->rootView->fopen($this->rawPath, $mode); + \OC_FileProxy::$enabled = $proxyStatus; - if ( ! is_resource( $this->handle ) ) { + if (!is_resource($this->handle)) { - \OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR ); + \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); } else { - - $this->meta = stream_get_meta_data( $this->handle ); - + + $this->meta = stream_get_meta_data($this->handle); + } } - return is_resource( $this->handle ); + return is_resource($this->handle); } - - public function stream_seek( $offset, $whence = SEEK_SET ) { - + + /** + * @param $offset + * @param int $whence + */ + public function stream_seek($offset, $whence = SEEK_SET) + { + $this->flush(); - - fseek( $this->handle, $offset, $whence ); - + + fseek($this->handle, $offset, $whence); + } - - public function stream_tell() { + + /** + * @return int + */ + public function stream_tell() + { return ftell($this->handle); } - - public function stream_read( $count ) { - + + /** + * @param $count + * @return bool|string + * @throws \Exception + */ + public function stream_read($count) + { + $this->writeCache = ''; - if ( $count != 8192 ) { - + if ($count != 8192) { + // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL ); + \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); die(); } -// $pos = ftell( $this->handle ); -// // Get the data from the file handle - $data = fread( $this->handle, 8192 ); - + $data = fread($this->handle, 8192); + $result = ''; - - if ( strlen( $data ) ) { - - if ( ! $this->getKey() ) { - + + if (strlen($data)) { + + if (!$this->getKey()) { + // Error! We don't have a key to decrypt the file with - throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream' ); - + throw new \Exception('Encryption key not found for "' . $this->rawPath . '" during attempted read via stream'); + } - + // Decrypt data - $result = Crypt::symmetricDecryptFileContent( $data, $this->plainKey ); - - } + $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey); -// $length = $this->size - $pos; -// -// if ( $length < 8192 ) { -// -// $result = substr( $result, 0, $length ); -// -// } + } return $result; } - + /** * @brief Encrypt and pad data ready for writing to disk * @param string $plainData data to be encrypted * @param string $key key to use for encryption - * @return encrypted data on success, false on failure + * @return string encrypted data on success, false on failure */ - public function preWriteEncrypt( $plainData, $key ) { - + public function preWriteEncrypt($plainData, $key) + { + // Encrypt data to 'catfile', which includes IV - if ( $encrypted = Crypt::symmetricEncryptFileContent( $plainData, $key ) ) { - - return $encrypted; - + if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key)) { + + return $encrypted; + } else { - + return false; - + } - + } - + /** * @brief Fetch the plain encryption key for the file and set it as plainKey property - * @param bool $generate if true, a new key will be generated if none can be found + * @internal param bool $generate if true, a new key will be generated if none can be found * @return bool true on key found and set, false on key not found and new key generated and set */ - public function getKey() { - + public function getKey() + { + // Check if key is already set - if ( isset( $this->plainKey ) && isset( $this->encKeyfile ) ) { - + if (isset($this->plainKey) && isset($this->encKeyfile)) { + return true; - + } - + // Fetch and decrypt keyfile - // Fetch existing keyfile - $this->encKeyfile = Keymanager::getFileKey( $this->rootView, $this->userId, $this->relPath ); + // Fetch existing keyfile + $this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath); // If a keyfile already exists - if ( $this->encKeyfile ) { + if ($this->encKeyfile) { $this->setUserProperty(); - - $session = new Session( $this->rootView ); - - $privateKey = $session->getPrivateKey( $this->userId ); - - $shareKey = Keymanager::getShareKey( $this->rootView, $this->userId, $this->relPath ); - - $this->plainKey = Crypt::multiKeyDecrypt( $this->encKeyfile, $shareKey, $privateKey ); - + + $session = new Session($this->rootView); + + $privateKey = $session->getPrivateKey($this->userId); + + $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); + + $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey); + return true; - + } else { - + return false; - + } - + } - - public function setUserProperty() { - + + public function setUserProperty() + { + // Only get the user again if it isn't already set - if ( empty( $this->userId ) ) { - + if (empty($this->userId)) { + // TODO: Move this user call out of here - it belongs // elsewhere $this->userId = \OCP\User::getUser(); - + } - + // TODO: Add a method for getting the user in case OCP\User:: // getUser() doesn't work (can that scenario ever occur?) - + } - + /** * @brief Handle plain data from the stream, and write it in 8192 byte blocks * @param string $data data to be written to disk @@ -292,89 +305,64 @@ class Stream { * @note Padding is added to each encrypted block to ensure that the resulting block is exactly 8192 bytes. This is removed during stream_read * @note PHP automatically updates the file pointer after writing data to reflect it's length. There is generally no need to update the poitner manually using fseek */ - public function stream_write( $data ) { - + public function stream_write($data) + { + // Disable the file proxies so that encryption is not // automatically attempted when the file is written to disk - // we are handling that separately here and we don't want to // get into an infinite loop - $proxyStatus = \OC_FileProxy::$enabled; + $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - + // Get the length of the unencrypted data that we are handling - $length = strlen( $data ); - + $length = strlen($data); + // So far this round, no data has been written $written = 0; - + // Find out where we are up to in the writing of data to the // file - $pointer = ftell( $this->handle ); - + $pointer = ftell($this->handle); + // Make sure the userId is set $this->setUserProperty(); - + // Get / generate the keyfile for the file we're handling // If we're writing a new file (not overwriting an existing // one), save the newly generated keyfile - if ( ! $this->getKey() ) { - + if (!$this->getKey()) { + $this->plainKey = Crypt::generateKey(); - + } - - + // If extra data is left over from the last round, make sure it // is integrated into the next 6126 / 8192 block - if ( $this->writeCache ) { - + if ($this->writeCache) { + // Concat writeCache to start of $data $data = $this->writeCache . $data; - + // Clear the write cache, ready for resuse - it has been // flushed and its old contents processed $this->writeCache = ''; } -// -// // Make sure we always start on a block start - if ( 0 != ( $pointer % 8192 ) ) { - // if the current position of - // file indicator is not aligned to a 8192 byte block, fix it - // so that it is - -// fseek( $this->handle, - ( $pointer % 8192 ), SEEK_CUR ); -// -// $pointer = ftell( $this->handle ); -// -// $unencryptedNewBlock = fread( $this->handle, 8192 ); -// -// fseek( $this->handle, - ( $currentPos % 8192 ), SEEK_CUR ); -// -// $block = Crypt::symmetricDecryptFileContent( $unencryptedNewBlock, $this->plainKey ); -// -// $x = substr( $block, 0, $currentPos % 8192 ); -// -// $data = $x . $data; -// -// fseek( $this->handle, - ( $currentPos % 8192 ), SEEK_CUR ); -// - } -// $currentPos = ftell( $this->handle ); - -// // While there still remains somed data to be processed & written - while( strlen( $data ) > 0 ) { - -// // Remaining length for this iteration, not of the -// // entire file (may be greater than 8192 bytes) -// $remainingLength = strlen( $data ); -// -// // If data remaining to be written is less than the -// // size of 1 6126 byte block - if ( strlen( $data ) < 6126 ) { - + + // While there still remains somed data to be processed & written + while (strlen($data) > 0) { + + // Remaining length for this iteration, not of the + // entire file (may be greater than 8192 bytes) + $remainingLength = strlen( $data ); + + // If data remaining to be written is less than the + // size of 1 6126 byte block + if (strlen($data) < 6126) { + // Set writeCache to contents of $data // The writeCache will be carried over to the // next write round, and added to the start of @@ -387,148 +375,174 @@ class Stream { // Clear $data ready for next round $data = ''; - + } else { - + // Read the chunk from the start of $data - $chunk = substr( $data, 0, 6126 ); - - $encrypted = $this->preWriteEncrypt( $chunk, $this->plainKey ); - + $chunk = substr($data, 0, 6126); + + $encrypted = $this->preWriteEncrypt($chunk, $this->plainKey); + // Write the data chunk to disk. This will be // attended to the last data chunk if the file // being handled totals more than 6126 bytes - fwrite( $this->handle, $encrypted ); - - $writtenLen = strlen( $encrypted ); - //fseek( $this->handle, $writtenLen, SEEK_CUR ); + fwrite($this->handle, $encrypted); + + $writtenLen = strlen($encrypted); // Remove the chunk we just processed from // $data, leaving only unprocessed data in $data // var, for handling on the next round - $data = substr( $data, 6126 ); + $data = substr($data, 6126); } - + } - - $this->size = max( $this->size, $pointer + $length ); - $this->unencryptedSize += $length; - \OC_FileProxy::$enabled = $proxyStatus; + $this->size = max($this->size, $pointer + $length); + $this->unencryptedSize += $length; + + \OC_FileProxy::$enabled = $proxyStatus; return $length; } - public function stream_set_option( $option, $arg1, $arg2 ) { - switch($option) { + /** + * @param $option + * @param $arg1 + * @param $arg2 + */ + public function stream_set_option($option, $arg1, $arg2) + { + switch ($option) { case STREAM_OPTION_BLOCKING: - stream_set_blocking( $this->handle, $arg1 ); + stream_set_blocking($this->handle, $arg1); break; case STREAM_OPTION_READ_TIMEOUT: - stream_set_timeout( $this->handle, $arg1, $arg2 ); + stream_set_timeout($this->handle, $arg1, $arg2); break; case STREAM_OPTION_WRITE_BUFFER: - stream_set_write_buffer( $this->handle, $arg1, $arg2 ); + stream_set_write_buffer($this->handle, $arg1, $arg2); } } - public function stream_stat() { + /** + * @return array + */ + public function stream_stat() + { return fstat($this->handle); } - - public function stream_lock( $mode ) { - flock( $this->handle, $mode ); + + /** + * @param $mode + */ + public function stream_lock($mode) + { + flock($this->handle, $mode); } - - public function stream_flush() { - - return fflush( $this->handle ); + + /** + * @return bool + */ + public function stream_flush() + { + + return fflush($this->handle); // Not a typo: http://php.net/manual/en/function.fflush.php - + } - public function stream_eof() { + /** + * @return bool + */ + public function stream_eof() + { return feof($this->handle); } - private function flush() { - - if ( $this->writeCache ) { - + private function flush() + { + + if ($this->writeCache) { + // Set keyfile property for file in question $this->getKey(); - - $encrypted = $this->preWriteEncrypt( $this->writeCache, $this->plainKey ); - - fwrite( $this->handle, $encrypted ); - + + $encrypted = $this->preWriteEncrypt($this->writeCache, $this->plainKey); + + fwrite($this->handle, $encrypted); + $this->writeCache = ''; - + } - + } - public function stream_close() { + /** + * @return bool + */ + public function stream_close() + { + + $this->flush(); - $this->flush(); - - if ( - $this->meta['mode']!='r' - and $this->meta['mode']!='rb' - and $this->size > 0 + if ( + $this->meta['mode'] != 'r' + and $this->meta['mode'] != 'rb' + and $this->size > 0 ) { - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // Fetch user's public key - $this->publicKey = Keymanager::getPublicKey( $this->rootView, $this->userId ); + // Fetch user's public key + $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId); - // Check if OC sharing api is enabled - $sharingEnabled = \OCP\Share::isEnabled(); + // Check if OC sharing api is enabled + $sharingEnabled = \OCP\Share::isEnabled(); - $util = new Util( $this->rootView, $this->userId ); + $util = new Util($this->rootView, $this->userId); - // Get all users sharing the file includes current user - $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $this->relPath, $this->userId); + // Get all users sharing the file includes current user + $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); - // Fetch public keys for all sharing users - $publicKeys = Keymanager::getPublicKeys( $this->rootView, $uniqueUserIds ); + // Fetch public keys for all sharing users + $publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds); - // Encrypt enc key for all sharing users - $this->encKeyfiles = Crypt::multiKeyEncrypt( $this->plainKey, $publicKeys ); + // Encrypt enc key for all sharing users + $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); - $view = new \OC_FilesystemView( '/' ); + $view = new \OC_FilesystemView('/'); - // Save the new encrypted file key - Keymanager::setFileKey( $this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data'] ); + // Save the new encrypted file key + Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']); - // Save the sharekeys - Keymanager::setShareKeys( $view, $this->relPath, $this->encKeyfiles['keys'] ); + // Save the sharekeys + Keymanager::setShareKeys($view, $this->relPath, $this->encKeyfiles['keys']); - // get file info - $fileInfo = $view->getFileInfo($this->rawPath); - if(!is_array($fileInfo)) { - $fileInfo = array(); - } + // get file info + $fileInfo = $view->getFileInfo($this->rawPath); + if (!is_array($fileInfo)) { + $fileInfo = array(); + } - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; - // set encryption data - $fileInfo['encrypted'] = true; - $fileInfo['size'] = $this->size; - $fileInfo['unencrypted_size'] = $this->unencryptedSize; + // set encryption data + $fileInfo['encrypted'] = true; + $fileInfo['size'] = $this->size; + $fileInfo['unencrypted_size'] = $this->unencryptedSize; - // set fileinfo - $view->putFileInfo( $this->rawPath, $fileInfo); + // set fileinfo + $view->putFileInfo($this->rawPath, $fileInfo); } - return fclose( $this->handle ); - + return fclose($this->handle); + } } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 82f789c5202..9ba7b3b3a31 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -3,7 +3,7 @@ * ownCloud * * @author Sam Tuke, Frank Karlitschek - * @copyright 2012 Sam Tuke , + * @copyright 2012 Sam Tuke , * Frank Karlitschek * * This library is free software; you can redistribute it and/or @@ -55,49 +55,49 @@ namespace OCA\Encryption; * unused, likely to become obsolete shortly */ -class Util { - - +class Util +{ + // Web UI: - + //// DONE: files created via web ui are encrypted //// DONE: file created & encrypted via web ui are readable in web ui //// DONE: file created & encrypted via web ui are readable via webdav - - + + // WebDAV: - + //// DONE: new data filled files added via webdav get encrypted //// DONE: new data filled files added via webdav are readable via webdav //// DONE: reading unencrypted files when encryption is enabled works via //// webdav //// DONE: files created & encrypted via web ui are readable via webdav - - + + // Legacy support: - + //// DONE: add method to check if file is encrypted using new system //// DONE: add method to check if file is encrypted using old system //// DONE: add method to fetch legacy key //// DONE: add method to decrypt legacy encrypted data - - + + // Admin UI: - + //// DONE: changing user password also changes encryption passphrase - + //// TODO: add support for optional recovery in case of lost passphrase / keys //// TODO: add admin optional required long passphrase for users //// TODO: implement flag system to allow user to specify encryption by folder, subfolder, etc. - - + + // Integration testing: - + //// TODO: test new encryption with versioning //// DONE: test new encryption with sharing //// TODO: test new encryption with proxies - - + + private $view; // OC_FilesystemView object for filesystem operations private $userId; // ID of the currently logged-in user private $pwd; // User Password @@ -110,228 +110,246 @@ class Util { private $privateKeyPath; // Path to user's private key private $publicShareKeyId; private $recoveryKeyId; - private $isPublic; + private $isPublic; - public function __construct( \OC_FilesystemView $view, $userId, $client = false ) { + /** + * @param \OC_FilesystemView $view + * @param $userId + * @param bool $client + */ + public function __construct(\OC_FilesystemView $view, $userId, $client = false) + { $this->view = $view; $this->userId = $userId; $this->client = $client; - $this->isPublic = false; - - $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); - $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); - - // if we are anonymous/public - if($this->userId === false) { - $this->userId = $this->publicShareKeyId; - - // only handle for files_sharing app - if($GLOBALS['app'] === 'files_sharing') { - $this->userDir = '/' . $GLOBALS['fileOwner']; - $this->fileFolderName = 'files'; - $this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? - $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption'; - $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; - $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; - $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key - $this->privateKeyPath = '/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key - $this->isPublic = true; - } - - } else { - $this->userDir = '/' . $this->userId; - $this->fileFolderName = 'files'; - $this->userFilesDir = '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? - $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; - $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; - $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; - $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key - $this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key - } + $this->isPublic = false; + + $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); + $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + + // if we are anonymous/public + if ($this->userId === false) { + $this->userId = $this->publicShareKeyId; + + // only handle for files_sharing app + if ($GLOBALS['app'] === 'files_sharing') { + $this->userDir = '/' . $GLOBALS['fileOwner']; + $this->fileFolderName = 'files'; + $this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? + $this->publicKeyDir = '/' . 'public-keys'; + $this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption'; + $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; + $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; + $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->privateKeyPath = '/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key + $this->isPublic = true; + } + + } else { + $this->userDir = '/' . $this->userId; + $this->fileFolderName = 'files'; + $this->userFilesDir = '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? + $this->publicKeyDir = '/' . 'public-keys'; + $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; + $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; + $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; + $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key + } } - - public function ready() { - - if( - ! $this->view->file_exists( $this->encryptionDir ) - or ! $this->view->file_exists( $this->keyfilesPath ) - or ! $this->view->file_exists( $this->shareKeysPath ) - or ! $this->view->file_exists( $this->publicKeyPath ) - or ! $this->view->file_exists( $this->privateKeyPath ) + + /** + * @return bool + */ + public function ready() + { + + if ( + !$this->view->file_exists($this->encryptionDir) + or !$this->view->file_exists($this->keyfilesPath) + or !$this->view->file_exists($this->shareKeysPath) + or !$this->view->file_exists($this->publicKeyPath) + or !$this->view->file_exists($this->privateKeyPath) ) { - + return false; - + } else { - + return true; - + } - + } - - /** - * @brief Sets up user folders and keys for serverside encryption - * @param $passphrase passphrase to encrypt server-stored private key with - */ - public function setupServerSide( $passphrase = null ) { - + + /** + * @brief Sets up user folders and keys for serverside encryption + * @param string $passphrase passphrase to encrypt server-stored private key with + */ + public function setupServerSide($passphrase = null) + { + // Set directories to check / create - $setUpDirs = array( + $setUpDirs = array( $this->userDir - , $this->userFilesDir - , $this->publicKeyDir - , $this->encryptionDir - , $this->keyfilesPath - , $this->shareKeysPath + , $this->userFilesDir + , $this->publicKeyDir + , $this->encryptionDir + , $this->keyfilesPath + , $this->shareKeysPath ); - + // Check / create all necessary dirs - foreach ( $setUpDirs as $dirPath ) { - - if( !$this->view->file_exists( $dirPath ) ) { - - $this->view->mkdir( $dirPath ); - + foreach ($setUpDirs as $dirPath) { + + if (!$this->view->file_exists($dirPath)) { + + $this->view->mkdir($dirPath); + } - + } - + // Create user keypair - if ( - ! $this->view->file_exists( $this->publicKeyPath ) - or ! $this->view->file_exists( $this->privateKeyPath ) + if ( + !$this->view->file_exists($this->publicKeyPath) + or !$this->view->file_exists($this->privateKeyPath) ) { - + // Generate keypair $keypair = Crypt::createKeypair(); - + \OC_FileProxy::$enabled = false; - + // Save public key - $this->view->file_put_contents( $this->publicKeyPath, $keypair['publicKey'] ); - + $this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']); + // Encrypt private key with user pwd as passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $passphrase ); - + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase); + // Save private key - $this->view->file_put_contents( $this->privateKeyPath, $encryptedPrivateKey ); - + $this->view->file_put_contents($this->privateKeyPath, $encryptedPrivateKey); + \OC_FileProxy::$enabled = true; - + } - + // If there's no record for this user's encryption preferences - if ( false === $this->recoveryEnabledForUser() ) { - + if (false === $this->recoveryEnabledForUser()) { + // create database configuration $sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)'; - $args = array( $this->userId, 'server-side', 0); - $query = \OCP\DB::prepare( $sql ); - $query->execute( $args ); - + $args = array($this->userId, 'server-side', 0); + $query = \OCP\DB::prepare($sql); + $query->execute($args); + } - + return true; - + } - public function getPublicShareKeyId() { + /** + * @return string + */ + public function getPublicShareKeyId() + { return $this->publicShareKeyId; } - + /** * @brief Check whether pwd recovery is enabled for a given user - * @return 1 = yes, 0 = no, false = no record - * @note If records are not being returned, check for a hidden space + * @return bool 1 = yes, 0 = no, false = no record + * + * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - public function recoveryEnabledForUser() { - + public function recoveryEnabledForUser() + { + $sql = 'SELECT recovery_enabled FROM `*PREFIX*encryption` WHERE uid = ?'; - - $args = array( $this->userId ); - $query = \OCP\DB::prepare( $sql ); - - $result = $query->execute( $args ); - + $args = array($this->userId); + + $query = \OCP\DB::prepare($sql); + + $result = $query->execute($args); + $recoveryEnabled = array(); - - while( $row = $result->fetchRow() ) { - + + while ($row = $result->fetchRow()) { + $recoveryEnabled[] = $row['recovery_enabled']; - + } - + // If no record is found - if ( empty( $recoveryEnabled ) ) { - + if (empty($recoveryEnabled)) { + return false; - - // If a record is found + + // If a record is found } else { - + return $recoveryEnabled[0]; - + } - + } - + /** * @brief Enable / disable pwd recovery for a given user * @param bool $enabled Whether to enable or disable recovery * @return bool */ - public function setRecoveryForUser( $enabled ) { - + public function setRecoveryForUser($enabled) + { + $recoveryStatus = $this->recoveryEnabledForUser(); - + // If a record for this user already exists, update it - if ( false === $recoveryStatus ) { - + if (false === $recoveryStatus) { + $sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)'; - - $args = array( $this->userId, 'server-side', $enabled ); - - // Create a new record instead + + $args = array($this->userId, 'server-side', $enabled); + + // Create a new record instead } else { - + $sql = 'UPDATE *PREFIX*encryption SET recovery_enabled = ? WHERE uid = ?'; - - $args = array( $enabled, $this->userId ); - + + $args = array($enabled, $this->userId); + } - - $query = \OCP\DB::prepare( $sql ); - - if ( $query->execute( $args ) ) { - + + $query = \OCP\DB::prepare($sql); + + if ($query->execute($args)) { + return true; - + } else { - + return false; - + } - + } - + /** * @brief Find all files and their encryption status within a directory * @param string $directory The path of the parent directory to search @@ -339,45 +357,46 @@ class Util { * @note $directory needs to be a path relative to OC data dir. e.g. * /admin/files NOT /backup OR /home/www/oc/data/admin/files */ - public function findEncFiles( $directory ) { - + public function findEncFiles($directory) + { + // Disable proxy - we don't want files to be decrypted before // we handle them \OC_FileProxy::$enabled = false; - - $found = array( 'plain' => array(), 'encrypted' => array(), 'legacy' => array() ); - - if ( - $this->view->is_dir( $directory ) - && $handle = $this->view->opendir( $directory ) + + $found = array('plain' => array(), 'encrypted' => array(), 'legacy' => array()); + + if ( + $this->view->is_dir($directory) + && $handle = $this->view->opendir($directory) ) { - - while ( false !== ( $file = readdir( $handle ) ) ) { - + + while (false !== ($file = readdir($handle))) { + if ( - $file != "." - && $file != ".." + $file != "." + && $file != ".." ) { - - $filePath = $directory . '/' . $this->view->getRelativePath( '/' . $file ); - $relPath = $this->stripUserFilesPath( $filePath ); - + + $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); + $relPath = $this->stripUserFilesPath($filePath); + // If the path is a directory, search // its contents - if ( $this->view->is_dir( $filePath ) ) { - - $this->findEncFiles( $filePath ); - - // If the path is a file, determine - // its encryption status - } elseif ( $this->view->is_file( $filePath ) ) { - + if ($this->view->is_dir($filePath)) { + + $this->findEncFiles($filePath); + + // If the path is a file, determine + // its encryption status + } elseif ($this->view->is_file($filePath)) { + // Disable proxies again, some- // where they got re-enabled :/ \OC_FileProxy::$enabled = false; - - $data = $this->view->file_get_contents( $filePath ); - + + $data = $this->view->file_get_contents($filePath); + // If the file is encrypted // NOTE: If the userId is // empty or not set, file will @@ -385,128 +404,131 @@ class Util { // NOTE: This is inefficient; // scanning every file like this // will eat server resources :( - if ( - Keymanager::getFileKey( $this->view, $this->userId, $relPath ) - && Crypt::isCatfileContent( $data ) + if ( + Keymanager::getFileKey($this->view, $this->userId, $relPath) + && Crypt::isCatfileContent($data) ) { - - $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); - - // If the file uses old - // encryption system - } elseif ( Crypt::isLegacyEncryptedContent( $this->tail( $filePath, 3 ), $relPath ) ) { - - $found['legacy'][] = array( 'name' => $file, 'path' => $filePath ); - - // If the file is not encrypted + + $found['encrypted'][] = array('name' => $file, 'path' => $filePath); + + // If the file uses old + // encryption system + } elseif (Crypt::isLegacyEncryptedContent($this->tail($filePath, 3), $relPath)) { + + $found['legacy'][] = array('name' => $file, 'path' => $filePath); + + // If the file is not encrypted } else { - - $found['plain'][] = array( 'name' => $file, 'path' => $relPath ); - + + $found['plain'][] = array('name' => $file, 'path' => $relPath); + } - + } - + } - + } - + \OC_FileProxy::$enabled = true; - - if ( empty( $found ) ) { - + + if (empty($found)) { + return false; - + } else { - + return $found; - + } - + } - + \OC_FileProxy::$enabled = true; - + return false; } - - /** - * @brief Fetch the last lines of a file efficiently - * @note Safe to use on large files; does not read entire file to memory - * @note Derivative of http://tekkie.flashbit.net/php/tail-functionality-in-php - */ - public function tail( $filename, $numLines ) { - + + /** + * @brief Fetch the last lines of a file efficiently + * @note Safe to use on large files; does not read entire file to memory + * @note Derivative of http://tekkie.flashbit.net/php/tail-functionality-in-php + */ + public function tail($filename, $numLines) + { + \OC_FileProxy::$enabled = false; - + $text = ''; $pos = -1; - $handle = $this->view->fopen( $filename, 'r' ); + $handle = $this->view->fopen($filename, 'r'); + + while ($numLines > 0) { - while ( $numLines > 0 ) { - --$pos; - if( fseek( $handle, $pos, SEEK_END ) !== 0 ) { - - rewind( $handle ); + if (fseek($handle, $pos, SEEK_END) !== 0) { + + rewind($handle); $numLines = 0; - - } elseif ( fgetc( $handle ) === "\n" ) { - + + } elseif (fgetc($handle) === "\n") { + --$numLines; - + } - $block_size = ( -$pos ) % 8192; - if ( $block_size === 0 || $numLines === 0 ) { - - $text = fread( $handle, ( $block_size === 0 ? 8192 : $block_size ) ) . $text; - + $block_size = (-$pos) % 8192; + if ($block_size === 0 || $numLines === 0) { + + $text = fread($handle, ($block_size === 0 ? 