From b6fa0e4eefb332dc1fb9b45df50de4621ed8e6bd Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 29 Jul 2013 17:06:05 +0200 Subject: working decrypt files method --- apps/files_encryption/lib/util.php | 102 ++++++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 6 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 50e823585d7..03e2fae4c65 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -661,6 +661,69 @@ class Util { } } + + /** + * @brief Decrypt all files + * @return bool + */ + public function decryptAll() { + + $found = $this->findEncFiles($this->userId . '/files'); + + if ($found) { + + // Disable proxy to prevent file being encrypted twice + \OC_FileProxy::$enabled = false; + + // Encrypt unencrypted files + foreach ($found['encrypted'] as $encryptedFile) { + + //relative to data//file + $relPath = Helper::stripUserFilesPath($encryptedFile['path']); + + //relative to /data + $rawPath = $encryptedFile['path']; + + // Open enc file handle for binary reading + $encHandle = fopen('crypt://' . $rawPath, 'rb'); + + // Open plain file handle for binary writing, with same filename as original plain file + $plainHandle = $this->view->fopen($rawPath . '.part', 'wb'); + + // Move plain file to a temporary location + $size = stream_copy_to_stream($encHandle, $plainHandle); + + fclose($encHandle); + fclose($plainHandle); + + $fakeRoot = $this->view->getRoot(); + $this->view->chroot('/' . $this->userId . '/files'); + + $this->view->rename($relPath . '.part', $relPath); + + $this->view->chroot($fakeRoot); + + // Add the file to the cache + \OC\Files\Filesystem::putFileInfo($relPath, array( + 'encrypted' => false, + 'size' => $size, + 'unencrypted_size' => $size + )); + } + + $this->view->deleteAll($this->keyfilesPath); + $this->view->deleteAll($this->shareKeysPath); + + \OC_FileProxy::$enabled = true; + + // If files were found, return true + return true; + } else { + + // If no files were found, return false + return false; + } + } /** * @brief Encrypt all files in a directory @@ -672,7 +735,9 @@ class Util { */ public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) { - if ($found = $this->findEncFiles($dirPath)) { + $found = $this->findEncFiles($dirPath); + + if ($found) { // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; @@ -690,12 +755,13 @@ class Util { $plainHandle = $this->view->fopen($rawPath, 'rb'); // Open enc file handle for binary writing, with same filename as original plain file - $encHandle = fopen('crypt://' . $relPath . '.part', 'wb'); + $encHandle = fopen('crypt://' . $rawPath . '.part', 'wb'); // Move plain file to a temporary location $size = stream_copy_to_stream($plainHandle, $encHandle); fclose($encHandle); + fclose($plainHandle); $fakeRoot = $this->view->getRoot(); $this->view->chroot('/' . $this->userId . '/files'); @@ -706,10 +772,10 @@ class Util { // Add the file to the cache \OC\Files\Filesystem::putFileInfo($relPath, array( - 'encrypted' => true, - 'size' => $size, - 'unencrypted_size' => $size - )); + 'encrypted' => true, + 'size' => $size, + 'unencrypted_size' => $size + )); } // Encrypt legacy encrypted files @@ -1579,4 +1645,28 @@ class Util { return false; } + /** + * @brief decrypt private key and add it to the current session + * @param array $params with 'uid' and 'password' + * @return mixed session or false + */ + public function initEncryption($params) { + + $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); + + $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); + + if ($privateKey === false) { + \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] + . