From 986e9dd362809cedec783f55f161d6b3bce7d680 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 31 May 2013 01:35:48 +0200 Subject: use legacyDecrypt to decrypt key file like the previous files_encryption --- apps/files_encryption/lib/crypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ddeb3590f60..d84a4d4e3c1 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -608,7 +608,7 @@ class Crypt { * * This function decrypts an content */ - private static function legacyDecrypt($content, $passphrase = '') { + public static function legacyDecrypt($content, $passphrase = '') { $bf = self::getBlowfish($passphrase); -- cgit v1.2.3 From 8e324aad38851f866c536416a0e8809b330f9c99 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 31 May 2013 01:36:49 +0200 Subject: fix re-encrypt legacy files --- apps/files_encryption/lib/util.php | 42 ++++++++++++++------------------------ 1 file changed, 15 insertions(+), 27 deletions(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 0d663549bf6..b27b26ccaa1 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -732,40 +732,28 @@ class Util { // Fetch data from file $legacyData = $this->view->file_get_contents($legacyFile['path']); - $sharingEnabled = \OCP\Share::isEnabled(); - - // if file exists try to get sharing users - if ($this->view->file_exists($legacyFile['path'])) { - $uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); - } else { - $uniqueUserIds[] = $this->userId; - } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); - - // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys ); + // decrypt data, generate catfile + $decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase); $rawPath = $legacyFile['path']; - $relPath = $this->stripUserFilesPath($rawPath); - // Save keyfile - Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); + // enable proxy the ensure encryption is handled + \OC_FileProxy::$enabled = true; + + // Open enc file handle for binary writing, with same filename as original plain file + $encHandle = $this->view->fopen( $rawPath, 'wb' ); - // Save sharekeys to user folders - Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); + if (is_resource($encHandle)) { - // Overwrite the existing file with the encrypted one - $this->view->file_put_contents($rawPath, $recrypted['data']); + // write data to stream + fwrite($encHandle, $decrypted); - $size = strlen($recrypted['data']); + // close stream + fclose($encHandle); + } - // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($rawPath, array( - 'encrypted' => true, - 'size' => $size - ), ''); + // disable proxy to prevent file being encrypted twice + \OC_FileProxy::$enabled = false; } } -- cgit v1.2.3 From 96ef926161155cf710838612501bf76756f89cb4 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 31 May 2013 01:57:32 +0200 Subject: normalize path to prevent following split to fail --- apps/files_encryption/lib/proxy.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 11308612daf..e5f7f2e6954 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -299,6 +299,8 @@ class Proxy extends \OC_FileProxy { */ public function postFopen($path, &$result) { + $path = \OC\Files\Filesystem::normalizePath($path); + if (!$result) { return $result; -- cgit v1.2.3 From 46e5e9bd73a68f7b50bb79f883a8bc6efacaca97 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 31 May 2013 22:49:32 +0200 Subject: cleanup unused method legacyKeyRecryptKeyfile --- apps/files_encryption/lib/crypt.php | 24 ------------------------ apps/files_encryption/tests/crypt.php | 17 ----------------- 2 files changed, 41 deletions(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index d84a4d4e3c1..ced9ab7c676 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -637,28 +637,4 @@ class Crypt { } } - /** - * @param $legacyEncryptedContent - * @param $legacyPassphrase - * @param $publicKeys - * @return array - */ - public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) { - - $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); - - // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); - - // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); - - return array( - 'data' => $cryptedData['encrypted'], - 'filekey' => $multiEncrypted['data'], - 'sharekeys' => $multiEncrypted['keys'] - ); - - } - } \ No newline at end of file diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 32156eea272..e153a49a2c7 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -569,23 +569,6 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } - /** - * @brief test decryption using legacy blowfish method - * @depends testLegacyEncryptLong - */ - function testLegacyKeyRecryptKeyfileEncrypt($crypted) { - - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey)); - - $this->assertNotEquals($this->dataLong, $recrypted['data']); - - return $recrypted; - - # TODO: search inencrypted text for actual content to ensure it - # genuine transformation - - } - function testRenameFile() { $filename = 'tmp-' . time(); -- cgit v1.2.3 From 5fafd55108d1ecd13befaa589902a84a23276af8 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 11 Jun 2013 12:03:50 +0200 Subject: make sure that only one process can enter the migration mode --- apps/files_encryption/hooks/hooks.php | 6 +-- apps/files_encryption/lib/util.php | 83 +++++++++++++++++++++++++++++++---- 2 files changed, 77 insertions(+), 12 deletions(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index c4b247da1ed..9f36393d591 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -67,10 +67,10 @@ class Hooks { $session->setPrivateKey($privateKey, $params['uid']); // Check if first-run file migration has already been performed - $migrationCompleted = $util->getMigrationStatus(); + $ready = $util->beginMigration(); // If migration not yet done - if (!