8192 : $block_size)) . $text; + } } - fclose( $handle ); - + fclose($handle); + \OC_FileProxy::$enabled = true; - + return $text; } - + /** - * @brief Check if a given path identifies an encrypted file - * @return true / false - */ - public function isEncryptedPath( $path ) { - + * @brief Check if a given path identifies an encrypted file + * @param $path + * @return boolean + */ + public function isEncryptedPath($path) + { + // Disable encryption proxy so data retrieved is in its // original form - $proxyStatus = \OC_FileProxy::$enabled; + $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - // we only need 24 byte from the last chunk - $data = ''; - $handle = $this->view->fopen( $path, 'r' ); - if(!fseek($handle, -24, SEEK_END)) { - $data = fgets($handle); - } + // we only need 24 byte from the last chunk + $data = ''; + $handle = $this->view->fopen($path, 'r'); + if (!fseek($handle, -24, SEEK_END)) { + $data = fgets($handle); + } - // re-enable proxy + // re-enable proxy \OC_FileProxy::$enabled = $proxyStatus; - - return Crypt::isCatfileContent( $data ); - + + return Crypt::isCatfileContent($data); + } /** - * @brief get the file size of the unencrypted file - * @param $path absolute path - * @return bool - */ + * @brief get the file size of the unencrypted file + * @param string $path absolute path + * @return bool + */ + public function getFileSize($path) + { - public function getFileSize( $path ) { - $result = 0; // Disable encryption proxy to prevent recursive calls @@ -514,8 +536,8 @@ class Util { \OC_FileProxy::$enabled = false; // Reformat path for use with OC_FSV - $pathSplit = explode( '/', $path ); - $pathRelative = implode( '/', array_slice( $pathSplit, 3 ) ); + $pathSplit = explode('/', $path); + $pathRelative = implode('/', array_slice($pathSplit, 3)); if ($pathSplit[2] == 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) { @@ -529,7 +551,7 @@ class Util { // open stream $stream = fopen('crypt://' . $pathRelative, "r"); - if(is_resource($stream)) { + if (is_resource($stream)) { // calculate last chunk position $lastChunckPos = ($lastChunckNr * 8192); @@ -551,36 +573,36 @@ class Util { return $result; } - + /** * @brief fix the file size of the encrypted file * @param $path absolute path * @return true / false if file is encrypted */ + public function fixFileSize($path) + { - public function fixFileSize( $path ) { - $result = false; // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $realSize = $this->getFileSize( $path ); - - if ( $realSize > 0 ) { - - $cached = $this->view->getFileInfo( $path ); + $realSize = $this->getFileSize($path); + + if ($realSize > 0) { + + $cached = $this->view->getFileInfo($path); $cached['encrypted'] = true; // set the size $cached['unencrypted_size'] = $realSize; // put file info - $this->view->putFileInfo( $path, $cached ); + $this->view->putFileInfo($path, $cached); $result = true; - + } \OC_FileProxy::$enabled = $proxyStatus; @@ -592,70 +614,82 @@ class Util { * @brief Format a path to be relative to the /user/files/ directory * @note e.g. turns '/admin/files/test.txt' into 'test.txt' */ - public function stripUserFilesPath( $path ) { - - $trimmed = ltrim( $path, '/' ); - $split = explode( '/', $trimmed ); - $sliced = array_slice( $split, 2 ); - $relPath = implode( '/', $sliced ); - + public function stripUserFilesPath($path) + { + + $trimmed = ltrim($path, '/'); + $split = explode('/', $trimmed); + $sliced = array_slice($split, 2); + $relPath = implode('/', $sliced); + return $relPath; - + } - + /** * @brief Format a path to be relative to the /user directory * @note e.g. turns '/admin/files/test.txt' into 'files/test.txt' */ - public function stripFilesPath( $path ) { - - $trimmed = ltrim( $path, '/' ); - $split = explode( '/', $trimmed ); - $sliced = array_slice( $split, 1 ); - $relPath = implode( '/', $sliced ); - + public function stripFilesPath($path) + { + + $trimmed = ltrim($path, '/'); + $split = explode('/', $trimmed); + $sliced = array_slice($split, 1); + $relPath = implode('/', $sliced); + return $relPath; - + } - + /** * @brief Format a shared path to be relative to the /user/files/ directory * @note Expects a path like /uid/files/Shared/filepath */ - public function stripSharedFilePath( $path ) { - - $trimmed = ltrim( $path, '/' ); - $split = explode( '/', $trimmed ); - $sliced = array_slice( $split, 3 ); - $relPath = implode( '/', $sliced ); - + public function stripSharedFilePath($path) + { + + $trimmed = ltrim($path, '/'); + $split = explode('/', $trimmed); + $sliced = array_slice($split, 3); + $relPath = implode('/', $sliced); + return $relPath; - + } - - public function isSharedPath( $path ) { - - $trimmed = ltrim( $path, '/' ); - $split = explode( '/', $trimmed ); - - if ( $split[2] == "Shared" ) { - + + /** + * @param $path + * @return bool + */ + public function isSharedPath($path) + { + + $trimmed = ltrim($path, '/'); + $split = explode('/', $trimmed); + + if ($split[2] == "Shared") { + return true; - + } else { - + return false; - + } - + } - + /** * @brief Encrypt all files in a directory * @param string $dirPath the directory whose files will be encrypted + * @param null $legacyPassphrase + * @param null $newPassphrase + * @return bool * @note Encryption is recursive */ - public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) { + public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) + { if ($found = $this->findEncFiles($dirPath)) { @@ -762,174 +796,180 @@ class Util { * @param string $pathName Name of the directory to return the path of * @return string path */ - public function getPath( $pathName ) { - - switch ( $pathName ) { - + public function getPath($pathName) + { + + switch ($pathName) { + case 'publicKeyDir': - + return $this->publicKeyDir; - + break; - + case 'encryptionDir': - + return $this->encryptionDir; - + break; - + case 'keyfilesPath': - + return $this->keyfilesPath; - + break; - + case 'publicKeyPath': - + return $this->publicKeyPath; - + break; - + case 'privateKeyPath': - + return $this->privateKeyPath; - + break; - + } - + } - + /** * @brief get path of a file. - * @param $fileId id of the file - * @return path of the file + * @param int $fileId id of the file + * @return string path of the file */ - public static function fileIdToPath( $fileId ) { - - $query = \OC_DB::prepare( 'SELECT `path`' - .' FROM `*PREFIX*filecache`' - .' WHERE `fileid` = ?' ); - - $result = $query->execute( array( $fileId ) ); - + public static function fileIdToPath($fileId) + { + + $query = \OC_DB::prepare('SELECT `path`' + . ' FROM `*PREFIX*filecache`' + . ' WHERE `fileid` = ?'); + + $result = $query->execute(array($fileId)); + $row = $result->fetchRow(); - - return substr( $row['path'], 5 ); - + + return substr($row['path'], 5); + } - + /** * @brief Filter an array of UIDs to return only ones ready for sharing * @param array $unfilteredUsers users to be checked for sharing readiness * @return multi-dimensional array. keys: ready, unready */ - public function filterShareReadyUsers( $unfilteredUsers ) { - + public function filterShareReadyUsers($unfilteredUsers) + { + // This array will collect the filtered IDs $readyIds = $unreadyIds = array(); - + // Loop through users and create array of UIDs that need new keyfiles - foreach ( $unfilteredUsers as $user ) { - - $util = new Util( $this->view, $user ); - + foreach ($unfilteredUsers as $user) { + + $util = new Util($this->view, $user); + // Check that the user is encryption capable, or is the // public system user 'ownCloud' (for public shares) - if ( + if ( $user == $this->publicShareKeyId or $user == $this->recoveryKeyId - or $util->ready() + or $util->ready() ) { - + // Construct array of ready UIDs for Keymanager{} $readyIds[] = $user; - + } else { - + // Construct array of unready UIDs for Keymanager{} $unreadyIds[] = $user; - + // Log warning; we can't do necessary setup here // because we don't have the user passphrase - \OC_Log::write( 'Encryption library', '"'.$user.'" is not setup for encryption', \OC_Log::WARN ); - + \OC_Log::write('Encryption library', '"' . $user . '" is not setup for encryption', \OC_Log::WARN); + } - + } - - return array ( + + return array( 'ready' => $readyIds - , 'unready' => $unreadyIds + , 'unready' => $unreadyIds ); - + } - + /** * @brief Decrypt a keyfile without knowing how it was encrypted * @param string $filePath * @param string $fileOwner * @param string $privateKey - * @note Checks whether file was encrypted with openssl_seal or + * @note Checks whether file was encrypted with openssl_seal or * openssl_encrypt, and decrypts accrdingly - * @note This was used when 2 types of encryption for keyfiles was used, + * @note This was used when 2 types of encryption for keyfiles was used, * but now we've switched to exclusively using openssl_seal() */ - public function decryptUnknownKeyfile( $filePath, $fileOwner, $privateKey ) { + public function decryptUnknownKeyfile($filePath, $fileOwner, $privateKey) + { // Get the encrypted keyfile // NOTE: the keyfile format depends on how it was encrypted! At // this stage we don't know how it was encrypted - $encKeyfile = Keymanager::getFileKey( $this->view, $this->userId, $filePath ); - + $encKeyfile = Keymanager::getFileKey($this->view, $this->userId, $filePath); + // We need to decrypt the keyfile // Has the file been shared yet? - if ( + if ( $this->userId == $fileOwner - && ! Keymanager::getShareKey( $this->view, $this->userId, $filePath ) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true + && !Keymanager::getShareKey($this->view, $this->userId, $filePath) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true ) { - + // The file has no shareKey, and its keyfile must be // decrypted conventionally - $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); - - + $plainKeyfile = Crypt::keyDecrypt($encKeyfile, $privateKey); + + } else { - + // The file has a shareKey and must use it for decryption - $shareKey = Keymanager::getShareKey( $this->view, $this->userId, $filePath ); - - $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - + $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath); + + $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + } - + return $plainKeyfile; } - + /** * @brief Encrypt keyfile to multiple users + * @param Session $session * @param array $users list of users which should be able to access the file * @param string $filePath path of the file to be shared - * @return bool + * @return bool */ - public function setSharedFileKeyfiles( Session $session, array $users, $filePath ) { - + public function setSharedFileKeyfiles(Session $session, array $users, $filePath) + { + // Make sure users are capable of sharing - $filteredUids = $this->filterShareReadyUsers( $users ); - + $filteredUids = $this->filterShareReadyUsers($users); + // If we're attempting to share to unready users - if ( ! empty( $filteredUids['unready'] ) ) { - - \OC_Log::write( 'Encryption library', 'Sharing to these user(s) failed as they are unready for encryption:"'.print_r( $filteredUids['unready'], 1 ), \OC_Log::WARN ); - + if (!empty($filteredUids['unready'])) { + + \OC_Log::write('Encryption library', 'Sharing to these user(s) failed as they are unready for encryption:"' . print_r($filteredUids['unready'], 1), \OC_Log::WARN); + return false; - + } - + // Get public keys for each user, ready for generating sharekeys - $userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids['ready'] ); - + $userPubKeys = Keymanager::getPublicKeys($this->view, $filteredUids['ready']); + // Note proxy status then disable it $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; @@ -937,273 +977,279 @@ class Util { // Get the current users's private key for decrypting existing keyfile $privateKey = $session->getPrivateKey(); - $fileOwner = \OC\Files\Filesystem::getOwner( $filePath ); - + $fileOwner = \OC\Files\Filesystem::getOwner($filePath); + // Decrypt keyfile - $plainKeyfile = $this->decryptUnknownKeyfile( $filePath, $fileOwner, $privateKey ); - + $plainKeyfile = $this->decryptUnknownKeyfile($filePath, $fileOwner, $privateKey); + // Re-enc keyfile to (additional) sharekeys - $multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); - + $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); + // Save the recrypted key to it's owner's keyfiles directory // Save new sharekeys to all necessary user directory - if ( - ! Keymanager::setFileKey( $this->view, $filePath, $fileOwner, $multiEncKey['data'] ) - || ! Keymanager::setShareKeys( $this->view, $filePath, $multiEncKey['keys'] ) + if ( + !Keymanager::setFileKey($this->view, $filePath, $fileOwner, $multiEncKey['data']) + || !Keymanager::setShareKeys($this->view, $filePath, $multiEncKey['keys']) ) { - \OC_Log::write( 'Encryption library', 'Keyfiles could not be saved for users sharing ' . $filePath, \OC_Log::ERROR ); - + \OC_Log::write('Encryption library', 'Keyfiles could not be saved for users sharing ' . $filePath, \OC_Log::ERROR); + return false; } - + // Return proxy to original status \OC_FileProxy::$enabled = $proxyStatus; return true; } - + /** * @brief Find, sanitise and format users sharing a file * @note This wraps other methods into a portable bundle */ - public function getSharingUsersArray( $sharingEnabled, $filePath, $currentUserId = false ) { + public function getSharingUsersArray($sharingEnabled, $filePath, $currentUserId = false) + { // Check if key recovery is enabled if ( - \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ) + \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled') && $this->recoveryEnabledForUser() ) { - + $recoveryEnabled = true; - + } else { - + $recoveryEnabled = false; - + } - + // Make sure that a share key is generated for the owner too - list( $owner, $ownerPath ) = $this->getUidAndFilename( $filePath ); + list($owner, $ownerPath) = $this->getUidAndFilename($filePath); + + if ($sharingEnabled) { - if ( $sharingEnabled ) { - // Find out who, if anyone, is sharing the file - $result = \OCP\Share::getUsersSharingFile( $ownerPath, $owner,true, true, true ); + $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true, true, true); $userIds = $result['users']; - if ( $result['public'] ) { + if ($result['public']) { $userIds[] = $this->publicShareKeyId; } - + } - + // If recovery is enabled, add the // Admin UID to list of users to share to - if ( $recoveryEnabled ) { - + if ($recoveryEnabled) { + // Find recoveryAdmin user ID - $recoveryKeyId = \OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' ); - + $recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + // Add recoveryAdmin to list of users sharing $userIds[] = $recoveryKeyId; - + } // add current user if given - if ( $currentUserId != false ) { - + if ($currentUserId != false) { + $userIds[] = $currentUserId; - + } // Remove duplicate UIDs - $uniqueUserIds = array_unique ( $userIds ); - + $uniqueUserIds = array_unique($userIds); + return $uniqueUserIds; } - + /** * @brief Set file migration status for user + * @param $status * @return bool */ - public function setMigrationStatus( $status ) { - + public function setMigrationStatus($status) + { + $sql = 'UPDATE *PREFIX*encryption SET migration_status = ? WHERE uid = ?'; - - $args = array( $status, $this->userId ); - - $query = \OCP\DB::prepare( $sql ); - - if ( $query->execute( $args ) ) { - + + $args = array($status, $this->userId); + + $query = \OCP\DB::prepare($sql); + + if ($query->execute($args)) { + return true; - + } else { - + return false; - + } - + } - + /** * @brief Check whether pwd recovery is enabled for a given user - * @return 1 = yes, 0 = no, false = no record - * @note If records are not being returned, check for a hidden space + * @return bool 1 = yes, 0 = no, false = no record + * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - public function getMigrationStatus() { - + public function getMigrationStatus() + { + $sql = 'SELECT migration_status FROM `*PREFIX*encryption` WHERE uid = ?'; - - $args = array( $this->userId ); - $query = \OCP\DB::prepare( $sql ); - - $result = $query->execute( $args ); - + $args = array($this->userId); + + $query = \OCP\DB::prepare($sql); + + $result = $query->execute($args); + $migrationStatus = array(); - - while( $row = $result->fetchRow() ) { - + + while ($row = $result->fetchRow()) { + $migrationStatus[] = $row['migration_status']; - + } - + // If no record is found - if ( empty( $migrationStatus ) ) { - + if (empty($migrationStatus)) { + return false; - - // If a record is found + + // If a record is found } else { - + return $migrationStatus[0]; - + } - + } - + /** * @brief get uid of the owners of the file and the path to the file - * @param $path Path of the file to check - * @note $shareFilePath must be relative to data/UID/files. Files + * @param string $path Path of the file to check + * @note $shareFilePath must be relative to data/UID/files. Files * relative to /Shared are also acceptable * @return array */ - public function getUidAndFilename( $path ) { + public function getUidAndFilename($path) + { + + $view = new \OC\Files\View($this->userFilesDir); + $fileOwnerUid = $view->getOwner($path); - $view = new \OC\Files\View($this->userFilesDir); - $fileOwnerUid = $view->getOwner( $path ); + // handle public access + if ($fileOwnerUid === false && $this->isPublic) { + $filename = $path; + $fileOwnerUid = $GLOBALS['fileOwner']; - // handle public access - if($fileOwnerUid === false && $this->isPublic) { - $filename = $path; - $fileOwnerUid = $GLOBALS['fileOwner']; + return array($fileOwnerUid, $filename); + } else { - return array ( $fileOwnerUid, $filename ); - } else { + // Check that UID is valid + if (!\OCP\User::userExists($fileOwnerUid)) { + throw new \Exception('Could not find owner (UID = "' . var_export($fileOwnerUid, 1) . '") of file "' . $path . '"'); + } - // Check that UID is valid - if ( ! \OCP\User::userExists( $fileOwnerUid ) ) { - throw new \Exception( 'Could not find owner (UID = "' . var_export( $fileOwnerUid, 1 ) . '") of file "' . $path . '"' ); - } + // NOTE: Bah, this dependency should be elsewhere + \OC\Files\Filesystem::initMountPoints($fileOwnerUid); - // NOTE: Bah, this dependency should be elsewhere - \OC\Files\Filesystem::initMountPoints( $fileOwnerUid ); + // If the file owner is the currently logged in user + if ($fileOwnerUid == $this->userId) { - // If the file owner is the currently logged in user - if ( $fileOwnerUid == $this->userId ) { + // Assume the path supplied is correct + $filename = $path; - // Assume the path supplied is correct - $filename = $path; + } else { - } else { + $info = $view->getFileInfo($path); + $ownerView = new \OC\Files\View('/' . $fileOwnerUid . '/files'); - $info = $view->getFileInfo( $path ); - $ownerView = new \OC\Files\View( '/' . $fileOwnerUid . '/files' ); + // Fetch real file path from DB + $filename = $ownerView->getPath($info['fileid']); // TODO: Check that this returns a path without including the user data dir - // Fetch real file path from DB - $filename = $ownerView->getPath( $info['fileid'] ); // TODO: Check that this returns a path without including the user data dir + } - } + return array($fileOwnerUid, $filename); + } - return array ( $fileOwnerUid, $filename ); - } - } /** * @brief geo recursively through a dir and collect all files and sub files. - * @param type $dir relative to the users files folder + * @param string $dir relative to the users files folder * @return array with list of files relative to the users files folder */ - public function getAllFiles( $dir ) { - + public function getAllFiles($dir) + { + $result = array(); - $content = $this->view->getDirectoryContent( $this->userFilesDir . $dir ); + $content = $this->view->getDirectoryContent($this->userFilesDir . $dir); // handling for re shared folders - $path_split = explode( '/', $dir ); + $path_split = explode('/', $dir); $shared = ''; - - if( $path_split[1] === 'Shared' ) { - + + if ($path_split[1] === 'Shared') { + $shared = '/Shared'; - + } - foreach ( $content as $c ) { - - $sharedPart = $path_split[sizeof( $path_split )-1]; - $targetPathSplit = array_reverse( explode( '/', $c['path'] ) ); + foreach ($content as $c) { + + $sharedPart = $path_split[sizeof($path_split) - 1]; + $targetPathSplit = array_reverse(explode('/', $c['path'])); $path = ''; // rebuild path - foreach ( $targetPathSplit as $pathPart ) { - - if ( $pathPart !== $sharedPart ) { - + foreach ($targetPathSplit as $pathPart) { + + if ($pathPart !== $sharedPart) { + $path = '/' . $pathPart . $path; - + } else { - + break; - + } - + } - $path = $dir.$path; + $path = $dir . $path; + + if ($c['type'] === "dir") { + + $result = array_merge($result, $this->getAllFiles($path)); - if ($c['type'] === "dir" ) { - - $result = array_merge( $result, $this->getAllFiles( $path ) ); - } else { - + $result[] = $path; - + } } - + return $result; - + } /** @@ -1211,13 +1257,14 @@ class Util { * @param int $id of the current share * @return array of the parent */ - public static function getShareParent( $id ) { + public static function getShareParent($id) + { - $query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`' - .' FROM `*PREFIX*share`' - .' WHERE `id` = ?' ); + $query = \OC_DB::prepare('SELECT `file_target`, `item_type`' + . ' FROM `*PREFIX*share`' + . ' WHERE `id` = ?'); - $result = $query->execute( array( $id ) ); + $result = $query->execute(array($id)); $row = $result->fetchRow(); @@ -1230,13 +1277,14 @@ class Util { * @param int $id of the current share * @return array of the parent */ - public static function getParentFromShare( $id ) { + public static function getParentFromShare($id) + { - $query = \OC_DB::prepare( 'SELECT `parent`' - .' FROM `*PREFIX*share`' - .' WHERE `id` = ?' ); + $query = \OC_DB::prepare('SELECT `parent`' + . ' FROM `*PREFIX*share`' + . ' WHERE `id` = ?'); - $result = $query->execute( array( $id ) ); + $result = $query->execute(array($id)); $row = $result->fetchRow(); @@ -1246,57 +1294,70 @@ class Util { /** * @brief get owner of the shared files. - * @param int $Id of a share - * @return owner + * @param $id + * @internal param int $Id of a share + * @return string owner */ - public function getOwnerFromSharedFile( $id ) { - - $query = \OC_DB::prepare( 'SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1 ); - $source = $query->execute( array( $id ) )->fetchRow(); + public function getOwnerFromSharedFile($id) + { + + $query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1); + $source = $query->execute(array($id))->fetchRow(); + + if (isset($source['parent'])) { - if ( isset($source['parent'] ) ) { - $parent = $source['parent']; - - while ( isset( $parent ) ) { - - $query = \OC_DB::prepare( 'SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1 ); - $item = $query->execute( array( $parent ) )->fetchRow(); - - if ( isset( $item['parent'] ) ) { - + + while (isset($parent)) { + + $query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1); + $item = $query->execute(array($parent))->fetchRow(); + + if (isset($item['parent'])) { + $parent = $item['parent']; - + } else { - + $fileOwner = $item['uid_owner']; - + break; - + } } - + } else { - + $fileOwner = $source['uid_owner']; - + } return $fileOwner; - + } - public function getUserId() - { - return $this->userId; - } + /** + * @return string + */ + public function getUserId() + { + return $this->userId; + } - public function getUserFilesDir() - { - return $this->userFilesDir; - } + /** + * @return string + */ + public function getUserFilesDir() + { + return $this->userFilesDir; + } - public function checkRecoveryPassword($password) { + /** + * @param $password + * @return bool + */ + public function checkRecoveryPassword($password) + { $pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key"; $pathControlData = '/control-file/controlfile.enc'; @@ -1315,30 +1376,35 @@ class Util { if ($decryptedControlData === 'ownCloud') { return true; - } - + } + return false; } - public function getRecoveryKeyId() { + /** + * @return string + */ + public function getRecoveryKeyId() + { return $this->recoveryKeyId; } /** * @brief add recovery key to all encrypted files */ - public function addRecoveryKeys($path = '/') { - $dirContent = $this->view->getDirectoryContent($this->keyfilesPath.$path); + public function addRecoveryKeys($path = '/') + { + $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); foreach ($dirContent as $item) { $filePath = substr($item['path'], 25); if ($item['type'] == 'dir') { - $this->addRecoveryKeys($filePath.'/'); + $this->addRecoveryKeys($filePath . '/'); } else { $session = new Session(new \OC_FilesystemView('/')); $sharingEnabled = \OCP\Share::isEnabled(); $file = substr($filePath, 0, -4); $usersSharing = $this->getSharingUsersArray($sharingEnabled, $file); - $this->setSharedFileKeyfiles( $session, $usersSharing, $file ); + $this->setSharedFileKeyfiles($session, $usersSharing, $file); } } } @@ -1346,25 +1412,27 @@ class Util { /** * @brief remove recovery key to all encrypted files */ - public function removeRecoveryKeys($path = '/') { - $dirContent = $this->view->getDirectoryContent($this->keyfilesPath.$path); + public function removeRecoveryKeys($path = '/') + { + $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); foreach ($dirContent as $item) { $filePath = substr($item['path'], 25); if ($item['type'] == 'dir') { - $this->removeRecoveryKeys($filePath.'/'); + $this->removeRecoveryKeys($filePath . '/'); } else { $file = substr($filePath, 0, -4); - $this->view->unlink($this->shareKeysPath.'/'.$file.'.'.$this->recoveryKeyId.'.shareKey'); + $this->view->unlink($this->shareKeysPath . '/' . $file . '.' . $this->recoveryKeyId . '.shareKey'); } } } /** * @brief decrypt given file with recovery key and encrypt it again to the owner and his new key - * @param type $file - * @param type $privateKey recovery key to decrypt the file + * @param string $file + * @param string $privateKey recovery key to decrypt the file */ - private function recoverFile($file, $privateKey) { + private function recoverFile($file, $privateKey) + { $sharingEnabled = \OCP\Share::isEnabled(); @@ -1385,17 +1453,17 @@ class Util { \OC_FileProxy::$enabled = false; //decrypt file key - $encKeyfile = $this->view->file_get_contents($this->keyfilesPath.$file.".key"); - $shareKey = $this->view->file_get_contents($this->shareKeysPath.$file.".".$this->recoveryKeyId.".shareKey"); + $encKeyfile = $this->view->file_get_contents($this->keyfilesPath . $file . ".key"); + $shareKey = $this->view->file_get_contents($this->shareKeysPath . $file . "." . $this->recoveryKeyId . ".shareKey"); $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); // encrypt file key again to all users, this time with the new public key for the recovered use $userPubKeys = Keymanager::getPublicKeys($this->view, $filteredUids['ready']); $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); // write new keys to filesystem TDOO! - $this->view->file_put_contents($this->keyfilesPath.$file.'.key', $multiEncKey['data']); + $this->view->file_put_contents($this->keyfilesPath . $file . '.key', $multiEncKey['data']); foreach ($multiEncKey['keys'] as $userId => $shareKey) { - $shareKeyPath = $this->shareKeysPath.$file.'.'.$userId.'.shareKey'; + $shareKeyPath = $this->shareKeysPath . $file . '.' . $userId . '.shareKey'; $this->view->file_put_contents($shareKeyPath, $shareKey); } @@ -1405,10 +1473,11 @@ class Util { /** * @brief collect all files and recover them one by one - * @param type $path to look for files keys - * @param type $privateKey private recovery key which is used to decrypt the files + * @param string $path to look for files keys + * @param string $privateKey private recovery key which is used to decrypt the files */ - private function recoverAllFiles($path, $privateKey) { + private function recoverAllFiles($path, $privateKey) + { $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); foreach ($dirContent as $item) { $filePath = substr($item['path'], 25); @@ -1423,16 +1492,17 @@ class Util { /** * @brief recover users files in case of password lost - * @param type $recoveryPassword + * @param string $recoveryPassword */ - public function recoverUsersFiles($recoveryPassword) { + public function recoverUsersFiles($recoveryPassword) + { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/'.$this->recoveryKeyId.'.private.key' ); - $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $recoveryPassword ); + $encryptedKey = $this->view->file_get_contents('/owncloud_private_key/' . $this->recoveryKeyId . '.private.key'); + $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $recoveryPassword); \OC_FileProxy::$enabled = $proxyStatus; diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index c669aec1222..5b5a2189a48 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -7,22 +7,23 @@ * See the COPYING-README file. */ -require_once realpath( dirname(__FILE__).'/../../../3rdparty/Crypt_Blowfish/Blowfish.php' ); -require_once realpath( dirname(__FILE__).'/../../../lib/base.php' ); -require_once realpath( dirname(__FILE__).'/../lib/crypt.php' ); -require_once realpath( dirname(__FILE__).'/../lib/keymanager.php' ); -require_once realpath( dirname(__FILE__).'/../lib/proxy.php' ); -require_once realpath( dirname(__FILE__).'/../lib/stream.php' ); -require_once realpath( dirname(__FILE__).'/../lib/util.php' ); -require_once realpath( dirname(__FILE__).'/../lib/helper.php' ); -require_once realpath( dirname(__FILE__).'/../appinfo/app.php' ); +require_once realpath(dirname(__FILE__) . '/../../../3rdparty/Crypt_Blowfish/Blowfish.php'); +require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); +require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); +require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); +require_once realpath(dirname(__FILE__) . '/../lib/proxy.php'); +require_once realpath(dirname(__FILE__) . '/../lib/stream.php'); +require_once realpath(dirname(__FILE__) . '/../lib/util.php'); +require_once realpath(dirname(__FILE__) . '/../lib/helper.php'); +require_once realpath(dirname(__FILE__) . '/../appinfo/app.php'); use OCA\Encryption; /** * Class Test_Encryption_Crypt */ -class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { +class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase +{ public $userId; public $pass; @@ -38,39 +39,40 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { public $genPrivateKey; public $genPublicKey; - function setUp() { - // reset backend - \OC_User::clearBackends(); - \OC_User::useBackend('database'); + function setUp() + { + // reset backend + \OC_User::clearBackends(); + \OC_User::useBackend('database'); - // set content for encrypting / decrypting in tests - $this->dataLong = file_get_contents( realpath( dirname(__FILE__).'/../lib/crypt.php' ) ); + // set content for encrypting / decrypting in tests + $this->dataLong = file_get_contents(realpath(dirname(__FILE__) . '/../lib/crypt.php')); $this->dataShort = 'hats'; - $this->dataUrl = realpath( dirname(__FILE__).'/../lib/crypt.php' ); - $this->legacyData = realpath( dirname(__FILE__).'/legacy-text.txt' ); - $this->legacyEncryptedData = realpath( dirname(__FILE__).'/legacy-encrypted-text.txt' ); + $this->dataUrl = realpath(dirname(__FILE__) . '/../lib/crypt.php'); + $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); + $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $this->randomKey = Encryption\Crypt::generateKey(); - + $keypair = Encryption\Crypt::createKeypair(); - $this->genPublicKey = $keypair['publicKey']; + $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; - - $this->view = new \OC_FilesystemView( '/' ); - - \OC_User::setUserId( 'admin' ); + + $this->view = new \OC_FilesystemView('/'); + + \OC_User::setUserId('admin'); $this->userId = 'admin'; $this->pass = 'admin'; - $userHome = \OC_User::getHome($this->userId); - $this->dataDir = str_replace('/'.$this->userId, '', $userHome); + $userHome = \OC_User::getHome($this->userId); + $this->dataDir = str_replace('/' . $this->userId, '', $userHome); - // Filesystem related hooks - \OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + \OCA\Encryption\Helper::registerFilesystemHooks(); // Filesystem related hooks \OCA\Encryption\Helper::registerUserHooks(); - \OC_FileProxy::register(new OCA\Encryption\Proxy()); + \OC_FileProxy::register(new OCA\Encryption\Proxy()); // remember files_trashbin state $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); @@ -78,19 +80,20 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { // we don't want to tests with app files_trashbin enabled \OC_App::disable('files_trashbin'); - \OC_Util::tearDownFS(); - \OC_User::setUserId(''); - \OC\Files\Filesystem::tearDown(); - \OC_Util::setupFS($this->userId); - \OC_User::setUserId($this->userId); + \OC_Util::tearDownFS(); + \OC_User::setUserId(''); + \OC\Files\Filesystem::tearDown(); + \OC_Util::setupFS($this->userId); + \OC_User::setUserId($this->userId); - $params['uid'] = $this->userId; - $params['password'] = $this->pass; - OCA\Encryption\Hooks::login($params); + $params['uid'] = $this->userId; + $params['password'] = $this->pass; + OCA\Encryption\Hooks::login($params); } - - function tearDown() { + + function tearDown() + { \OC_FileProxy::clearProxies(); // reset app files_trashbin @@ -99,285 +102,297 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } else { OC_App::disable('files_trashbin'); } - } + } + + function testGenerateKey() + { - function testGenerateKey() { - # TODO: use more accurate (larger) string length for test confirmation - + $key = Encryption\Crypt::generateKey(); - - $this->assertTrue( strlen( $key ) > 16 ); - + + $this->assertTrue(strlen($key) > 16); + } /** * @return String */ - function testGenerateIv() { - + function testGenerateIv() + { + $iv = Encryption\Crypt::generateIv(); - - $this->assertEquals( 16, strlen( $iv ) ); - + + $this->assertEquals(16, strlen($iv)); + return $iv; - + } - + /** * @depends testGenerateIv */ - function testConcatIv( $iv ) { - - $catFile = Encryption\Crypt::concatIv( $this->dataLong, $iv ); - + function testConcatIv($iv) + { + + $catFile = Encryption\Crypt::concatIv($this->dataLong, $iv); + // Fetch encryption metadata from end of file - $meta = substr( $catFile, -22 ); - - $identifier = substr( $meta, 0, 6); - + $meta = substr($catFile, -22); + + $identifier = substr($meta, 0, 6); + // Fetch IV from end of file - $foundIv = substr( $meta, 6 ); - - $this->assertEquals( '00iv00', $identifier ); - - $this->assertEquals( $iv, $foundIv ); - + $foundIv = substr($meta, 6); + + $this->assertEquals('00iv00', $identifier); + + $this->assertEquals($iv, $foundIv); + // Remove IV and IV identifier text to expose encrypted content - $data = substr( $catFile, 0, -22 ); - - $this->assertEquals( $this->dataLong, $data ); - + $data = substr($catFile, 0, -22); + + $this->assertEquals($this->dataLong, $data); + return array( 'iv' => $iv - , 'catfile' => $catFile + , 'catfile' => $catFile ); - + } - + /** * @depends testConcatIv */ - function testSplitIv( $testConcatIv ) { - + function testSplitIv($testConcatIv) + { + // Split catfile into components - $splitCatfile = Encryption\Crypt::splitIv( $testConcatIv['catfile'] ); - + $splitCatfile = Encryption\Crypt::splitIv($testConcatIv['catfile']); + // Check that original IV and split IV match - $this->assertEquals( $testConcatIv['iv'], $splitCatfile['iv'] ); - + $this->assertEquals($testConcatIv['iv'], $splitCatfile['iv']); + // Check that original data and split data match - $this->assertEquals( $this->dataLong, $splitCatfile['encrypted'] ); - + $this->assertEquals($this->dataLong, $splitCatfile['encrypted']); + } /** * @return string padded */ - function testAddPadding() { - - $padded = Encryption\Crypt::addPadding( $this->dataLong ); - - $padding = substr( $padded, -2 ); - - $this->assertEquals( 'xx' , $padding ); - + function testAddPadding() + { + + $padded = Encryption\Crypt::addPadding($this->dataLong); + + $padding = substr($padded, -2); + + $this->assertEquals('xx', $padding); + return $padded; - + } - + /** * @depends testAddPadding */ - function testRemovePadding( $padded ) { - - $noPadding = Encryption\Crypt::RemovePadding( $padded ); - - $this->assertEquals( $this->dataLong, $noPadding ); - + function testRemovePadding($padded) + { + + $noPadding = Encryption\Crypt::RemovePadding($padded); + + $this->assertEquals($this->dataLong, $noPadding); + } - - function testEncrypt() { - - $random = openssl_random_pseudo_bytes( 13 ); - $iv = substr( base64_encode( $random ), 0, -4 ); // i.e. E5IG033j+mRNKrht + function testEncrypt() + { + + $random = openssl_random_pseudo_bytes(13); + + $iv = substr(base64_encode($random), 0, -4); // i.e. E5IG033j+mRNKrht + + $crypted = Encryption\Crypt::encrypt($this->dataUrl, $iv, 'hat'); - $crypted = Encryption\Crypt::encrypt( $this->dataUrl, $iv, 'hat' ); + $this->assertNotEquals($this->dataUrl, $crypted); - $this->assertNotEquals( $this->dataUrl, $crypted ); - } - - function testDecrypt() { - - $random = openssl_random_pseudo_bytes( 13 ); - $iv = substr( base64_encode( $random ), 0, -4 ); // i.e. E5IG033j+mRNKrht + function testDecrypt() + { - $crypted = Encryption\Crypt::encrypt( $this->dataUrl, $iv, 'hat' ); - - $decrypt = Encryption\Crypt::decrypt( $crypted, $iv, 'hat' ); + $random = openssl_random_pseudo_bytes(13); + + $iv = substr(base64_encode($random), 0, -4); // i.e. E5IG033j+mRNKrht + + $crypted = Encryption\Crypt::encrypt($this->dataUrl, $iv, 'hat'); + + $decrypt = Encryption\Crypt::decrypt($crypted, $iv, 'hat'); + + $this->assertEquals($this->dataUrl, $decrypt); - $this->assertEquals( $this->dataUrl, $decrypt ); - } - - function testSymmetricEncryptFileContent() { - + + function testSymmetricEncryptFileContent() + { + # TODO: search in keyfile for actual content as IV will ensure this test always passes - - $crypted = Encryption\Crypt::symmetricEncryptFileContent( $this->dataShort, 'hat' ); - $this->assertNotEquals( $this->dataShort, $crypted ); - + $crypted = Encryption\Crypt::symmetricEncryptFileContent($this->dataShort, 'hat'); - $decrypt = Encryption\Crypt::symmetricDecryptFileContent( $crypted, 'hat' ); + $this->assertNotEquals($this->dataShort, $crypted); + + + $decrypt = Encryption\Crypt::symmetricDecryptFileContent($crypted, 'hat'); + + $this->assertEquals($this->dataShort, $decrypt); - $this->assertEquals( $this->dataShort, $decrypt ); - } - function testSymmetricStreamEncryptShortFileContent() { - - $filename = 'tmp-'.time().'