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); + return false; + } + + $session = new \OCA\Encryption\Session($this->view); + + $session->setPrivateKey($privateKey); + + return $session; + } + } -- cgit v1.2.3 From a7a7ef2b3a79607677679ea96212a20a633065e3 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 30 Jul 2013 09:48:30 +0200 Subject: improved error handling --- apps/files_encryption/lib/util.php | 36 ++++++++++++++++++++++++++---------- settings/ajax/decryptall.php | 12 ++++++++---- 2 files changed, 34 insertions(+), 14 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 03e2fae4c65..5649472e0b5 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -661,7 +661,7 @@ class Util { } } - + /** * @brief Decrypt all files * @return bool @@ -670,6 +670,8 @@ class Util { $found = $this->findEncFiles($this->userId . '/files'); + $successful = true; + if ($found) { // Disable proxy to prevent file being encrypted twice @@ -687,11 +689,28 @@ class Util { // Open enc file handle for binary reading $encHandle = fopen('crypt://' . $rawPath, 'rb'); + if ($encHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $rawPath . '", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + // Open plain file handle for binary writing, with same filename as original plain file $plainHandle = $this->view->fopen($rawPath . '.part', 'wb'); + if ($plainHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $rawPath . '.part", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } // Move plain file to a temporary location $size = stream_copy_to_stream($encHandle, $plainHandle); + if ($size === 0) { + \OCP\Util::writeLog('Encryption library', 'Zero bytes copied of "' . $rawPath . '", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + fclose($encHandle); fclose($plainHandle); @@ -711,18 +730,15 @@ class Util { )); } - $this->view->deleteAll($this->keyfilesPath); - $this->view->deleteAll($this->shareKeysPath); + if ($successful) { + $this->view->deleteAll($this->keyfilesPath); + $this->view->deleteAll($this->shareKeysPath); + } \OC_FileProxy::$enabled = true; - - // If files were found, return true - return true; - } else { - - // If no files were found, return false - return false; } + + return $successful; } /** diff --git a/settings/ajax/decryptall.php b/settings/ajax/decryptall.php index 7adacb9802a..e53067931e8 100644 --- a/settings/ajax/decryptall.php +++ b/settings/ajax/decryptall.php @@ -1,5 +1,5 @@ initEncryption($params); if ($result !== false) { - $util->decryptAll(); - \OCP\JSON::success(array('data' => array('message' => 'Files decrypted successfully'))); + $successful = $util->decryptAll(); + if ($successful === true) { + \OCP\JSON::success(array('data' => array('message' => 'Files decrypted successfully'))); + } else { + \OCP\JSON::error(array('data' => array('message' => 'Couldn\'t decrypt your files, please check your owncloud.log or ask your administrator'))); + } } else { - \OCP\JSON::error(array('data' => array('message' => 'Couldn\'t decrypt files, check your password and try again'))); + \OCP\JSON::error(array('data' => array('message' => 'Couldn\'t decrypt your files, check your password and try again'))); } -- cgit v1.2.3 From 3640c99462f35d35f6678d488016d9f672960d2b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 30 Jul 2013 12:19:04 +0200 Subject: encrypt/decrypt file versions --- apps/files_encryption/lib/util.php | 127 ++++++++++++++++++++++++++++++++++++- 1 file changed, 124 insertions(+), 3 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 5649472e0b5..4bd07287cd7 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -662,6 +662,98 @@ class Util { } + /** + * @brief encrypt versions from given file + * @param array $filelist list of encrypted files, relative to data/user/files + * @return boolean + */ + private function encryptVersions($filelist) { + + $successful = true; + + if (\OCP\App::isEnabled('files_versions')) { + + foreach ($filelist as $filename) { + + $versions = \OCA\Files_Versions\Storage::getVersions($this->userId, $filename); + foreach ($versions as $version) { + + $path = '/' . $this->userId . '/files_versions/' . $version['path'] . '.v' . $version['version']; + + $encHandle = fopen('crypt://' . $path . '.part', 'wb'); + + if ($encHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $path . '", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + + $plainHandle = $this->view->fopen($path, 'rb'); + if ($plainHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $path . '.part", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + + stream_copy_to_stream($plainHandle, $encHandle); + + fclose($encHandle); + fclose($plainHandle); + + $this->view->rename($path . '.part', $path); + } + } + } + + return $successful; + } + + /** + * @brief decrypt versions