From c5cb4206f53d2a87f3d8e17fd8447dae4dc4a50c Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 20 Nov 2013 18:10:56 +0100 Subject: [wip] make encryption work with public gallery sharing --- apps/files_encryption/lib/util.php | 62 ++++++++++++++------------------------ 1 file changed, 23 insertions(+), 39 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index f9beb9de670..08c88704083 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -38,7 +38,8 @@ class Util { const MIGRATION_OPEN = 0; // user still needs to be migrated private $view; // OC_FilesystemView object for filesystem operations - private $userId; // ID of the currently logged-in user + private $userId; // ID of the user we use to encrypt/decrypt files + private $ownerId; // ID of the user who accesses the file/folder private $client; // Client side encryption mode flag private $publicKeyDir; // Dir containing all public user keys private $encryptionDir; // Dir containing user's files_encryption @@ -58,51 +59,34 @@ class Util { public function __construct(\OC_FilesystemView $view, $userId, $client = false) { $this->view = $view; - $this->userId = $userId; $this->client = $client; - $this->isPublic = false; $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); - // if we are anonymous/public + $this->userDir = '/' . $userId; + $this->fileFolderName = 'files'; + $this->userFilesDir = + '/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? + $this->publicKeyDir = '/' . 'public-keys'; + $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; + $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; + $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; + $this->publicKeyPath = + $this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->privateKeyPath = + $this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key + // make sure that the owners home is mounted + \OC\Files\Filesystem::initMountPoints($userId); + if (\OCA\Encryption\Helper::isPublicAccess()) { $this->userId = $this->publicShareKeyId; - - // only handle for files_sharing app - if (isset($GLOBALS['app']) && $GLOBALS['app'] === 'files_sharing') { - $this->userDir = '/' . $GLOBALS['fileOwner']; - $this->fileFolderName = 'files'; - $this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/' - . $this->fileFolderName; // TODO: Does this need to be user configurable? - $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption'; - $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; - $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; - $this->publicKeyPath = - $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key - $this->privateKeyPath = - '/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key - $this->isPublic = true; - // make sure that the owners home is mounted - \OC\Files\Filesystem::initMountPoints($GLOBALS['fileOwner']); - } - + $this->ownerId = $userId; + $this->isPublic = true; } else { - $this->userDir = '/' . $this->userId; - $this->fileFolderName = 'files'; - $this->userFilesDir = - '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? - $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; - $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; - $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; - $this->publicKeyPath = - $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key - $this->privateKeyPath = - $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key - // make sure that the owners home is mounted - \OC\Files\Filesystem::initMountPoints($this->userId); + $this->userId = $userId; + $this->ownerId = $userId; + $this->isPublic = false; } } @@ -1338,7 +1322,7 @@ class Util { // handle public access if ($this->isPublic) { $filename = $path; - $fileOwnerUid = $GLOBALS['fileOwner']; + $fileOwnerUid = $this->ownerId; return array( $fileOwnerUid, -- cgit v1.2.3 From e11afd306608798a8ba9138cae70e9ab283c490d Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 20 Nov 2013 22:44:23 +0100 Subject: fix some getShareKey() and getFileKey() calls --- apps/files_encryption/lib/util.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 08c88704083..ce3d253cc93 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -351,7 +351,7 @@ class Util { // scanning every file like this // will eat server resources :( if ( - Keymanager::getFileKey($this->view, $this->userId, $relPath) + Keymanager::getFileKey($this->view, $this, $relPath) && $isEncryptedPath ) { @@ -1043,10 +1043,10 @@ class Util { private function decryptKeyfile($filePath, $privateKey) { // Get the encrypted keyfile - $encKeyfile = Keymanager::getFileKey($this->view, $this->userId, $filePath); + $encKeyfile = Keymanager::getFileKey($this->view, $this, $filePath); // The file has a shareKey and must use it for decryption - $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath); + $shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $filePath); $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); -- cgit v1.2.3 From b9c18d16fe67f71015d1a233e2716bc7c0812140 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 20 Nov 2013 23:23:23 +0100 Subject: make sure that we always use the correct user id --- apps/files_encryption/lib/keymanager.php | 18 +++++++++++------- apps/files_encryption/lib/stream.php | 12 +++++++++--- apps/files_encryption/lib/util.php | 2 +- 3 files changed, 21 insertions(+), 11 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 8d3e72b422b..b207b1437ba 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -125,8 +125,8 @@ class Keymanager { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - //here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + $userId = Helper::getUser($path); + $util = new Util($view, $userId); list($owner, $filename) = $util->getUidAndFilename($path); // in case of system wide mount points the keys are stored directly in the data directory @@ -225,7 +225,8 @@ class Keymanager { $trimmed = ltrim($path, '/'); - $util = new Util($view, \OCP\User::getUser()); + $userId = Helper::getUser($path); + $util = new Util($view, $userId); if($util->isSystemWideMountPoint($path)) { $keyPath = '/files_encryption/keyfiles/' . $trimmed; @@ -322,8 +323,10 @@ class Keymanager { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] - // Here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + + $userId = Helper::getUser($path); + + $util = new Util($view, $userId); list($owner, $filename) = $util->getUidAndFilename($path); @@ -441,8 +444,9 @@ class Keymanager { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - //here we need the currently logged in user, while userId can be a different user - $util = new Util($view, \OCP\User::getUser()); + $userId = Helper::getUser($filePath); + + $util = new Util($view, $userId); list($owner, $filename) = $util->getUidAndFilename($filePath); diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 393c133d765..2497e56e898 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -92,10 +92,14 @@ class Stream { $this->session = new \OCA\Encryption\Session($this->rootView); - $this->privateKey = $this->session->getPrivateKey($this->userId); + $this->privateKey = $this->session->getPrivateKey(); - $util = new Util($this->rootView, \OCP\USER::getUser()); + $userId = Helper::getUser($path); + $util = new Util($this->rootView, $userId); + + // need to get the userId once more from util, because now this can be the + // public share key ID $this->userId = $util->getUserId(); // rawPath is relative to the data directory @@ -509,7 +513,9 @@ class Stream { // Check if OC sharing api is enabled $sharingEnabled = \OCP\Share::isEnabled(); - $util = new Util($this->rootView, $this->userId); + $userId = Helper::getUser($this->rawPath); + + $util = new Util($this->rootView, $userId); // Get all users sharing the file includes current user $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ce3d253cc93..1e8b852fb31 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -69,7 +69,7 @@ class Util { $this->userFilesDir = '/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; + $this->encryptionDir = '/' . $userId . '/' . 'files_encryption'; $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; $this->publicKeyPath = -- cgit v1.2.3 From b27fc42e1f0fbd1edebb1eb1818de4b4e0c4ee4b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 21 Nov 2013 00:23:38 +0100 Subject: public upload now also works with encryption enabled --- apps/files/index.php | 1 - apps/files_encryption/lib/keymanager.php | 14 +++++--------- apps/files_encryption/lib/proxy.php | 7 +++---- apps/files_encryption/lib/stream.php | 14 +++++++------- apps/files_encryption/lib/util.php | 4 ++-- apps/files_encryption/tests/keymanager.php | 4 +++- apps/files_sharing/public.php | 3 --- 7 files changed, 20 insertions(+), 27 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files/index.php b/apps/files/index.php index 9ae378d7a1d..8f6838aa0d9 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -108,7 +108,6 @@ if ($needUpgrade) { // if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code) $encryptionInitStatus = 2; if (OC_App::isEnabled('files_encryption')) { - $publicUploadEnabled = 'no'; $session = new \OCA\Encryption\Session(new \OC\Files\View('/')); $encryptionInitStatus = $session->getInitialized(); } diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index b207b1437ba..b4396864a49 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -112,6 +112,7 @@ class Keymanager { * @brief store file encryption key * * @param \OC_FilesystemView $view + * @param \OCA\Encryption\Util $util * @param string $path relative path of the file, including filename * @param $userId * @param $catfile @@ -120,13 +121,11 @@ class