2015-01-14 22:39:23 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ownCloud - Encryption stream wrapper
|
|
|
|
*
|
|
|
|
* @copyright (C) 2015 ownCloud, Inc.
|
|
|
|
*
|
|
|
|
* @author Bjoern Schiessle <schiessle@owncloud.com>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OC\Files\Stream;
|
|
|
|
|
|
|
|
use Icewind\Streams\Wrapper;
|
|
|
|
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
|
|
|
|
|
|
|
|
class Encryption extends Wrapper {
|
|
|
|
|
|
|
|
/** @var \OC\Encryption\Util */
|
|
|
|
protected $util;
|
|
|
|
|
2015-03-31 17:23:31 +03:00
|
|
|
/** @var \OC\Encryption\File */
|
|
|
|
protected $file;
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
/** @var \OCP\Encryption\IEncryptionModule */
|
|
|
|
protected $encryptionModule;
|
|
|
|
|
|
|
|
/** @var \OC\Files\Storage\Storage */
|
|
|
|
protected $storage;
|
|
|
|
|
|
|
|
/** @var \OC\Files\Storage\Wrapper\Encryption */
|
|
|
|
protected $encryptionStorage;
|
|
|
|
|
|
|
|
/** @var string */
|
|
|
|
protected $internalPath;
|
|
|
|
|
2015-03-30 13:21:59 +03:00
|
|
|
/** @var string */
|
|
|
|
protected $cache;
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
/** @var integer */
|
|
|
|
protected $size;
|
|
|
|
|
|
|
|
/** @var integer */
|
|
|
|
protected $position;
|
|
|
|
|
|
|
|
/** @var integer */
|
|
|
|
protected $unencryptedSize;
|
|
|
|
|
|
|
|
/** @var integer */
|
|
|
|
protected $unencryptedBlockSize;
|
|
|
|
|
|
|
|
/** @var array */
|
|
|
|
protected $header;
|
|
|
|
|
|
|
|
/** @var string */
|
|
|
|
protected $fullPath;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* header data returned by the encryption module, will be written to the file
|
|
|
|
* in case of a write operation
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $newHeader;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* user who perform the read/write operation null for public access
|
|
|
|
*
|
2015-03-30 14:59:48 +03:00
|
|
|
* @var string
|
2015-01-14 22:39:23 +03:00
|
|
|
*/
|
|
|
|
protected $uid;
|
|
|
|
|
|
|
|
/** @var bool */
|
|
|
|
protected $readOnly;
|
|
|
|
|
2015-03-30 13:21:59 +03:00
|
|
|
/** @var bool */
|
|
|
|
protected $writeFlag;
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
/** @var array */
|
|
|
|
protected $expectedContextProperties;
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
$this->expectedContextProperties = array(
|
|
|
|
'source',
|
|
|
|
'storage',
|
|
|
|
'internalPath',
|
|
|
|
'fullPath',
|
|
|
|
'encryptionModule',
|
|
|
|
'header',
|
|
|
|
'uid',
|
2015-03-31 17:23:31 +03:00
|
|
|
'file',
|
2015-01-14 22:39:23 +03:00
|
|
|
'util',
|
|
|
|
'size',
|
|
|
|
'unencryptedSize',
|
|
|
|
'encryptionStorage'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Wraps a stream with the provided callbacks
|
|
|
|
*
|
|
|
|
* @param resource $source
|
|
|
|
* @param string $internalPath relative to mount point
|
|
|
|
* @param string $fullPath relative to data/
|
|
|
|
* @param array $header
|
2015-03-30 14:59:48 +03:00
|
|
|
* @param string $uid
|
2015-01-14 22:39:23 +03:00
|
|
|
* @param \OCP\Encryption\IEncryptionModule $encryptionModule
|
|
|
|
* @param \OC\Files\Storage\Storage $storage
|
2015-03-30 14:59:48 +03:00
|
|
|
* @param \OC\Files\Storage\Wrapper\Encryption $encStorage
|
2015-01-14 22:39:23 +03:00
|
|
|
* @param \OC\Encryption\Util $util
|
2015-03-31 17:23:31 +03:00
|
|
|
* @param \OC\Encryption\File $file
|
2015-01-14 22:39:23 +03:00
|
|
|
* @param string $mode
|
|
|
|
* @param int $size
|