$migrationCompleted) { + if ($ready) { $userView = new \OC_FilesystemView('/' . $params['uid']); @@ -102,7 +102,7 @@ class Hooks { } // Register successful migration in DB - $util->setMigrationStatus(1); + $util->finishMigration(); } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index a6711880c20..82b6ca2f321 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -1058,7 +1058,7 @@ class Util { * @param $status * @return bool */ - public function setMigrationStatus($status) { + private function setMigrationStatus($status) { $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; @@ -1074,7 +1074,7 @@ class Util { return true; } else { - + \OCP\Util::writeLog('Encryption library', "Could not set migration status for " . $this->userId, \OCP\Util::ERROR); return false; } @@ -1082,12 +1082,80 @@ class Util { } /** - * @brief Check whether pwd recovery is enabled for a given user - * @return bool 1 = yes, 0 = no, false = no record + * @brief start migration mode to initially encrypt users data + * @return boolean + */ + public function beginMigration() { + + $return = false; + + $transaction = \OC_DB::beginTransaction(); + + if ($transaction === false) { + \OCP\Util::writeLog('Encryption library', "Your database migration doesn't support transactions", \OCP\Util::WARN); + } + + $migrationStatus = $this->getMigrationStatus(); + + if ($migrationStatus === '0') { + + $return = $this->setMigrationStatus(-1); + + if ($return === true) { + \OCP\Util::writeLog('Encryption library', "Enter migration mode for initial encryption for user " . $this->userId, \OCP\Util::INFO); + } else { + \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ", encryption aborted", \OCP\Util::ERROR); + } + } else { + \OCP\Util::writeLog('Encryption library', "Another process already performs the migration for user " . $this->userId, \OCP\Util::INFO); + } + + \OC_DB::commit(); + + return $return; + } + + /** + * @brief close migration mode after users data has been encrypted successfully + * @return boolean + */ + public function finishMigration() { + + $return = false; + + $transaction = \OC_DB::beginTransaction(); + + if ($transaction === false) { + \OCP\Util::writeLog('Encryption library', "Your database migration doesn't support transactions", \OCP\Util::WARN); + } + + $migrationStatus = $this->getMigrationStatus(); + + if ($migrationStatus === '-1') { + + $return = $this->setMigrationStatus(1); + + if ($return === true) { + \OCP\Util::writeLog('Encryption library', "Leave migration mode for: " . $this->userId . " successfully.", \OCP\Util::INFO); + } else { + \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::ERROR); + } + } else { + \OCP\Util::writeLog('Encryption library', "Someone else finished the migration mode to early for user " . $this->userId, \OCP\Util::ERROR); + } + + \OC_DB::commit(); + + return $return; + } + + /** + * @brief check if files are already migrated to the encryption system + * @return '1' = yes, '0' = no, '-1' = migration in progress, false = no record * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - public function getMigrationStatus() { + private function getMigrationStatus() { $sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE `uid` = ?'; @@ -1112,14 +1180,11 @@ class Util { // If no record is found if (empty($migrationStatus)) { - + \OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR); return false; - // If a record is found } else { - return $migrationStatus[0]; - } } -- cgit v1.2.3 From 3ec6b19cdf6b1774d359c10f6cd7f74b5f376d18 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Tue, 11 Jun 2013 13:07:39 +0200 Subject: use constants for different migration status --- apps/files_encryption/lib/util.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 82b6ca2f321..a5aa121f930 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -96,10 +96,13 @@ class Util { //// DONE: test new encryption with sharing //// TODO: test new encryption with proxies + const MIGRATION_COMPLETED = 1; // migration to new encryption completed + const MIGRATION_IN_PROGRESS = -1; // migration is running + const MIGRATION_OPEN = 0; // user still needs to be migrated + private $view; // OC_FilesystemView object for filesystem operations private $userId; // ID of the currently logged-in user - private $pwd; // User Password private $client; // Client side encryption mode flag private $publicKeyDir; // Dir containing all public user keys private $encryptionDir; // Dir containing user's files_encryption @@ -1097,9 +1100,9 @@ class Util { $migrationStatus = $this->getMigrationStatus(); - if ($migrationStatus === '0') { + if ($migrationStatus === self::MIGRATION_OPEN) { - $return = $this->setMigrationStatus(-1); + $return = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS); if ($return === true) { \OCP\Util::writeLog('Encryption library', "Enter migration mode for initial encryption for user " . $this->userId, \OCP\Util::INFO); @@ -1107,7 +1110,7 @@ class Util { \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ", encryption aborted", \OCP\Util::ERROR); } } else { - \OCP\Util::writeLog('Encryption library', "Another process already performs the migration for user " . $this->userId, \OCP\Util::INFO); + \OCP\Util::writeLog('Encryption library', "Another process already performs the migration for user " . $this->userId, \OCP\Util::WARN); } \OC_DB::commit(); @@ -1131,9 +1134,9 @@ class Util { $migrationStatus = $this->getMigrationStatus(); - if ($migrationStatus === '-1') { + if ($migrationStatus === self::MIGRATION_IN_PROGRESS) { - $return = $this->setMigrationStatus(1); + $return = $this->setMigrationStatus(self::MIGRATION_COMPLETED); if ($return === true) { \OCP\Util::writeLog('Encryption