Keymanager { * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) { + public static function setFileKey(\OC_FilesystemView $view, $util, $path, $userId, $catfile) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $userId = Helper::getUser($path); - $util = new Util($view, $userId); list($owner, $filename) = $util->getUidAndFilename($path); // in case of system wide mount points the keys are stored directly in the data directory @@ -315,19 +314,16 @@ class Keymanager { /** * @brief store multiple share keys for a single file * @param \OC_FilesystemView $view - * @param $path + * @param \OCA\Encryption\Util $util + * @param string $path * @param array $shareKeys * @return bool */ - public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) { + public static function setShareKeys(\OC_FilesystemView $view, $util, $path, array $shareKeys) { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] - $userId = Helper::getUser($path); - - $util = new Util($view, $userId); - list($owner, $filename) = $util->getUidAndFilename($path); // in case of system wide mount points the keys are stored directly in the data directory diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index f7253b4591b..43d451d67c8 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -47,8 +47,10 @@ class Proxy extends \OC_FileProxy { */ private static function shouldEncrypt($path) { + $userId = Helper::getUser($path); + if (\OCP\App::isEnabled('files_encryption') === false || Crypt::mode() !== 'server' || - strpos($path, '/' . \OCP\User::getUser() . '/files') !== 0) { + strpos($path, '/' . $userId . '/files') !== 0) { return false; } @@ -244,9 +246,6 @@ class Proxy extends \OC_FileProxy { // split the path parts $pathParts = explode('/', $path); - // get relative path - $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); - // FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted if (isset($pathParts[2]) && $pathParts[2] === 'cache') { return $result; diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 2497e56e898..3fbcf7db3e4 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -90,11 +90,14 @@ class Stream { $this->rootView = new \OC_FilesystemView('/'); } + // rawPath is relative to the data directory + $this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); + $this->session = new \OCA\Encryption\Session($this->rootView); $this->privateKey = $this->session->getPrivateKey(); - $userId = Helper::getUser($path); + $userId = Helper::getUser($this->rawPath); $util = new Util($this->rootView, $userId); @@ -102,9 +105,6 @@ class Stream { // public share key ID $this->userId = $util->getUserId(); - // rawPath is relative to the data directory - $this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); - // Strip identifier text from path, this gives us the path relative to data//files $this->relPath = Helper::stripUserFilesPath($this->rawPath); // if raw path doesn't point to a real file, check if it is a version or a file in the trash bin @@ -518,7 +518,7 @@ class Stream { $util = new Util($this->rootView, $userId); // Get all users sharing the file includes current user - $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); + $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $userId); $checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds); // Fetch public keys for all sharing users @@ -528,10 +528,10 @@ class Stream { $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); // Save the new encrypted file key - Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']); + Keymanager::setFileKey($this->rootView, $util, $this->relPath, $userId, $this->encKeyfiles['data']); // Save the sharekeys - Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']); + Keymanager::setShareKeys($this->rootView, $util, $this->relPath, $this->encKeyfiles['keys']); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 1e8b852fb31..b15c61f599e 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -1097,8 +1097,8 @@ class Util { // Save the recrypted key to it's owner's keyfiles directory // Save new sharekeys to all necessary user directory if ( - !Keymanager::setFileKey($this->view, $filePath, $fileOwner, $multiEncKey['data']) - || !Keymanager::setShareKeys($this->view, $filePath, $multiEncKey['keys']) + !Keymanager::setFileKey($this->view, $this, $filePath, $fileOwner, $multiEncKey['data']) + || !