.test'; + function testSymmetricStreamEncryptShortFileContent() + { + + $filename = 'tmp-' . time() . '.test'; + + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataShort); - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataShort ); - // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // Get file contents without using any wrapper to get it's actual contents on disk - $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); + // Get file contents without using any wrapper to get it's actual contents on disk + $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk - $this->assertNotEquals( $this->dataShort, $retreivedCryptedFile ); + $this->assertNotEquals($this->dataShort, $retreivedCryptedFile); - // Get the encrypted keyfile - $encKeyfile = Encryption\Keymanager::getFileKey( $this->view, $this->userId, $filename ); + // Get the encrypted keyfile + $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $this->userId, $filename); - // Attempt to fetch the user's shareKey - $shareKey = Encryption\Keymanager::getShareKey( $this->view, $this->userId, $filename ); + // Attempt to fetch the user's shareKey + $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename); - // get session - $session = new Encryption\Session( $this->view ); + // get session + $session = new Encryption\Session($this->view); - // get private key - $privateKey = $session->getPrivateKey( $this->userId ); + // get private key + $privateKey = $session->getPrivateKey($this->userId); - // Decrypt keyfile with shareKey - $plainKeyfile = Encryption\Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); + // Decrypt keyfile with shareKey + $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); - // Manually decrypt - $manualDecrypt = Encryption\Crypt::symmetricDecryptFileContent( $retreivedCryptedFile, $plainKeyfile ); + // Manually decrypt + $manualDecrypt = Encryption\Crypt::symmetricDecryptFileContent($retreivedCryptedFile, $plainKeyfile); // Check that decrypted data matches - $this->assertEquals( $this->dataShort, $manualDecrypt ); + $this->assertEquals($this->dataShort, $manualDecrypt); - // Teardown - $this->view->unlink( $this->userId . '/files/' . $filename ); + // Teardown + $this->view->unlink($this->userId . '/files/' . $filename); - Encryption\Keymanager::deleteFileKey( $this->view, $this->userId, $filename ); + Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); } - + /** * @brief Test that data that is written by the crypto stream wrapper * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read - * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual + * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual * reassembly of its data */ - function testSymmetricStreamEncryptLongFileContent() { - + function testSymmetricStreamEncryptLongFileContent() + { + // Generate a a random filename - $filename = 'tmp-'.time().'.test'; - + $filename = 'tmp-' . time() . '.test'; + // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong.$this->dataLong ); - + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong . $this->dataLong); + // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); - + $this->assertTrue(is_int($cryptedFile)); + // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + // Get file contents without using any wrapper to get it's actual contents on disk + $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); - // Get file contents without using any wrapper to get it's actual contents on disk - $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; + // Check that the file was encrypted before being written to disk + $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile); - // Check that the file was encrypted before being written to disk - $this->assertNotEquals( $this->dataLong.$this->dataLong, $retreivedCryptedFile ); - // Manuallly split saved file into separate IVs and encrypted chunks $r = preg_split('/(00iv00.{16,18})/', $retreivedCryptedFile, NULL, PREG_SPLIT_DELIM_CAPTURE); - + //print_r($r); - + // Join IVs and their respective data chunks - $e = array( $r[0].$r[1], $r[2].$r[3], $r[4].$r[5], $r[6].$r[7], $r[8].$r[9], $r[10].$r[11]);//.$r[11], $r[12].$r[13], $r[14] ); - + $e = array($r[0] . $r[1], $r[2] . $r[3], $r[4] . $r[5], $r[6] . $r[7], $r[8] . $r[9], $r[10] . $r[11]); //.$r[11], $r[12].$r[13], $r[14] ); + //print_r($e); - // Get the encrypted keyfile - $encKeyfile = Encryption\Keymanager::getFileKey( $this->view, $this->userId, $filename ); + // Get the encrypted keyfile + $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $this->userId, $filename); - // Attempt to fetch the user's shareKey - $shareKey = Encryption\Keymanager::getShareKey( $this->view, $this->userId, $filename ); + // Attempt to fetch the user's shareKey + $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename); - // get session - $session = new Encryption\Session( $this->view ); + // get session + $session = new Encryption\Session($this->view); - // get private key - $privateKey = $session->getPrivateKey( $this->userId ); + // get private key + $privateKey = $session->getPrivateKey($this->userId); - // Decrypt keyfile with shareKey - $plainKeyfile = Encryption\Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); + // Decrypt keyfile with shareKey + $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); // Set var for reassembling decrypted content $decrypt = ''; - + // Manually decrypt chunk foreach ($e as $chunk) { - - $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent( $chunk, $plainKeyfile ); - + + $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent($chunk, $plainKeyfile); + // Assemble decrypted chunks $decrypt .= $chunkDecrypt; - + } - - $this->assertEquals( $this->dataLong.$this->dataLong, $decrypt ); - + + $this->assertEquals($this->dataLong . $this->dataLong, $decrypt); + // Teardown - - $this->view->unlink( $this->userId . '/files/' . $filename ); - - Encryption\Keymanager::deleteFileKey( $this->view, $this->userId, $filename ); - + + $this->view->unlink($this->userId . '/files/' . $filename); + + Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); + } - + /** * @brief Test that data that is read by the crypto stream wrapper */ - function testSymmetricStreamDecryptShortFileContent() { - - $filename = 'tmp-'.time(); - + function testSymmetricStreamDecryptShortFileContent() + { + + $filename = 'tmp-' . time(); + // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataShort ); - + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataShort); + // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; @@ -387,34 +402,35 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { \OC_FileProxy::$enabled = $proxyStatus; - // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $filename ); - - $this->assertEquals( $this->dataShort, $decrypt ); + // Get file decrypted contents + $decrypt = file_get_contents('crypt://' . $filename); + + $this->assertEquals($this->dataShort, $decrypt); - // tear down - $this->view->unlink( $this->userId . '/files/' . $filename ); + // tear down + $this->view->unlink($this->userId . '/files/' . $filename); } - - function testSymmetricStreamDecryptLongFileContent() { - - $filename = 'tmp-'.time(); - + + function testSymmetricStreamDecryptLongFileContent() + { + + $filename = 'tmp-' . time(); + // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); - + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); + // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); - // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $filename ); + // Get file decrypted contents + $decrypt = file_get_contents('crypt://' . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); - // tear down - $this->view->unlink( $this->userId . '/files/' . $filename ); + // tear down + $this->view->unlink($this->userId . '/files/' . $filename); } - + // Is this test still necessary? // function testSymmetricBlockStreamDecryptFileContent() { // @@ -438,260 +454,274 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { // // } - function testSymmetricEncryptFileContentKeyfile() { - + function testSymmetricEncryptFileContentKeyfile() + { + # TODO: search in keyfile for actual content as IV will ensure this test always passes - - $crypted = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->dataUrl ); - - $this->assertNotEquals( $this->dataUrl, $crypted['encrypted'] ); - - - $decrypt = Encryption\Crypt::symmetricDecryptFileContent( $crypted['encrypted'], $crypted['key'] ); - - $this->assertEquals( $this->dataUrl, $decrypt ); - - } - - function testIsEncryptedContent() { - - $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->dataUrl ) ); - - $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->legacyEncryptedData ) ); - - $keyfileContent = Encryption\Crypt::symmetricEncryptFileContent( $this->dataUrl, 'hat' ); - - $this->assertTrue( Encryption\Crypt::isCatfileContent( $keyfileContent ) ); - - } - - function testMultiKeyEncrypt() { - + + $crypted = Encryption\Crypt::symmetricEncryptFileContentKeyfile($this->dataUrl); + + $this->assertNotEquals($this->dataUrl, $crypted['encrypted']); + + + $decrypt = Encryption\Crypt::symmetricDecryptFileContent($crypted['encrypted'], $crypted['key']); + + $this->assertEquals($this->dataUrl, $decrypt); + + } + + function testIsEncryptedContent() + { + + $this->assertFalse(Encryption\Crypt::isCatfileContent($this->dataUrl)); + + $this->assertFalse(Encryption\Crypt::isCatfileContent($this->legacyEncryptedData)); + + $keyfileContent = Encryption\Crypt::symmetricEncryptFileContent($this->dataUrl, 'hat'); + + $this->assertTrue(Encryption\Crypt::isCatfileContent($keyfileContent)); + + } + + function testMultiKeyEncrypt() + { + # TODO: search in keyfile for actual content as IV will ensure this test always passes - + $pair1 = Encryption\Crypt::createKeypair(); - - $this->assertEquals( 2, count( $pair1 ) ); - - $this->assertTrue( strlen( $pair1['publicKey'] ) > 1 ); - - $this->assertTrue( strlen( $pair1['privateKey'] ) > 1 ); - - - $crypted = Encryption\Crypt::multiKeyEncrypt( $this->dataShort, array( $pair1['publicKey'] ) ); - - $this->assertNotEquals( $this->dataShort, $crypted['data'] ); - - - $decrypt = Encryption\Crypt::multiKeyDecrypt( $crypted['data'], $crypted['keys'][0], $pair1['privateKey'] ); - - $this->assertEquals( $this->dataShort, $decrypt ); - - } - - function testKeyEncrypt() { - + + $this->assertEquals(2, count($pair1)); + + $this->assertTrue(strlen($pair1['publicKey']) > 1); + + $this->assertTrue(strlen($pair1['privateKey']) > 1); + + + $crypted = Encryption\Crypt::multiKeyEncrypt($this->dataShort, array($pair1['publicKey'])); + + $this->assertNotEquals($this->dataShort, $crypted['data']); + + + $decrypt = Encryption\Crypt::multiKeyDecrypt($crypted['data'], $crypted['keys'][0], $pair1['privateKey']); + + $this->assertEquals($this->dataShort, $decrypt); + + } + + function testKeyEncrypt() + { + // Generate keypair $pair1 = Encryption\Crypt::createKeypair(); - + // Encrypt data - $crypted = Encryption\Crypt::keyEncrypt( $this->dataUrl, $pair1['publicKey'] ); - - $this->assertNotEquals( $this->dataUrl, $crypted ); - + $crypted = Encryption\Crypt::keyEncrypt($this->dataUrl, $pair1['publicKey']); + + $this->assertNotEquals($this->dataUrl, $crypted); + // Decrypt data - $decrypt = Encryption\Crypt::keyDecrypt( $crypted, $pair1['privateKey'] ); - - $this->assertEquals( $this->dataUrl, $decrypt ); - + $decrypt = Encryption\Crypt::keyDecrypt($crypted, $pair1['privateKey']); + + $this->assertEquals($this->dataUrl, $decrypt); + } - + /** * @brief test encryption using legacy blowfish method */ - function testLegacyEncryptShort() { - - $crypted = Encryption\Crypt::legacyEncrypt( $this->dataShort, $this->pass ); + function testLegacyEncryptShort() + { + + $crypted = Encryption\Crypt::legacyEncrypt($this->dataShort, $this->pass); + + $this->assertNotEquals($this->dataShort, $crypted); - $this->assertNotEquals( $this->dataShort, $crypted ); - # TODO: search inencrypted text for actual content to ensure it # genuine transformation - + return $crypted; - + } - + /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptShort */ - function testLegacyDecryptShort( $crypted ) { - - $decrypted = Encryption\Crypt::legacyDecrypt( $crypted, $this->pass ); - - $this->assertEquals( $this->dataShort, $decrypted ); - + function testLegacyDecryptShort($crypted) + { + + $decrypted = Encryption\Crypt::legacyDecrypt($crypted, $this->pass); + + $this->assertEquals($this->dataShort, $decrypted); + } /** * @brief test encryption using legacy blowfish method */ - function testLegacyEncryptLong() { - - $crypted = Encryption\Crypt::legacyEncrypt( $this->dataLong, $this->pass ); + function testLegacyEncryptLong() + { + + $crypted = Encryption\Crypt::legacyEncrypt($this->dataLong, $this->pass); + + $this->assertNotEquals($this->dataLong, $crypted); - $this->assertNotEquals( $this->dataLong, $crypted ); - # TODO: search inencrypted text for actual content to ensure it # genuine transformation - + return $crypted; - + } - + /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ - function testLegacyDecryptLong( $crypted ) { - - $decrypted = Encryption\Crypt::legacyDecrypt( $crypted, $this->pass ); - - $this->assertEquals( $this->dataLong, $decrypted ); - - } - + function testLegacyDecryptLong($crypted) + { + + $decrypted = Encryption\Crypt::legacyDecrypt($crypted, $this->pass); + + $this->assertEquals($this->dataLong, $decrypted); + + } + /** * @brief test generation of legacy encryption key * @depends testLegacyDecryptShort */ - function testLegacyCreateKey() { - + function testLegacyCreateKey() + { + // Create encrypted key - $encKey = Encryption\Crypt::legacyCreateKey( $this->pass ); - + $encKey = Encryption\Crypt::legacyCreateKey($this->pass); + // Decrypt key - $key = Encryption\Crypt::legacyDecrypt( $encKey, $this->pass ); - - $this->assertTrue( is_numeric( $key ) ); - + $key = Encryption\Crypt::legacyDecrypt($encKey, $this->pass); + + $this->assertTrue(is_numeric($key)); + // Check that key is correct length - $this->assertEquals( 20, strlen( $key ) ); - + $this->assertEquals(20, strlen($key)); + } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ - function testLegacyKeyRecryptKeyfileEncrypt( $crypted ) { - - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile( $crypted, $this->pass, array($this->genPublicKey), $this->pass, ''); - - $this->assertNotEquals( $this->dataLong, $recrypted['data'] ); - + function testLegacyKeyRecryptKeyfileEncrypt($crypted) + { + + $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey), $this->pass, ''); + + $this->assertNotEquals($this->dataLong, $recrypted['data']); + return $recrypted; - + # TODO: search inencrypted text for actual content to ensure it # genuine transformation - + } - function testRenameFile() { + function testRenameFile() + { - $filename = 'tmp-'.time(); + $filename = 'tmp-' . time(); - // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); + // Save long data as encrypted file using stream wrapper + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); - // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + // Test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $filename ); + $decrypt = file_get_contents('crypt://' . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); - $newFilename = 'tmp-new-'.time(); - $view = new \OC\Files\View('/' . $this->userId . '/files'); - $view->rename( $filename, $newFilename ); + $newFilename = 'tmp-new-' . time(); + $view = new \OC\Files\View('/' . $this->userId . '/files'); + $view->rename($filename, $newFilename); - // Get file decrypted contents - $newDecrypt = file_get_contents( 'crypt://' . $newFilename ); + // Get file decrypted contents + $newDecrypt = file_get_contents('crypt://' . $newFilename); - $this->assertEquals( $this->dataLong, $newDecrypt ); + $this->assertEquals($this->dataLong, $newDecrypt); - // tear down - $view->unlink( $newFilename ); - } + // tear down + $view->unlink($newFilename); + } - function testMoveFileIntoFolder() { + function testMoveFileIntoFolder() + { - $filename = 'tmp-'.time(); + $filename = 'tmp-' . time(); - // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); + // Save long data as encrypted file using stream wrapper + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); - // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + // Test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); - // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $filename ); + // Get file decrypted contents + $decrypt = file_get_contents('crypt://' . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); - $newFolder = '/newfolder'.time(); - $newFilename = 'tmp-new-'.time(); - $view = new \OC\Files\View('/' . $this->userId . '/files'); - $view->mkdir($newFolder); - $view->rename( $filename, $newFolder . '/' . $newFilename ); + $newFolder = '/newfolder' . time(); + $newFilename = 'tmp-new-' . time(); + $view = new \OC\Files\View('/' . $this->userId . '/files'); + $view->mkdir($newFolder); + $view->rename($filename, $newFolder . '/' . $newFilename); - // Get file decrypted contents - $newDecrypt = file_get_contents( 'crypt://' . $newFolder . '/' . $newFilename ); + // Get file decrypted contents + $newDecrypt = file_get_contents('crypt://' . $newFolder . '/' . $newFilename); - $this->assertEquals( $this->dataLong, $newDecrypt ); + $this->assertEquals($this->dataLong, $newDecrypt); - // tear down - $view->unlink( $newFolder ); - } + // tear down + $view->unlink($newFolder); + } - function testMoveFolder() { + function testMoveFolder() + { $view = new \OC\Files\View('/' . $this->userId . '/files'); - $filename = '/tmp-'.time(); - $folder = '/folder'.time(); + $filename = '/tmp-' . time(); + $folder = '/folder' . time(); $view->mkdir($folder); // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $folder . $filename, $this->dataLong ); + $cryptedFile = file_put_contents('crypt://' . $folder . $filename, $this->dataLong); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $folder . $filename ); + $decrypt = file_get_contents('crypt://' . $folder . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); - $newFolder = '/newfolder'.time(); + $newFolder = '/newfolder' . time(); - $view->rename( $folder, $newFolder ); + $view->rename($folder, $newFolder); // Get file decrypted contents - $newDecrypt = file_get_contents( 'crypt://' . $newFolder . $filename ); + $newDecrypt = file_get_contents('crypt://' . $newFolder . $filename); - $this->assertEquals( $this->dataLong, $newDecrypt ); + $this->assertEquals($this->dataLong, $newDecrypt); // tear down - $view->unlink( $newFolder ); + $view->unlink($newFolder); } - function testRenameFolder() { + function testRenameFolder() + { - $filename = '/tmp-'.time(); + $filename = '/tmp-' . time(); $folder = '/folder'; $newFolder = '/newfolder'; @@ -699,42 +729,43 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $view->mkdir($folder); // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $folder . $filename, $this->dataLong ); + $cryptedFile = file_put_contents('crypt://' . $folder . $filename, $this->dataLong); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $folder . $filename ); + $decrypt = file_get_contents('crypt://' . $folder . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); // rename folder $view->rename($folder, $newFolder); // Get file decrypted contents - $newDecrypt = file_get_contents( 'crypt://' . $newFolder . $filename ); + $newDecrypt = file_get_contents('crypt://' . $newFolder . $filename); - $this->assertEquals( $this->dataLong, $newDecrypt ); + $this->assertEquals($this->dataLong, $newDecrypt); // tear down - $view->unlink( $newFolder ); + $view->unlink($newFolder); } - function testChangePassphrase() { + function testChangePassphrase() + { - $filename = 'tmp-'.time(); + $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper - $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); + $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = file_get_contents( 'crypt://' . $filename ); + $decrypt = file_get_contents('crypt://' . $filename); - $this->assertEquals( $this->dataLong, $decrypt ); + $this->assertEquals($this->dataLong, $decrypt); // change password \OC_User::setPassword($this->userId, 'test', null); @@ -745,109 +776,113 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { OCA\Encryption\Hooks::login($params); // Get file decrypted contents - $newDecrypt = file_get_contents( 'crypt://' . $filename ); + $newDecrypt = file_get_contents('crypt://' . $filename); - $this->assertEquals( $this->dataLong, $newDecrypt ); + $this->assertEquals($this->dataLong, $newDecrypt); // tear down // change password back \OC_User::setPassword($this->userId, $this->pass); $view = new \OC\Files\View('/' . $this->userId . '/files'); - $view->unlink( $filename ); + $view->unlink($filename); } - function testViewFilePutAndGetContents() { + function testViewFilePutAndGetContents() + { - $filename = '/tmp-'.time(); + $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper - $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); + $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = $view->file_get_contents( $filename ); + $decrypt = $view->file_get_contents($filename); - $this->assertEquals( $this->dataShort, $decrypt ); + $this->assertEquals($this->dataShort, $decrypt); // Save long data as encrypted file using stream wrapper - $cryptedFileLong = $view->file_put_contents( $filename, $this->dataLong ); + $cryptedFileLong = $view->file_put_contents($filename, $this->dataLong); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFileLong ) ); + $this->assertTrue(is_int($cryptedFileLong)); // Get file decrypted contents - $decryptLong = $view->file_get_contents( $filename ); + $decryptLong = $view->file_get_contents($filename); - $this->assertEquals( $this->dataLong, $decryptLong ); + $this->assertEquals($this->dataLong, $decryptLong); // tear down - $view->unlink( $filename ); + $view->unlink($filename); } - function testTouchExistingFile() { - $filename = '/tmp-'.time(); + function testTouchExistingFile() + { + $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper - $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); + $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); $view->touch($filename); // Get file decrypted contents - $decrypt = $view->file_get_contents( $filename ); + $decrypt = $view->file_get_contents($filename); - $this->assertEquals( $this->dataShort, $decrypt ); + $this->assertEquals($this->dataShort, $decrypt); // tear down - $view->unlink( $filename ); + $view->unlink($filename); } - function testTouchFile() { - $filename = '/tmp-'.time(); + function testTouchFile() + { + $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->touch($filename); // Save short data as encrypted file using stream wrapper - $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); + $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents - $decrypt = $view->file_get_contents( $filename ); + $decrypt = $view->file_get_contents($filename); - $this->assertEquals( $this->dataShort, $decrypt ); + $this->assertEquals($this->dataShort, $decrypt); // tear down - $view->unlink( $filename ); + $view->unlink($filename); } - function testFopenFile() { - $filename = '/tmp-'.time(); + function testFopenFile() + { + $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper - $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); + $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written - $this->assertTrue( is_int( $cryptedFile ) ); + $this->assertTrue(is_int($cryptedFile)); $handle = $view->fopen($filename, 'r'); // Get file decrypted contents $decrypt = fgets($handle); - $this->assertEquals( $this->dataShort, $decrypt ); + $this->assertEquals($this->dataShort, $decrypt); // tear down - $view->unlink( $filename ); + $view->unlink($filename); } // function testEncryption(){ // @@ -912,5 +947,5 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { // $decrypted=OC_Encryption\Crypt::blockDecrypt($encrypted,$key,strlen($source)); // $this->assertEquals($decrypted,$source); // } - + } diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index 8ca8b0287e4..334cc743f2c 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -6,21 +6,22 @@ * See the COPYING-README file. */ -require_once realpath( dirname(__FILE__).'/../../../lib/base.php' ); -require_once realpath( dirname(__FILE__).'/../lib/crypt.php' ); -require_once realpath( dirname(__FILE__).'/../lib/keymanager.php' ); -require_once realpath( dirname(__FILE__).'/../lib/proxy.php' ); -require_once realpath( dirname(__FILE__).'/../lib/stream.php' ); -require_once realpath( dirname(__FILE__).'/../lib/util.php' ); -require_once realpath( dirname(__FILE__).'/../lib/helper.php' ); -require_once realpath( dirname(__FILE__).'/../appinfo/app.php' ); +require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); +require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); +require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); +require_once realpath(dirname(__FILE__) . '/../lib/proxy.php'); +require_once realpath(dirname(__FILE__) . '/../lib/stream.php'); +require_once realpath(dirname(__FILE__) . '/../lib/util.php'); +require_once realpath(dirname(__FILE__) . '/../lib/helper.php'); +require_once realpath(dirname(__FILE__) . '/../appinfo/app.php'); use OCA\Encryption; /** * Class Test_Encryption_Keymanager */ -class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { +class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase +{ public $userId; public $pass; @@ -31,38 +32,39 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { public $view; public $randomKey; - function setUp() { - // reset backend - \OC_User::clearBackends(); - \OC_User::useBackend('database'); + function setUp() + { + // reset backend + \OC_User::clearBackends(); + \OC_User::useBackend('database'); \OC_FileProxy::$enabled = false; - + // set content for encrypting / decrypting in tests - $this->dataLong = file_get_contents( realpath( dirname(__FILE__).'/../lib/crypt.php' ) ); + $this->dataLong = file_get_contents(realpath(dirname(__FILE__) . '/../lib/crypt.php')); $this->dataShort = 'hats'; - $this->dataUrl = realpath( dirname(__FILE__).'/../lib/crypt.php' ); - $this->legacyData = realpath( dirname(__FILE__).'/legacy-text.txt' ); - $this->legacyEncryptedData = realpath( dirname(__FILE__).'/legacy-encrypted-text.txt' ); + $this->dataUrl = realpath(dirname(__FILE__) . '/../lib/crypt.php'); + $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); + $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $this->randomKey = Encryption\Crypt::generateKey(); - + $keypair = Encryption\Crypt::createKeypair(); - $this->genPublicKey = $keypair['publicKey']; + $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; - $this->view = new \OC_FilesystemView( '/' ); + $this->view = new \OC_FilesystemView('/'); - \OC_User::setUserId( 'admin' ); - $this->userId = 'admin'; - $this->pass = 'admin'; + \OC_User::setUserId('admin'); + $this->userId = 'admin'; + $this->pass = 'admin'; - $userHome = \OC_User::getHome($this->userId); - $this->dataDir = str_replace('/'.$this->userId, '', $userHome); + $userHome = \OC_User::getHome($this->userId); + $this->dataDir = str_replace('/' . $this->userId, '', $userHome); - // Filesystem related hooks - \OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + \OCA\Encryption\Helper::registerFilesystemHooks(); - \OC_FileProxy::register(new OCA\Encryption\Proxy()); + \OC_FileProxy::register(new OCA\Encryption\Proxy()); // remember files_trashbin state $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); @@ -70,19 +72,20 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { // we don't want to tests with app files_trashbin enabled \OC_App::disable('files_trashbin'); - \OC_Util::tearDownFS(); - \OC_User::setUserId(''); - \OC\Files\Filesystem::tearDown(); - \OC_Util::setupFS($this->userId); - \OC_User::setUserId($this->userId); + \OC_Util::tearDownFS(); + \OC_User::setUserId(''); + \OC\Files\Filesystem::tearDown(); + \OC_Util::setupFS($this->userId); + \OC_User::setUserId($this->userId); - $params['uid'] = $this->userId; - $params['password'] = $this->pass; - OCA\Encryption\Hooks::login($params); + $params['uid'] = $this->userId; + $params['password'] = $this->pass; + OCA\Encryption\Hooks::login($params); } - - function tearDown(){ - + + function tearDown() + { + \OC_FileProxy::$enabled = true; \OC_FileProxy::clearProxies(); @@ -94,11 +97,12 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { } } - function testGetPrivateKey() { - - $key = Encryption\Keymanager::getPrivateKey( $this->view, $this->userId ); + function testGetPrivateKey() + { + + $key = Encryption\Keymanager::getPrivateKey($this->view, $this->userId); - $privateKey = Encryption\Crypt::symmetricDecryptFileContent( $key, $this->pass); + $privateKey = Encryption\Crypt::symmetricDecryptFileContent($key, $this->pass); $res = openssl_pkey_get_private($privateKey); @@ -107,12 +111,13 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $sslInfo = openssl_pkey_get_details($res); $this->assertArrayHasKey('key', $sslInfo); - + } - - function testGetPublicKey() { - $publiceKey = Encryption\Keymanager::getPublicKey( $this->view, $this->userId ); + function testGetPublicKey() + { + + $publiceKey = Encryption\Keymanager::getPublicKey($this->view, $this->userId); $res = openssl_pkey_get_public($publiceKey); @@ -122,40 +127,41 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->assertArrayHasKey('key', $sslInfo); } - - function testSetFileKey() { - + + function testSetFileKey() + { + # NOTE: This cannot be tested until we are able to break out # of the FileSystemView data directory root - - $key = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->randomKey, 'hat' ); - - $file = 'unittest-'.time().'.txt'; - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + $key = Encryption\Crypt::symmetricEncryptFileContentKeyfile($this->randomKey, 'hat'); + + $file = 'unittest-' . time() . '.txt'; - $this->view->file_put_contents($this->userId . '/files/' . $file, $key['encrypted']); + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; + $this->view->file_put_contents($this->userId . '/files/' . $file, $key['encrypted']); + + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; //$view = new \OC_FilesystemView( '/' . $this->userId . '/files_encryption/keyfiles' ); - Encryption\Keymanager::setFileKey( $this->view, $file, $this->userId, $key['key'] ); + Encryption\Keymanager::setFileKey($this->view, $file, $this->userId, $key['key']); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = true; // cleanup - $this->view->unlink('/'.