Merge pull request #3552 from owncloud/files_encryption_upgrade_fix

Fix files_encryption app upgrade from 4.5 to 5.0

3rdparty

@@ -1 +1 @@
-Subproject commit d59b017922d9ac3bf985dee0eb721ec1a901ac72
+Subproject commit 3ef9f738a9107879dddc7d97842cf4d2198fae4c

apps/files_encryption/appinfo/app.php

@@ -10,45 +10,50 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php';
 OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php';
 OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php';
 
-OC_FileProxy::register(new OCA\Encryption\Proxy());
+if (!OC_Config::getValue('maintenance', false)) {
+	OC_FileProxy::register(new OCA\Encryption\Proxy());
 
-// User related hooks
-OCA\Encryption\Helper::registerUserHooks();
+	// User related hooks
+	OCA\Encryption\Helper::registerUserHooks();
 
-// Sharing related hooks
-OCA\Encryption\Helper::registerShareHooks();
+	// Sharing related hooks
+	OCA\Encryption\Helper::registerShareHooks();
 
-// Filesystem related hooks
-OCA\Encryption\Helper::registerFilesystemHooks();
+	// Filesystem related hooks
+	OCA\Encryption\Helper::registerFilesystemHooks();
 
-stream_wrapper_register('crypt', 'OCA\Encryption\Stream');
+	stream_wrapper_register('crypt', 'OCA\Encryption\Stream');
 
-// check if we are logged in
-if (OCP\User::isLoggedIn()) {
+	// check if we are logged in
+	if (OCP\User::isLoggedIn()) {
 
-	// ensure filesystem is loaded
-	if(!\OC\Files\Filesystem::$loaded) {
-		\OC_Util::setupFS();
-	}
-
-	$view = new OC_FilesystemView('/');
-	$session = new \OCA\Encryption\Session($view);
-
-	// check if user has a private key
-	if (
-		!$session->getPrivateKey(\OCP\USER::getUser())
-		&& OCA\Encryption\Crypt::mode() === 'server'
-	) {
-
-		// Force the user to log-in again if the encryption key isn't unlocked
-		// (happens when a user is logged in before the encryption app is
-		// enabled)
-		OCP\User::logout();
-
-		header("Location: " . OC::$WEBROOT . '/');
-
-		exit();
+		// ensure filesystem is loaded
+		if (!\OC\Files\Filesystem::$loaded) {
+			\OC_Util::setupFS();
+		}
+
+		$view = new OC_FilesystemView('/');
+		$session = new \OCA\Encryption\Session($view);
+
+		// check if user has a private key
+		if (
+			!$session->getPrivateKey(\OCP\USER::getUser())
+			&& OCA\Encryption\Crypt::mode() === 'server'
+		) {
+
+			// Force the user to log-in again if the encryption key isn't unlocked
+			// (happens when a user is logged in before the encryption app is
+			// enabled)
+			OCP\User::logout();
+
+			header("Location: " . OC::$WEBROOT . '/');
+
+			exit();
+		}
 	}
+} else {
+	// logout user if we are in maintenance to force re-login
+	OCP\User::logout();
 }
 
 // Register settings scripts

apps/files_encryption/hooks/hooks.php

@@ -84,7 +84,7 @@ class Hooks {
 				&& $encLegacyKey = $userView->file_get_contents('encryption.key')
 			) {
 
-				$plainLegacyKey = Crypt::legacyBlockDecrypt($encLegacyKey, $params['password']);
+				$plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
 
 				$session->setLegacyKey($plainLegacyKey);
 

apps/files_encryption/lib/crypt.php

@@ -608,7 +608,7 @@ class Crypt {
 	 *
 	 * This function decrypts an content
 	 */
-	private static function legacyDecrypt($content, $passphrase = '') {
+	public static function legacyDecrypt($content, $passphrase = '') {
 
 		$bf = self::getBlowfish($passphrase);
 
@@ -637,28 +637,4 @@ class Crypt {
 		}
 	}
 
-	/**
-	 * @param $legacyEncryptedContent
-	 * @param $legacyPassphrase
-	 * @param $publicKeys
-	 * @return array
-	 */
-	public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) {
-
-		$decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);
-
-		// Encrypt plain data, generate keyfile & encrypted file
-		$cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);
-
-		// Encrypt plain keyfile to multiple sharefiles
-		$multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);
-
-		return array(
-			'data' => $cryptedData['encrypted'],
-			'filekey' => $multiEncrypted['data'],
-			'sharekeys' => $multiEncrypted['keys']
-		);
-
-	}
-
 }

apps/files_encryption/lib/proxy.php

@@ -256,6 +256,8 @@ class Proxy extends \OC_FileProxy {
 	 */
 	public function postFopen($path, &$result) {
 
+		$path = \OC\Files\Filesystem::normalizePath($path);
+
 		if (!$result) {
 
 			return $result;

apps/files_encryption/lib/util.php

@@ -725,40 +725,28 @@ class Util {
 					// Fetch data from file
 					$legacyData = $this->view->file_get_contents($legacyFile['path']);
 
-					$sharingEnabled = \OCP\Share::isEnabled();
-
-					// if file exists try to get sharing users
-					if ($this->view->file_exists($legacyFile['path'])) {
-						$uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId);
-					} else {
-						$uniqueUserIds[] = $this->userId;
-					}
-
-					// Fetch public keys for all users who will share the file
-					$publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds);
-
-					// Recrypt data, generate catfile
-					$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys );
+					// decrypt data, generate catfile
+					$decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase);
 
 					$rawPath = $legacyFile['path'];
-					$relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath);
 
-					// Save keyfile
-					Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
+					// enable proxy the ensure encryption is handled
+					\OC_FileProxy::$enabled = true;
 
-					// Save sharekeys to user folders
-					Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']);
+					// Open enc file handle for binary writing, with same filename as original plain file
+					$encHandle = $this->view->fopen( $rawPath, 'wb' );
 
-					// Overwrite the existing file with the encrypted one
-					$this->view->file_put_contents($rawPath, $recrypted['data']);
+					if (is_resource($encHandle)) {
 
-					$size = strlen($recrypted['data']);
+						// write data to stream
+						fwrite($encHandle, $decrypted);
 
-					// Add the file to the cache
-					\OC\Files\Filesystem::putFileInfo($rawPath, array(
-																	 'encrypted' => true,
-																	 'size' => $size
-																), '');
+						// close stream
+						fclose($encHandle);
+					}
+
+					// disable proxy to prevent file being encrypted twice
+					\OC_FileProxy::$enabled = false;
 				}
 			}
 

apps/files_encryption/tests/crypt.php

@@ -611,24 +611,6 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase {
 
 	}
 
-	/**
-	 * @medium
-	 * @brief test decryption using legacy blowfish method
-	 * @depends testLegacyEncryptLong
-	 */
-	function testLegacyKeyRecryptKeyfileEncrypt($crypted) {
-
-		$recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey));
-
-		$this->assertNotEquals($this->dataLong, $recrypted['data']);
-
-		return $recrypted;
-
-		# TODO: search inencrypted text for actual content to ensure it
-		# genuine transformation
-
-	}
-
 	/**
 	 * @medium
 	 */

apps/files_encryption/tests/util.php

@@ -75,7 +75,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
 		$this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt');
 		$this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt');
 		$this->legacyEncryptedDataKey = realpath(dirname(__FILE__) . '/encryption.key');
-		$this->legacyKey = '30943623843030686906';
+		$this->legacyKey = "30943623843030686906\0\0\0\0";
 
 		$keypair = Encryption\Crypt::createKeypair();