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys']) ) { \OCP\Util::writeLog('Encryption library', diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index ad6bbd3a7e9..72ee270ee59 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -145,13 +145,15 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $file = 'unittest-' . time() . '.txt'; + $util = new Encryption\Util($this->view, $this->userId); + // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $this->view->file_put_contents($this->userId . '/files/' . $file, $this->dataShort); - Encryption\Keymanager::setFileKey($this->view, $file, $this->userId, $key); + Encryption\Keymanager::setFileKey($this->view, $util, $file, $this->userId, $key); $this->assertTrue($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles/' . $file . '.key')); diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php index d59f9b7401a..f8091967012 100644 --- a/apps/files_sharing/public.php +++ b/apps/files_sharing/public.php @@ -152,9 +152,6 @@ if (isset($path)) { $tmpl->assign('sharingToken', $token); $tmpl->assign('disableSharing', true); $allowPublicUploadEnabled = (bool) ($linkItem['permissions'] & OCP\PERMISSION_CREATE); - if (\OCP\App::isEnabled('files_encryption')) { - $allowPublicUploadEnabled = false; - } if (OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') { $allowPublicUploadEnabled = false; } -- cgit v1.2.3 From 2b361ea085812a7b97102d026c421905549b5142 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 21 Nov 2013 10:09:07 +0100 Subject: better distinction between userID and keyId --- apps/files_encryption/lib/stream.php | 28 +++++++++++++--------------- apps/files_encryption/lib/util.php | 32 +++++++++++++++++++------------- 2 files changed, 32 insertions(+), 28 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 2497e56e898..409c6ff6273 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -55,6 +55,7 @@ class Stream { private $rawPath; // The raw path relative to the data dir private $relPath; // rel path to users file dir private $userId; + private $keyId; private $handle; // Resource returned by fopen private $meta = array(); // Header / meta for source stream private $writeCache; @@ -94,16 +95,16 @@ class Stream { $this->privateKey = $this->session->getPrivateKey(); - $userId = Helper::getUser($path); + // rawPath is relative to the data directory + $this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); - $util = new Util($this->rootView, $userId); + $this->userId = Helper::getUser($this->rawPath); - // need to get the userId once more from util, because now this can be the - // public share key ID - $this->userId = $util->getUserId(); + $util = new Util($this->rootView, $this->userId); - // rawPath is relative to the data directory - $this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); + // get the key ID which we want to use, canm be the users key or the + // public share key + $this->keyId = $util->getKeyId(); // Strip identifier text from path, this gives us the path relative to data//files $this->relPath = Helper::stripUserFilesPath($this->rawPath); @@ -254,14 +255,13 @@ class Stream { // Fetch and decrypt keyfile // Fetch existing keyfile - $userId = Helper::getUser($this->rawPath); - $util = new \OCA\Encryption\Util($this->rootView, $userId); + $util = new \OCA\Encryption\Util($this->rootView, $this->userId); $this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath); // If a keyfile already exists if ($this->encKeyfile) { - $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $util, $this->relPath); + $shareKey = Keymanager::getShareKey($this->rootView, $this->keyId, $util, $this->relPath); // if there is no valid private key return false if ($this->privateKey === false) { @@ -508,14 +508,12 @@ class Stream { \OC_FileProxy::$enabled = false; // Fetch user's public key - $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId); + $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId); // Check if OC sharing api is enabled $sharingEnabled = \OCP\Share::isEnabled(); - $userId = Helper::getUser($this->rawPath); - - $util = new Util($this->rootView, $userId); + $util = new Util($this->rootView, $this->userId); // Get all users sharing the file includes current user $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); @@ -528,7 +526,7 @@ class Stream { $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); // Save the new encrypted file key - Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']); + Keymanager::setFileKey($this->rootView, $this->relPath, $this->keyId, $this->encKeyfiles['data']); // Save the sharekeys Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 1e8b852fb31..2dd4fd9c163 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -39,7 +39,7 @@ class Util { private $view; // OC_FilesystemView object for filesystem operations private $userId; // ID of the user we use to encrypt/decrypt files - private $ownerId; // ID of the user who accesses the file/folder + private $keyId; // ID of the key we want to manipulate private $client; // Client side encryption mode flag private $publicKeyDir; // Dir containing all public user keys private $encryptionDir; // Dir containing user's files_encryption @@ -60,32 +60,31 @@ class Util { $this->view = $view; $this->client = $client; + $this->userId = $userId; $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); - $this->userDir = '/' . $userId; + $this->userDir = '/' . $this->userId; $this->fileFolderName = 'files'; $this->userFilesDir = '/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? $this->publicKeyDir = '/' . 