clean up encryption exceptions

This commit is contained in:
Bjoern Schiessle 2014-11-05 14:42:36 +01:00
parent e345697cab
commit a10ae2816e
9 changed files with 157 additions and 95 deletions

View File

@ -11,9 +11,9 @@ OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabiliti
OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php';
// Exceptions // Exceptions
OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyEncryptException'] = 'files_encryption/lib/exceptions.php'; OC::$CLASSPATH['OCA\Encryption\Exception\MultiKeyEncryptException'] = 'files_encryption/exception/multiKeyEncryptException.php';
OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyDecryptException'] = 'files_encryption/lib/exceptions.php'; OC::$CLASSPATH['OCA\Encryption\Exception\MultiKeyDecryptException'] = 'files_encryption/exception/multiKeyDecryptException.php';
OC::$CLASSPATH['OCA\Encryption\Exceptions\EncryptionException'] = 'files_encryption/lib/exceptions.php'; OC::$CLASSPATH['OCA\Encryption\Exception\EncryptionException'] = 'files_encryption/exception/encryptionException.php';
\OCP\Util::addTranslations('files_encryption'); \OCP\Util::addTranslations('files_encryption');
\OCP\Util::addscript('files_encryption', 'encryption'); \OCP\Util::addscript('files_encryption', 'encryption');

View File

@ -0,0 +1,50 @@
<?php
/**
* ownCloud
*
* @copyright (C) 2014 ownCloud, Inc.
*
* @author Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption\Exception;
/**
* Base class for all encryption exception
*
* Possible Error Codes:
* 10 - unknown error
* 20 - unexpected end of encryption header
* 30 - unexpected blog size
* 40 - encryption header to large
* 50 - unknown cipher
* 60 - encryption failed
* 70 - decryption failed
* 80 - empty data
* 90 - private key missing
*/
class EncryptionException extends \Exception {
const UNKNOWN = 10;
const UNEXPECTED_END_OF_ENCRYPTION_HEADER = 20;
const UNEXPECTED_BLOG_SIZE = 30;
const ENCRYPTION_HEADER_TO_LARGE = 40;
const UNKNOWN_CIPHER = 50;
const ENCRYPTION_FAILED = 60;
const DECRYPTION_FAILED = 70;
const EMPTY_DATA = 80;
const PRIVATE_KEY_MISSING = 90;
}

View File

@ -0,0 +1,34 @@
<?php
/**
* ownCloud
*
* @copyright (C) 2014 ownCloud, Inc.
*
* @author Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption\Exception;
/**
* Throw this encryption if multi key decryption failed
*
* Possible error codes:
* 110 - openssl_open failed
*/
class MultiKeyDecryptException extends EncryptionException {
const OPENSSL_OPEN_FAILED = 110;
}

View File

@ -0,0 +1,34 @@
<?php
/**
* ownCloud
*
* @copyright (C) 2014 ownCloud, Inc.
*
* @author Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption\Exception;
/**
* Throw this exception if multi key encrytion fails
*
* Possible error codes:
* 110 - openssl_seal failed
*/
class MultiKeyEncryptException extends EncryptionException {
const OPENSSL_SEAL_FAILED = 110;
}