$this->userId . '/files/' . $file); + $this->view->unlink('/' . $this->userId . '/files/' . $file); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; - + } - + // /** // * @depends testGetPrivateKey // */ @@ -171,10 +177,11 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { // $this->assertEquals( '-----BEGIN PRIVATE KEY-----', substr( $decrypted, 0, 27 ) ); // // } - - function testGetUserKeys() { - - $keys = Encryption\Keymanager::getUserKeys( $this->view, $this->userId ); + + function testGetUserKeys() + { + + $keys = Encryption\Keymanager::getUserKeys($this->view, $this->userId); $resPublic = openssl_pkey_get_public($keys['publicKey']); @@ -184,7 +191,7 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->assertArrayHasKey('key', $sslInfoPublic); - $privateKey = Encryption\Crypt::symmetricDecryptFileContent( $keys['privateKey'], $this->pass); + $privateKey = Encryption\Crypt::symmetricDecryptFileContent($keys['privateKey'], $this->pass); $resPrivate = openssl_pkey_get_private($privateKey); diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php index efff8e322e4..a9ee8d00235 100755 --- a/apps/files_encryption/tests/share.php +++ b/apps/files_encryption/tests/share.php @@ -50,446 +50,446 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase public $subsubfolder; function setUp() - { - // reset backend - \OC_User::clearBackends(); - \OC_User::useBackend('database'); + { + // reset backend + \OC_User::clearBackends(); + \OC_User::useBackend('database'); - $this->dataShort = 'hats'; - $this->view = new \OC_FilesystemView('/'); + $this->dataShort = 'hats'; + $this->view = new \OC_FilesystemView('/'); - $userHome = \OC_User::getHome('admin'); - $this->dataDir = str_replace('/admin', '', $userHome); + $userHome = \OC_User::getHome('admin'); + $this->dataDir = str_replace('/admin', '', $userHome); - $this->folder1 = '/folder1'; - $this->subfolder = '/subfolder1'; - $this->subsubfolder = '/subsubfolder1'; + $this->folder1 = '/folder1'; + $this->subfolder = '/subfolder1'; + $this->subsubfolder = '/subsubfolder1'; - $this->filename = 'share-tmp.test'; + $this->filename = 'share-tmp.test'; - // enable resharing - \OC_Appconfig::setValue('core', 'shareapi_allow_resharing', 'yes'); + // enable resharing + \OC_Appconfig::setValue('core', 'shareapi_allow_resharing', 'yes'); - // clear share hooks - \OC_Hook::clear('OCP\\Share'); - \OC::registerShareHooks(); - \OCP\Util::connectHook('OC_Filesystem', 'setup', '\OC\Files\Storage\Shared', 'setup'); + // clear share hooks + \OC_Hook::clear('OCP\\Share'); + \OC::registerShareHooks(); + \OCP\Util::connectHook('OC_Filesystem', 'setup', '\OC\Files\Storage\Shared', 'setup'); - // Sharing related hooks - \OCA\Encryption\Helper::registerShareHooks(); + // Sharing related hooks + \OCA\Encryption\Helper::registerShareHooks(); - // Filesystem related hooks - \OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + \OCA\Encryption\Helper::registerFilesystemHooks(); - \OC_FileProxy::register(new OCA\Encryption\Proxy()); + \OC_FileProxy::register(new OCA\Encryption\Proxy()); - // remember files_trashbin state - $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); + // remember files_trashbin state + $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); - // we don't want to tests with app files_trashbin enabled - \OC_App::disable('files_trashbin'); + // we don't want to tests with app files_trashbin enabled + \OC_App::disable('files_trashbin'); - // create users - $this->loginHelper('user1', true); - $this->loginHelper('user2', true); - $this->loginHelper('user3', true); + // create users + $this->loginHelper('user1', true); + $this->loginHelper('user2', true); + $this->loginHelper('user3', true); // create group and assign users \OC_Group::createGroup('group1'); \OC_Group::addToGroup('user2', 'group1'); \OC_Group::addToGroup('user3', 'group1'); - } + } - function tearDown() - { - // reset app files_trashbin - if ($this->stateFilesTrashbin) { - OC_App::enable('files_trashbin'); - } else { - OC_App::disable('files_trashbin'); - } + function tearDown() + { + // reset app files_trashbin + if ($this->stateFilesTrashbin) { + OC_App::enable('files_trashbin'); + } else { + OC_App::disable('files_trashbin'); + } // clean group \OC_Group::deleteGroup('group1'); - // cleanup users - \OC_User::deleteUser('user1'); - \OC_User::deleteUser('user2'); - \OC_User::deleteUser('user3'); + // cleanup users + \OC_User::deleteUser('user1'); + \OC_User::deleteUser('user2'); + \OC_User::deleteUser('user3'); \OC_FileProxy::clearProxies(); - } + } /** * @param bool $withTeardown */ function testShareFile($withTeardown = true) - { - // login as admin - $this->loginHelper('admin'); + { + // login as admin + $this->loginHelper('admin'); - // save file with content - $cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort); + // save file with content + $cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort); - // test that data was successfully written - $this->assertTrue(is_int($cryptedFile)); + // test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); - // disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // get the file info from previous created file - $fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename); + // get the file info from previous created file + $fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename); - // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + // check if we have a valid file info + $this->assertTrue(is_array($fileInfo)); - // check if the unencrypted file size is stored - $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); + // check if the unencrypted file size is stored + $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); - // re-enable the file proxy - \OC_FileProxy::$enabled = $proxyStatus; + // re-enable the file proxy + \OC_FileProxy::$enabled = $proxyStatus; - // share the file - \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL); + // share the file + \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key for user1 exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); + // check if share key for user1 exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // get file contents - $retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared/' . $this->filename); + // get file contents + $retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared/' . $this->filename); - // check if data is the same as we previously written - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same as we previously written + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // cleanup - if ($withTeardown) { + // cleanup + if ($withTeardown) { - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // unshare the file - \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); + // unshare the file + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); - // cleanup - $this->view->unlink('/admin/files/' . $this->filename); + // cleanup + $this->view->unlink('/admin/files/' . $this->filename); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); - } - } + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); + } + } /** * @param bool $withTeardown */ function testReShareFile($withTeardown = true) - { - $this->testShareFile(false); + { + $this->testShareFile(false); - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // get the file info - $fileInfo = $this->view->getFileInfo('/user1/files/Shared/' . $this->filename); + // get the file info + $fileInfo = $this->view->getFileInfo('/user1/files/Shared/' . $this->filename); - // share the file with user2 - \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL); + // share the file with user2 + \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key for user2 exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey')); + // check if share key for user2 exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey')); - // login as user2 - $this->loginHelper('user2'); + // login as user2 + $this->loginHelper('user2'); - // get file contents - $retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared/' . $this->filename); + // get file contents + $retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared/' . $this->filename); - // check if data is the same as previously written - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same as previously written + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // cleanup - if ($withTeardown) { + // cleanup + if ($withTeardown) { - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // unshare the file with user2 - \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2'); + // unshare the file with user2 + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2'); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey')); - // unshare the file with user1 - \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); + // unshare the file with user1 + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); - // cleanup - $this->view->unlink('/admin/files/' . $this->filename); + // cleanup + $this->view->unlink('/admin/files/' . $this->filename); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); - } - } + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); + } + } /** * @param bool $withTeardown * @return array */ function testShareFolder($withTeardown = true) - { - // login as admin - $this->loginHelper('admin'); + { + // login as admin + $this->loginHelper('admin'); - // create folder structure - $this->view->mkdir('/admin/files' . $this->folder1); - $this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder); - $this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder); + // create folder structure + $this->view->mkdir('/admin/files' . $this->folder1); + $this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder); + $this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder); - // save file with content - $cryptedFile = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort); + // save file with content + $cryptedFile = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort); - // test that data was successfully written - $this->assertTrue(is_int($cryptedFile)); + // test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); - // disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // get the file info from previous created folder - $fileInfo = $this->view->getFileInfo('/admin/files' . $this->folder1); + // get the file info from previous created folder + $fileInfo = $this->view->getFileInfo('/admin/files' . $this->folder1); - // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + // check if we have a valid file info + $this->assertTrue(is_array($fileInfo)); - // re-enable the file proxy - \OC_FileProxy::$enabled = $proxyStatus; + // re-enable the file proxy + \OC_FileProxy::$enabled = $proxyStatus; - // share the folder with user1 - \OCP\Share::shareItem('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL); + // share the folder with user1 + \OCP\Share::shareItem('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key for user1 exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); + // check if share key for user1 exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // get file contents - $retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); + // get file contents + $retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); - // check if data is the same - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // cleanup - if ($withTeardown) { + // cleanup + if ($withTeardown) { - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // unshare the folder with user1 - \OCP\Share::unshare('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); + // unshare the folder with user1 + \OCP\Share::unshare('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); - // cleanup - $this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); + // cleanup + $this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey')); - } + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey')); + } - return $fileInfo; - } + return $fileInfo; + } /** * @param bool $withTeardown */ function testReShareFolder($withTeardown = true) - { - $fileInfoFolder1 = $this->testShareFolder(false); + { + $fileInfoFolder1 = $this->testShareFolder(false); - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // get the file info from previous created folder - $fileInfoSubFolder = $this->view->getFileInfo('/user1/files/Shared' . $this->folder1 . $this->subfolder); + // get the file info from previous created folder + $fileInfoSubFolder = $this->view->getFileInfo('/user1/files/Shared' . $this->folder1 . $this->subfolder); - // check if we have a valid file info - $this->assertTrue(is_array($fileInfoSubFolder)); + // check if we have a valid file info + $this->assertTrue(is_array($fileInfoSubFolder)); - // re-enable the file proxy - \OC_FileProxy::$enabled = $proxyStatus; + // re-enable the file proxy + \OC_FileProxy::$enabled = $proxyStatus; - // share the file with user2 - \OCP\Share::shareItem('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL); + // share the file with user2 + \OCP\Share::shareItem('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key for user2 exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey')); + // check if share key for user2 exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey')); - // login as user2 - $this->loginHelper('user2'); + // login as user2 + $this->loginHelper('user2'); - // get file contents - $retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename); + // get file contents + $retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename); - // check if data is the same - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // get the file info - $fileInfo = $this->view->getFileInfo('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename); + // get the file info + $fileInfo = $this->view->getFileInfo('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename); - // check if we have fileInfos - $this->assertTrue(is_array($fileInfo)); + // check if we have fileInfos + $this->assertTrue(is_array($fileInfo)); - // share the file with user3 - \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3', OCP\PERMISSION_ALL); + // share the file with user3 + \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3', OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // check if share key for user3 exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey')); + // check if share key for user3 exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey')); - // login as user3 - $this->loginHelper('user3'); + // login as user3 + $this->loginHelper('user3'); - // get file contents - $retrievedCryptedFile = $this->view->file_get_contents('/user3/files/Shared/' . $this->filename); + // get file contents + $retrievedCryptedFile = $this->view->file_get_contents('/user3/files/Shared/' . $this->filename); - // check if data is the same - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // cleanup - if ($withTeardown) { + // cleanup + if ($withTeardown) { - // login as user2 - $this->loginHelper('user2'); + // login as user2 + $this->loginHelper('user2'); - // unshare the file with user3 - \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3'); + // unshare the file with user3 + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey')); - // login as user1 - $this->loginHelper('user1'); + // login as user1 + $this->loginHelper('user1'); - // unshare the folder with user2 - \OCP\Share::unshare('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2'); + // unshare the folder with user2 + \OCP\Share::unshare('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey')); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // unshare the folder1 with user1 - \OCP\Share::unshare('folder', $fileInfoFolder1['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); + // unshare the folder1 with user1 + \OCP\Share::unshare('folder', $fileInfoFolder1['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1'); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); - // cleanup - $this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); + // cleanup + $this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey')); - } - } + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey')); + } + } - function testPublicShareFile() - { - // login as admin - $this->loginHelper('admin'); + function testPublicShareFile() + { + // login as admin + $this->loginHelper('admin'); - // save file with content - $cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort); + // save file with content + $cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort); - // test that data was successfully written - $this->assertTrue(is_int($cryptedFile)); + // test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); - // disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // get the file info from previous created file - $fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename); + // get the file info from previous created file + $fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename); - // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + // check if we have a valid file info + $this->assertTrue(is_array($fileInfo)); - // check if the unencrypted file size is stored - $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); + // check if the unencrypted file size is stored + $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); - // re-enable the file proxy - \OC_FileProxy::$enabled = $proxyStatus; + // re-enable the file proxy + \OC_FileProxy::$enabled = $proxyStatus; - // share the file - \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, false, OCP\PERMISSION_ALL); + // share the file + \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, false, OCP\PERMISSION_ALL); - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); + $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); - // check if share key for public exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey')); + // check if share key for public exists + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey')); - // some hacking to simulate public link - $GLOBALS['app'] = 'files_sharing'; - $GLOBALS['fileOwner'] = 'admin'; - \OC_User::setUserId(''); + // some hacking to simulate public link + $GLOBALS['app'] = 'files_sharing'; + $GLOBALS['fileOwner'] = 'admin'; + \OC_User::setUserId(''); - // get file contents - $retrievedCryptedFile = file_get_contents('crypt://' . $this->filename); + // get file contents + $retrievedCryptedFile = file_get_contents('crypt://' . $this->filename); - // check if data is the same as we previously written - $this->assertEquals($this->dataShort, $retrievedCryptedFile); + // check if data is the same as we previously written + $this->assertEquals($this->dataShort, $retrievedCryptedFile); - // tear down + // tear down - // login as admin - $this->loginHelper('admin'); + // login as admin + $this->loginHelper('admin'); - // unshare the file - \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); + // unshare the file + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey')); + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey')); - // cleanup - $this->view->unlink('/admin/files/' . $this->filename); + // cleanup + $this->view->unlink('/admin/files/' . $this->filename); - // check if share key not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); - } + // check if share key not exists + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); + } function testShareFileWithGroup() { @@ -581,7 +581,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // save file with content $cryptedFile1 = file_put_contents('crypt://' . $this->filename, $this->dataShort); - $cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename, $this->dataShort); + $cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile1)); @@ -589,9 +589,9 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // check if share key for admin and recovery exists $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey')); - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.admin.shareKey')); - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey')); + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); // disable recovery for admin $this->assertTrue($util->setRecoveryForUser(0)); @@ -600,8 +600,8 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase $util->removeRecoveryKeys('/'); // check if share key for recovery not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); // enable recovery for admin $this->assertTrue($util->setRecoveryForUser(1)); @@ -610,16 +610,16 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase $util->addRecoveryKeys('/'); // check if share key for admin and recovery exists - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); // cleanup $this->view->unlink('/admin/files/' . $this->filename); - $this->view->unlink('/admin/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename); + $this->view->unlink('/admin/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); // check if share key for recovery not exists - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); } function testRecoveryForUser() @@ -648,7 +648,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // save file with content $cryptedFile1 = file_put_contents('crypt://' . $this->filename, $this->dataShort); - $cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename, $this->dataShort); + $cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile1)); @@ -656,9 +656,9 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // check if share key for user and recovery exists $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); - $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.user1.shareKey')); - $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); + $this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); // login as admin $this->loginHelper('admin'); @@ -671,7 +671,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // get file contents $retrievedCryptedFile1 = file_get_contents('crypt://' . $this->filename); - $retrievedCryptedFile2 = file_get_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename); + $retrievedCryptedFile2 = file_get_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); // check if data is the same as we previously written $this->assertEquals($this->dataShort, $retrievedCryptedFile1); @@ -683,9 +683,9 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase // check if share key for user and recovery exists $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey')); - $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.'.$recoveryKeyId.'.shareKey')); - $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.user1.shareKey')); - $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder .'/'. $this->filename . '.'.$recoveryKeyId.'.shareKey')); + $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); + $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey')); + $this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey')); // enable recovery for admin $this->assertTrue($util->setRecoveryForUser(0)); @@ -697,23 +697,23 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase * @param bool $password */ function loginHelper($user, $create = false, $password = false) - { - if ($create) { - \OC_User::createUser($user, $user); - } + { + if ($create) { + \OC_User::createUser($user, $user); + } - if($password === false) { + if ($password === false) { $password = $user; } - \OC_Util::tearDownFS(); - \OC_User::setUserId(''); - \OC\Files\Filesystem::tearDown(); - \OC_Util::setupFS($user); - \OC_User::setUserId($user); + \OC_Util::tearDownFS(); + \OC_User::setUserId(''); + \OC\Files\Filesystem::tearDown(); + \OC_Util::setupFS($user); + \OC_User::setUserId($user); - $params['uid'] = $user; - $params['password'] = $password; - OCA\Encryption\Hooks::login($params); - } + $params['uid'] = $user; + $params['password'] = $password; + OCA\Encryption\Hooks::login($params); + } } diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index 53ac8ee8d63..57ec395342a 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -6,20 +6,21 @@ * See the COPYING-README file. */ -require_once realpath( dirname(__FILE__).'/../../../lib/base.php' ); -require_once realpath( dirname(__FILE__).'/../lib/crypt.php' ); -require_once realpath( dirname(__FILE__).'/../lib/keymanager.php' ); -require_once realpath( dirname(__FILE__).'/../lib/proxy.php' ); -require_once realpath( dirname(__FILE__).'/../lib/stream.php' ); -require_once realpath( dirname(__FILE__).'/../lib/util.php' ); -require_once realpath( dirname(__FILE__).'/../appinfo/app.php' ); +require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); +require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); +require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); +require_once realpath(dirname(__FILE__) . '/../lib/proxy.php'); +require_once realpath(dirname(__FILE__) . '/../lib/stream.php'); +require_once realpath(dirname(__FILE__) . '/../lib/util.php'); +require_once realpath(dirname(__FILE__) . '/../appinfo/app.php'); use OCA\Encryption; /** * Class Test_Encryption_Util */ -class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { +class Test_Encryption_Util extends \PHPUnit_Framework_TestCase +{ public $userId; public $encryptionDir; @@ -38,132 +39,139 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { public $util; public $dataShort; - function setUp() { - // reset backend - \OC_User::useBackend('database'); + function setUp() + { + // reset backend + \OC_User::useBackend('database'); - \OC_User::setUserId( 'admin' ); - $this->userId = 'admin'; - $this->pass = 'admin'; + \OC_User::setUserId('admin'); + $this->userId = 'admin'; + $this->pass = 'admin'; - // set content for encrypting / decrypting in tests - $this->dataUrl = realpath( dirname(__FILE__).'/../lib/crypt.php' ); + // set content for encrypting / decrypting in tests + $this->dataUrl = realpath(dirname(__FILE__) . '/../lib/crypt.php'); $this->dataShort = 'hats'; - $this->dataLong = file_get_contents( realpath( dirname(__FILE__).'/../lib/crypt.php' ) ); - $this->legacyData = realpath( dirname(__FILE__).'/legacy-text.txt' ); - $this->legacyEncryptedData = realpath( dirname(__FILE__).'/legacy-encrypted-text.txt' ); + $this->dataLong = file_get_contents(realpath(dirname(__FILE__) . '/../lib/crypt.php')); + $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); + $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $keypair = Encryption\Crypt::createKeypair(); - - $this->genPublicKey = $keypair['publicKey']; + + $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; - - $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; + + $this->publicKeyDir = '/' . 'public-keys'; + $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key $this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key - $this->view = new \OC_FilesystemView( '/' ); + $this->view = new \OC_FilesystemView('/'); - $userHome = \OC_User::getHome($this->userId); - $this->dataDir = str_replace('/'.$this->userId, '', $userHome); + $userHome = \OC_User::getHome($this->userId); + $this->dataDir = str_replace('/' . $this->userId, '', $userHome); - // Filesystem related hooks - \OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + \OCA\Encryption\Helper::registerFilesystemHooks(); - \OC_FileProxy::register(new OCA\Encryption\Proxy()); + \OC_FileProxy::register(new OCA\Encryption\Proxy()); - \OC_Util::tearDownFS(); - \OC_User::setUserId(''); - \OC\Files\Filesystem::tearDown(); - \OC_Util::setupFS($this->userId); - \OC_User::setUserId($this->userId); + \OC_Util::tearDownFS(); + \OC_User::setUserId(''); + \OC\Files\Filesystem::tearDown(); + \OC_Util::setupFS($this->userId); + \OC_User::setUserId($this->userId); - $params['uid'] = $this->userId; - $params['password'] = $this->pass; - OCA\Encryption\Hooks::login($params); + $params['uid'] = $this->userId; + $params['password'] = $this->pass; + OCA\Encryption\Hooks::login($params); - $this->util = new Encryption\Util( $this->view, $this->userId ); + $this->util = new Encryption\Util($this->view, $this->userId); } - - function tearDown(){ - + + function tearDown() + { + \OC_FileProxy::clearProxies(); } - + /** * @brief test that paths set during User construction are correct */ - function testKeyPaths() { - - $util = new Encryption\Util( $this->view, $this->userId ); - - $this->assertEquals( $this->publicKeyDir, $util->getPath( 'publicKeyDir' ) ); - $this->assertEquals( $this->encryptionDir, $util->getPath( 'encryptionDir' ) ); - $this->assertEquals( $this->keyfilesPath, $util->getPath( 'keyfilesPath' ) ); - $this->assertEquals( $this->publicKeyPath, $util->getPath( 'publicKeyPath' ) ); - $this->assertEquals( $this->privateKeyPath, $util->getPath( 'privateKeyPath' ) ); - + function testKeyPaths() + { + + $util = new Encryption\Util($this->view, $this->userId); + + $this->assertEquals($this->publicKeyDir, $util->getPath('publicKeyDir')); + $this->assertEquals($this->encryptionDir, $util->getPath('encryptionDir')); + $this->assertEquals($this->keyfilesPath, $util->getPath('keyfilesPath')); + $this->assertEquals($this->publicKeyPath, $util->getPath('publicKeyPath')); + $this->assertEquals($this->privateKeyPath, $util->getPath('privateKeyPath')); + } - + /** * @brief test setup of encryption directories */ - function testSetupServerSide() { - - $this->assertEquals( true, $this->util->setupServerSide( $this->pass ) ); + function testSetupServerSide() + { + + $this->assertEquals(true, $this->util->setupServerSide($this->pass)); } - + /** * @brief test checking whether account is ready for encryption, */ - function testUserIsReady() { - - $this->assertEquals( true, $this->util->ready() ); + function testUserIsReady() + { + + $this->assertEquals(true, $this->util->ready()); } - - function testRecoveryEnabledForUser() { - - $util = new Encryption\Util( $this->view, $this->userId ); - + + function testRecoveryEnabledForUser() + { + + $util = new Encryption\Util($this->view, $this->userId); + // Record the value so we can return it to it's original state later $enabled = $util->recoveryEnabledForUser(); - - $this->assertTrue( $util->setRecoveryForUser( 1 ) ); - - $this->assertEquals( 1, $util->recoveryEnabledForUser() ); - - $this->assertTrue( $util->setRecoveryForUser( 0 ) ); - - $this->assertEquals( 0, $util->recoveryEnabledForUser() ); - + + $this->assertTrue($util->setRecoveryForUser(1)); + + $this->assertEquals(1, $util->recoveryEnabledForUser()); + + $this->assertTrue($util->setRecoveryForUser(0)); + + $this->assertEquals(0, $util->recoveryEnabledForUser()); + // Return the setting to it's previous state - $this->assertTrue( $util->setRecoveryForUser( $enabled ) ); - + $this->assertTrue($util->setRecoveryForUser($enabled)); + } - - function testGetUidAndFilename() { - - \OC_User::setUserId( 'admin' ); - $filename = 'tmp-'.time().'.test'; + function testGetUidAndFilename() + { + + \OC_User::setUserId('admin'); + + $filename = 'tmp-' . time() . '.test'; - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - $this->view->file_put_contents($this->userId . '/files/' . $filename, $this->dataShort); + $this->view->file_put_contents($this->userId . '/files/' . $filename, $this->dataShort); - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; - $util = new Encryption\Util( $this->view, $this->userId ); + $util = new Encryption\Util($this->view, $this->userId); - list($fileOwnerUid, $file) = $util->getUidAndFilename( $filename ); + list($fileOwnerUid, $file) = $util->getUidAndFilename($filename); - $this->assertEquals('admin', $fileOwnerUid); + $this->assertEquals('admin', $fileOwnerUid); - $this->assertEquals($file, $filename); + $this->assertEquals($file, $filename); } } \ No newline at end of file -- cgit v1.2.3 From 64591cf7547258aa15136329d8ed582701b4107a Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 21 May 2013 10:30:24 +0200 Subject: move 3rdparty dependencies to app --- .../3rdparty/Crypt_Blowfish/Blowfish.php | 317 ++++++++++++++++++++ .../Crypt_Blowfish/Blowfish/DefaultKey.php | 327 +++++++++++++++++++++ apps/files_encryption/lib/crypt.php | 2 +- apps/files_encryption/tests/crypt.php | 2 +- apps/files_encryption/tests/share.php | 2 +- 5 files changed, 647 insertions(+), 3 deletions(-) create mode 100644 apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish.php create mode 100644 apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish/DefaultKey.php (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish.php b/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish.php new file mode 100644 index 00000000000..4ccacb963e3 --- /dev/null +++ b/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish.php @@ -0,0 +1,317 @@ + + * @copyright 2005 Matthew Fonda + * @license http://www.php.net/license/3_0.txt PHP License 3.0 + * @version CVS: $Id: Blowfish.php,v 1.81 2005/05/30 18:40:36 mfonda Exp $ + * @link http://pear.php.net/package/Crypt_Blowfish + */ + + +require_once 'PEAR.php'; + + +/** + * + * Example usage: + * $bf = new Crypt_Blowfish('some secret key!'); + * $encrypted = $bf->encrypt('this is some example plain text'); + * $plaintext = $bf->decrypt($encrypted); + * echo "plain text: $plaintext"; + * + * + * @category Encryption + * @package Crypt_Blowfish + * @author Matthew Fonda + * @copyright 2005 Matthew Fonda + * @license http://www.php.net/license/3_0.txt PHP License 3.0 + * @link http://pear.php.net/package/Crypt_Blowfish + * @version @package_version@ + * @access public + */ +class Crypt_Blowfish +{ + /** + * P-Array contains 18 32-bit subkeys + * + * @var array + * @access private + */ + var $_P = array(); + + + /** + * Array of four S-Blocks each containing 256 32-bit entries + * + * @var array + * @access private + */ + var $_S = array(); + + /** + * Mcrypt td resource + * + * @var resource + * @access private + */ + var $_td = null; + + /** + * Initialization vector + * + * @var string + * @access private + */ + var $_iv = null; + + + /** + * Crypt_Blowfish Constructor + * Initializes the Crypt_Blowfish object, and gives a sets + * the secret key + * + * @param string $key + * @access public + */ + function Crypt_Blowfish($key) + { + if (extension_loaded('mcrypt')) { + $this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', ''); + $this->_iv = mcrypt_create_iv(8, MCRYPT_RAND); + } + $this->setKey($key); + } + + /** + * Deprecated isReady method + * + * @return bool + * @access public + * @deprecated + */ + function isReady() + { + return true; + } + + /** + * Deprecated init method - init is now a private + * method and has been replaced with _init + * + * @return bool + * @access public + * @deprecated + * @see Crypt_Blowfish::_init() + */ + function init() + { + $this->_init(); + } + + /** + * Initializes the Crypt_Blowfish object + * + * @access private + */ + function _init() + { + $defaults = new Crypt_Blowfish_DefaultKey(); + $this->_P = $defaults->P; + $this->_S = $defaults->S; + } + + /** + * Enciphers a single 64 bit block + * + * @param int &$Xl + * @param int &$Xr + * @access private + */ + function _encipher(&$Xl, &$Xr) + { + for ($i = 0; $i < 16; $i++) { + $temp = $Xl ^ $this->_P[$i]; + $Xl = ((($this->_S[0][($temp>>24) & 255] + + $this->_S[1][($temp>>16) & 255]) ^ + $this->_S[2][($temp>>8) & 255]) + + $this->_S[3][$temp & 255]) ^ $Xr; + $Xr = $temp; + } + $Xr = $Xl ^ $this->_P[16]; + $Xl = $temp ^ $this->_P[17]; + } + + + /** + * Deciphers a single 64 bit block + * + * @param int &$Xl + * @param int &$Xr + * @access private + */ + function _decipher(&$Xl, &$Xr) + { + for ($i = 17; $i > 1; $i--) { + $temp = $Xl ^ $this->_P[$i]; + $Xl = ((($this->_S[0][($temp>>24) & 255] + + $this->_S[1][($temp>>16) & 255]) ^ + $this->_S[2][($temp>>8) & 255]) + + $this->_S[3][$temp & 255]) ^ $Xr; + $Xr = $temp; + } + $Xr = $Xl ^ $this->_P[1]; + $Xl = $temp ^ $this->_P[0]; + } + + + /** + * Encrypts a string + * + * @param string $plainText + * @return string Returns cipher text on success, PEAR_Error on failure + * @access public + */ + function encrypt($plainText) + { + if (!is_string($plainText)) { + PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE); + } + + if (extension_loaded('mcrypt')) { + return mcrypt_generic($this->_td, $plainText); + } + + $cipherText = ''; + $len = strlen($plainText); + $plainText .