'public-keys'; - $this->encryptionDir = '/' . $userId . '/' . 'files_encryption'; + $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles'; $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys'; $this->publicKeyPath = - $this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key $this->privateKeyPath = - $this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key + $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key // make sure that the owners home is mounted \OC\Files\Filesystem::initMountPoints($userId); if (\OCA\Encryption\Helper::isPublicAccess()) { - $this->userId = $this->publicShareKeyId; - $this->ownerId = $userId; + $this->keyId = $this->publicShareKeyId; $this->isPublic = true; } else { - $this->userId = $userId; - $this->ownerId = $userId; + $this->keyId = $this->userId; $this->isPublic = false; } } @@ -172,13 +171,13 @@ class Util { // check if public-key exists but private-key is missing if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { \OCP\Util::writeLog('Encryption library', - 'public key exists but private key is missing for "' . $this->userId . '"', \OCP\Util::FATAL); + 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } else { if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath) ) { \OCP\Util::writeLog('Encryption library', - 'private key exists but public key is missing for "' . $this->userId . '"', \OCP\Util::FATAL); + 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } } @@ -1046,7 +1045,7 @@ class Util { $encKeyfile = Keymanager::getFileKey($this->view, $this, $filePath); // The file has a shareKey and must use it for decryption - $shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $filePath); + $shareKey = Keymanager::getShareKey($this->view, $this->keyId, $this, $filePath); $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); @@ -1322,7 +1321,7 @@ class Util { // handle public access if ($this->isPublic) { $filename = $path; - $fileOwnerUid = $this->ownerId; + $fileOwnerUid = $this->userId; return array( $fileOwnerUid, @@ -1547,6 +1546,13 @@ class Util { return $this->userId; } + /** + * @return string + */ + public function getKeyId() { + return $this->keyId; + } + /** * @return string */ -- cgit v1.2.3 From c7dc6dc2c2d0d2de72256a6f7bcacaf3ec59bd0c Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 21 Nov 2013 11:11:15 +0100 Subject: fix getFileKey() call --- apps/files_encryption/lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index a9468e34d41..ca9651742f8 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -461,7 +461,7 @@ class Util { $relPath = Helper::stripUserFilesPath($path); } - $fileKey = Keymanager::getFileKey($this->view, $relPath); + $fileKey = Keymanager::getFileKey($this->view, $this, $relPath); if ($fileKey === false) { return false; -- cgit v1.2.3 From 7f3b178d7340708ae6593e733552062a60de68d4 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 27 Nov 2013 11:46:24 +0100 Subject: some small changes according to the review comments --- apps/files_encryption/lib/helper.php | 11 ++++++++--- apps/files_encryption/lib/keymanager.php | 12 ++++-------- apps/files_encryption/lib/proxy.php | 2 +- apps/files_encryption/lib/stream.php | 4 ++-- apps/files_encryption/lib/util.php | 2 +- apps/files_encryption/tests/crypt.php | 4 ++-- apps/files_encryption/tests/keymanager.php | 2 +- 7 files changed, 19 insertions(+), 18 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index a844fc6a398..998c78ec8be 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -225,7 +225,7 @@ class Helper { * @return bool */ public static function isPublicAccess() { - if (\OCP\USER::getUser() === false) { + if (\OCP\User::getUser() === false) { return true; } else { return false; @@ -252,6 +252,11 @@ class Helper { return $relPath; } + /** + * @brief try to get the user from the path if no user is logged in + * @param string $path + * @return mixed user or false if we couldn't determine a user + */ public static function getUser($path) { $user = \OCP\User::getUser(); @@ -261,7 +266,7 @@ class Helper { return $user; } - // if no user is logged in we try to access a publically shared files. + // if no user is logged in we try to access a publicly shared files. // In this case we need to try to get the user from the path $trimmed = ltrim($path, '/'); @@ -282,7 +287,7 @@ class Helper { } /** - * @brief get path to the correspondig file in data/user/files if path points + * @brief get path to the corresponding file in data/user/files if path points * to a version or to a file