diff --git a/3rdparty b/3rdparty index d59b017922..3ef9f738a9 160000 --- a/3rdparty +++ b/3rdparty @@ -1 +1 @@ -Subproject commit d59b017922d9ac3bf985dee0eb721ec1a901ac72 +Subproject commit 3ef9f738a9107879dddc7d97842cf4d2198fae4c diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 99bdc2c247..f69e04b5bb 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,45 +10,50 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php'; OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; -OC_FileProxy::register(new OCA\Encryption\Proxy()); +if (!OC_Config::getValue('maintenance', false)) { + OC_FileProxy::register(new OCA\Encryption\Proxy()); -// User related hooks -OCA\Encryption\Helper::registerUserHooks(); + // User related hooks + OCA\Encryption\Helper::registerUserHooks(); -// Sharing related hooks -OCA\Encryption\Helper::registerShareHooks(); + // Sharing related hooks + OCA\Encryption\Helper::registerShareHooks(); -// Filesystem related hooks -OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + OCA\Encryption\Helper::registerFilesystemHooks(); -stream_wrapper_register('crypt', 'OCA\Encryption\Stream'); + stream_wrapper_register('crypt', 'OCA\Encryption\Stream'); -// check if we are logged in -if (OCP\User::isLoggedIn()) { + // check if we are logged in + if (OCP\User::isLoggedIn()) { - // ensure filesystem is loaded - if(!\OC\Files\Filesystem::$loaded) { - \OC_Util::setupFS(); - } - - $view = new OC_FilesystemView('/'); - $session = new \OCA\Encryption\Session($view); - - // check if user has a private key - if ( - !$session->getPrivateKey(\OCP\USER::getUser()) - && OCA\Encryption\Crypt::mode() === 'server' - ) { - - // Force the user to log-in again if the encryption key isn't unlocked - // (happens when a user is logged in before the encryption app is - // enabled) - OCP\User::logout(); - - header("Location: " . OC::$WEBROOT . '/'); - - exit(); + // ensure filesystem is loaded + if (!\OC\Files\Filesystem::$loaded) { + \OC_Util::setupFS(); + } + + $view = new OC_FilesystemView('/'); + $session = new \OCA\Encryption\Session($view); + + // check if user has a private key + if ( + !$session->getPrivateKey(\OCP\USER::getUser()) + && OCA\Encryption\Crypt::mode() === 'server' + ) { + + // Force the user to log-in again if the encryption key isn't unlocked + // (happens when a user is logged in before the encryption app is + // enabled) + OCP\User::logout(); + + header("Location: " . OC::$WEBROOT . '/'); + + exit(); + } } +} else { + // logout user if we are in maintenance to force re-login + OCP\User::logout(); } // Register settings scripts diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 7e68f476a7..0580b713d1 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -84,7 +84,7 @@ class Hooks { && $encLegacyKey = $userView->file_get_contents('encryption.key') ) { - $plainLegacyKey = Crypt::legacyBlockDecrypt($encLegacyKey, $params['password']); + $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $session->setLegacyKey($plainLegacyKey); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ddeb3590f6..ced9ab7c67 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -608,7 +608,7 @@ class Crypt { * * This function decrypts an content */ - private static function legacyDecrypt($content, $passphrase = '') { + public static function legacyDecrypt($content, $passphrase = '') { $bf = self::getBlowfish($passphrase); @@ -637,28 +637,4 @@ class Crypt { } } - /** - * @param $legacyEncryptedContent - * @param $legacyPassphrase - * @param $publicKeys - * @return array - */ - public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) { - - $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); - - // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); - - // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); - - return array( - 'data' => $cryptedData['encrypted'], - 'filekey' => $multiEncrypted['data'], - 'sharekeys' => $multiEncrypted['keys'] - ); - - } - } \ No newline at end of file diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 0df34a38bd..735eba911a 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -256,6 +256,8 @@ class Proxy extends \OC_FileProxy { */ public function postFopen($path, &$result) { + $path = \OC\Files\Filesystem::normalizePath($path); + if (!$result) { return $result; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index b6e3543bca..463e4fae79 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -725,40 +725,28 @@ class Util { // Fetch data from file $legacyData = $this->view->file_get_contents($legacyFile['path']); - $sharingEnabled = \OCP\Share::isEnabled(); - - // if file exists try to get sharing users - if ($this->view->file_exists($legacyFile['path'])) { - $uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); - } else { - $uniqueUserIds[] = $this->userId; - } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); - - // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys ); + // decrypt data, generate catfile + $decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase); $rawPath = $legacyFile['path']; - $relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath); - // Save keyfile - Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); + // enable proxy the ensure encryption is handled + \OC_FileProxy::$enabled = true; - // Save sharekeys to user folders - Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); + // Open enc file handle for binary writing, with same filename as original plain file + $encHandle = $this->view->fopen( $rawPath, 'wb' ); - // Overwrite the existing file with the encrypted one - $this->view->file_put_contents($rawPath, $recrypted['data']); + if (is_resource($encHandle)) { - $size = strlen($recrypted['data']); + // write data to stream + fwrite($encHandle, $decrypted); - // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($rawPath, array( - 'encrypted' => true, - 'size' => $size - ), ''); + // close stream + fclose($encHandle); + } + + // disable proxy to prevent file being encrypted twice + \OC_FileProxy::$enabled = false; } } diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 341904b118..c105e5ad31 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -611,24 +611,6 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } - /** - * @medium - * @brief test decryption using legacy blowfish method - * @depends testLegacyEncryptLong - */ - function testLegacyKeyRecryptKeyfileEncrypt($crypted) { - - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey)); - - $this->assertNotEquals($this->dataLong, $recrypted['data']); - - return $recrypted; - - # TODO: search inencrypted text for actual content to ensure it - # genuine transformation - - } - /** * @medium */ diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index 14caf1105d..cb10befc8e 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -75,7 +75,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $this->legacyEncryptedDataKey = realpath(dirname(__FILE__) . '/encryption.key'); - $this->legacyKey = '30943623843030686906'; + $this->legacyKey = "30943623843030686906\0\0\0\0"; $keypair = Encryption\Crypt::createKeypair();