= str_repeat(chr(0),(8 - ($len%8))%8); + for ($i = 0; $i < $len; $i += 8) { + list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8)); + $this->_encipher($Xl, $Xr); + $cipherText .= pack("N2", $Xl, $Xr); + } + return $cipherText; + } + + + /** + * Decrypts an encrypted string + * + * @param string $cipherText + * @return string Returns plain text on success, PEAR_Error on failure + * @access public + */ + function decrypt($cipherText) + { + if (!is_string($cipherText)) { + PEAR::raiseError('Cipher text must be a string', 1, PEAR_ERROR_DIE); + } + + if (extension_loaded('mcrypt')) { + return mdecrypt_generic($this->_td, $cipherText); + } + + $plainText = ''; + $len = strlen($cipherText); + $cipherText .= str_repeat(chr(0),(8 - ($len%8))%8); + for ($i = 0; $i < $len; $i += 8) { + list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8)); + $this->_decipher($Xl, $Xr); + $plainText .= pack("N2", $Xl, $Xr); + } + return $plainText; + } + + + /** + * Sets the secret key + * The key must be non-zero, and less than or equal to + * 56 characters in length. + * + * @param string $key + * @return bool Returns true on success, PEAR_Error on failure + * @access public + */ + function setKey($key) + { + if (!is_string($key)) { + PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE); + } + + $len = strlen($key); + + if ($len > 56 || $len == 0) { + PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE); + } + + if (extension_loaded('mcrypt')) { + mcrypt_generic_init($this->_td, $key, $this->_iv); + return true; + } + + require_once 'Blowfish/DefaultKey.php'; + $this->_init(); + + $k = 0; + $data = 0; + $datal = 0; + $datar = 0; + + for ($i = 0; $i < 18; $i++) { + $data = 0; + for ($j = 4; $j > 0; $j--) { + $data = $data << 8 | ord($key{$k}); + $k = ($k+1) % $len; + } + $this->_P[$i] ^= $data; + } + + for ($i = 0; $i <= 16; $i += 2) { + $this->_encipher($datal, $datar); + $this->_P[$i] = $datal; + $this->_P[$i+1] = $datar; + } + for ($i = 0; $i < 256; $i += 2) { + $this->_encipher($datal, $datar); + $this->_S[0][$i] = $datal; + $this->_S[0][$i+1] = $datar; + } + for ($i = 0; $i < 256; $i += 2) { + $this->_encipher($datal, $datar); + $this->_S[1][$i] = $datal; + $this->_S[1][$i+1] = $datar; + } + for ($i = 0; $i < 256; $i += 2) { + $this->_encipher($datal, $datar); + $this->_S[2][$i] = $datal; + $this->_S[2][$i+1] = $datar; + } + for ($i = 0; $i < 256; $i += 2) { + $this->_encipher($datal, $datar); + $this->_S[3][$i] = $datal; + $this->_S[3][$i+1] = $datar; + } + + return true; + } + +} + +?> diff --git a/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish/DefaultKey.php b/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish/DefaultKey.php new file mode 100644 index 00000000000..2ff8ac788a6 --- /dev/null +++ b/apps/files_encryption/3rdparty/Crypt_Blowfish/Blowfish/DefaultKey.php @@ -0,0 +1,327 @@ + + * @copyright 2005 Matthew Fonda + * @license http://www.php.net/license/3_0.txt PHP License 3.0 + * @version CVS: $Id: DefaultKey.php,v 1.81 2005/05/30 18:40:37 mfonda Exp $ + * @link http://pear.php.net/package/Crypt_Blowfish + */ + + +/** + * Class containing default key + * + * @category Encryption + * @package Crypt_Blowfish + * @author Matthew Fonda + * @copyright 2005 Matthew Fonda + * @license http://www.php.net/license/3_0.txt PHP License 3.0 + * @link http://pear.php.net/package/Crypt_Blowfish + * @version @package_version@ + * @access public + */ +class Crypt_Blowfish_DefaultKey +{ + var $P = array(); + + var $S = array(); + + function Crypt_Blowfish_DefaultKey() + { + $this->P = array( + 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, + 0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89, + 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, + 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, + 0x9216D5D9, 0x8979FB1B + ); + + $this->S = array( + array( + 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, + 0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99, + 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16, + 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, + 0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE, + 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013, + 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, + 0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E, + 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60, + 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, + 0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE, + 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A, + 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, + 0xAFD6BA33, 0x6C24CF5C, 0x7A325381, 0x28958677, + 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193, + 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, + 0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88, + 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239, + 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, + 0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0, + 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3, + 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, + 0xA1F1651D, 0x39AF0176, 0x66CA593E, 0x82430E88, + 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE, + 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, + 0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D, + 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B, + 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, + 0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA, + 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463, + 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, + 0x6DFC511F, 0x9B30952C, 0xCC814544, 0xAF5EBD09, + 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3, + 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, + 0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279, + 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8, + 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, + 0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82, + 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB, + 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, + 0x695B27B0, 0xBBCA58C8, 0xE1FFA35D, 0xB8F011A0, + 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B, + 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, + 0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8, + 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4, + 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, + 0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7, + 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C, + 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, + 0x2F2F2218, 0xBE0E1777, 0xEA752DFE, 0x8B021FA1, + 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299, + 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, + 0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477, + 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF, + 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, + 0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF, + 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA, + 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, + 0x83260376, 0x6295CFA9, 0x11C81968, 0x4E734A41, + 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915, + 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, + 0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915, + 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664, + 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A + ), + array( + 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, + 0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266, + 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1, + 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, + 0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6, + 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1, + 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, + 0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1, + 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737, + 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, + 0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF, + 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD, + 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, + 0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7, + 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41, + 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, + 0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF, + 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF, + 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, + 0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87, + 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C, + 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, + 0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16, + 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD, + 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, + 0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509, + 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E, + 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, + 0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F, + 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A, + 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, + 0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960, + 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66, + 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, + 0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802, + 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84, + 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, + 0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF, + 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14, + 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, + 0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50, + 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7, + 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, + 0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281, + 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99, + 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, + 0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128, + 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73, + 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, + 0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0, + 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105, + 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, + 0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3, + 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285, + 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, + 0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061, + 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB, + 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, + 0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735, + 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC, + 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, + 0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340, + 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20, + 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7 + ), + array( + 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, + 0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068, + 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF, + 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, + 0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45, + 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504, + 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, + 0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB, + 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE, + 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, + 0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42, + 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B, + 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, + 0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB, + 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527, + 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, + 0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33, + 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C, + 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, + 0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC, + 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17, + 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, + 0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B, + 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115, + 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, + 0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728, + 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0, + 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, + 0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37, + 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D, + 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, + 0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B, + 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3, + 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, + 0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D, + 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C, + 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, + 0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9, + 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A, + 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, + 0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D, + 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC, + 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, + 0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61, + 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2, + 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, + 0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2, + 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C, + 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, + 0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633, + 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10, + 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, + 0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52, + 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027, + 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, + 0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62, + 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634, + 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, + 0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24, + 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC, + 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, + 0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C, + 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837, + 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0 + ), + array( + 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, + 0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE, + 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B, + 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, + 0x5748AB2F, 0xBC946E79, 0xC6A376D2, 0x6549C2C8, + 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6, + 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, + 0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22, + 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4, + 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, + 0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9, + 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59, + 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, + 0xE990FD5A, 0x9E34D797, 0x2CF0B7D9, 0x022B8B51, + 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28, + 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, + 0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B, + 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28, + 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, + 0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD, + 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A, + 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, + 0x7533D928, 0xB155FDF5, 0x03563482, 0x8ABA3CBB, + 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F, + 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, + 0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32, + 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680, + 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, + 0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE, + 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB, + 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, + 0x72EACEA8, 0xFA6484BB, 0x8D6612AE, 0xBF3C6F47, + 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370, + 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, + 0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84, + 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048, + 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, + 0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD, + 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9, + 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, + 0x1A908749, 0xD44FBD9A, 0xD0DADECB, 0xD50ADA38, + 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F, + 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, + 0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525, + 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1, + 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, + 0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964, + 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E, + 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, + 0xDF359F8D, 0x9B992F2E, 0xE60B6F47, 0x0FE3F11D, + 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F, + 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, + 0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02, + 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC, + 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, + 0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A, + 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6, + 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, + 0x53113EC0, 0x1640E3D3, 0x38ABBD60, 0x2547ADF0, + 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060, + 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, + 0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9, + 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F, + 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 + ) + ); + } + +} + +?> diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 783c19d2542..8ff9fc5ff5b 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -25,7 +25,7 @@ namespace OCA\Encryption; -require_once 'Crypt_Blowfish/Blowfish.php'; +require_once '../3rdparty/Crypt_Blowfish/Blowfish.php'; /** * Class for common cryptography functionality diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 049f3fb5d98..eaedc485413 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -7,7 +7,7 @@ * See the COPYING-README file. */ -require_once realpath(dirname(__FILE__) . '/../../../3rdparty/Crypt_Blowfish/Blowfish.php'); +require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php index 849f16c696d..e205ff2b62e 100755 --- a/apps/files_encryption/tests/share.php +++ b/apps/files_encryption/tests/share.php @@ -20,7 +20,7 @@ * */ -require_once realpath(dirname(__FILE__) . '/../../../3rdparty/Crypt_Blowfish/Blowfish.php'); +require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); -- cgit v1.2.3 From 9d324db05481620fd9a6883c1315e0b31fc21c45 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 21 May 2013 12:33:32 +0200 Subject: fix path to 3rdparty apps --- apps/files_encryption/lib/crypt.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 8ff9fc5ff5b..1a5c9300a27 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -25,7 +25,8 @@ namespace OCA\Encryption; -require_once '../3rdparty/Crypt_Blowfish/Blowfish.php'; +//require_once '../3rdparty/Crypt_Blowfish/Blowfish.php'; +require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); /** * Class for common cryptography functionality -- cgit v1.2.3 From 6c8de5ae6d11886d498e810808484a2bdfeaef12 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Thu, 23 May 2013 23:56:31 +0200 Subject: fixes after review from @DeepDiver1975 --- apps/files_encryption/hooks/hooks.php | 2 +- apps/files_encryption/js/settings-admin.js | 2 +- apps/files_encryption/js/settings-personal.js | 2 +- apps/files_encryption/lib/crypt.php | 246 ++++----- apps/files_encryption/lib/helper.php | 92 ++-- apps/files_encryption/lib/keymanager.php | 230 ++++---- apps/files_encryption/lib/proxy.php | 204 ++++--- apps/files_encryption/lib/session.php | 64 +-- apps/files_encryption/lib/stream.php | 170 +++--- apps/files_encryption/lib/util.php | 601 ++++++++++----------- apps/files_encryption/settings-admin.php | 1 - apps/files_encryption/settings-personal.php | 1 - .../templates/settings-personal.php | 13 - 13 files changed, 752 insertions(+), 876 deletions(-) (limited to 'apps/files_encryption/lib/crypt.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 53afefc721b..2066300a163 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -189,7 +189,7 @@ class Hooks { // Save public key $view->file_put_contents( '/public-keys/'.$user.'.public.key', $keypair['publicKey'] ); - // Encrypt private key empthy passphrase + // Encrypt private key empty passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $newUserPassword ); // Save private key diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js index c58d75341df..7c1866445ee 100644 --- a/apps/files_encryption/js/settings-admin.js +++ b/apps/files_encryption/js/settings-admin.js @@ -99,4 +99,4 @@ $(document).ready(function(){ ); }); -}) \ No newline at end of file +}); \ No newline at end of file diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js index 3b9b00dc797..312b672ad46 100644 --- a/apps/files_encryption/js/settings-personal.js +++ b/apps/files_encryption/js/settings-personal.js @@ -57,4 +57,4 @@ $(document).ready(function(){ } ); -}) \ No newline at end of file +}); \ No newline at end of file diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 1a5c9300a27..f5b7a8a0a40 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -26,7 +26,7 @@ namespace OCA\Encryption; //require_once '../3rdparty/Crypt_Blowfish/Blowfish.php'; -require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); +require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' ); /** * Class for common cryptography functionality @@ -40,8 +40,7 @@ class Crypt * @param string $user name (use system wide setting if name=null) * @return string 'client' or 'server' */ - public static function mode($user = null) - { + public static function mode( $user = null ) { return 'server'; @@ -51,20 +50,19 @@ class Crypt * @brief Create a new encryption keypair * @return array publicKey, privatekey */ - public static function createKeypair() - { + public static function createKeypair() { - $res = openssl_pkey_new(array('private_key_bits' => 4096)); + $res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) ); // Get private key - openssl_pkey_export($res, $privateKey); + openssl_pkey_export( $res, $privateKey ); // Get public key - $publicKey = openssl_pkey_get_details($res); + $publicKey = openssl_pkey_get_details( $res ); $publicKey = $publicKey['key']; - return (array('publicKey' => $publicKey, 'privateKey' => $privateKey)); + return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) ); } @@ -77,8 +75,7 @@ class Crypt * blocks with encryption alone, hence padding is added to achieve the * required length. */ - public static function addPadding($data) - { + public static function addPadding( $data ) { $padded = $data . 'xx'; @@ -91,12 +88,11 @@ class Crypt * @param string $padded padded data to remove padding from * @return string unpadded data on success, false on error */ - public static function removePadding($padded) - { + public static function removePadding( $padded ) { - if (substr($padded, -2) == 'xx') { + if ( substr( $padded, -2 ) == 'xx' ) { - $data = substr($padded, 0, -2); + $data = substr( $padded, 0, -2 ); return $data; @@ -115,27 +111,26 @@ class Crypt * @return boolean * @note see also OCA\Encryption\Util->isEncryptedPath() */ - public static function isCatfileContent($content) - { + public static function isCatfileContent( $content ) { - if (!$content) { + if ( !$content ) { return false; } - $noPadding = self::removePadding($content); + $noPadding = self::removePadding( $content ); // Fetch encryption metadata from end of file - $meta = substr($noPadding, -22); + $meta = substr( $noPadding, -22 ); // Fetch IV from end of file - $iv = substr($meta, -16); + $iv = substr( $meta, -16 ); // Fetch identifier from start of metadata - $identifier = substr($meta, 0, 6); + $identifier = substr( $meta, 0, 6 ); - if ($identifier == '00iv00') { + if ( $identifier == '00iv00' ) { return true; @@ -152,16 +147,15 @@ class Crypt * @param string $path * @return bool */ - public static function isEncryptedMeta($path) - { + public static function isEncryptedMeta( $path ) { // TODO: Use DI to get \OC\Files\Filesystem out of here // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo($path); + $metadata = \OC\Files\Filesystem::getFileInfo( $path ); // Return encryption status - return isset($metadata['encrypted']) and ( bool )$metadata['encrypted']; + return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted']; } @@ -172,19 +166,18 @@ class Crypt * e.g. filename or /Docs/filename, NOT admin/files/filename * @return boolean */ - public static function isLegacyEncryptedContent($data, $relPath) - { + public static function isLegacyEncryptedContent( $data, $relPath ) { // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo($relPath, ''); + $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' ); // If a file is flagged with encryption in DB, but isn't a // valid content + IV combination, it's probably using the // legacy encryption system if ( - isset($metadata['encrypted']) + isset( $metadata['encrypted'] ) and $metadata['encrypted'] === true - and !self::isCatfileContent($data) + and !self::isCatfileContent( $data ) ) { return true; @@ -199,18 +192,20 @@ class Crypt /** * @brief Symmetrically encrypt a string + * @param $plainContent + * @param $iv + * @param string $passphrase * @return string encrypted file content */ - public static function encrypt($plainContent, $iv, $passphrase = '') - { + public static function encrypt( $plainContent, $iv, $passphrase = '' ) { - if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) { + if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { return $encryptedContent; } else { - \OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR); + \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR ); return false; @@ -220,21 +215,21 @@ class Crypt /** * @brief Symmetrically decrypt a string + * @param $encryptedContent + * @param $iv + * @param $passphrase + * @throws \Exception * @return string decrypted file content */ - public static function decrypt($encryptedContent, $iv, $passphrase) - { + public static function decrypt( $encryptedContent, $iv, $passphrase ) { - if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) { + if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { return $plainContent; - } else { - throw new \Exception('Encryption library: Decryption (symmetric) of content failed'); - - return false; + throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' ); } @@ -246,8 +241,7 @@ class Crypt * @param string $iv IV to be concatenated * @returns string concatenated content */ - public static function concatIv($content, $iv) - { + public static function concatIv( $content, $iv ) { $combined = $content . '00iv00' . $iv; @@ -260,17 +254,16 @@ class Crypt * @param string $catFile concatenated data to be split * @returns array keys: encrypted, iv */ - public static function splitIv($catFile) - { + public static function splitIv( $catFile ) { // Fetch encryption metadata from end of file - $meta = substr($catFile, -22); + $meta = substr( $catFile, -22 ); // Fetch IV from end of file - $iv = substr($meta, -16); + $iv = substr( $meta, -16 ); // Remove IV and IV identifier text to expose encrypted content - $encrypted = substr($catFile, 0, -22); + $encrypted = substr( $catFile, 0, -22 ); $split = array( 'encrypted' => $encrypted @@ -290,10 +283,9 @@ class Crypt * @note IV need not be specified, as it will be stored in the returned keyfile * and remain accessible therein. */ - public static function symmetricEncryptFileContent($plainContent, $passphrase = '') - { + public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) { - if (!$plainContent) { + if ( !$plainContent ) { return false; @@ -301,18 +293,18 @@ class Crypt $iv = self::generateIv(); - if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) { + if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) { // Combine content to encrypt with IV identifier and actual IV - $catfile = self::concatIv($encryptedContent, $iv); + $catfile = self::concatIv( $encryptedContent, $iv ); - $padded = self::addPadding($catfile); + $padded = self::addPadding( $catfile ); return $padded; } else { - \OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR); + \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR ); return false; @@ -334,25 +326,26 @@ class Crypt * * This function decrypts a file */ - public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '') - { + public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) { - if (!$keyfileContent) { + if ( !$keyfileContent ) { - throw new \Exception('Encryption library: no data provided for decryption'); + throw new \Exception( 'Encryption library: no data provided for decryption' ); } // Remove padding - $noPadding = self::removePadding($keyfileContent); + $noPadding = self::removePadding( $keyfileContent ); // Split into enc data and catfile - $catfile = self::splitIv($noPadding); + $catfile = self::splitIv( $noPadding ); - if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) { + if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) { return $plainContent; + } else { + return false; } } @@ -365,16 +358,15 @@ class Crypt * * This function decrypts a file */ - public static function symmetricEncryptFileContentKeyfile($plainContent) - { + public static function symmetricEncryptFileContentKeyfile( $plainContent ) { $key = self::generateKey(); - if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) { + if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) { return array( - 'key' => $key - , 'encrypted' => $encryptedContent + 'key' => $key, + 'encrypted' => $encryptedContent ); } else { @@ -392,29 +384,28 @@ class Crypt * @returns array keys: keys (array, key = userId), data * @note symmetricDecryptFileContent() can decrypt files created using this method */ - public static function multiKeyEncrypt($plainContent, array $publicKeys) - { + public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { // openssl_seal returns false without errors if $plainContent // is empty, so trigger our own error - if (empty($plainContent)) { + if ( empty( $plainContent ) ) { - trigger_error("Cannot mutliKeyEncrypt empty plain content"); - throw new \Exception('Cannot mutliKeyEncrypt empty plain content'); + throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' ); } // Set empty vars to be set by openssl by reference $sealed = ''; $shareKeys = array(); + $mappedShareKeys = array(); - if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) { + if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { $i = 0; // Ensure each shareKey is labelled with its // corresponding userId - foreach ($publicKeys as $userId => $publicKey) { + foreach ( $publicKeys as $userId => $publicKey ) { $mappedShareKeys[$userId] = $shareKeys[$i]; $i++; @@ -422,8 +413,8 @@ class Crypt } return array( - 'keys' => $mappedShareKeys - , 'data' => $sealed + 'keys' => $mappedShareKeys, + 'data' => $sealed ); } else { @@ -446,22 +437,21 @@ class Crypt * * This function decrypts a file */ - public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) - { + public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) { - if (!