in cache * @param string $path path to a version or a file in the trash * @return string path to correspondig file relative to data/user/files diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 4695673a48b..599d718c069 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -113,14 +113,12 @@ class Keymanager { * * @param \OC_FilesystemView $view * @param string $path relative path of the file, including filename - * @param $userId - * @param $catfile - * @internal param string $key + * @param string $catfile keyfile content * @return bool true/false * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) { + public static function setFileKey(\OC_FilesystemView $view, $path, $catfile) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; @@ -179,7 +177,7 @@ class Keymanager { * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getFileKey(\OC_FilesystemView $view, $util, $filePath) { + public static function getFileKey($view, $util, $filePath) { list($owner, $filename) = $util->getUidAndFilename($filePath); @@ -216,13 +214,12 @@ class Keymanager { * @brief Delete a keyfile * * @param \OC_FilesystemView $view - * @param string $userId username * @param string $path path of the file the key belongs to * @return bool Outcome of unlink operation * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT * /data/admin/files/mydoc.txt */ - public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) { + public static function deleteFileKey(\OC_FilesystemView $view, $path) { $trimmed = ltrim($path, '/'); @@ -368,7 +365,6 @@ class Keymanager { * @param string $userId * @param \OCA\Encryption\Util $util * @param string $filePath - * @internal param \OCA\Encryption\file $string name * @return string file key or false * @note The sharekey returned is encrypted. Decryption * of the keyfile must be performed by client code diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index b0b2b62aa1b..7a2fcf7233d 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -201,7 +201,7 @@ class Proxy extends \OC_FileProxy { list($owner, $ownerPath) = $util->getUidAndFilename($relativePath); // Delete keyfile & shareKey so it isn't orphaned - if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) { + if (!Keymanager::deleteFileKey($view, $ownerPath)) { \OCP\Util::writeLog('Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OCP\Util::ERROR); } diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 4b0156e661e..40b9837b950 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -102,7 +102,7 @@ class Stream { $util = new Util($this->rootView, $this->userId); - // get the key ID which we want to use, canm be the users key or the + // get the key ID which we want to use, can be the users key or the // public share key $this->keyId = $util->getKeyId(); @@ -527,7 +527,7 @@ class Stream { $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); // Save the new encrypted file key - Keymanager::setFileKey($this->rootView, $this->relPath, $this->keyId, $this->encKeyfiles['data']); + Keymanager::setFileKey($this->rootView, $this->relPath, $this->encKeyfiles['data']); // Save the sharekeys Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ca9651742f8..4ffc72d1531 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -1093,7 +1093,7 @@ class Util { // Save the recrypted key to it's owner's keyfiles directory // Save new sharekeys to all necessary user directory if ( - !Keymanager::setFileKey($this->view, $filePath, $fileOwner, $multiEncKey['data']) + !Keymanager::setFileKey($this->view, $filePath, $multiEncKey['data']) || !Keymanager::setShareKeys($this->view, $filePath, $multiEncKey['keys']) ) { diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 0086371d223..ca14e3e2ccb 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -201,7 +201,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { // Teardown $this->view->unlink($this->userId . '/files/' . $filename); - Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); + Encryption\Keymanager::deleteFileKey($this->view, $filename); } /** @@ -287,7 +287,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $this->view->unlink($this->userId . '/files/' . $filename); - Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); + Encryption\Keymanager::deleteFileKey($this->view, $filename); } diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index ad6bbd3a7e9..a63db7d9074 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -151,7 +151,7 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->view->file_put_contents($this->userId . '/files/' . $file, $this->dataShort); - Encryption\Keymanager::setFileKey($this->view, $file, $this->userId, $key); + Encryption\Keymanager::setFileKey($this->view, $file, $key); $this->assertTrue($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles/' . $file . '.key')); -- cgit v1.2.3