View File

@ -3,10 +3,12 @@
/** /**
* ownCloud * ownCloud
* *
* @author Sam Tuke, Frank Karlitschek, Robin Appelman * @copyright (C) 2014 ownCloud, Inc.
* @copyright 2012 Sam Tuke samtuke@owncloud.com, *
* Robin Appelman icewind@owncloud.com, Frank Karlitschek * @author Bjoern Schiessle <schiessle@owncloud.com>
* frank@owncloud.org * @author Sam Tuke <samtuke@owncloud.com>
* @author Frank Karlitschek <frank@owncloud.com>
* @author Robin Appelman <icewind@owncloud.com>
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@ -24,7 +26,6 @@
*/ */
namespace OCA\Encryption; namespace OCA\Encryption;
use OCA\Encryption\Exceptions\EncryptionException;
/** /**
* Class for common cryptography functionality * Class for common cryptography functionality
@ -189,7 +190,7 @@ class Crypt {
* @param string $passphrase * @param string $passphrase
* @param string $cypher used for encryption, currently we support AES-128-CFB and AES-256-CFB * @param string $cypher used for encryption, currently we support AES-128-CFB and AES-256-CFB
* @return string encrypted file content * @return string encrypted file content
* @throws \OCA\Encryption\Exceptions\EncryptionException * @throws \OCA\Encryption\Exception\EncryptionException
*/ */
private static function encrypt($plainContent, $iv, $passphrase = '', $cipher = Crypt::DEFAULT_CIPHER) { private static function encrypt($plainContent, $iv, $passphrase = '', $cipher = Crypt::DEFAULT_CIPHER) {
@ -198,7 +199,7 @@ class Crypt {
if (!$encryptedContent) { if (!$encryptedContent) {
$error = "Encryption (symmetric) of content failed: " . openssl_error_string(); $error = "Encryption (symmetric) of content failed: " . openssl_error_string();
\OCP\Util::writeLog('Encryption library', $error, \OCP\Util::ERROR); \OCP\Util::writeLog('Encryption library', $error, \OCP\Util::ERROR);
throw new Exceptions\EncryptionException($error, 50); throw new Exception\EncryptionException($error, Exception\EncryptionException::ENCRYPTION_FAILED);
} }
return $encryptedContent; return $encryptedContent;
@ -290,7 +291,7 @@ class Crypt {
$padded = self::addPadding($catfile); $padded = self::addPadding($catfile);
return $padded; return $padded;
} catch (EncryptionException $e) { } catch (Exception\EncryptionException $e) {
$message = 'Could not encrypt file content (code: ' . $e->getCode() . '): '; $message = 'Could not encrypt file content (code: ' . $e->getCode() . '): ';
\OCP\Util::writeLog('files_encryption', $message . $e->getMessage(), \OCP\Util::ERROR); \OCP\Util::writeLog('files_encryption', $message . $e->getMessage(), \OCP\Util::ERROR);
return false; return false;
@ -378,7 +379,7 @@ class Crypt {
* @param string $plainContent content to be encrypted * @param string $plainContent content to be encrypted
* @param array $publicKeys array keys must be the userId of corresponding user * @param array $publicKeys array keys must be the userId of corresponding user
* @return array keys: keys (array, key = userId), data * @return array keys: keys (array, key = userId), data
* @throws \OCA\Encryption\Exceptions\\MultiKeyEncryptException if encryption failed * @throws \OCA\Encryption\Exception\MultiKeyEncryptException if encryption failed
* @note symmetricDecryptFileContent() can decrypt files created using this method * @note symmetricDecryptFileContent() can decrypt files created using this method
*/ */
public static function multiKeyEncrypt($plainContent, array $publicKeys) { public static function multiKeyEncrypt($plainContent, array $publicKeys) {
@ -386,7 +387,7 @@ class Crypt {