$encryptedContent) { + if ( !$encryptedContent ) { return false; } - if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { + if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) { return $plainContent; } else { - \OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR); + \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR ); return false; @@ -473,10 +463,9 @@ class Crypt * @brief Asymetrically encrypt a string using a public key * @return string encrypted file */ - public static function keyEncrypt($plainContent, $publicKey) - { + public static function keyEncrypt( $plainContent, $publicKey ) { - openssl_public_encrypt($plainContent, $encryptedContent, $publicKey); + openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); return $encryptedContent; @@ -486,12 +475,11 @@ class Crypt * @brief Asymetrically decrypt a file using a private key * @return string decrypted file */ - public static function keyDecrypt($encryptedContent, $privatekey) - { + public static function keyDecrypt( $encryptedContent, $privatekey ) { - $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey); + $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); - if ($result) { + if ( $result ) { return $plainContent; } @@ -503,27 +491,26 @@ class Crypt * @brief Generates a pseudo random initialisation vector * @return String $iv generated IV */ - public static function generateIv() - { + public static function generateIv() { - if ($random = openssl_random_pseudo_bytes(12, $strong)) { + if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { - if (!$strong) { + if ( !$strong ) { // If OpenSSL indicates randomness is insecure, log error - \OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN); + \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN ); } // We encode the iv purely for string manipulation // purposes - it gets decoded before use - $iv = base64_encode($random); + $iv = base64_encode( $random ); return $iv; } else { - throw new \Exception('Generating IV failed'); + throw new \Exception( 'Generating IV failed' ); } @@ -533,16 +520,15 @@ class Crypt * @brief Generate a pseudo random 1024kb ASCII key * @returns $key Generated key */ - public static function generateKey() - { + public static function generateKey() { // Generate key - if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) { + if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) { - if (!$strong) { + if ( !$strong ) { // If OpenSSL indicates randomness is insecure, log error - throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()'); + throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); } @@ -563,12 +549,11 @@ class Crypt * * if the key is left out, the default handeler will be used */ - public static function getBlowfish($key = '') - { + public static function getBlowfish( $key = '' ) { - if ($key) { + if ( $key ) { - return new \Crypt_Blowfish($key); + return new \Crypt_Blowfish( $key ); } else { @@ -582,14 +567,13 @@ class Crypt * @param $passphrase * @return mixed */ - public static function legacyCreateKey($passphrase) - { + public static function legacyCreateKey( $passphrase ) { // Generate a random integer - $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999); + $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ); // Encrypt the key with the passphrase - $legacyEncKey = self::legacyEncrypt($key, $passphrase); + $legacyEncKey = self::legacyEncrypt( $key, $passphrase ); return $legacyEncKey; @@ -605,12 +589,11 @@ class Crypt * * This function encrypts an content */ - public static function legacyEncrypt($content, $passphrase = '') - { + public static function legacyEncrypt( $content, $passphrase = '' ) { - $bf = self::getBlowfish($passphrase); + $bf = self::getBlowfish( $passphrase ); - return $bf->encrypt($content); + return $bf->encrypt( $content ); } @@ -624,14 +607,13 @@ class Crypt * * This function decrypts an content */ - public static function legacyDecrypt($content, $passphrase = '') - { + public static function legacyDecrypt( $content, $passphrase = '' ) { - $bf = self::getBlowfish($passphrase); + $bf = self::getBlowfish( $passphrase ); - $decrypted = $bf->decrypt($content); + $decrypted = $bf->decrypt( $content ); - return rtrim($decrypted, "\0");; + return rtrim( $decrypted, "\0" );; } @@ -641,17 +623,16 @@ class Crypt * @param int $maxLength * @return string */ - private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0) - { + private static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) { $result = ''; - while (strlen($data)) { - $result .= self::legacyDecrypt(substr($data, 0, 8192), $key); - $data = substr($data, 8192); + while ( strlen( $data ) ) { + $result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key ); + $data = substr( $data, 8192 ); } - if ($maxLength > 0) { - return substr($result, 0, $maxLength); + if ( $maxLength > 0 ) { + return substr( $result, 0, $maxLength ); } else { - return rtrim($result, "\0"); + return rtrim( $result, "\0" ); } } @@ -663,18 +644,17 @@ class Crypt * @param $path * @return array */ - public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path) - { + public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) { - $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); + $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase ); // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); + $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted ); // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); + $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); - return array('data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys']); + return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); } diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index e4bf2c1226a..43f573c16b9 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -37,35 +37,32 @@ class Helper * @brief register share related hooks * */ - public static function registerShareHooks() - { + public static function registerShareHooks() { - \OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared'); - \OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared'); - \OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare'); + \OCP\Util::connectHook( 'OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared' ); + \OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); + \OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); } /** * @brief register user related hooks * */ - public static function registerUserHooks() - { + public static function registerUserHooks() { - \OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login'); - \OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase'); - \OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser'); - \OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser'); + \OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); + \OCP\Util::connectHook( 'OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' ); + \OCP\Util::connectHook( 'OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser' ); + \OCP\Util::connectHook( 'OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser' ); } /** * @brief register filesystem related hooks * */ - public static function registerFilesystemHooks() - { + public static function registerFilesystemHooks() { - \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename'); + \OCP\Util::connectHook( 'OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename' ); } /** @@ -75,14 +72,13 @@ class Helper * @param string $password * @return bool */ - public static function setupUser($util, $password) - { + public static function setupUser( $util, $password ) { // Check files_encryption infrastructure is ready for action - if (!$util->ready()) { + if ( !$util->ready() ) { - \OC_Log::write('Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG); + \OC_Log::write( 'Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG ); - if (!$util->setupServerSide($password)) { + if ( !$util->setupServerSide( $password ) ) { return false; } } @@ -99,22 +95,21 @@ class Helper * @internal param string $password * @return bool */ - public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) - { - $view = new \OC\Files\View('/'); + public static function adminEnableRecovery( $recoveryKeyId, $recoveryPassword ) { + $view = new \OC\Files\View( '/' ); - if ($recoveryKeyId === null) { - $recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8); - \OC_Appconfig::setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId); + if ( $recoveryKeyId === null ) { + $recoveryKeyId = 'recovery_' . substr( md5( time() ), 0, 8 ); + \OC_Appconfig::setValue( 'files_encryption', 'recoveryKeyId', $recoveryKeyId ); } - if (!$view->is_dir('/owncloud_private_key')) { - $view->mkdir('/owncloud_private_key'); + if ( !$view->is_dir( '/owncloud_private_key' ) ) { + $view->mkdir( '/owncloud_private_key' ); } if ( - (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key") - || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key")) + ( !$view->file_exists( "/public-keys/" . $recoveryKeyId . ".public.key" ) + || !$view->file_exists( "/owncloud_private_key/" . $recoveryKeyId . ".private.key" ) ) ) { $keypair = \OCA\Encryption\Crypt::createKeypair(); @@ -123,37 +118,37 @@ class Helper // Save public key - if (!$view->is_dir('/public-keys')) { - $view->mkdir('/public-keys'); + if ( !$view->is_dir( '/public-keys' ) ) { + $view->mkdir( '/public-keys' ); } - $view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']); + $view->file_put_contents( '/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey'] ); // Encrypt private key empthy passphrase - $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword); + $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $recoveryPassword ); // Save private key - $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey); + $view->file_put_contents( '/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey ); // create control file which let us check later on if the entered password was correct. - $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']); - if (!$view->is_dir('/control-file')) { - $view->mkdir('/control-file'); + $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt( "ownCloud", $keypair['publicKey'] ); + if ( !$view->is_dir( '/control-file' ) ) { + $view->mkdir( '/control-file' ); } - $view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData); + $view->file_put_contents( '/control-file/controlfile.enc', $encryptedControlData ); \OC_FileProxy::$enabled = true; // Set recoveryAdmin as enabled - \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); + \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 ); $return = true; } else { // get recovery key and check the password - $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser()); - $return = $util->checkRecoveryPassword($_POST['recoveryPassword']); - if ($return) { - \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); + $util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() ); + $return = $util->checkRecoveryPassword( $_POST['recoveryPassword'] ); + if ( $return ) { + \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 ); } } @@ -167,14 +162,13 @@ class Helper * @param $recoveryPassword * @return bool */ - public static function adminDisableRecovery($recoveryPassword) - { - $util = new Util(new \OC_FilesystemView('/'), \OCP\User::getUser()); - $return = $util->checkRecoveryPassword($recoveryPassword); + public static function adminDisableRecovery( $recoveryPassword ) { + $util = new Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() ); + $return = $util->checkRecoveryPassword( $recoveryPassword ); - if ($return) { + if ( $return ) { // Set recoveryAdmin as disabled - \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0); + \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 ); } return $return; diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index a8cbc19d401..aaa2e4ba1b5 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -38,15 +38,14 @@ class Keymanager * @return string private key or false (hopefully) * @note the key returned by this method must be decrypted before use */ - public static function getPrivateKey(\OC_FilesystemView $view, $user) - { + public static function getPrivateKey( \OC_FilesystemView $view, $user ) { $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $key = $view->file_get_contents($path); + $key = $view->file_get_contents( $path ); \OC_FileProxy::$enabled = $proxyStatus; @@ -59,13 +58,12 @@ class Keymanager * @param $userId * @return string public key or false */ - public static function getPublicKey(\OC_FilesystemView $view, $userId) - { + public static function getPublicKey( \OC_FilesystemView $view, $userId ) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key'); + $result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' ); \OC_FileProxy::$enabled = $proxyStatus; @@ -79,12 +77,11 @@ class Keymanager * @param $userId * @return array keys: privateKey, publicKey */ - public static function getUserKeys(\OC_FilesystemView $view, $userId) - { + public static function getUserKeys( \OC_FilesystemView $view, $userId ) { return array( - 'publicKey' => self::getPublicKey($view, $userId) - , 'privateKey' => self::getPrivateKey($view, $userId) + 'publicKey' => self::getPublicKey( $view, $userId ) + , 'privateKey' => self::getPrivateKey( $view, $userId ) ); } @@ -95,14 +92,13 @@ class Keymanager * @param array $userIds * @return array of public keys for the specified users */ - public static function getPublicKeys(\OC_FilesystemView $view, array $userIds) - { + public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) { $keys = array(); - foreach ($userIds as $userId) { + foreach ( $userIds as $userId ) { - $keys[$userId] = self::getPublicKey($view, $userId); + $keys[$userId] = self::getPublicKey( $view, $userId ); } @@ -122,41 +118,40 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) - { + public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); - list($owner, $filename) = $util->getUidAndFilename($path); + $util = new Util( $view, \OCP\User::getUser() ); + list( $owner, $filename ) = $util->getUidAndFilename( $path ); $basePath = '/' . $owner . '/files_encryption/keyfiles'; - $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner); + $targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); - if (!$view->is_dir($basePath . '/' . $targetPath)) { + if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) { // create all parent folders - $info = pathinfo($basePath . '/' . $targetPath); - $keyfileFolderName = $view->getLocalFolder($info['dirname']); + $info = pathinfo( $basePath . '/' . $targetPath ); + $keyfileFolderName = $view->getLocalFolder( $info['dirname'] ); - if (!file_exists($keyfileFolderName)) { + if ( !file_exists( $keyfileFolderName ) ) { - mkdir($keyfileFolderName, 0750, true); + mkdir( $keyfileFolderName, 0750, true ); } } // try reusing key file if part file - if (self::isPartialFilePath($targetPath)) { + if ( self::isPartialFilePath( $targetPath ) ) { - $result = $view->file_put_contents($basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile); + $result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile ); } else { - $result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile); + $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); } @@ -172,13 +167,12 @@ class Keymanager * @return string File path without .part extension * @note this is needed for reusing keys */ - public static function fixPartialFilePath($path) - { + public static function fixPartialFilePath( $path ) { - if (preg_match('/\.part$/', $path)) { + if ( preg_match( '/\.part$/', $path ) ) { - $newLength = strlen($path) - 5; - $fPath = substr($path, 0, $newLength); + $newLength = strlen( $path ) - 5; + $fPath = substr( $path, 0, $newLength ); return $fPath; @@ -195,10 +189,9 @@ class Keymanager * @param string $path Path that may identify a .part file * @return bool */ - public static function isPartialFilePath($path) - { + public static function isPartialFilePath( $path ) { - if (preg_match('/\.part$/', $path)) { + if ( preg_match( '/\.part$/', $path ) ) { return true; @@ -220,15 +213,14 @@ class Keymanager * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) - { + public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) { // try reusing key file if part file - if (self::isPartialFilePath($filePath)) { + if ( self::isPartialFilePath( $filePath ) ) { - $result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath)); + $result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); - if ($result) { + if ( $result ) { return $result; @@ -236,19 +228,19 @@ class Keymanager } - $util = new Util($view, \OCP\User::getUser()); + $util = new Util( $view, \OCP\User::getUser() ); - list($owner, $filename) = $util->getUidAndFilename($filePath); - $filePath_f = ltrim($filename, '/'); + list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); + $filePath_f = ltrim( $filename, '/' ); $keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if ($view->file_exists($keyfilePath)) { + if ( $view->file_exists( $keyfilePath ) ) { - $result = $view->file_get_contents($keyfilePath); + $result = $view->file_get_contents( $keyfilePath ); } else { @@ -272,27 +264,26 @@ class Keymanager * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT * /data/admin/files/mydoc.txt */ - public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) - { + public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { - $trimmed = ltrim($path, '/'); + $trimmed = ltrim( $path, '/' ); $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed; $result = false; - if ($view->is_dir($keyPath)) { + if ( $view->is_dir( $keyPath ) ) { - $result = $view->unlink($keyPath); + $result = $view->unlink( $keyPath ); - } else if ($view->file_exists($keyPath . '.key')) { + } else if ( $view->file_exists( $keyPath . '.key' ) ) { - $result = $view->unlink($keyPath . '.key'); + $result = $view->unlink( $keyPath . '.key' ); } - if (!$result) { + if ( !$result ) { - \OC_Log::write('Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR); + \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR ); } @@ -307,19 +298,19 @@ class Keymanager * @note Encryption of the private key must be performed by client code * as no encryption takes place here */ - public static function setPrivateKey($key) - { + public static function setPrivateKey( $key ) { $user = \OCP\User::getUser(); - $view = new \OC_FilesystemView('/' . $user . '/files_encryption'); + $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if (!$view->file_exists('')) $view->mkdir(''); + if ( !$view->file_exists( '' ) ) + $view->mkdir( '' ); - $result = $view->file_put_contents($user . '.private.key', $key); + $result = $view->file_put_contents( $user . '.private.key', $key ); \OC_FileProxy::$enabled = $proxyStatus; @@ -340,22 +331,21 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) - { + public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { // Here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + $util = new Util( $view, \OCP\User::getUser() ); - list($owner, $filename) = $util->getUidAndFilename($path); + list( $owner, $filename ) = $util->getUidAndFilename( $path ); $basePath = '/' . $owner . '/files_encryption/share-keys'; - $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner); + $shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); // try reusing key file if part file - if (self::isPartialFilePath($shareKeyPath)) { + if ( self::isPartialFilePath( $shareKeyPath ) ) { - $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey'; + $writePath = $basePath . '/' . self::fixPartialFilePath( $shareKeyPath ) . '.' . $userId . '.shareKey'; } else { @@ -366,12 +356,12 @@ class Keymanager $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_put_contents($writePath, $shareKey); + $result = $view->file_put_contents( $writePath, $shareKey ); \OC_FileProxy::$enabled = $proxyStatus; if ( - is_int($result) + is_int( $result ) && $result > 0 ) { @@ -392,17 +382,16 @@ class Keymanager * @param array $shareKeys * @return bool */ - public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) - { + public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] $result = true; - foreach ($shareKeys as $userId => $shareKey) { + foreach ( $shareKeys as $userId => $shareKey ) { - if (!self::setShareKey($view, $path, $userId, $shareKey)) { + if ( !self::setShareKey( $view, $path, $userId, $shareKey ) ) { // If any of the keys are not set, flag false $result = false; @@ -426,15 +415,14 @@ class Keymanager * @note The sharekey returned is encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) - { + public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) { // try reusing key file if part file - if (self::isPartialFilePath($filePath)) { + if ( self::isPartialFilePath( $filePath ) ) { - $result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath)); + $result = self::getShareKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); - if ($result) { + if ( $result ) { return $result; @@ -446,14 +434,14 @@ class Keymanager \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + $util = new Util( $view, \OCP\User::getUser() ); - list($owner, $filename) = $util->getUidAndFilename($filePath); - $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey'); + list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); + $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey' ); - if ($view->file_exists($shareKeyPath)) { + if ( $view->file_exists( $shareKeyPath ) ) { - $result = $view->file_get_contents($shareKeyPath); + $result = $view->file_get_contents( $shareKeyPath ); } else { @@ -473,16 +461,18 @@ class Keymanager * @param string $userId owner of the file * @param string $filePath path to the file, relative to the owners file dir */ - public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) - { + public static function delAllShareKeys( \OC_FilesystemView $view, $userId, $filePath ) { - if ($view->is_dir($userId . '/files/' . $filePath)) { - $view->unlink($userId . '/files_encryption/share-keys/' . $filePath); + if ( $view->is_dir( $userId . '/files/' . $filePath ) ) { + $view->unlink( $userId . '/files_encryption/share-keys/' . $filePath ); } else { - $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath); - $matches = glob(preg_quote($localKeyPath) . '*.shareKey'); - foreach ($matches as $ma) { - unlink($ma); + $localKeyPath = $view->getLocalFile( $userId . '/files_encryption/share-keys/' . $filePath ); + $matches = glob( preg_quote( $localKeyPath ) . '*.shareKey' ); + foreach ( $matches as $ma ) { + $result = unlink( $ma ); + if ( !$result ) { + \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR ); + } } } } @@ -490,30 +480,29 @@ class Keymanager /** * @brief Delete a single user's shareKey for a single file */ - public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath) - { + public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + $util = new Util( $view, \OCP\User::getUser() ); - list($owner, $filename) = $util->getUidAndFilename($filePath); + list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); - $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename); + $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename ); - if ($view->is_dir($shareKeyPath)) { + if ( $view->is_dir( $shareKeyPath ) ) { - $localPath = \OC\Files\Filesystem::normalizePath($view->getLocalFolder($shareKeyPath)); - self::recursiveDelShareKeys($localPath, $userIds); + $localPath = \OC\Files\Filesystem::normalizePath( $view->getLocalFolder( $shareKeyPath ) ); + self::recursiveDelShareKeys( $localPath, $userIds ); } else { - foreach ($userIds as $userId) { + foreach ( $userIds as $userId ) { - if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) { - \OC_Log::write('Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR); + if ( !$view->unlink( $shareKeyPath . '.' . $userId . '.shareKey' ) ) { + \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR ); } } @@ -528,45 +517,42 @@ class Keymanager * @param string $dir directory * @param array $userIds user ids for which the share keys should be deleted */ - private static function recursiveDelShareKeys($dir, $userIds) - { - foreach ($userIds as $userId) { - $completePath = $dir . '/.*' . '.' . $userId . '.shareKey'; - $matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey')); + private static function recursiveDelShareKeys( $dir, $userIds ) { + foreach ( $userIds as $userId ) { + $matches = glob( preg_quote( $dir ) . '/*' . preg_quote( '.' . $userId . '.shareKey' ) ); } /** @var $matches array */ - foreach ($matches as $ma) { - if (!unlink($ma)) { - \OC_Log::write('Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR); + foreach ( $matches as $ma ) { + if ( !unlink( $ma ) ) { + \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR ); } } - $subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR); - foreach ($subdirs as $subdir) { - self::recursiveDelShareKeys($subdir, $userIds); + $subdirs = $directories = glob( preg_quote( $dir ) . '/*', GLOB_ONLYDIR ); + foreach ( $subdirs as $subdir ) { + self::recursiveDelShareKeys( $subdir, $userIds ); } } /** * @brief Make preparations to vars and filesystem for saving a keyfile */ - public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) - { + public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { - $targetPath = ltrim($path, '/'); + $targetPath = ltrim( $path, '/' ); - $path_parts = pathinfo($targetPath); + $path_parts = pathinfo( $targetPath ); // If the file resides within a subdirectory, create it if ( - isset($path_parts['dirname']) - && !$view->file_exists($basePath . '/' . $path_parts['dirname']) + isset( $path_parts['dirname'] ) + && !$view->file_exists( $basePath . '/' . $path_parts['dirname'] ) ) { - $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']); + $sub_dirs = explode( DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname'] ); $dir = ''; - foreach ($sub_dirs as $sub_dir) { + foreach ( $sub_dirs as $sub_dir ) { $dir .= '/' . $sub_dir; - if (!$view->is_dir($dir)) { - $view->mkdir($dir); + if ( !$view->is_dir( $dir ) ) { + $view->mkdir( $dir ); } } } diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index cc9d239b256..eaaeae9b619 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -48,13 +48,12 @@ class Proxy extends \OC_FileProxy * * Tests if server side encryption is enabled, and file is allowed by blacklists */ - private static function shouldEncrypt($path) - { + private static function shouldEncrypt( $path ) { - if (is_null(self::$enableEncryption)) { + if ( is_null( self::$enableEncryption ) ) { if ( - \OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') == 'true' + \OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true' && Crypt::mode() == 'server' ) { @@ -68,27 +67,27 @@ class Proxy extends \OC_FileProxy } - if (!self::$enableEncryption) { + if ( !self::$enableEncryption ) { return false; } - if (is_null(self::$blackList)) { + if ( is_null( self::$blackList ) ) { - self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', '')); + self::$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) ); } - if (Crypt::isCatfileContent($path)) { + if ( Crypt::isCatfileContent( $path ) ) { return true; } - $extension = substr($path, strrpos($path, '.') + 1); + $extension = substr( $path, strrpos( $path, '.' ) + 1 ); - if (array_search($extension, self::$blackList) === false) { + if ( array_search( $extension, self::$blackList ) === false ) { return true; @@ -102,35 +101,34 @@ class Proxy extends \OC_FileProxy * @param $data * @return bool */ - public function preFile_put_contents($path, &$data) - { + public function preFile_put_contents( $path, &$data ) { - if (self::shouldEncrypt($path)) { + if ( self::shouldEncrypt( $path ) ) { // Stream put contents should have been converted to fopen - if (!is_resource($data)) { + if ( !is_resource( $data ) ) { $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView('/'); - $util = new Util($view, $userId); - $session = new Session($view); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); + $session = new Session( $view ); $privateKey = $session->getPrivateKey(); - $filePath = $util->stripUserFilesPath($path); + $filePath = $util->stripUserFilesPath( $path ); // Set the filesize for userland, before encrypting - $size = strlen($data); + $size = strlen( $data ); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Check if there is an existing key we can reuse - if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) { + if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) { // Fetch shareKey - $shareKey = Keymanager::getShareKey($view, $userId, $filePath); + $shareKey = Keymanager::getShareKey( $view, $userId, $filePath ); // Decrypt the keyfile - $plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); } else { @@ -140,37 +138,37 @@ class Proxy extends \OC_FileProxy } // Encrypt data - $encData = Crypt::symmetricEncryptFileContent($data, $plainKey); + $encData = Crypt::symmetricEncryptFileContent( $data, $plainKey ); $sharingEnabled = \OCP\Share::isEnabled(); // if file exists try to get sharing users - if ($view->file_exists($path)) { - $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId); + if ( $view->file_exists( $path ) ) { + $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId ); } else { $uniqueUserIds[] = $userId; } // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds); + $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys); + $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys ); // Save sharekeys to user folders - Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']); + Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] ); // Set encrypted keyfile as common varname $encKey = $multiEncrypted['data']; // Save keyfile for newly encrypted file in parallel directory tree - Keymanager::setFileKey($view, $filePath, $userId, $encKey); + Keymanager::setFileKey( $view, $filePath, $userId, $encKey ); // Replace plain content with encrypted content by reference $data = $encData; // Update the file cache with file info - \OC\Files\Filesystem::putFileInfo($filePath, array('encrypted' => true, 'size' => strlen($data), 'unencrypted_size' => $size), ''); + \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted' => true, 'size' => strlen( $data ), 'unencrypted_size' => $size ), '' ); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; @@ -186,52 +184,51 @@ class Proxy extends \OC_FileProxy * @param string $path Path of file from which has been read * @param string $data Data that has been read from file */ - public function postFile_get_contents($path, $data) - { + public function postFile_get_contents( $path, $data ) { $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView('/'); - $util = new Util($view, $userId); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); - $relPath = $util->stripUserFilesPath($path); + $relPath = $util->stripUserFilesPath( $path ); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // init session - $session = new Session($view); + $session = new Session( $view ); // If data is a catfile if ( Crypt::mode() == 'server' - && Crypt::isCatfileContent($data) + && Crypt::isCatfileContent( $data ) ) { - $privateKey = $session->getPrivateKey($userId); + $privateKey = $session->getPrivateKey( $userId ); // Get the encrypted keyfile - $encKeyfile = Keymanager::getFileKey($view, $userId, $relPath); + $encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath ); // Attempt to fetch the user's shareKey - $shareKey = Keymanager::getShareKey($view, $userId, $relPath); + $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); // Decrypt keyfile with shareKey - $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - $plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile); + $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile ); } elseif ( Crypt::mode() == 'server' - && isset($_SESSION['legacyenckey']) - && Crypt::isEncryptedMeta($path) + && isset( $_SESSION['legacyenckey'] ) + && Crypt::isEncryptedMeta( $path ) ) { - $plainData = Crypt::legacyDecrypt($data, $session->getLegacyKey()); + $plainData = Crypt::legacyDecrypt( $data, $session->getLegacyKey() ); } \OC_FileProxy::$enabled = $proxyStatus; - if (!isset($plainData)) { + if ( !isset( $plainData ) ) { $plainData = $data; @@ -244,11 +241,10 @@ class Proxy extends \OC_FileProxy /** * @brief When a file is deleted, remove its keyfile also */ - public function preUnlink($path) - { + public function preUnlink( $path ) { // let the trashbin handle this - if (\OCP\App::isEnabled('files_trashbin')) { + if ( \OCP\App::isEnabled( 'files_trashbin' ) ) { return true; } @@ -256,29 +252,24 @@ class Proxy extends \OC_FileProxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $view = new \OC_FilesystemView('/'); + $view = new \OC_FilesystemView( '/' ); $userId = \OCP\USER::getUser(); - $util = new Util($view, $userId); + $util = new Util( $view, $userId ); // Format path to be relative to user files dir - $relPath = $util->stripUserFilesPath($path); + $relPath = $util->stripUserFilesPath( $path ); - list($owner, $ownerPath) = $util->getUidAndFilename($relPath); + list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath ); // Delete keyfile & shareKey so it isn't orphaned - if ( - !