|
|
|
* @param int $unencryptedSize
|
|
|
|
* @return resource
|
|
|
|
*
|
|
|
|
* @throws \BadMethodCallException
|
|
|
|
*/
|
|
|
|
public static function wrap($source, $internalPath, $fullPath, array $header,
|
2015-03-30 14:59:48 +03:00
|
|
|
$uid,
|
|
|
|
\OCP\Encryption\IEncryptionModule $encryptionModule,
|
|
|
|
\OC\Files\Storage\Storage $storage,
|
|
|
|
\OC\Files\Storage\Wrapper\Encryption $encStorage,
|
|
|
|
\OC\Encryption\Util $util,
|
2015-03-31 17:23:31 +03:00
|
|
|
\OC\Encryption\File $file,
|
2015-03-30 14:59:48 +03:00
|
|
|
$mode,
|
|
|
|
$size,
|
|
|
|
$unencryptedSize) {
|
2015-01-14 22:39:23 +03:00
|
|
|
|
|
|
|
$context = stream_context_create(array(
|
|
|
|
'ocencryption' => array(
|
|
|
|
'source' => $source,
|
|
|
|
'storage' => $storage,
|
|
|
|
'internalPath' => $internalPath,
|
|
|
|
'fullPath' => $fullPath,
|
|
|
|
'encryptionModule' => $encryptionModule,
|
|
|
|
'header' => $header,
|
|
|
|
'uid' => $uid,
|
|
|
|
'util' => $util,
|
2015-03-31 17:23:31 +03:00
|
|
|
'file' => $file,
|
2015-01-14 22:39:23 +03:00
|
|
|
'size' => $size,
|
|
|
|
'unencryptedSize' => $unencryptedSize,
|
|
|
|
'encryptionStorage' => $encStorage
|
|
|
|
)
|
|
|
|
));
|
|
|
|
|
|
|
|
return self::wrapSource($source, $mode, $context, 'ocencryption', 'OC\Files\Stream\Encryption');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* add stream wrapper
|
|
|
|
*
|
|
|
|
* @param resource $source
|
|
|
|
* @param string $mode
|
|
|
|
* @param array $context
|
|
|
|
* @param string $protocol
|
|
|
|
* @param string $class
|
|
|
|
* @return resource
|
|
|
|
* @throws \BadMethodCallException
|
|
|
|
*/
|
|
|
|
protected static function wrapSource($source, $mode, $context, $protocol, $class) {
|
|
|
|
try {
|
|
|
|
stream_wrapper_register($protocol, $class);
|
|
|
|
if (@rewinddir($source) === false) {
|
|
|
|
$wrapped = fopen($protocol . '://', $mode, false, $context);
|
|
|
|
} else {
|
|
|
|
$wrapped = opendir($protocol . '://', $context);
|
|
|
|
}
|
|
|
|
} catch (\BadMethodCallException $e) {
|
|
|
|
stream_wrapper_unregister($protocol);
|
|
|
|
throw $e;
|
|
|
|
}
|
|
|
|
stream_wrapper_unregister($protocol);
|
|
|
|
return $wrapped;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Load the source from the stream context and return the context options
|
|
|
|
*
|
|
|
|
* @param string $name
|
|
|
|
* @return array
|
|
|
|
* @throws \BadMethodCallException
|
|
|
|
*/
|
|
|
|
protected function loadContext($name) {
|
|
|
|
$context = parent::loadContext($name);
|
|
|
|
|
|
|
|
foreach ($this->expectedContextProperties as $property) {
|
2015-04-01 14:59:29 +03:00
|
|
|
if (array_key_exists($property, $context)) {
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->{$property} = $context[$property];
|
|
|
|
} else {
|
|
|
|
throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $context;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_open($path, $mode, $options, &$opened_path) {
|
|
|
|
$this->loadContext('ocencryption');
|
|
|
|
|
|
|
|
$this->position = 0;
|
2015-03-30 14:36:56 +03:00
|
|
|
$this->cache = '';
|
|
|
|
$this->writeFlag = false;
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->unencryptedBlockSize = $this->encryptionModule->getUnencryptedBlockSize();
|
|
|
|
|
|
|
|
if (
|
|
|
|
$mode === 'w'
|
|
|
|
|| $mode === 'w+'
|
|
|
|
|| $mode === 'wb'
|
|
|
|
|| $mode === 'wb+'
|
|
|
|
) {
|
|
|
|
// We're writing a new file so start write counter with 0 bytes
|
|
|
|
// TODO can we remove this completely?