from given file + * @param string $filelist list of decrypted files, relative to data/user/files + * @return boolean + */ + private function decryptVersions($filelist) { + + $successful = true; + + if (\OCP\App::isEnabled('files_versions')) { + + foreach ($filelist as $filename) { + + $versions = \OCA\Files_Versions\Storage::getVersions($this->userId, $filename); + foreach ($versions as $version) { + + $path = '/' . $this->userId . '/files_versions/' . $version['path'] . '.v' . $version['version']; + + $encHandle = fopen('crypt://' . $path, 'rb'); + + if ($encHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $path . '", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + + $plainHandle = $this->view->fopen($path . '.part', 'wb'); + if ($plainHandle === false) { + \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $path . '.part", decryption failed!', \OCP\Util::FATAL); + $successful = false; + continue; + } + + stream_copy_to_stream($encHandle, $plainHandle); + + fclose($encHandle); + fclose($plainHandle); + + $this->view->rename($path . '.part', $path); + } + } + } + + return $successful; + } + /** * @brief Decrypt all files * @return bool @@ -674,6 +766,11 @@ class Util { if ($found) { + $versionStatus = \OCP\App::isEnabled('files_versions'); + \OC_App::disable('files_versions'); + + $decryptedFiles[] = array(); + // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; @@ -685,7 +782,7 @@ class Util { //relative to /data $rawPath = $encryptedFile['path']; - + // Open enc file handle for binary reading $encHandle = fopen('crypt://' . $rawPath, 'rb'); @@ -711,7 +808,6 @@ class Util { continue; } - fclose($encHandle); fclose($plainHandle); @@ -728,8 +824,19 @@ class Util { 'size' => $size, 'unencrypted_size' => $size )); + + $decryptedFiles[] = $relPath; + } + if ($versionStatus) { + \OC_App::enable('files_versions'); + } + + if (!$this->decryptVersions($decryptedFiles)) { + $successful = false; + } + if ($successful) { $this->view->deleteAll($this->keyfilesPath); $this->view->deleteAll($this->shareKeysPath); @@ -752,11 +859,16 @@ class Util { public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) { $found = $this->findEncFiles($dirPath); - + if ($found) { // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; + + $versionStatus = \OCP\App::isEnabled('files_versions'); + \OC_App::disable('files_versions'); + + $encryptedFiles = array(); // Encrypt unencrypted files foreach ($found['plain'] as $plainFile) { @@ -792,6 +904,9 @@ class Util { 'size' => $size, 'unencrypted_size' => $size )); + + $encryptedFiles[] = $relPath; + } // Encrypt legacy encrypted files @@ -832,6 +947,12 @@ class Util { \OC_FileProxy::$enabled = true; + if ($versionStatus) { + \OC_App::enable('files_versions'); + } + + $this->encryptVersions($encryptedFiles); + // If files were found, return true return true; } else { -- cgit v1.2.3 From 25493227636d19ff6bc28ef10c0c319cc572ea28 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 30 Jul 2013 18:17:33 +0200 Subject: we need to use the path relative to data/ --- apps/files_encryption/lib/util.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 4bd07287cd7..7983c829e11 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -565,9 +565,6 @@ class Util { // split the path parts $pathParts = explode('/', $path); - // get relative path - $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); - if (isset($pathParts[2]) && $pathParts[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path) ) { @@ -580,7 +577,7 @@ class Util { $lastChunkNr = floor($size / 8192); // open stream - $stream = fopen('crypt://' . $relativePath, "r"); + $stream = fopen('crypt://' . $path, "r"); if (is_resource($stream)) { // calculate last chunk position -- cgit v1.2.3 From 23e97216449ad65b4334dd68f84902ab08b0d62d Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 31 Jul 2013 16:35:14 +0200 Subject: use OC\Files\View to read encrypted file, so that it also works with external storages --- apps/files_encryption/lib/util.