( - Keymanager::deleteFileKey($view, $owner, $ownerPath) - && Keymanager::delAllShareKeys($view, $owner, $ownerPath) - ) - ) { - - \OC_Log::write('Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR); - + if ( !Keymanager::deleteFileKey( $view, $owner, $ownerPath ) ) { + \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR ); } + Keymanager::delAllShareKeys( $view, $owner, $ownerPath ); + \OC_FileProxy::$enabled = $proxyStatus; // If we don't return true then file delete will fail; better @@ -291,9 +282,8 @@ class Proxy extends \OC_FileProxy * @param $path * @return bool */ - public function postTouch($path) - { - $this->handleFile($path); + public function postTouch( $path ) { + $this->handleFile( $path ); return true; } @@ -303,21 +293,20 @@ class Proxy extends \OC_FileProxy * @param $result * @return resource */ - public function postFopen($path, &$result) - { + public function postFopen( $path, &$result ) { - if (!$result) { + if ( !$result ) { return $result; } // Reformat path for use with OC_FSV - $path_split = explode('/', $path); - $path_f = implode('/', array_slice($path_split, 3)); + $path_split = explode( '/', $path ); + $path_f = implode( '/', array_slice( $path_split, 3 ) ); // FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted - if ($path_split[2] == 'cache') { + if ( count($path_split) >= 2 && $path_split[2] == 'cache' ) { return $result; } @@ -325,31 +314,31 @@ class Proxy extends \OC_FileProxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $meta = stream_get_meta_data($result); + $meta = stream_get_meta_data( $result ); - $view = new \OC_FilesystemView(''); + $view = new \OC_FilesystemView( '' ); - $util = new Util($view, \OCP\USER::getUser()); + $util = new Util( $view, \OCP\USER::getUser() ); // If file is already encrypted, decrypt using crypto protocol if ( Crypt::mode() == 'server' - && $util->isEncryptedPath($path) + && $util->isEncryptedPath( $path ) ) { // Close the original encrypted file - fclose($result); + fclose( $result ); // Open the file using the crypto stream wrapper // protocol and let it do the decryption work instead - $result = fopen('crypt://' . $path_f, $meta['mode']); + $result = fopen( 'crypt://' . $path_f, $meta['mode'] ); } elseif ( - self::shouldEncrypt($path) + self::shouldEncrypt( $path ) and $meta ['mode'] != 'r' and $meta['mode'] != 'rb' ) { - $result = fopen('crypt://' . $path_f, $meta['mode']); + $result = fopen( 'crypt://' . $path_f, $meta['mode'] ); } // Re-enable the proxy @@ -364,18 +353,17 @@ class Proxy extends \OC_FileProxy * @param $data * @return array */ - public function postGetFileInfo($path, $data) - { + public function postGetFileInfo( $path, $data ) { // if path is a folder do nothing - if (is_array($data) && array_key_exists('size', $data)) { + if ( is_array( $data ) && array_key_exists( 'size', $data ) ) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // get file size - $data['size'] = self::postFileSize($path, $data['size']); + $data['size'] = self::postFileSize( $path, $data['size'] ); // Re-enable the proxy \OC_FileProxy::$enabled = $proxyStatus; @@ -389,52 +377,51 @@ class Proxy extends \OC_FileProxy * @param $size * @return bool */ - public function postFileSize($path, $size) - { + public function postFileSize( $path, $size ) { - $view = new \OC_FilesystemView('/'); + $view = new \OC_FilesystemView( '/' ); // if path is a folder do nothing - if ($view->is_dir($path)) { + if ( $view->is_dir( $path ) ) { return $size; } // Reformat path for use with OC_FSV - $path_split = explode('/', $path); - $path_f = implode('/', array_slice($path_split, 3)); + $path_split = explode( '/', $path ); + $path_f = implode( '/', array_slice( $path_split, 3 ) ); // if path is empty we cannot resolve anything - if (empty($path_f)) { + if ( empty( $path_f ) ) { return $size; } $fileInfo = false; // get file info from database/cache if not .part file - if(!Keymanager::isPartialFilePath($path)) { - $fileInfo = $view->getFileInfo($path); + if ( !Keymanager::isPartialFilePath( $path ) ) { + $fileInfo = $view->getFileInfo( $path ); } // if file is encrypted return real file size - if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { + if ( is_array( $fileInfo ) && $fileInfo['encrypted'] === true ) { $size = $fileInfo['unencrypted_size']; } else { // self healing if file was removed from file cache - if (!is_array($fileInfo)) { + if ( !is_array( $fileInfo ) ) { $fileInfo = array(); } $userId = \OCP\User::getUser(); - $util = new Util($view, $userId); - $fixSize = $util->getFileSize($path); - if ($fixSize > 0) { + $util = new Util( $view, $userId ); + $fixSize = $util->getFileSize( $path ); + if ( $fixSize > 0 ) { $size = $fixSize; $fileInfo['encrypted'] = true; $fileInfo['unencrypted_size'] = $size; // put file info if not .part file - if(!Keymanager::isPartialFilePath($path_f)) { - $view->putFileInfo($path, $fileInfo); + if ( !Keymanager::isPartialFilePath( $path_f ) ) { + $view->putFileInfo( $path, $fileInfo ); } } @@ -445,33 +432,32 @@ class Proxy extends \OC_FileProxy /** * @param $path */ - public function handleFile($path) - { + public function handleFile( $path ) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $view = new \OC_FilesystemView('/'); - $session = new Session($view); + $view = new \OC_FilesystemView( '/' ); + $session = new Session( $view ); $userId = \OCP\User::getUser(); - $util = new Util($view, $userId); + $util = new Util( $view, $userId ); // Reformat path for use with OC_FSV - $path_split = explode('/', $path); - $path_f = implode('/', array_slice($path_split, 3)); + $path_split = explode( '/', $path ); + $path_f = implode( '/', array_slice( $path_split, 3 ) ); // only if file is on 'files' folder fix file size and sharing - if ($path_split[2] == 'files' && $util->fixFileSize($path)) { + if ( count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize( $path ) ) { // get sharing app state $sharingEnabled = \OCP\Share::isEnabled(); // get users - $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f); + $usersSharing = $util->getSharingUsersArray( $sharingEnabled, $path_f ); // update sharing-keys - $util->setSharedFileKeyfiles($session, $usersSharing, $path_f); + $util->setSharedFileKeyfiles( $session, $usersSharing, $path_f ); } \OC_FileProxy::$enabled = $proxyStatus; diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index 86f56e56766..2ddad0a15da 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -37,27 +37,26 @@ class Session * * @note The ownCloud key pair is used to allow public link sharing even if encryption is enabled */ - public function __construct($view) - { + public function __construct( $view ) { $this->view = $view; - if (!$this->view->is_dir('owncloud_private_key')) { + if ( !$this->view->is_dir( 'owncloud_private_key' ) ) { - $this->view->mkdir('owncloud_private_key'); + $this->view->mkdir( 'owncloud_private_key' ); } - $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); + $publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' ); - if ($publicShareKeyId === null) { - $publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); - \OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId); + if ( $publicShareKeyId === null ) { + $publicShareKeyId = 'pubShare_' . substr( md5( time() ), 0, 8 ); + \OC_Appconfig::setValue( 'files_encryption', 'publicShareKeyId', $publicShareKeyId ); } if ( - !$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key") - || !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key") + !$this->view->file_exists( "/public-keys/" . $publicShareKeyId . ".public.key" ) + || !$this->view->file_exists( "/owncloud_private_key/" . $publicShareKeyId . ".private.key" ) ) { $keypair = Crypt::createKeypair(); @@ -68,32 +67,33 @@ class Session // Save public key - if (!$view->is_dir('/public-keys')) { - $view->mkdir('/public-keys'); + if ( !$view->is_dir( '/public-keys' ) ) { + $view->mkdir( '/public-keys' ); } - $this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']); + $this->view->file_put_contents( '/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey'] ); - // Encrypt private key empthy passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], ''); + // Encrypt private key empty passphrase + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' ); // Save private key - $this->view->file_put_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey); + $this->view->file_put_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey ); \OC_FileProxy::$enabled = $proxyStatus; } - if (\OCP\USER::getUser() === false || - (isset($_GET['service']) && $_GET['service'] == 'files' && - isset($_GET['t']))) { + if ( \OCP\USER::getUser() === false || + ( isset( $_GET['service'] ) && $_GET['service'] == 'files' && + isset( $_GET['t'] ) ) + ) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $encryptedKey = $this->view->file_get_contents('/owncloud_private_key/' . $publicShareKeyId . '.private.key'); - $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, ''); - $this->setPrivateKey($privateKey); + $encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' ); + $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' ); + $this->setPrivateKey( $privateKey ); \OC_FileProxy::$enabled = $proxyStatus; } @@ -104,8 +104,7 @@ class Session * @param string $privateKey * @return bool */ - public function setPrivateKey($privateKey) - { + public function setPrivateKey( $privateKey ) { $_SESSION['privateKey'] = $privateKey; @@ -118,12 +117,11 @@ class Session * @returns string $privateKey The user's plaintext private key * */ - public function getPrivateKey() - { + public function getPrivateKey() { if ( - isset($_SESSION['privateKey']) - && !empty($_SESSION['privateKey']) + isset( $_SESSION['privateKey'] ) + && !empty( $_SESSION['privateKey'] ) ) { return $_SESSION['privateKey']; @@ -141,8 +139,7 @@ class Session * @param $legacyKey * @return bool */ - public function setLegacyKey($legacyKey) - { + public function setLegacyKey( $legacyKey ) { $_SESSION['legacyKey'] = $legacyKey; @@ -154,12 +151,11 @@ class Session * @returns string $legacyKey The user's plaintext legacy key * */ - public function getLegacyKey() - { + public function getLegacyKey() { if ( - isset($_SESSION['legacyKey']) - && !empty($_SESSION['legacyKey']) + isset( $_SESSION['legacyKey'] ) + && !empty( $_SESSION['legacyKey'] ) ) { return $_SESSION['legacyKey']; diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index b143b62827f..fa9df02f085 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -77,19 +77,18 @@ class Stream * @param $opened_path * @return bool */ - public function stream_open($path, $mode, $options, &$opened_path) - { + public function stream_open( $path, $mode, $options, &$opened_path ) { - if (!isset($this->rootView)) { - $this->rootView = new \OC_FilesystemView('/'); + if ( !isset( $this->rootView ) ) { + $this->rootView = new \OC_FilesystemView( '/' ); } - $util = new Util($this->rootView, \OCP\USER::getUser()); + $util = new Util( $this->rootView, \OCP\USER::getUser() ); $this->userId = $util->getUserId(); // Strip identifier text from path, this gives us the path relative to data//files - $this->relPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); + $this->relPath = \OC\Files\Filesystem::normalizePath( str_replace( 'crypt://', '', $path ) ); // rawPath is relative to the data directory $this->rawPath = $util->getUserFilesDir() . $this->relPath; @@ -111,26 +110,25 @@ class Stream } else { - $this->size = $this->rootView->filesize($this->rawPath, $mode); + $this->size = $this->rootView->filesize( $this->rawPath, $mode ); } - $this->handle = $this->rootView->fopen($this->rawPath, $mode); + $this->handle = $this->rootView->fopen( $this->rawPath, $mode ); \OC_FileProxy::$enabled = $proxyStatus; - if (!is_resource($this->handle)) { + if ( !is_resource( $this->handle ) ) { - \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); + \OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR ); } else { - $this->meta = stream_get_meta_data($this->handle); + $this->meta = stream_get_meta_data( $this->handle ); } - - return is_resource($this->handle); + return is_resource( $this->handle ); } @@ -138,12 +136,11 @@ class Stream * @param $offset * @param int $whence */ - public function stream_seek($offset, $whence = SEEK_SET) - { + public function stream_seek( $offset, $whence = SEEK_SET ) { $this->flush(); - fseek($this->handle, $offset, $whence); + fseek( $this->handle, $offset, $whence ); } @@ -152,37 +149,36 @@ class Stream * @return bool|string * @throws \Exception */ - public function stream_read($count) - { + public function stream_read( $count ) { $this->writeCache = ''; - if ($count != 8192) { + if ( $count != 8192 ) { // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); + \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL ); die(); } // Get the data from the file handle - $data = fread($this->handle, 8192); + $data = fread( $this->handle, 8192 ); $result = ''; - if (strlen($data)) { + if ( strlen( $data ) ) { - if (!$this->getKey()) { + if ( !$this->getKey() ) { // Error! We don't have a key to decrypt the file with - throw new \Exception('Encryption key not found for "' . $this->rawPath . '" during attempted read via stream'); + throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream' ); } // Decrypt data - $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey); + $result = Crypt::symmetricDecryptFileContent( $data, $this->plainKey ); } @@ -196,11 +192,10 @@ class Stream * @param string $key key to use for encryption * @return string encrypted data on success, false on failure */ - public function preWriteEncrypt($plainData, $key) - { + public function preWriteEncrypt( $plainData, $key ) { // Encrypt data to 'catfile', which includes IV - if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key)) { + if ( $encrypted = Crypt::symmetricEncryptFileContent( $plainData, $key ) ) { return $encrypted; @@ -217,11 +212,10 @@ class Stream * @internal param bool $generate if true, a new key will be generated if none can be found * @return bool true on key found and set, false on key not found and new key generated and set */ - public function getKey() - { + public function getKey() { // Check if key is already set - if (isset($this->plainKey) && isset($this->encKeyfile)) { + if ( isset( $this->plainKey ) && isset( $this->encKeyfile ) ) { return true; @@ -229,18 +223,18 @@ class Stream // Fetch and decrypt keyfile // Fetch existing keyfile - $this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath); + $this->encKeyfile = Keymanager::getFileKey( $this->rootView, $this->userId, $this->relPath ); // If a keyfile already exists - if ($this->encKeyfile) { + if ( $this->encKeyfile ) { - $session = new Session($this->rootView); + $session = new Session( $this->rootView ); - $privateKey = $session->getPrivateKey($this->userId); + $privateKey = $session->getPrivateKey( $this->userId ); - $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); + $shareKey = Keymanager::getShareKey( $this->rootView, $this->userId, $this->relPath ); - $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey); + $this->plainKey = Crypt::multiKeyDecrypt( $this->encKeyfile, $shareKey, $privateKey ); return true; @@ -261,8 +255,7 @@ class Stream * @note Padding is added to each encrypted block to ensure that the resulting block is exactly 8192 bytes. This is removed during stream_read * @note PHP automatically updates the file pointer after writing data to reflect it's length. There is generally no need to update the poitner manually using fseek */ - public function stream_write($data) - { + public function stream_write( $data ) { // Disable the file proxies so that encryption is not // automatically attempted when the file is written to disk - @@ -272,16 +265,16 @@ class Stream \OC_FileProxy::$enabled = false; // Get the length of the unencrypted data that we are handling - $length = strlen($data); + $length = strlen( $data ); // Find out where we are up to in the writing of data to the // file - $pointer = ftell($this->handle); + $pointer = ftell( $this->handle ); // Get / generate the keyfile for the file we're handling // If we're writing a new file (not overwriting an existing // one), save the newly generated keyfile - if (!$this->getKey()) { + if ( !$this->getKey() ) { $this->plainKey = Crypt::generateKey(); @@ -289,27 +282,27 @@ class Stream // If extra data is left over from the last round, make sure it // is integrated into the next 6126 / 8192 block - if ($this->writeCache) { + if ( $this->writeCache ) { // Concat writeCache to start of $data $data = $this->writeCache . $data; - // Clear the write cache, ready for resuse - it has been + // Clear the write cache, ready for reuse - it has been // flushed and its old contents processed $this->writeCache = ''; } - // While there still remains somed data to be processed & written - while (strlen($data) > 0) { + // While there still remains some data to be processed & written + while ( strlen( $data ) > 0 ) { - // Remaining length for this iteration, not of the + // Remaining length for this iteration, not of the // entire file (may be greater than 8192 bytes) - $remainingLength = strlen($data); + $remainingLength = strlen( $data ); - // If data remaining to be written is less than the + // If data remaining to be written is less than the // size of 1 6126 byte block - if ($remainingLength < 6126) { + if ( $remainingLength < 6126 ) { // Set writeCache to contents of $data // The writeCache will be carried over to the @@ -327,25 +320,25 @@ class Stream } else { // Read the chunk from the start of $data - $chunk = substr($data, 0, 6126); + $chunk = substr( $data, 0, 6126 ); - $encrypted = $this->preWriteEncrypt($chunk, $this->plainKey); + $encrypted = $this->preWriteEncrypt( $chunk, $this->plainKey ); // Write the data chunk to disk. This will be // attended to the last data chunk if the file // being handled totals more than 6126 bytes - fwrite($this->handle, $encrypted); + fwrite( $this->handle, $encrypted ); // Remove the chunk we just processed from // $data, leaving only unprocessed data in $data // var, for handling on the next round - $data = substr($data, 6126); + $data = substr( $data, 6126 ); } } - $this->size = max($this->size, $pointer + $length); + $this->size = max( $this->size, $pointer + $length ); $this->unencryptedSize += $length; \OC_FileProxy::$enabled = $proxyStatus; @@ -360,18 +353,17 @@ class Stream * @param $arg1 * @param $arg2 */ - public function stream_set_option($option, $arg1, $arg2) - { + public function stream_set_option( $option, $arg1, $arg2 ) { $return = false; - switch ($option) { + switch ( $option ) { case STREAM_OPTION_BLOCKING: - $return = stream_set_blocking($this->handle, $arg1); + $return = stream_set_blocking( $this->handle, $arg1 ); break; case STREAM_OPTION_READ_TIMEOUT: - $return = stream_set_timeout($this->handle, $arg1, $arg2); + $return = stream_set_timeout( $this->handle, $arg1, $arg2 ); break; case STREAM_OPTION_WRITE_BUFFER: - $return = stream_set_write_buffer($this->handle, $arg1); + $return = stream_set_write_buffer( $this->handle, $arg1 ); } return $return; @@ -380,26 +372,23 @@ class Stream /** * @return array */ - public function stream_stat() - { - return fstat($this->handle); + public function stream_stat() { + return fstat( $this->handle ); } /** * @param $mode */ - public function stream_lock($mode) - { - return flock($this->handle, $mode); + public function stream_lock( $mode ) { + return flock( $this->handle, $mode ); } /** * @return bool */ - public function stream_flush() - { + public function stream_flush() { - return fflush($this->handle); + return fflush( $this->handle ); // Not a typo: http://php.net/manual/en/function.fflush.php } @@ -407,22 +396,20 @@ class Stream /** * @return bool */ - public function stream_eof() - { - return feof($this->handle); + public function stream_eof() { + return feof( $this->handle ); } - private function flush() - { + private function flush() { - if ($this->writeCache) { + if ( $this->writeCache ) { // Set keyfile property for file in question $this->getKey(); - $encrypted = $this->preWriteEncrypt($this->writeCache, $this->plainKey); + $encrypted = $this->preWriteEncrypt( $this->writeCache, $this->plainKey ); - fwrite($this->handle, $encrypted); + fwrite( $this->handle, $encrypted ); $this->writeCache = ''; @@ -433,8 +420,7 @@ class Stream /** * @return bool */ - public function stream_close() - { + public function stream_close() { $this->flush(); @@ -448,33 +434,33 @@ class Stream \OC_FileProxy::$enabled = false; // Fetch user's public key - $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId); + $this->publicKey = Keymanager::getPublicKey( $this->rootView, $this->userId ); // Check if OC sharing api is enabled $sharingEnabled = \OCP\Share::isEnabled(); - $util = new Util($this->rootView, $this->userId); + $util = new Util( $this->rootView, $this->userId ); // Get all users sharing the file includes current user - $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); + $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $this->relPath, $this->userId ); // Fetch public keys for all sharing users - $publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds); + $publicKeys = Keymanager::getPublicKeys( $this->rootView, $uniqueUserIds ); // Encrypt enc key for all sharing users - $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); + $this->encKeyfiles = Crypt::multiKeyEncrypt( $this->plainKey, $publicKeys ); - $view = new \OC_FilesystemView('/'); + $view = new \OC_FilesystemView( '/' ); // Save the new encrypted file key - Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']); + Keymanager::setFileKey( $this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data'] ); // Save the sharekeys - Keymanager::setShareKeys($view, $this->relPath, $this->encKeyfiles['keys']); + Keymanager::setShareKeys( $view, $this->relPath, $this->encKeyfiles['keys'] ); // get file info - $fileInfo = $view->getFileInfo($this->rawPath); - if (!is_array($fileInfo)) { + $fileInfo = $view->getFileInfo( $this->rawPath ); + if ( !is_array( $fileInfo ) ) { $fileInfo = array(); } @@ -487,10 +473,10 @@ class Stream $fileInfo['unencrypted_size'] = $this->unencryptedSize; // set fileinfo - $view->putFileInfo($this->rawPath, $fileInfo); + $view->putFileInfo( $this->rawPath, $fileInfo ); } - return fclose($this->handle); + return fclose( $this->handle ); } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index d42fe9953b5..2980aa94e0c 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -117,25 +117,25 @@ class Util * @param $userId * @param bool $client */ - public function __construct(\OC_FilesystemView $view, $userId, $client = false) - { + public function __construct( \OC_FilesystemView $view, $userId, $client = false ) { $this->view = $view; $this->userId = $userId; $this->client = $client; $this->isPublic = false; - $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); - $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + $this->publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' ); + $this->recoveryKeyId = \OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' ); // if we are anonymous/public - if ($this->userId === false || - (isset($_GET['service']) && $_GET['service'] == 'files' && - isset($_GET['t']))) { + if ( $this->userId === false || + ( isset( $_GET['service'] ) && $_GET['service'] == 'files' && + isset( $_GET['t'] ) ) + ) { $this->userId = $this->publicShareKeyId; // only handle for files_sharing app - if ($GLOBALS['app'] === 'files_sharing') { + if ( $GLOBALS['app'] === 'files_sharing' ) { $this->userDir = '/' . $GLOBALS['fileOwner']; $this->fileFolderName = 'files'; $this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? @@ -164,15 +164,14 @@ class Util /** * @return bool */ - public function ready() - { + public function ready() { if ( - !$this->view->file_exists($this->encryptionDir) - or !$this->view->file_exists($this->keyfilesPath) - or !$this->view->file_exists($this->shareKeysPath) - or !$this->view->file_exists($this->publicKeyPath) - or !$this->view->file_exists($this->privateKeyPath) + !$this->view->file_exists( $this->encryptionDir ) + or !$this->view->file_exists( $this->keyfilesPath ) + or !$this->view->file_exists( $this->shareKeysPath ) + or !$this->view->file_exists( $this->publicKeyPath ) + or !$this->view->file_exists( $this->privateKeyPath ) ) { return false; @@ -189,8 +188,7 @@ class Util * @brief Sets up user folders and keys for serverside encryption * @param string $passphrase passphrase to encrypt server-stored private key with */ - public function setupServerSide($passphrase = null) - { + public function setupServerSide( $passphrase = null ) { // Set directories to check / create $setUpDirs = array( @@ -203,11 +201,11 @@ class Util ); // Check / create all necessary dirs - foreach ($setUpDirs as $dirPath) { + foreach ( $setUpDirs as $dirPath ) { - if (!$this->view->file_exists($dirPath)) { + if ( !$this->view->file_exists( $dirPath ) ) { - $this->view->mkdir($dirPath); + $this->view->mkdir( $dirPath ); } @@ -216,8 +214,8 @@ class Util // Create user keypair // we should never override a keyfile if ( - !$this->view->file_exists($this->publicKeyPath) - && !$this->view->file_exists($this->privateKeyPath) + !$this->view->file_exists( $this->publicKeyPath ) + && !$this->view->file_exists( $this->privateKeyPath ) ) { // Generate keypair @@ -226,35 +224,35 @@ class Util \OC_FileProxy::$enabled = false; // Save public key - $this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']); + $this->view->file_put_contents( $this->publicKeyPath, $keypair['publicKey'] ); // Encrypt private key with user pwd as passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase); + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $passphrase ); // Save private key - $this->view->file_put_contents($this->privateKeyPath, $encryptedPrivateKey); + $this->view->file_put_contents( $this->privateKeyPath, $encryptedPrivateKey ); \OC_FileProxy::$enabled = true; } else { // check if public-key exists but private-key is missing - if($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { - \OC_Log::write('Encryption library', 'public key exists but private key is missing for "' . $this->userId . '"', \OC_Log::FATAL); + if ( $this->view->file_exists( $this->publicKeyPath ) && !$this->view->file_exists( $this->privateKeyPath ) ) { + \OC_Log::write( 'Encryption library', 'public key exists but private key is missing for "' . $this->userId . '"', \OC_Log::FATAL ); return false; - } else if(!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)) { - \OC_Log::write('Encryption library', 'private key exists but public key is missing for "' . $this->userId . '"', \OC_Log::FATAL); + } else if ( !$this->view->file_exists( $this->publicKeyPath ) && $this->view->file_exists( $this->privateKeyPath ) ) { + \OC_Log::write( 'Encryption library', 'private key exists but public key is missing for "' . $this->userId . '"', \OC_Log::FATAL ); return false; } } // If there's no record for this user's encryption preferences - if (false === $this->recoveryEnabledForUser()) { + if ( false === $this->recoveryEnabledForUser() ) { // create database configuration $sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)'; - $args = array($this->userId, 'server-side', 0); - $query = \OCP\DB::prepare($sql); - $query->execute($args); + $args = array( $this->userId, 'server-side', 0 ); + $query = \OCP\DB::prepare( $sql ); + $query->execute( $args ); } @@ -265,8 +263,7 @@ class Util /** * @return string */ - public function getPublicShareKeyId() - { + public function getPublicShareKeyId() { return $this->publicShareKeyId; } @@ -277,8 +274,7 @@ class Util * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - public function recoveryEnabledForUser() - { + public function recoveryEnabledForUser() { $sql = 'SELECT recovery_enabled @@ -287,22 +283,22 @@ class Util WHERE uid = ?'; - $args = array($this->userId); + $args = array( $this->userId ); - $query = \OCP\DB::prepare($sql); + $query = \OCP\DB::prepare( $sql ); - $result = $query->execute($args); + $result = $query->execute( $args ); $recoveryEnabled = array(); - while ($row = $result->fetchRow()) { + while ( $row = $result->fetchRow() ) { $recoveryEnabled[] = $row['recovery_enabled']; } // If no record is found - if (empty($recoveryEnabled)) { + if ( empty( $recoveryEnabled ) ) { return false; @@ -320,19 +316,18 @@ class Util * @param bool $enabled Whether to enable or disable recovery * @return bool */ - public function setRecoveryForUser($enabled) - { + public function setRecoveryForUser( $enabled ) { $recoveryStatus = $this->recoveryEnabledForUser(); // If a record for this user already exists, update it - if (false === $recoveryStatus) { + if ( false === $recoveryStatus ) { $sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)'; - $args = array($this->userId, 'server-side', $enabled); + $args = array( $this->userId, 'server-side', $enabled ); // Create a new record instead } else { @@ -344,13 +339,13 @@ class Util WHERE uid = ?'; - $args = array($enabled, $this->userId); + $args = array( $enabled, $this->userId ); } - $query = \OCP\DB::prepare($sql); + $query = \OCP\DB::prepare( $sql ); - if ($query->execute($args)) { + if ( $query->execute( $args ) ) { return true; @@ -369,47 +364,46 @@ class Util * @note $directory needs to be a path relative to OC data dir. e.g. * /admin/files NOT /backup OR /home/www/oc/data/admin/files */ - public function findEncFiles($directory, &$found = false) - { + public function findEncFiles( $directory, &$found = false ) { // Disable proxy - we don't want files to be decrypted before // we handle them \OC_FileProxy::$enabled = false; - if($found == false) { - $found = array('plain' => array(), 'encrypted' => array(), 'legacy' => array()); + if ( $found == false ) { + $found = array( 'plain' => array(), 'encrypted' => array(), 'legacy' => array() ); } if ( - $this->view->is_dir($directory) - && $handle = $this->view->opendir($directory) + $this->view->is_dir( $directory ) + && $handle = $this->view->opendir( $directory ) ) { - while (false !== ($file = readdir($handle))) { + while ( false !== ( $file = readdir( $handle ) ) ) { if ( $file != "." && $file != ".." ) { - $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); - $relPath = $this->stripUserFilesPath($filePath); + $filePath = $directory . '/' . $this->view->getRelativePath( '/' . $file ); + $relPath = $this->stripUserFilesPath( $filePath ); // If the path is a directory, search // its contents - if ($this->view->is_dir($filePath)) { + if ( $this->view->is_dir( $filePath ) ) { - $this->findEncFiles($filePath, $found); + $this->findEncFiles( $filePath, $found ); // If the path is a file, determine // its encryption status - } elseif ($this->view->is_file($filePath)) { + } elseif ( $this->view->is_file( $filePath ) ) { // Disable proxies again, some- // where they got re-enabled :/ \OC_FileProxy::$enabled = false; - $data = $this->view->file_get_contents($filePath); + $data = $this->view->file_get_contents( $filePath ); // If the file is encrypted // NOTE: If the userId is @@ -419,22 +413,22 @@ class Util // scanning every file like this // will eat server resources :( if ( - Keymanager::getFileKey($this->view, $this->userId, $relPath) - && Crypt::isCatfileContent($data) + Keymanager::getFileKey( $this->view, $this->userId, $relPath ) + && Crypt::isCatfileContent( $data ) ) { - $found['encrypted'][] = array('name' => $file, 'path' => $filePath); + $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); // If the file uses old // encryption system - } elseif (Crypt::isLegacyEncryptedContent($this->tail($filePath, 3), $relPath)) { + } elseif ( Crypt::isLegacyEncryptedContent( $this->tail( $filePath, 3 ), $relPath ) ) { - $found['legacy'][] = array('name' => $file, 'path' => $filePath); + $found['legacy'][] = array( 'name' => $file, 'path' => $filePath ); // If the file is not encrypted } else { - $found['plain'][] = array('name' => $file, 'path' => $relPath); + $found['plain'][] = array( 'name' => $file, 'path' => $relPath ); } @@ -446,7 +440,7 @@ class Util \OC_FileProxy::$enabled = true; - if (empty($found)) { + if ( empty( $found ) ) { return false; @@ -469,39 +463,38 @@ class Util * @note Safe to use on large files; does not read entire file to memory * @note Derivative of http://tekkie.flashbit.net/php/tail-functionality-in-php */ - public function tail($filename, $numLines) - { + public function tail( $filename, $numLines ) { \OC_FileProxy::$enabled = false; $text = ''; $pos = -1; - $handle = $this->view->fopen($filename, 'r'); + $handle = $this->view->fopen( $filename, 'r' ); - while ($numLines > 0) { + while ( $numLines > 0 ) { --$pos; - if (fseek($handle, $pos, SEEK_END) !