diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index a677de950a..5a2d99df54 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -391,6 +391,8 @@ class Crypt { if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { +// trigger_error("SEALED = $sealed"); + $i = 0; // Ensure each shareKey is labelled with its diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index d35ad8f4d5..ec4057d098 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -105,6 +105,8 @@ class Keymanager { */ public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { + \OC_FileProxy::$enabled = false; + \OC\Files\Filesystem::initMountPoints($userId); $basePath = '/' . $userId . '/files_encryption/keyfiles'; @@ -112,15 +114,19 @@ class Keymanager { if ( $view->is_dir( $basePath . '/' . $targetPath ) ) { - + // FIXME: write me } else { // Save the keyfile in parallel directory - return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); + $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); } + \OC_FileProxy::$enabled = true; + + return $result; + } /** @@ -140,16 +146,22 @@ class Keymanager { $keyfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key'; + \OC_FileProxy::$enabled = false; + if ( $view->file_exists( $keyfilePath ) ) { - return $view->file_get_contents( $keyfilePath ); + $result = $view->file_get_contents( $keyfilePath ); } else { - return false; + $result = false; } + \OC_FileProxy::$enabled = true; + + return $result; + } /** diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 56c9000bfb..29207dce07 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -91,7 +91,8 @@ class Proxy extends \OC_FileProxy { return false; } - public function preFile_put_contents( $path, &$data ) { + public function preFile_put_contents( $path, &$data ) { + // TODO check for existing key file and reuse it if possible to avoid problems with versioning etc. if ( self::shouldEncrypt( $path ) ) { @@ -204,22 +205,22 @@ class Proxy extends \OC_FileProxy { // Get the encrypted keyfile $encKeyfile = Keymanager::getFileKey( $view, $fileOwner, $relPath ); - trigger_error("\$encKeyfile = ". var_export($encKeyfile, 1)); - // Attempt to fetch the user's shareKey $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); - trigger_error("\$shareKey = ".var_export($shareKey, 1)); - // Check if key is shared or not if ( $shareKey ) { \OC_FileProxy::$enabled = false; +// trigger_error("\$encKeyfile = $encKeyfile, \$shareKey = $shareKey, \$privateKey = $privateKey"); + // Decrypt keyfile with shareKey $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1)); +// $plainKeyfile = $encKeyfile; + +// trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1)); } else { @@ -229,6 +230,8 @@ class Proxy extends \OC_FileProxy { } $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile ); + +// trigger_error("PLAINDATA = ". var_export($plainData, 1)); } elseif ( Crypt::mode() == 'server' diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ac098cd877..920ff3eb15 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -21,17 +21,28 @@ * */ -// Todo: +# Bugs +# ---- +# Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer +# Deleting files if keyfile is missing fails +# When encryption app is disabled files become unreadable +# Timeouts on first login due to encryption of very large files +# MultiKeyEncrypt() may be failing + + +# Missing features +# ---------------- +# Unshare a file +# Re-use existing keyfiles so they don't need version control +# Make sure user knows if large files weren't encrypted +# Trashbin support + + +// Old Todo: // - Crypt/decrypt button in the userinterface // - Setting if crypto should be on by default // - Add a setting "DonĀ“t encrypt files larger than xx because of performance // reasons" -// - Transparent decrypt/encrypt in filesystem.php. Autodetect if a file is -// encrypted (.encrypted extension) -// - Don't use a password directly as encryption key. but a key which is -// stored on the server and encrypted with the user password. -> password -// change faster -// - IMPORTANT! Check if the block lenght of the encrypted data stays the same namespace OCA\Encryption; @@ -663,10 +674,14 @@ class Util { } // Re-enc keyfile to (additional) sharekeys - $newShareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); - - // Save new sharekeys to all necessary user folders - if ( ! Keymanager::setShareKeys( $this->view, $filePath, $newShareKeys['keys'] ) ) { + $multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); + + // Save the recrypted key to it's owner's keyfiles directory + // Save new sharekeys to all necessary user directory + if ( + ! Keymanager::setFileKey( $this->view, $filePath, $fileOwner, $multiEncKey['data'] ) + || ! Keymanager::setShareKeys( $this->view, $filePath, $multiEncKey['keys'] ) + ) { trigger_error( "SET Share keys failed" );