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 7983c829e11..979b0fac407 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -768,9 +768,6 @@ class Util { $decryptedFiles[] = array(); - // Disable proxy to prevent file being encrypted twice - \OC_FileProxy::$enabled = false; - // Encrypt unencrypted files foreach ($found['encrypted'] as $encryptedFile) { @@ -780,8 +777,14 @@ class Util { //relative to /data $rawPath = $encryptedFile['path']; + //enable proxy to use OC\Files\View to access the original file + \OC_FileProxy::$enabled = true; + // Open enc file handle for binary reading - $encHandle = fopen('crypt://' . $rawPath, 'rb'); + $encHandle = $this->view->fopen($rawPath, 'rb'); + + // Disable proxy to prevent file being encrypted again + \OC_FileProxy::$enabled = false; if ($encHandle === false) { \OCP\Util::writeLog('Encryption library', 'couldn\'t open "' . $rawPath . '", decryption failed!', \OCP\Util::FATAL); -- cgit v1.2.3 From 5ba8d38b7fcbdb2f1619f46b2e9513899a61b887 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 9 Aug 2013 15:55:17 +0200 Subject: remove old comments, TODos, etc. --- apps/files_encryption/hooks/hooks.php | 3 -- apps/files_encryption/lib/util.php | 63 ----------------------------------- 2 files changed, 66 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 741df166b70..228b3c7ad78 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -30,9 +30,6 @@ use OC\Files\Filesystem; */ class Hooks { - // TODO: use passphrase for encrypting private key that is separate to - // the login password - /** * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 50e823585d7..61685e59c6a 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -21,30 +21,6 @@ * */ -# Bugs -# ---- -# Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer -# Sharing all files to admin for recovery purposes still in progress -# Possibly public links are broken (not tested since last merge of master) - - -# Missing features -# ---------------- -# Make sure user knows if large files weren't encrypted - - -# Test -# ---- -# Test that writing files works when recovery is enabled, and sharing API is disabled -# Test trashbin support - - -// Old Todo: -// - Crypt/decrypt button in the userinterface -// - Setting if crypto should be on by default -// - Add a setting "Don“t encrypt files larger than xx because of performance -// reasons" - namespace OCA\Encryption; /** @@ -57,45 +33,6 @@ namespace OCA\Encryption; class Util { - // Web UI: - - //// DONE: files created via web ui are encrypted - //// DONE: file created & encrypted via web ui are readable in web ui - //// DONE: file created & encrypted via web ui are readable via webdav - - - // WebDAV: - - //// DONE: new data filled files added via webdav get encrypted - //// DONE: new data filled files added via webdav are readable via webdav - //// DONE: reading unencrypted files when encryption is enabled works via - //// webdav - //// DONE: files created & encrypted via web ui are readable via webdav - - - // Legacy support: - - //// DONE: add method to check if file is encrypted using new system - //// DONE: add method to check if file is encrypted using old system - //// DONE: add method to fetch legacy key - //// DONE: add method to decrypt legacy encrypted data - - - // Admin UI: - - //// DONE: changing user password also changes encryption passphrase - - //// TODO: add support for optional recovery in case of lost passphrase / keys - //// TODO: add admin optional required long passphrase for users - //// TODO: implement flag system to allow user to specify encryption by folder, subfolder, etc. - - - // Integration testing: - - //// TODO: test new encryption with versioning - //// DONE: test new encryption with sharing - //// TODO: test new encryption with proxies - const MIGRATION_COMPLETED = 1; // migration to new encryption completed const MIGRATION_IN_PROGRESS = -1; // migration is running const MIGRATION_OPEN = 0; // user still needs to be migrated -- cgit v1.2.3 From b982868c14ea66f0241b4a801f92fdd594fcca3b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 12 Aug 2013 13:59:49 +0200 Subject: fix array declaration --- apps/files_encryption/lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 979b0fac407..8819b0f972a 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -766,7 +766,7 @@ class Util { $versionStatus = \OCP\App::isEnabled('files_versions'); \OC_App::disable('files_versions'); - $decryptedFiles[] = array(); + $decryptedFiles = array(); // Encrypt unencrypted files foreach ($found['encrypted'] as $encryptedFile) { -- cgit v1.2.3 From 0bab8935c95c249405f5b12f4724d189c4ec648b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 12 Aug 2013 14:30:43 +0200 Subject: preserve mtime if file gets encrypted/decrypted --- apps/files_encryption/lib/util.