== 0) { + if ( fseek( $handle, $pos, SEEK_END ) !== 0 ) { - rewind($handle); + rewind( $handle ); $numLines = 0; - } elseif (fgetc($handle) === "\n") { + } elseif ( fgetc( $handle ) === "\n" ) { --$numLines; } - $block_size = (-$pos) % 8192; - if ($block_size === 0 || $numLines === 0) { + $block_size = ( -$pos ) % 8192; + if ( $block_size === 0 || $numLines === 0 ) { - $text = fread($handle, ($block_size === 0 ? 8192 : $block_size)) . $text; + $text = fread( $handle, ( $block_size === 0 ? 8192 : $block_size ) ) . $text; } } - fclose($handle); + fclose( $handle ); \OC_FileProxy::$enabled = true; @@ -513,8 +506,7 @@ class Util * @param $path * @return boolean */ - public function isEncryptedPath($path) - { + public function isEncryptedPath( $path ) { // Disable encryption proxy so data retrieved is in its // original form @@ -523,15 +515,15 @@ class Util // we only need 24 byte from the last chunk $data = ''; - $handle = $this->view->fopen($path, 'r'); - if (!fseek($handle, -24, SEEK_END)) { - $data = fgets($handle); + $handle = $this->view->fopen( $path, 'r' ); + if ( !fseek( $handle, -24, SEEK_END ) ) { + $data = fgets( $handle ); } // re-enable proxy \OC_FileProxy::$enabled = $proxyStatus; - return Crypt::isCatfileContent($data); + return Crypt::isCatfileContent( $data ); } @@ -540,8 +532,7 @@ class Util * @param string $path absolute path * @return bool */ - public function getFileSize($path) - { + public function getFileSize( $path ) { $result = 0; @@ -550,33 +541,33 @@ class Util \OC_FileProxy::$enabled = false; // Reformat path for use with OC_FSV - $pathSplit = explode('/', $path); - $pathRelative = implode('/', array_slice($pathSplit, 3)); + $pathSplit = explode( '/', $path ); + $pathRelative = implode( '/', array_slice( $pathSplit, 3 ) ); - if ($pathSplit[2] == 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) { + if ( $pathSplit[2] == 'files' && $this->view->file_exists( $path ) && $this->isEncryptedPath( $path ) ) { // get the size from filesystem - $fullPath = $this->view->getLocalFile($path); - $size = filesize($fullPath); + $fullPath = $this->view->getLocalFile( $path ); + $size = filesize( $fullPath ); // calculate last chunk nr - $lastChunckNr = floor($size / 8192); + $lastChunkNr = floor( $size / 8192 ); // open stream - $stream = fopen('crypt://' . $pathRelative, "r"); + $stream = fopen( 'crypt://' . $pathRelative, "r" ); - if (is_resource($stream)) { + if ( is_resource( $stream ) ) { // calculate last chunk position - $lastChunckPos = ($lastChunckNr * 8192); + $lastChunckPos = ( $lastChunkNr * 8192 ); // seek to end - fseek($stream, $lastChunckPos); + fseek( $stream, $lastChunckPos ); // get the content of the last chunk - $lastChunkContent = fread($stream, 8192); + $lastChunkContent = fread( $stream, 8192 ); // calc the real file size with the size of the last chunk - $realSize = (($lastChunckNr * 6126) + strlen($lastChunkContent)); + $realSize = ( ( $lastChunkNr * 6126 ) + strlen( $lastChunkContent ) ); // store file size $result = $realSize; @@ -593,8 +584,7 @@ class Util * @param $path absolute path * @return true / false if file is encrypted */ - public function fixFileSize($path) - { + public function fixFileSize( $path ) { $result = false; @@ -602,18 +592,18 @@ class Util $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $realSize = $this->getFileSize($path); + $realSize = $this->getFileSize( $path ); - if ($realSize > 0) { + if ( $realSize > 0 ) { - $cached = $this->view->getFileInfo($path); + $cached = $this->view->getFileInfo( $path ); $cached['encrypted'] = true; // set the size $cached['unencrypted_size'] = $realSize; // put file info - $this->view->putFileInfo($path, $cached); + $this->view->putFileInfo( $path, $cached ); $result = true; @@ -628,13 +618,12 @@ class Util * @brief Format a path to be relative to the /user/files/ directory * @note e.g. turns '/admin/files/test.txt' into 'test.txt' */ - public function stripUserFilesPath($path) - { + public function stripUserFilesPath( $path ) { - $trimmed = ltrim($path, '/'); - $split = explode('/', $trimmed); - $sliced = array_slice($split, 2); - $relPath = implode('/', $sliced); + $trimmed = ltrim( $path, '/' ); + $split = explode( '/', $trimmed ); + $sliced = array_slice( $split, 2 ); + $relPath = implode( '/', $sliced ); return $relPath; @@ -644,13 +633,12 @@ class Util * @param $path * @return bool */ - public function isSharedPath($path) - { + public function isSharedPath( $path ) { - $trimmed = ltrim($path, '/'); - $split = explode('/', $trimmed); + $trimmed = ltrim( $path, '/' ); + $split = explode( '/', $trimmed ); - if ($split[2] == "Shared") { + if ( $split[2] == "Shared" ) { return true; @@ -670,16 +658,15 @@ class Util * @return bool * @note Encryption is recursive */ - public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) - { + public function encryptAll( $dirPath, $legacyPassphrase = null, $newPassphrase = null ) { - if ($found = $this->findEncFiles($dirPath)) { + if ( $found = $this->findEncFiles( $dirPath ) ) { // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; // Encrypt unencrypted files - foreach ($found['plain'] as $plainFile) { + foreach ( $found['plain'] as $plainFile ) { //relative to data//file $relPath = $plainFile['path']; @@ -688,80 +675,80 @@ class Util $rawPath = $this->userId . '/files/' . $plainFile['path']; // Open plain file handle for binary reading - $plainHandle1 = $this->view->fopen($rawPath, 'rb'); + $plainHandle1 = $this->view->fopen( $rawPath, 'rb' ); // 2nd handle for moving plain file - view->rename() doesn't work, this is a workaround - $plainHandle2 = $this->view->fopen($rawPath . '.plaintmp', 'wb'); + $plainHandle2 = $this->view->fopen( $rawPath . '.plaintmp', 'wb' ); // Move plain file to a temporary location - stream_copy_to_stream($plainHandle1, $plainHandle2); + stream_copy_to_stream( $plainHandle1, $plainHandle2 ); // Close access to original file // $this->view->fclose( $plainHandle1 ); // not implemented in view{} // Delete original plain file so we can rename enc file later - $this->view->unlink($rawPath); + $this->view->unlink( $rawPath ); // Open enc file handle for binary writing, with same filename as original plain file - $encHandle = fopen('crypt://' . $relPath, 'wb'); + $encHandle = fopen( 'crypt://' . $relPath, 'wb' ); // Save data from plain stream to new encrypted file via enc stream // NOTE: Stream{} will be invoked for handling // the encryption, and should handle all keys // and their generation etc. automatically - stream_copy_to_stream($plainHandle2, $encHandle); + stream_copy_to_stream( $plainHandle2, $encHandle ); // get file size - $size = $this->view->filesize($rawPath . '.plaintmp'); + $size = $this->view->filesize( $rawPath . '.plaintmp' ); // Delete temporary plain copy of file - $this->view->unlink($rawPath . '.plaintmp'); + $this->view->unlink( $rawPath . '.plaintmp' ); // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($plainFile['path'], array('encrypted' => true, 'size' => $size, 'unencrypted_size' => $size)); + \OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted' => true, 'size' => $size, 'unencrypted_size' => $size ) ); } // Encrypt legacy encrypted files if ( - !empty($legacyPassphrase) - && !empty($newPassphrase) + !empty( $legacyPassphrase ) + && !empty( $newPassphrase ) ) { - foreach ($found['legacy'] as $legacyFile) { + foreach ( $found['legacy'] as $legacyFile ) { // Fetch data from file - $legacyData = $this->view->file_get_contents($legacyFile['path']); + $legacyData = $this->view->file_get_contents( $legacyFile['path'] ); $sharingEnabled = \OCP\Share::isEnabled(); // if file exists try to get sharing users - if ($this->view->file_exists($legacyFile['path'])) { - $uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); + if ( $this->view->file_exists( $legacyFile['path'] ) ) { + $uniqueUserIds = $this->getSharingUsersArray( $sharingEnabled, $legacyFile['path'], $this->userId ); } else { $uniqueUserIds[] = $this->userId; } // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); + $publicKeys = Keymanager::getPublicKeys( $this->view, $uniqueUserIds ); // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKeys, $newPassphrase, $legacyFile['path']); + $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys, $newPassphrase, $legacyFile['path'] ); $rawPath = $legacyFile['path']; - $relPath = $this->stripUserFilesPath($rawPath); + $relPath = $this->stripUserFilesPath( $rawPath ); // Save keyfile - Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); + Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] ); // Save sharekeys to user folders - Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); + Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] ); // Overwrite the existing file with the encrypted one - $this->view->file_put_contents($rawPath, $recrypted['data']); + $this->view->file_put_contents( $rawPath, $recrypted['data'] ); - $size = strlen($recrypted['data']); + $size = strlen( $recrypted['data'] ); // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($rawPath, array('encrypted' => true, 'size' => $size), ''); + \OC\Files\Filesystem::putFileInfo( $rawPath, array( 'encrypted' => true, 'size' => $size ), '' ); } } @@ -781,10 +768,9 @@ class Util * @param string $pathName Name of the directory to return the path of * @return string path */ - public function getPath($pathName) - { + public function getPath( $pathName ) { - switch ($pathName) { + switch ( $pathName ) { case 'publicKeyDir': @@ -815,9 +801,10 @@ class Util return $this->privateKeyPath; break; - } + return false; + } /** @@ -825,18 +812,17 @@ class Util * @param int $fileId id of the file * @return string path of the file */ - public static function fileIdToPath($fileId) - { + public static function fileIdToPath( $fileId ) { - $query = \OC_DB::prepare('SELECT `path`' + $query = \OC_DB::prepare( 'SELECT `path`' . ' FROM `*PREFIX*filecache`' - . ' WHERE `fileid` = ?'); + . ' WHERE `fileid` = ?' ); - $result = $query->execute(array($fileId)); + $result = $query->execute( array( $fileId ) ); $row = $result->fetchRow(); - return substr($row['path'], 5); + return substr( $row['path'], 5 ); } @@ -845,16 +831,15 @@ class Util * @param array $unfilteredUsers users to be checked for sharing readiness * @return multi-dimensional array. keys: ready, unready */ - public function filterShareReadyUsers($unfilteredUsers) - { + public function filterShareReadyUsers( $unfilteredUsers ) { // This array will collect the filtered IDs $readyIds = $unreadyIds = array(); // Loop through users and create array of UIDs that need new keyfiles - foreach ($unfilteredUsers as $user) { + foreach ( $unfilteredUsers as $user ) { - $util = new Util($this->view, $user); + $util = new Util( $this->view, $user ); // Check that the user is encryption capable, or is the // public system user 'ownCloud' (for public shares) @@ -874,15 +859,15 @@ class Util // Log warning; we can't do necessary setup here // because we don't have the user passphrase - \OC_Log::write('Encryption library', '"' . $user . '" is not setup for encryption', \OC_Log::WARN); + \OC_Log::write( 'Encryption library', '"' . $user . '" is not setup for encryption', \OC_Log::WARN ); } } return array( - 'ready' => $readyIds - , 'unready' => $unreadyIds + 'ready' => $readyIds, + 'unready' => $unreadyIds ); } @@ -897,32 +882,31 @@ class Util * @note This was used when 2 types of encryption for keyfiles was used, * but now we've switched to exclusively using openssl_seal() */ - public function decryptUnknownKeyfile($filePath, $fileOwner, $privateKey) - { + public function decryptUnknownKeyfile( $filePath, $fileOwner, $privateKey ) { // Get the encrypted keyfile // NOTE: the keyfile format depends on how it was encrypted! At // this stage we don't know how it was encrypted - $encKeyfile = Keymanager::getFileKey($this->view, $this->userId, $filePath); + $encKeyfile = Keymanager::getFileKey( $this->view, $this->userId, $filePath ); // We need to decrypt the keyfile // Has the file been shared yet? if ( $this->userId == $fileOwner - && !Keymanager::getShareKey($this->view, $this->userId, $filePath) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true + && !Keymanager::getShareKey( $this->view, $this->userId, $filePath ) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true ) { // The file has no shareKey, and its keyfile must be // decrypted conventionally - $plainKeyfile = Crypt::keyDecrypt($encKeyfile, $privateKey); + $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); } else { // The file has a shareKey and must use it for decryption - $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath); + $shareKey = Keymanager::getShareKey( $this->view, $this->userId, $filePath ); - $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); } @@ -937,23 +921,22 @@ class Util * @param string $filePath path of the file to be shared * @return bool */ - public function setSharedFileKeyfiles(Session $session, array $users, $filePath) - { + public function setSharedFileKeyfiles( Session $session, array $users, $filePath ) { // Make sure users are capable of sharing - $filteredUids = $this->filterShareReadyUsers($users); + $filteredUids = $this->filterShareReadyUsers( $users ); // If we're attempting to share to unready users - if (!empty($filteredUids['unready'])) { + if ( !empty( $filteredUids['unready'] ) ) { - \OC_Log::write('Encryption library', 'Sharing to these user(s) failed as they are unready for encryption:"' . print_r($filteredUids['unready'], 1), \OC_Log::WARN); + \OC_Log::write( 'Encryption library', 'Sharing to these user(s) failed as they are unready for encryption:"' . print_r( $filteredUids['unready'], 1 ), \OC_Log::WARN ); return false; } // Get public keys for each user, ready for generating sharekeys - $userPubKeys = Keymanager::getPublicKeys($this->view, $filteredUids['ready']); + $userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids['ready'] ); // Note proxy status then disable it $proxyStatus = \OC_FileProxy::$enabled; @@ -962,22 +945,22 @@ class Util // Get the current users's private key for decrypting existing keyfile $privateKey = $session->getPrivateKey(); - $fileOwner = \OC\Files\Filesystem::getOwner($filePath); + $fileOwner = \OC\Files\Filesystem::getOwner( $filePath ); // Decrypt keyfile - $plainKeyfile = $this->decryptUnknownKeyfile($filePath, $fileOwner, $privateKey); + $plainKeyfile = $this->decryptUnknownKeyfile( $filePath, $fileOwner, $privateKey ); // Re-enc keyfile to (additional) sharekeys - $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); + $multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); // Save the recrypted key to it's owner's keyfiles directory // Save new sharekeys to all necessary user directory if ( - !Keymanager::setFileKey($this->view, $filePath, $fileOwner, $multiEncKey['data']) - || !Keymanager::setShareKeys($this->view, $filePath, $multiEncKey['keys']) + !Keymanager::setFileKey( $this->view, $filePath, $fileOwner, $multiEncKey['data'] ) + || !Keymanager::setShareKeys( $this->view, $filePath, $multiEncKey['keys'] ) ) { - \OC_Log::write('Encryption library', 'Keyfiles could not be saved for users sharing ' . $filePath, \OC_Log::ERROR); + \OC_Log::write( 'Encryption library', 'Keyfiles could not be saved for users sharing ' . $filePath, \OC_Log::ERROR ); return false; @@ -993,12 +976,11 @@ class Util * @brief Find, sanitise and format users sharing a file * @note This wraps other methods into a portable bundle */ - public function getSharingUsersArray($sharingEnabled, $filePath, $currentUserId = false) - { + public function getSharingUsersArray( $sharingEnabled, $filePath, $currentUserId = false ) { // Check if key recovery is enabled if ( - \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled') + \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ) && $this->recoveryEnabledForUser() ) { @@ -1011,14 +993,15 @@ class Util } // Make sure that a share key is generated for the owner too - list($owner, $ownerPath) = $this->getUidAndFilename($filePath); + list( $owner, $ownerPath ) = $this->getUidAndFilename( $filePath ); - if ($sharingEnabled) { + $userIds = array(); + if ( $sharingEnabled ) { // Find out who, if anyone, is sharing the file - $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true, true, true); + $result = \OCP\Share::getUsersSharingFile( $ownerPath, $owner, true, true, true ); $userIds = $result['users']; - if ($result['public']) { + if ( $result['public'] ) { $userIds[] = $this->publicShareKeyId; } @@ -1026,10 +1009,10 @@ class Util // If recovery is enabled, add the // Admin UID to list of users to share to - if ($recoveryEnabled) { + if ( $recoveryEnabled ) { // Find recoveryAdmin user ID - $recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + $recoveryKeyId = \OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' ); // Add recoveryAdmin to list of users sharing $userIds[] = $recoveryKeyId; @@ -1037,14 +1020,14 @@ class Util } // add current user if given - if ($currentUserId != false) { + if ( $currentUserId != false ) { $userIds[] = $currentUserId; } // Remove duplicate UIDs - $uniqueUserIds = array_unique($userIds); + $uniqueUserIds = array_unique( $userIds ); return $uniqueUserIds; @@ -1055,8 +1038,7 @@ class Util * @param $status * @return bool */ - public function setMigrationStatus($status) - { + public function setMigrationStatus( $status ) { $sql = 'UPDATE *PREFIX*encryption @@ -1065,11 +1047,11 @@ class Util WHERE uid = ?'; - $args = array($status, $this->userId); + $args = array( $status, $this->userId ); - $query = \OCP\DB::prepare($sql); + $query = \OCP\DB::prepare( $sql ); - if ($query->execute($args)) { + if ( $query->execute( $args ) ) { return true; @@ -1087,8 +1069,7 @@ class Util * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - public function getMigrationStatus() - { + public function getMigrationStatus() { $sql = 'SELECT migration_status @@ -1097,22 +1078,21 @@ class Util WHERE uid = ?'; - $args = array($this->userId); + $args = array( $this->userId ); - $query = \OCP\DB::prepare($sql); + $query = \OCP\DB::prepare( $sql ); - $result = $query->execute($args); + $result = $query->execute( $args ); $migrationStatus = array(); - while ($row = $result->fetchRow()) { - + $row = $result->fetchRow(); + if($row) { $migrationStatus[] = $row['migration_status']; - } // If no record is found - if (empty($migrationStatus)) { + if ( empty( $migrationStatus ) ) { return false; @@ -1132,83 +1112,74 @@ class Util * relative to /Shared are also acceptable * @return array */ - public function getUidAndFilename($path) - { + public function getUidAndFilename( $path ) { - $view = new \OC\Files\View($this->userFilesDir); - $fileOwnerUid = $view->getOwner($path); + $view = new \OC\Files\View( $this->userFilesDir ); + $fileOwnerUid = $view->getOwner( $path ); // handle public access - if ($this->isPublic) { + if ( $this->isPublic ) { $filename = $path; $fileOwnerUid = $GLOBALS['fileOwner']; - return array($fileOwnerUid, $filename); + return array( $fileOwnerUid, $filename ); } else { // Check that UID is valid - if (!\OCP\User::userExists($fileOwnerUid)) { - throw new \Exception('Could not find owner (UID = "' . var_export($fileOwnerUid, 1) . '") of file "' . $path . '"'); + if ( !\OCP\User::userExists( $fileOwnerUid ) ) { + throw new \Exception( 'Could not find owner (UID = "' . var_export( $fileOwnerUid, 1 ) . '") of file "' . $path . '"' ); } // NOTE: Bah, this dependency should be elsewhere - \OC\Files\Filesystem::initMountPoints($fileOwnerUid); + \OC\Files\Filesystem::initMountPoints( $fileOwnerUid ); // If the file owner is the currently logged in user - if ($fileOwnerUid == $this->userId) { + if ( $fileOwnerUid == $this->userId ) { // Assume the path supplied is correct $filename = $path; } else { - $info = $view->getFileInfo($path); - $ownerView = new \OC\Files\View('/' . $fileOwnerUid . '/files'); + $info = $view->getFileInfo( $path ); + $ownerView = new \OC\Files\View( '/' . $fileOwnerUid . '/files' ); // Fetch real file path from DB - $filename = $ownerView->getPath($info['fileid']); // TODO: Check that this returns a path without including the user data dir + $filename = $ownerView->getPath( $info['fileid'] ); // TODO: Check that this returns a path without including the user data dir } - return array($fileOwnerUid, $filename); + return array( $fileOwnerUid, $filename ); } } /** - * @brief geo recursively through a dir and collect all files and sub files. + * @brief go recursively through a dir and collect all files and sub files. * @param string $dir relative to the users files folder * @return array with list of files relative to the users files folder */ - public function getAllFiles($dir) - { + public function getAllFiles( $dir ) { $result = array(); - $content = $this->view->getDirectoryContent($this->userFilesDir . $dir); + $content = $this->view->getDirectoryContent( $this->userFilesDir . $dir ); // handling for re shared folders - $path_split = explode('/', $dir); - $shared = ''; - - if ($path_split[1] === 'Shared') { - - $shared = '/Shared'; + $path_split = explode( '/', $dir ); - } - - foreach ($content as $c) { + foreach ( $content as $c ) { - $sharedPart = $path_split[sizeof($path_split) - 1]; - $targetPathSplit = array_reverse(explode('/', $c['path'])); + $sharedPart = $path_split[sizeof( $path_split ) - 1]; + $targetPathSplit = array_reverse( explode( '/', $c['path'] ) ); $path = ''; // rebuild path - foreach ($targetPathSplit as $pathPart) { + foreach ( $targetPathSplit as $pathPart ) { - if ($pathPart !== $sharedPart) { + if ( $pathPart !== $sharedPart ) { $path = '/' . $pathPart . $path; @@ -1222,9 +1193,9 @@ class Util $path = $dir . $path; - if ($c['type'] === "dir") { + if ( $c['type'] === "dir" ) { - $result = array_merge($result, $this->getAllFiles($path)); + $result = array_merge( $result, $this->getAllFiles( $path ) ); } else { @@ -1242,14 +1213,13 @@ class Util * @param int $id of the current share * @return array of the parent */ - public static function getShareParent($id) - { + public static function getShareParent( $id ) { - $query = \OC_DB::prepare('SELECT `file_target`, `item_type`' + $query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`' . ' FROM `*PREFIX*share`' - . ' WHERE `id` = ?'); + . ' WHERE `id` = ?' ); - $result = $query->execute(array($id)); + $result = $query->execute( array( $id ) ); $row = $result->fetchRow(); @@ -1262,14 +1232,13 @@ class Util * @param int $id of the current share * @return array of the parent */ - public static function getParentFromShare($id) - { + public static function getParentFromShare( $id ) { - $query = \OC_DB::prepare('SELECT `parent`' + $query = \OC_DB::prepare( 'SELECT `parent`' . ' FROM `*PREFIX*share`' - . ' WHERE `id` = ?'); + . ' WHERE `id` = ?' ); - $result = $query->execute(array($id)); + $result = $query->execute( array( $id ) ); $row = $result->fetchRow(); @@ -1283,22 +1252,23 @@ class Util * @internal param int $Id of a share * @return string owner */ - public function getOwnerFromSharedFile($id) - { + public function getOwnerFromSharedFile( $id ) { + + $query = \OC_DB::prepare( 'SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1 ); + $source = $query->execute( array( $id ) )->fetchRow(); - $query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1); - $source = $query->execute(array($id))->fetchRow(); + $fileOwner = false; - if (isset($source['parent'])) { + if ( isset( $source['parent'] ) ) { $parent = $source['parent']; - while (isset($parent)) { + while ( isset( $parent ) ) { - $query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1); - $item = $query->execute(array($parent))->fetchRow(); + $query = \OC_DB::prepare( 'SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1 ); + $item = $query->execute( array( $parent ) )->fetchRow(); - if (isset($item['parent'])) { + if ( isset( $item['parent'] ) ) { $parent = $item['parent']; @@ -1324,16 +1294,14 @@ class Util /** * @return string */ - public function getUserId() - { + public function getUserId() { return $this->userId; } /** * @return string */ - public function getUserFilesDir() - { + public function getUserFilesDir() { return $this->userFilesDir; } @@ -1341,8 +1309,7 @@ class Util * @param $password * @return bool */ - public function checkRecoveryPassword($password) - { + public function checkRecoveryPassword( $password ) { $pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key"; $pathControlData = '/control-file/controlfile.enc'; @@ -1350,16 +1317,16 @@ class Util $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $recoveryKey = $this->view->file_get_contents($pathKey); + $recoveryKey = $this->view->file_get_contents( $pathKey ); - $decryptedRecoveryKey = Crypt::symmetricDecryptFileContent($recoveryKey, $password); + $decryptedRecoveryKey = Crypt::symmetricDecryptFileContent( $recoveryKey, $password ); - $controlData = $this->view->file_get_contents($pathControlData); - $decryptedControlData = Crypt::keyDecrypt($controlData, $decryptedRecoveryKey); + $controlData = $this->view->file_get_contents( $pathControlData ); + $decryptedControlData = Crypt::keyDecrypt( $controlData, $decryptedRecoveryKey ); \OC_FileProxy::$enabled = $proxyStatus; - if ($decryptedControlData === 'ownCloud') { + if ( $decryptedControlData === 'ownCloud' ) { return true; } @@ -1369,27 +1336,26 @@ class Util /** * @return string */ - public function getRecoveryKeyId() - { + public function getRecoveryKeyId() { return $this->recoveryKeyId; } /** * @brief add recovery key to all encrypted files */ - public function addRecoveryKeys($path = '/') - { - $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); - foreach ($dirContent as $item) { - $filePath = substr($item['path'], 25); - if ($item['type'] == 'dir') { - $this->addRecoveryKeys($filePath . '/'); + public function addRecoveryKeys( $path = '/' ) { + $dirContent = $this->view->getDirectoryContent( $this->keyfilesPath . $path ); + foreach ( $dirContent as $item ) { + // get relative path from files_encryption/keyfiles/ + $filePath = substr( $item['path'], strlen('files_encryption/keyfiles') ); + if ( $item['type'] == 'dir' ) { + $this->addRecoveryKeys( $filePath . '/' ); } else { - $session = new Session(new \OC_FilesystemView('/')); + $session = new Session( new \OC_FilesystemView( '/' ) ); $sharingEnabled = \OCP\Share::isEnabled(); - $file = substr($filePath, 0, -4); - $usersSharing = $this->getSharingUsersArray($sharingEnabled, $file); - $this->setSharedFileKeyfiles($session, $usersSharing, $file); + $file = substr( $filePath, 0, -4 ); + $usersSharing = $this->getSharingUsersArray( $sharingEnabled, $file ); + $this->setSharedFileKeyfiles( $session, $usersSharing, $file ); } } } @@ -1397,16 +1363,16 @@ class Util /** * @brief remove recovery key to all encrypted files */ - public function removeRecoveryKeys($path = '/') - { - $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); - foreach ($dirContent as $item) { - $filePath = substr($item['path'], 25); - if ($item['type'] == 'dir') { - $this->removeRecoveryKeys($filePath . '/'); + public function removeRecoveryKeys( $path = '/' ) { + $dirContent = $this->view->getDirectoryContent( $this->keyfilesPath . $path ); + foreach ( $dirContent as $item ) { + // get relative path from files_encryption/keyfiles + $filePath = substr( $item['path'], strlen('files_encryption/keyfiles') ); + if ( $item['type'] == 'dir' ) { + $this->removeRecoveryKeys( $filePath . '/' ); } else { - $file = substr($filePath, 0, -4); - $this->view->unlink($this->shareKeysPath . '/' . $file . '.' . $this->recoveryKeyId . '.shareKey'); + $file = substr( $filePath, 0, -4 ); + $this->view->unlink( $this->shareKeysPath . '/' . $file . '.' . $this->recoveryKeyId . '.shareKey' ); } } } @@ -1416,40 +1382,39 @@ class Util * @param string $file * @param string $privateKey recovery key to decrypt the file */ - private function recoverFile($file, $privateKey) - { + private function recoverFile( $file, $privateKey ) { $sharingEnabled = \OCP\Share::isEnabled(); // Find out who, if anyone, is sharing the file - if ($sharingEnabled) { - $result = \OCP\Share::getUsersSharingFile($file, $this->userId, true, true, true); + if ( $sharingEnabled ) { + $result = \OCP\Share::getUsersSharingFile( $file, $this->userId, true, true, true ); $userIds = $result['users']; $userIds[] = $this->recoveryKeyId; - if ($result['public']) { + if ( $result['public'] ) { $userIds[] = $this->publicShareKeyId; } } else { - $userIds = array($this->userId, $this->recoveryKeyId); + $userIds = array( $this->userId, $this->recoveryKeyId ); } - $filteredUids = $this->filterShareReadyUsers($userIds); + $filteredUids = $this->filterShareReadyUsers( $userIds ); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //decrypt file key - $encKeyfile = $this->view->file_get_contents($this->keyfilesPath . $file . ".key"); - $shareKey = $this->view->file_get_contents($this->shareKeysPath . $file . "." . $this->recoveryKeyId . ".shareKey"); - $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); + $encKeyfile = $this->view->file_get_contents( $this->keyfilesPath . $file . ".key" ); + $shareKey = $this->view->file_get_contents( $this->shareKeysPath . $file . "." . $this->recoveryKeyId . ".shareKey" ); + $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); // encrypt file key again to all users, this time with the new public key for the recovered use - $userPubKeys = Keymanager::getPublicKeys($this->view, $filteredUids['ready']); - $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); + $userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids['ready'] ); + $multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); // write new keys to filesystem TDOO! - $this->view->file_put_contents($this->keyfilesPath . $file . '.key', $multiEncKey['data']); - foreach ($multiEncKey['keys'] as $userId => $shareKey) { + $this->view->file_put_contents( $this->keyfilesPath . $file . '.key', $multiEncKey['data'] ); + foreach ( $multiEncKey['keys'] as $userId => $shareKey ) { $shareKeyPath = $this->shareKeysPath . $file . '.' . $userId . '.shareKey'; - $this->view->file_put_contents($shareKeyPath, $shareKey); + $this->view->file_put_contents( $shareKeyPath, $shareKey ); } // Return proxy to original status @@ -1461,16 +1426,15 @@ class Util * @param string $path to look for files keys * @param string $privateKey private recovery key which is used to decrypt the files */ - private function recoverAllFiles($path, $privateKey) - { - $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); - foreach ($dirContent as $item) { - $filePath = substr($item['path'], 25); - if ($item['type'] == 'dir') { - $this->recoverAllFiles($filePath . '/', $privateKey); + private function recoverAllFiles( $path, $privateKey ) { + $dirContent = $this->view->getDirectoryContent( $this->keyfilesPath . $path ); + foreach ( $dirContent as $item ) { + $filePath = substr( $item['path'], 25 ); + if ( $item['type'] == 'dir' ) { + $this->recoverAllFiles( $filePath . '/', $privateKey ); } else { - $file = substr($filePath, 0, -4); - $this->recoverFile($file, $privateKey); + $file = substr( $filePath, 0, -4 ); + $this->recoverFile( $file, $privateKey ); } } } @@ -1479,19 +1443,18 @@ class Util * @brief recover users files in case of password lost * @param string $recoveryPassword */ - public function recoverUsersFiles($recoveryPassword) - { + public function recoverUsersFiles( $recoveryPassword ) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $encryptedKey = $this->view->file_get_contents('/owncloud_private_key/' . $this->recoveryKeyId . '.private.key'); - $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $recoveryPassword); + $encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $this->recoveryKeyId . '.private.key' ); + $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $recoveryPassword ); \OC_FileProxy::$enabled = $proxyStatus; - $this->recoverAllFiles('/', $privateKey); + $this->recoverAllFiles( '/', $privateKey ); } } diff --git a/apps/files_encryption/settings-admin.php b/apps/files_encryption/settings-admin.php index 66efc584367..6cc5b997fdb 100644 --- a/apps/files_encryption/settings-admin.php +++ b/apps/files_encryption/settings-admin.php @@ -15,7 +15,6 @@ $view = new OC_FilesystemView( '' ); $recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); -$tmpl->assign( 'encryption_mode', \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' ) ); $tmpl->assign( 'recoveryEnabled', $recoveryAdminEnabled ); \OCP\Util::addscript( 'files_encryption', 'settings-admin' ); diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php index ada8ffbc318..57f7f584523 100644 --- a/apps/files_encryption/settings-personal.php +++ b/apps/files_encryption/settings-personal.php @@ -26,4 +26,3 @@ $tmpl->assign( 'recoveryEnabledForUser', $recoveryEnabledForUser ); return $tmpl->fetchPage(); -return null; diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php index 14e8ce960a2..04d6e79179e 100644 --- a/apps/files_encryption/templates/settings-personal.php +++ b/apps/files_encryption/templates/settings-personal.php @@ -29,18 +29,5 @@


- -- cgit v1.2.3