// openssl_seal returns false without errors if $plainContent // openssl_seal returns false without errors if $plainContent
// is empty, so trigger our own error // is empty, so trigger our own error
if (empty($plainContent)) { if (empty($plainContent)) {
throw new Exceptions\MultiKeyEncryptException('Cannot multiKeyEncrypt empty plain content', 10); throw new Exception\MultiKeyEncryptException('Cannot multiKeyEncrypt empty plain content', Exception\MultiKeyEncryptException::EMPTY_DATA);
} }
// Set empty vars to be set by openssl by reference // Set empty vars to be set by openssl by reference
@ -413,7 +414,8 @@ class Crypt {
); );
} else { } else {
throw new Exceptions\MultiKeyEncryptException('multi key encryption failed: ' . openssl_error_string(), 20); throw new Exception\MultiKeyEncryptException('multi key encryption failed: ' . openssl_error_string(),
Exception\MultiKeyEncryptException::OPENSSL_SEAL_FAILED);
} }
} }
@ -423,7 +425,7 @@ class Crypt {
* @param string $encryptedContent * @param string $encryptedContent
* @param string $shareKey * @param string $shareKey
* @param mixed $privateKey * @param mixed $privateKey
* @throws \OCA\Encryption\Exceptions\\MultiKeyDecryptException if decryption failed * @throws \OCA\Encryption\Exception\MultiKeyDecryptException if decryption failed
* @internal param string $plainContent contains decrypted content * @internal param string $plainContent contains decrypted content
* @return string $plainContent decrypted string * @return string $plainContent decrypted string
* @note symmetricDecryptFileContent() can be used to decrypt files created using this method * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
@ -433,7 +435,8 @@ class Crypt {
public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) { public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) {
if (!$encryptedContent) { if (!$encryptedContent) {
throw new Exceptions\MultiKeyDecryptException('Cannot mutliKeyDecrypt empty plain content', 10); throw new Exception\MultiKeyDecryptException('Cannot mutliKeyDecrypt empty plain content',
Exception\MultiKeyDecryptException::EMPTY_DATA);
} }
if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
@ -441,7 +444,8 @@ class Crypt {
return $plainContent; return $plainContent;
} else { } else {
throw new Exceptions\MultiKeyDecryptException('multiKeyDecrypt with share-key' . $shareKey . 'failed: ' . openssl_error_string(), 20); throw new Exception\MultiKeyDecryptException('multiKeyDecrypt with share-key' . $shareKey . 'failed: ' . openssl_error_string(),
Exception\MultiKeyDecryptException::OPENSSL_OPEN_FAILED);
} }
} }
@ -550,14 +554,15 @@ class Crypt {
* get chiper from header * get chiper from header
* *
* @param array $header * @param array $header
* @throws \OCA\Encryption\Exceptions\EncryptionException * @throws \OCA\Encryption\Exception\EncryptionException
*/ */
public static function getCipher($header) { public static function getCipher($header) {
$cipher = isset($header['cipher']) ? $header['cipher'] : 'AES-128-CFB'; $cipher = isset($header['cipher']) ? $header['cipher'] : 'AES-128-CFB';
if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') { if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') {
throw new \OCA\Encryption\Exceptions\EncryptionException('file header broken, no supported cipher defined', 40); throw new Exception\EncryptionException('file header broken, no supported cipher defined',
Exception\EncryptionException::UNKNOWN_CIPHER);
} }
return $cipher; return $cipher;