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 8819b0f972a..9d351983e2a 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -777,6 +777,9 @@ class Util { //relative to /data $rawPath = $encryptedFile['path']; + //get timestamp + $timestamp = $this->view->filemtime($rawPath); + //enable proxy to use OC\Files\View to access the original file \OC_FileProxy::$enabled = true; @@ -818,6 +821,9 @@ class Util { $this->view->chroot($fakeRoot); + //set timestamp + $this->view->touch($rawPath, $timestamp); + // Add the file to the cache \OC\Files\Filesystem::putFileInfo($relPath, array( 'encrypted' => false, @@ -875,10 +881,13 @@ class Util { //relative to data//file $relPath = $plainFile['path']; - + //relative to /data $rawPath = '/' . $this->userId . '/files/' . $plainFile['path']; + // keep timestamp + $timestamp = $this->view->filemtime($rawPath); + // Open plain file handle for binary reading $plainHandle = $this->view->fopen($rawPath, 'rb'); @@ -897,6 +906,9 @@ class Util { $this->view->rename($relPath . '.part', $relPath); $this->view->chroot($fakeRoot); + + // set timestamp + $this->view->touch($rawPath, $timestamp); // Add the file to the cache \OC\Files\Filesystem::putFileInfo($relPath, array( -- cgit v1.2.3 From 7b1067c2a09c6c312bf63ae5d8948c0c151f1891 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 12 Aug 2013 16:19:08 +0200 Subject: change decryptUnknownKeyfile() to decryptKeyfile(), we always use openssl_seal --- apps/files_encryption/lib/util.php | 36 ++++++------------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 61685e59c6a..c6fc134fe42 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -815,46 +815,22 @@ class Util { } /** - * @brief Decrypt a keyfile without knowing how it was encrypted + * @brief Decrypt a keyfile * @param string $filePath - * @param string $fileOwner * @param string $privateKey * @return bool|string - * @note Checks whether file was encrypted with openssl_seal or - * openssl_encrypt, and decrypts accrdingly - * @note This was used when 2 types of encryption for keyfiles was used, - * but now we've switched to exclusively using openssl_seal() */ - public function decryptUnknownKeyfile($filePath, $fileOwner, $privateKey) { + private function decryptKeyfile($filePath, $privateKey) { // Get the encrypted keyfile - // NOTE: the keyfile format depends on how it was encrypted! At - // this stage we don't know how it was encrypted $encKeyfile = Keymanager::getFileKey($this->view, $this->userId, $filePath); - // We need to decrypt the keyfile - // Has the file been shared yet? - if ( - $this->userId === $fileOwner - && !Keymanager::getShareKey($this->view, $this->userId, $filePath) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true - ) { - - // The file has no shareKey, and its keyfile must be - // decrypted conventionally - $plainKeyfile = Crypt::keyDecrypt($encKeyfile, $privateKey); - - - } else { + // The file has a shareKey and must use it for decryption + $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath); - // The file has a shareKey and must use it for decryption - $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath); - - $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); - - } + $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); return $plainKeyfile; - } /** @@ -893,7 +869,7 @@ class Util { $fileOwner = \OC\Files\Filesystem::getOwner($filePath); // Decrypt keyfile - $plainKeyfile = $this->decryptUnknownKeyfile($filePath, $fileOwner, $privateKey); + $plainKeyfile = $this->decryptKeyfile($filePath, $privateKey); // Re-enc keyfile to (additional) sharekeys $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); -- cgit v1.2.3 From 1be11bb03d2627d3c8cac4a2fc094808f7ec59c3 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Sun, 