library', "Leave migration mode for: " . $this->userId . " successfully.", \OCP\Util::INFO); @@ -1151,7 +1154,7 @@ class Util { /** * @brief check if files are already migrated to the encryption system - * @return '1' = yes, '0' = no, '-1' = migration in progress, false = no record + * @return migration status, false = in case of no record * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ @@ -1184,7 +1187,7 @@ class Util { return false; // If a record is found } else { - return $migrationStatus[0]; + return (int)$migrationStatus[0]; } } -- cgit v1.2.3 From c78a90fd54c790a21c9ba4d8dcf86a68ebef0edd Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Wed, 12 Jun 2013 12:21:11 +0200 Subject: use number of manipulated rows as idicator if it was possible to enter the migration mode --- apps/files_encryption/hooks/hooks.php | 5 +- apps/files_encryption/lib/util.php | 88 ++++++++--------------------------- 2 files changed, 24 insertions(+), 69 deletions(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 9f36393d591..7e68f476a7f 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -67,7 +67,10 @@ class Hooks { $session->setPrivateKey($privateKey, $params['uid']); // Check if first-run file migration has already been performed - $ready = $util->beginMigration(); + $ready = false; + if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) { + $ready = $util->beginMigration(); + } // If migration not yet done if ($ready) { diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index a5aa121f930..f6da417c6f9 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -1056,64 +1056,26 @@ class Util { } - /** - * @brief Set file migration status for user - * @param $status - * @return bool - */ - private function setMigrationStatus($status) { - - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; - - $args = array( - $status, - $this->userId - ); - - $query = \OCP\DB::prepare($sql); - - if ($query->execute($args)) { - - return true; - - } else { - \OCP\Util::writeLog('Encryption library', "Could not set migration status for " . $this->userId, \OCP\Util::ERROR); - return false; - - } - - } - /** * @brief start migration mode to initially encrypt users data * @return boolean */ public function beginMigration() { - - $return = false; - $transaction = \OC_DB::beginTransaction(); - - if ($transaction === false) { - \OCP\Util::writeLog('Encryption library', "Your database migration doesn't support transactions", \OCP\Util::WARN); - } - - $migrationStatus = $this->getMigrationStatus(); - - if ($migrationStatus === self::MIGRATION_OPEN) { + $return = false; - $return = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS); + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; + $args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN); + $query = \OCP\DB::prepare($sql); + $result = $query->execute($args); + $manipulatedRows = $result->numRows(); - if ($return === true) { - \OCP\Util::writeLog('Encryption library', "Enter migration mode for initial encryption for user " . $this->userId, \OCP\Util::INFO); - } else { - \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ", encryption aborted", \OCP\Util::ERROR); - } + if ($manipulatedRows === 1) { + $return = true; + \OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO); } else { - \OCP\Util::writeLog('Encryption library', "Another process already performs the migration for user " . $this->userId, \OCP\Util::WARN); + \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN); } - - \OC_DB::commit(); return $return; } @@ -1126,29 +1088,19 @@ class Util { $return = false; - $transaction = \OC_DB::beginTransaction(); - - if ($transaction === false) { - \OCP\Util::writeLog('Encryption library', "Your database migration doesn't support transactions", \OCP\Util::WARN); - } - - $migrationStatus = $this->getMigrationStatus(); - - if ($migrationStatus === self::MIGRATION_IN_PROGRESS) { - - $return = $this->setMigrationStatus(self::MIGRATION_COMPLETED); + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; + $args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS); + $query = \OCP\DB::prepare($sql); + $result = $query->execute($args); + $manipulatedRows = $result->numRows(); - if ($return === true) { - \OCP\Util::writeLog('Encryption library', "Leave migration mode for: " . $this->userId . " successfully.", \OCP\Util::INFO); - } else { - \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::ERROR); - } + if ($manipulatedRows === 1) { + $result = true; + \OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO); } else { - \OCP\Util::writeLog('Encryption library', "Someone else finished the migration mode to early for user " . $this->userId, \OCP\Util::ERROR); + \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN); } - \OC_DB::commit(); - return $return; } @@ -1158,7 +1110,7 @@ class Util { * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ - private function getMigrationStatus() { + public function getMigrationStatus() { $sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE `uid` = ?'; -- cgit v1.2.3 From 77944cf7b861fbe580c119f5471e3783e9a0cea1 Mon Sep 17 00:00:00 2001 From: Björn Schießle Date: Thu, 13 Jun 2013 10:11:23 +0200 Subject: fix typo in var name --- apps/files_encryption/lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files_encryption/lib') diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index f6da417c6f9..b6e3543bca7 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -1095,7 +1095,7 @@ class Util { $manipulatedRows = $result->numRows(); if ($manipulatedRows === 1) { - $result = true; + $return = true; \OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO); } else { \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN); -- cgit v1.2.3