View File

@ -1,63 +0,0 @@
<?php
/**
* ownCloud
*
* @author Bjoern Schiessle
* @copyright 2014 Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Encryption\Exceptions;
/**
* General encryption exception
* Possible Error Codes:
* 10 - unexpected end of encryption header
* 20 - unexpected blog size
* 30 - encryption header to large
* 40 - unknown cipher
* 50 - encryption failed
* 60 - no private key available
*/
class EncryptionException extends \Exception {
const UNEXPECTED_END_OF_ENCRTYPTION_HEADER = 10;
const UNEXPECTED_BLOG_SIZE = 20;
const ENCRYPTION_HEADER_TO_LARGE = 30;
const UNKNOWN_CIPHER = 40;
const ENCRYPTION_FAILED = 50;
const NO_PRIVATE_KEY_AVAILABLE = 60;
}
/**
* Throw this exception if multi key encrytion fails
*
* Possible error codes:
* 10 - empty plain content was given
* 20 - openssl_seal failed
*/
class MultiKeyEncryptException extends EncryptionException {
}
/**
* Throw this encryption if multi key decryption failed
*
* Possible error codes:
* 10 - empty encrypted content was given
* 20 - openssl_open failed
*/
class MultiKeyDecryptException extends EncryptionException {
}

View File

@ -2,10 +2,11 @@
/** /**
* ownCloud * ownCloud
* *
* @author Bjoern Schiessle, Robin Appelman * @copyright (C) 2014 ownCloud, Inc.
* @copyright 2014 Bjoern Schiessle <schiessle@owncloud.com> *
* 2012 Sam Tuke <samtuke@owncloud.com>, * @author Bjoern Schiessle <schiessle@owncloud.com>
* 2011 Robin Appelman <icewind1991@gmail.com> * @author Robin Appelman <icewind@owncloud.com>
* @author Sam Tuke <samtuke@owncloud.com>
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@ -30,7 +31,7 @@
*/ */
namespace OCA\Encryption; namespace OCA\Encryption;
use OCA\Encryption\Exceptions\EncryptionException; use OCA\Encryption\Exception\EncryptionException;
/** /**
* Provides 'crypt://' stream wrapper protocol. * Provides 'crypt://' stream wrapper protocol.
@ -91,6 +92,7 @@ class Stream {
* @param int $options * @param int $options
* @param string $opened_path * @param string $opened_path
* @return bool * @return bool
* @throw \OCA\Encryption\Exception\EncryptionException
*/ */
public function stream_open($path, $mode, $options, &$opened_path) { public function stream_open($path, $mode, $options, &$opened_path) {
@ -109,7 +111,7 @@ class Stream {
$this->privateKey = $this->session->getPrivateKey(); $this->privateKey = $this->session->getPrivateKey();
if ($this->privateKey === false) { if ($this->privateKey === false) {
throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', throw new EncryptionException('Session does not contain a private key, maybe your login password changed?',
EncryptionException::NO_PRIVATE_KEY_AVAILABLE); EncryptionException::PRIVATE_KEY_MISSING);
} }
$normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); $normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
@ -249,7 +251,7 @@ class Stream {
/** /**
* @param int $count * @param int $count
* @return bool|string * @return bool|string
* @throws \OCA\Encryption\Exceptions\EncryptionException * @throws \OCA\Encryption\Exception\EncryptionException
*/ */
public function stream_read($count) { public function stream_read($count) {
@ -257,7 +259,7 @@ class Stream {
if ($count !== Crypt::BLOCKSIZE) { if ($count !== Crypt::BLOCKSIZE) {
\OCP\Util::writeLog('Encryption library', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); \OCP\Util::writeLog('Encryption library', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
throw new \OCA\Encryption\Exceptions\EncryptionException('expected a blog size of 8192 byte', 20); throw new EncryptionException('expected a blog size of 8192 byte', EncryptionException::UNEXPECTED_BLOG_SIZE);
} }
// Get the data from the file handle // Get the data from the file handle
@ -365,14 +367,14 @@ class Stream {
/** /**
* write header at beginning of encrypted file * write header at beginning of encrypted file
* *
* @throws Exceptions\EncryptionException * @throws Exception\EncryptionException
*/ */
private function writeHeader() { private function writeHeader() {
$header = Crypt::generateHeader(); $header = Crypt::generateHeader();
if (strlen($header) > Crypt::BLOCKSIZE) { if (strlen($header) > Crypt::BLOCKSIZE) {
throw new Exceptions\EncryptionException('max header size exceeded', 30); throw new EncryptionException('max header size exceeded', EncryptionException::ENCRYPTION_HEADER_TO_LARGE);
} }
$paddedHeader = str_pad($header, Crypt::BLOCKSIZE, self::PADDING_CHAR, STR_PAD_RIGHT); $paddedHeader = str_pad($header, Crypt::BLOCKSIZE, self::PADDING_CHAR, STR_PAD_RIGHT);

View File

@ -960,7 +960,7 @@ class Util {
$plainKeyfile = $this->decryptKeyfile($filePath, $privateKey); $plainKeyfile = $this->decryptKeyfile($filePath, $privateKey);
// Re-enc keyfile to (additional) sharekeys // Re-enc keyfile to (additional) sharekeys
$multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys);
} catch (Exceptions\EncryptionException $e) { } catch (Exception\EncryptionException $e) {
$msg = 'set shareFileKeyFailed (code: ' . $e->getCode() . '): ' . $e->getMessage(); $msg = 'set shareFileKeyFailed (code: ' . $e->getCode() . '): ' . $e->getMessage();
\OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL); \OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL);
return false; return false;

View File

@ -100,7 +100,7 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements \Sabre\
} catch (\OCP\Files\LockNotAcquiredException $e) { } catch (\OCP\Files\LockNotAcquiredException $e) {
// the file is currently being written to by another process // the file is currently being written to by another process
throw new OC_Connector_Sabre_Exception_FileLocked($e->getMessage(), $e->getCode(), $e); throw new OC_Connector_Sabre_Exception_FileLocked($e->getMessage(), $e->getCode(), $e);
} catch (\OCA\Encryption\Exceptions\EncryptionException $e) { } catch (\OCA\Encryption\Exception\EncryptionException $e) {
throw new \Sabre\DAV\Exception\Forbidden($e->getMessage()); throw new \Sabre\DAV\Exception\Forbidden($e->getMessage());
} }
@ -156,7 +156,7 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements \Sabre\
} else { } else {
try { try {
return $this->fileView->fopen(ltrim($this->path, '/'), 'rb'); return $this->fileView->fopen(ltrim($this->path, '/'), 'rb');
} catch (\OCA\Encryption\Exceptions\EncryptionException $e) { } catch (\OCA\Encryption\Exception\EncryptionException $e) {
throw new \Sabre\DAV\Exception\Forbidden($e->getMessage()); throw new \Sabre\DAV\Exception\Forbidden($e->getMessage());
} }
} }