18 Aug 2013 11:21:01 +0200 Subject: don't change the etags if a file gets encrypted/decrypted to avoid that the sync client downloads all files again --- apps/files_encryption/lib/util.php | 56 ++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 24 deletions(-) (limited to 'apps/files_encryption/lib/util.php') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index d89fe1e33b9..b8d68623493 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -340,7 +340,7 @@ class Util { $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); $relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath); - // If the path is a directory, search + // If the path is a directory, search // its contents if ($this->view->is_dir($filePath)) { @@ -356,8 +356,8 @@ class Util { $isEncryptedPath = $this->isEncryptedPath($filePath); // If the file is encrypted - // NOTE: If the userId is - // empty or not set, file will + // NOTE: If the userId is + // empty or not set, file will // detected as plain // NOTE: This is inefficient; // scanning every file like this @@ -687,7 +687,7 @@ class Util { return $successful; } - + /** * @brief Decrypt all files * @return bool @@ -702,21 +702,24 @@ class Util { $versionStatus = \OCP\App::isEnabled('files_versions'); \OC_App::disable('files_versions'); - + $decryptedFiles = array(); // Encrypt unencrypted files foreach ($found['encrypted'] as $encryptedFile) { + //get file info + $fileInfo = \OC\Files\Filesystem::getFileInfo($encryptedFile['path']); + //relative to data//file $relPath = Helper::stripUserFilesPath($encryptedFile['path']); //relative to /data $rawPath = $encryptedFile['path']; - + //get timestamp $timestamp = $this->view->filemtime($rawPath); - + //enable proxy to use OC\Files\View to access the original file \OC_FileProxy::$enabled = true; @@ -760,14 +763,15 @@ class Util { //set timestamp $this->view->touch($rawPath, $timestamp); - + // Add the file to the cache \OC\Files\Filesystem::putFileInfo($relPath, array( 'encrypted' => false, 'size' => $size, - 'unencrypted_size' => $size + 'unencrypted_size' => $size, + 'etag' => $fileInfo['etag'] )); - + $decryptedFiles[] = $relPath; } @@ -775,11 +779,11 @@ class Util { if ($versionStatus) { \OC_App::enable('files_versions'); } - + if (!$this->decryptVersions($decryptedFiles)) { $successful = false; } - + if ($successful) { $this->view->deleteAll($this->keyfilesPath); $this->view->deleteAll($this->shareKeysPath); @@ -807,24 +811,27 @@ class Util { // Disable proxy to prevent file being encrypted twice \OC_FileProxy::$enabled = false; - + $versionStatus = \OCP\App::isEnabled('files_versions'); \OC_App::disable('files_versions'); - + $encryptedFiles = array(); // Encrypt unencrypted files foreach ($found['plain'] as $plainFile) { + //get file info + $fileInfo = \OC\Files\Filesystem::getFileInfo($plainFile['path']); + //relative to data//file $relPath = $plainFile['path']; - + //relative to /data $rawPath = '/' . $this->userId . '/files/' . $plainFile['path']; // keep timestamp $timestamp = $this->view->filemtime($rawPath); - + // Open plain file handle for binary reading $plainHandle = $this->view->fopen($rawPath, 'rb'); @@ -843,7 +850,7 @@ class Util { $this->view->rename($relPath . '.part', $relPath); $this->view->chroot($fakeRoot); - + // set timestamp $this->view->touch($rawPath, $timestamp); @@ -851,9 +858,10 @@ class Util { \OC\Files\Filesystem::putFileInfo($relPath, array( 'encrypted' => true, 'size' => $size, - 'unencrypted_size' => $size + 'unencrypted_size' => $size, + 'etag' => $fileInfo['etag'] )); - + $encryptedFiles[] = $relPath; } @@ -899,9 +907,9 @@ class Util { if ($versionStatus) { \OC_App::enable('files_versions'); } - + $this->encryptVersions($encryptedFiles); - + // If files were found, return true return true; } else { @@ -1140,7 +1148,7 @@ class Util { } - // If recovery is enabled, add the + // If recovery is enabled, add the // Admin UID to list of users to share to if ($recoveryEnabled) { // Find recoveryAdmin user ID @@ -1727,8 +1735,8 @@ class Util { $session = new \OCA\Encryption\Session($this->view); $session->setPrivateKey($privateKey); - + return $session; } - + } -- cgit v1.2.3