|
|
|
|
//$this->unencryptedSize = 0;
|
|
|
|
//$this->size = 0;
|
|
|
|
$this->readOnly = false;
|
|
|
|
} else {
|
|
|
|
$this->readOnly = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$sharePath = $this->fullPath;
|
|
|
|
if (!$this->storage->file_exists($this->internalPath)) {
|
|
|
|
$sharePath = dirname($path);
|
|
|
|
}
|
|
|
|
|
2015-03-31 17:23:31 +03:00
|
|
|
$accessList = $this->file->getAccessList($sharePath);
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->newHeader = $this->encryptionModule->begin($this->fullPath, $this->uid, $this->header, $accessList);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_read($count) {
|
|
|
|
|
|
|
|
$result = '';
|
|
|
|
|
|
|
|
// skip the header if we read the file from the beginning
|
2015-04-02 12:07:07 +03:00
|
|
|
if ($this->position === 0) {
|
2015-04-02 17:17:25 +03:00
|
|
|
parent::stream_read($this->util->getHeaderSize());
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
2015-04-02 18:21:47 +03:00
|
|
|
// $count = min($count, $this->unencryptedSize - $this->position);
|
2015-01-14 22:39:23 +03:00
|
|
|
while ($count > 0) {
|
|
|
|
$remainingLength = $count;
|
|
|
|
// update the cache of the current block
|
2015-03-30 13:21:59 +03:00
|
|
|
$this->readCache();
|
2015-01-14 22:39:23 +03:00
|
|
|
// determine the relative position in the current block
|
|
|
|
$blockPosition = ($this->position % $this->unencryptedBlockSize);
|
|
|
|
// if entire read inside current block then only position needs to be updated
|
|
|
|
if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
|
2015-03-30 13:21:59 +03:00
|
|
|
$result .= substr($this->cache, $blockPosition, $remainingLength);
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->position += $remainingLength;
|
|
|
|
$count = 0;
|
2015-03-30 14:59:48 +03:00
|
|
|
// otherwise remainder of current block is fetched, the block is flushed and the position updated
|
2015-01-14 22:39:23 +03:00
|
|
|
} else {
|
2015-03-30 13:21:59 +03:00
|
|
|
$result .= substr($this->cache, $blockPosition);
|
|
|
|
$this->flush();
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->position += ($this->unencryptedBlockSize - $blockPosition);
|
|
|
|
$count -= ($this->unencryptedBlockSize - $blockPosition);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $result;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_write($data) {
|
|
|
|
|
|
|
|
if ($this->position === 0) {
|
2015-03-30 18:29:05 +03:00
|
|
|
$this->writeHeader();
|
|
|
|
$this->size+=$this->util->getHeaderSize();
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
$length = 0;
|
|
|
|
// loop over $data to fit it in 6126 sized unencrypted blocks
|
|
|
|
while (strlen($data) > 0) {
|
|
|
|
$remainingLength = strlen($data);
|
|
|
|
|
2015-03-30 13:21:59 +03:00
|
|
|
// set the cache to the current 6126 block
|
|
|
|
$this->readCache();
|
2015-01-14 22:39:23 +03:00
|
|
|
|
|
|
|
// for seekable streams the pointer is moved back to the beginning of the encrypted block
|
|
|
|
// flush will start writing there when the position moves to another block
|
|
|
|
$positionInFile = floor($this->position / $this->unencryptedBlockSize) *
|
|
|
|
$this->util->getBlockSize() + $this->util->getHeaderSize();
|
|
|
|
$resultFseek = parent::stream_seek($positionInFile);
|
|
|
|
|
|
|
|
// only allow writes on seekable streams, or at the end of the encrypted stream
|
2015-03-30 13:21:59 +03:00
|
|
|
if (!($this->readOnly) && ($resultFseek || $positionInFile === $this->size)) {
|
|
|
|
|
|
|
|
// switch the writeFlag so flush() will write the block
|
2015-03-30 14:59:48 +03:00
|
|
|
$this->writeFlag = true;
|
2015-01-14 22:39:23 +03:00
|
|
|
|
|
|
|
// determine the relative position in the current block
|
|
|
|
$blockPosition = ($this->position % $this->unencryptedBlockSize);
|
|
|
|
// check if $data fits in current block
|
|
|
|
// if so, overwrite existing data (if any)
|
|
|
|
// update position and liberate $data
|
|
|
|
if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
|
2015-03-30 13:21:59 +03:00
|
|
|
$this->cache = substr($this->cache, 0, $blockPosition)
|
|
|
|
. $data . substr($this->cache, $blockPosition + $remainingLength);
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->position += $remainingLength;
|
|
|
|
$length += $remainingLength;
|
|
|
|
$data = '';
|
2015-03-30 14:59:48 +03:00
|
|
|
// if $data doesn't fit the current block, the fill the current block and reiterate
|
|
|
|
// after the block is filled, it is flushed and $data is updatedxxx
|
2015-01-14 22:39:23 +03:00
|
|
|
} else {
|
2015-03-30 13:21:59 +03:00
|
|
|
$this->cache = substr($this->cache, 0, $blockPosition) .
|
2015-01-14 22:39:23 +03:00
|
|
|
substr($data, 0, $this->unencryptedBlockSize - $blockPosition);
|
2015-03-30 13:21:59 +03:00
|
|
|
$this->flush();
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->position += ($this->unencryptedBlockSize - $blockPosition);
|
|
|
|
$length += ($this->unencryptedBlockSize - $blockPosition);
|
|
|
|
$data = substr($data, $this->unencryptedBlockSize - $blockPosition);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$data = '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$this->unencryptedSize = max($this->unencryptedSize, $this->position);
|
|
|
|
return $length;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_tell() {
|
|
|
|
return $this->position;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_seek($offset, $whence = SEEK_SET) {
|
|
|
|
|
|
|
|
$return = false;
|
|
|
|
|
|
|
|
switch ($whence) {
|
|
|
|
case SEEK_SET:
|
|
|
|
if ($offset < $this->unencryptedSize && $offset >= 0) {
|
|
|
|
$newPosition = $offset;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SEEK_CUR:
|
|
|
|
if ($offset >= 0) {
|
|
|
|
$newPosition = $offset + $this->position;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SEEK_END:
|
|
|
|
if ($this->unencryptedSize + $offset >= 0) {
|
|
|
|
$newPosition = $this->unencryptedSize + $offset;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$newFilePosition = floor($newPosition / $this->unencryptedBlockSize)
|
|
|
|
* $this->util->getBlockSize() + $this->util->getHeaderSize();
|
|
|
|
|
2015-04-02 15:52:54 +03:00
|
|
|
$oldFilePosition = parent::stream_tell();
|
2015-01-14 22:39:23 +03:00
|
|
|
if (parent::stream_seek($newFilePosition)) {
|
2015-04-02 15:52:54 +03:00
|
|
|
parent::stream_seek($oldFilePosition);
|
2015-03-30 13:21:59 +03:00
|
|
|
$this->flush();
|
2015-04-02 15:52:54 +03:00
|
|
|
parent::stream_seek($newFilePosition);
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->position = $newPosition;
|
|
|
|
$return = true;
|
|
|
|
}
|
|
|
|
return $return;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public function stream_close() {
|
|
|
|
$this->flush();
|
2015-03-30 17:07:41 +03:00
|
|
|
$remainingData = $this->encryptionModule->end($this->fullPath);
|
|
|
|
if ($this->readOnly === false) {
|
|
|
|
if(!empty($remainingData)) {
|
|
|
|
parent::stream_write($remainingData);
|
|
|
|
}
|
|
|
|
$this->encryptionStorage->updateUnencryptedSize($this->fullPath, $this->unencryptedSize);
|
|
|
|
}
|
2015-01-14 22:39:23 +03:00
|
|
|
return parent::stream_close();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-03-30 13:21:59 +03:00
|
|
|
* write block to file
|
2015-01-14 22:39:23 +03:00
|
|
|
*/
|
|
|
|
protected function flush() {
|
2015-03-30 13:21:59 +03:00
|
|
|
// write to disk only when writeFlag was set to 1
|
|
|
|
if ($this->writeFlag) {
|
|
|
|
// Disable the file proxies so that encryption is not
|
|
|
|
// automatically attempted when the file is written to disk -
|
|
|
|
// we are handling that separately here and we don't want to
|
|
|
|
// get into an infinite loop
|
|
|
|
$encrypted = $this->encryptionModule->encrypt($this->cache);
|
|
|
|
parent::stream_write($encrypted);
|
|
|
|
$this->writeFlag = false;
|
2015-03-30 14:59:48 +03:00
|
|
|
$this->size = max($this->size, parent::stream_tell());
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
2015-03-30 13:21:59 +03:00
|
|
|
// always empty the cache (otherwise readCache() will not fill it with the new block)
|
|
|
|
$this->cache = '';
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
2015-03-30 13:21:59 +03:00
|
|
|
/**
|
|
|
|
* read block to file
|
|
|
|
*/
|
|
|
|
protected function readCache() {
|
|
|
|
// cache should always be empty string when this function is called
|
|
|
|
// don't try to fill the cache when trying to write at the end of the unencrypted file when it coincides with new block
|
2015-03-30 14:59:48 +03:00
|
|
|
if ($this->cache === '' && !($this->position === $this->unencryptedSize && ($this->position % $this->unencryptedBlockSize) === 0)) {
|
2015-03-30 13:21:59 +03:00
|
|
|
// Get the data from the file handle
|
|
|
|
$data = parent::stream_read($this->util->getBlockSize());
|
|
|
|
$this->cache = $this->encryptionModule->decrypt($data);
|
|
|
|
}
|
|
|
|
}
|
2015-01-14 22:39:23 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* write header at beginning of encrypted file
|
|
|
|
*
|
2015-03-30 18:13:42 +03:00
|
|
|
* @return integer
|
2015-01-14 22:39:23 +03:00
|
|
|
* @throws EncryptionHeaderKeyExistsException if header key is already in use
|
|
|
|
*/
|
|
|
|
private function writeHeader() {
|
|
|
|
$header = $this->util->createHeader($this->newHeader, $this->encryptionModule);
|
2015-03-30 18:13:42 +03:00
|
|
|
return parent::stream_write($header);
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|