2011-10-21 15:02:11 +00:00
< ? php
/**
* ownCloud
*
2012-07-25 17:28:56 +00:00
* @ author Sam Tuke , Robin Appelman
* @ copyright 2012 Sam Tuke samtuke @ owncloud . com , Robin Appelman
* icewind1991 @ gmail . com
2011-10-21 15:02:11 +00:00
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2013-01-30 18:52:02 +00:00
/**
* @ brief Encryption proxy which handles filesystem operations before and after
* execution and encrypts , and handles keyfiles accordingly . Used for
* webui .
*/
2012-10-17 15:35:19 +00:00
namespace OCA\Encryption ;
2012-07-25 17:28:56 +00:00
class Proxy extends \OC_FileProxy {
2012-07-25 15:25:24 +00:00
private static $blackList = null ; //mimetypes blacklisted from encryption
private static $enableEncryption = null ;
2011-11-24 00:44:54 +00:00
/**
2012-07-11 16:51:27 +00:00
* Check if a file requires encryption
2011-11-24 00:44:54 +00:00
* @ param string $path
* @ return bool
2012-07-11 16:51:27 +00:00
*
2012-08-10 10:27:09 +00:00
* Tests if server side encryption is enabled , and file is allowed by blacklists
2011-11-24 00:44:54 +00:00
*/
2012-07-11 16:51:27 +00:00
private static function shouldEncrypt ( $path ) {
2012-10-17 15:35:19 +00:00
2012-07-11 16:51:27 +00:00
if ( is_null ( self :: $enableEncryption ) ) {
2012-11-16 18:31:37 +00:00
if (
2013-01-24 18:37:34 +00:00
\OCP\Config :: getAppValue ( 'files_encryption' , 'enable_encryption' , 'true' ) == 'true'
&& Crypt :: mode () == 'server'
2012-11-16 18:31:37 +00:00
) {
self :: $enableEncryption = true ;
} else {
self :: $enableEncryption = false ;
}
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
}
2012-07-11 16:51:27 +00:00
2012-11-16 18:31:37 +00:00
if ( ! self :: $enableEncryption ) {
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
return false ;
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
}
2012-07-11 16:51:27 +00:00
2012-11-16 18:31:37 +00:00
if ( is_null ( self :: $blackList ) ) {
2012-07-11 16:51:27 +00:00
2013-02-22 15:08:08 +00:00
self :: $blackList = explode ( ',' , \OCP\Config :: getAppValue ( 'files_encryption' , 'type_blacklist' , '' ) );
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
2013-03-09 18:18:34 +00:00
if ( Crypt :: isCatfileContent ( $path ) ) {
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
return true ;
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
2013-01-24 18:37:34 +00:00
$extension = substr ( $path , strrpos ( $path , '.' ) + 1 );
2012-07-11 16:51:27 +00:00
2013-01-24 18:37:34 +00:00
if ( array_search ( $extension , self :: $blackList ) === false ) {
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
return true ;
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
return false ;
2011-11-24 00:44:54 +00:00
}
2013-02-26 18:11:29 +00:00
public function preFile_put_contents ( $path , & $data ) {
2012-07-11 16:51:27 +00:00
if ( self :: shouldEncrypt ( $path ) ) {
2013-02-09 18:39:32 +00:00
// Stream put contents should have been converted to fopen
if ( ! is_resource ( $data ) ) {
2012-07-11 16:51:27 +00:00
2013-01-05 17:12:23 +00:00
$userId = \OCP\USER :: getUser ();
$rootView = new \OC_FilesystemView ( '/' );
2013-02-11 10:21:23 +00:00
$util = new Util ( $rootView , $userId );
2013-04-10 15:37:03 +00:00
$session = new Session ( $rootView );
2013-02-27 18:46:44 +00:00
$fileOwner = \OC\Files\Filesystem :: getOwner ( $path );
$privateKey = $session -> getPrivateKey ();
2013-02-11 10:21:23 +00:00
$filePath = $util -> stripUserFilesPath ( $path );
2012-07-25 17:28:56 +00:00
// Set the filesize for userland, before encrypting
2012-07-11 16:51:27 +00:00
$size = strlen ( $data );
2012-08-14 18:06:56 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2013-02-27 18:46:44 +00:00
// Check if there is an existing key we can reuse
if ( $encKeyfile = Keymanager :: getFileKey ( $rootView , $fileOwner , $filePath ) ) {
$keyPreExists = true ;
2013-04-10 15:37:03 +00:00
// Fetch shareKey
$shareKey = Keymanager :: getShareKey ( $rootView , $userId , $filePath );
2013-02-27 18:46:44 +00:00
// Decrypt the keyfile
2013-04-10 15:37:03 +00:00
$plainKey = Crypt :: multiKeyDecrypt ( $encKeyfile , $shareKey , $privateKey );
trigger_error ( " \$ shareKey = $shareKey " );
trigger_error ( " \$ plainKey = $plainKey " );
2013-02-27 18:46:44 +00:00
} else {
$keyPreExists = false ;
// Make a new key
$plainKey = Crypt :: generateKey ();
}
2013-02-11 10:21:23 +00:00
// Encrypt data
2013-02-27 18:46:44 +00:00
$encData = Crypt :: symmetricEncryptFileContent ( $data , $plainKey );
2013-01-14 19:07:28 +00:00
2013-03-20 18:26:59 +00:00
// Check if key recovery is enabled
$recoveryEnabled = $util -> recoveryEnabled ();
// Make sure that a share key is generated for the owner too
$userIds = array ( $userId );
if ( \OCP\Share :: isEnabled () ) {
// Find out who, if anyone, is sharing the file
2013-03-29 20:11:29 +00:00
$shareUids = \OCP\Share :: getUsersSharingFile ( $filePath , true , true , true );
2013-02-11 10:21:23 +00:00
2013-03-20 18:26:59 +00:00
$userIds = array_merge ( $userIds , $shareUids );
2013-02-09 18:39:32 +00:00
2013-03-20 18:26:59 +00:00
}
2013-02-09 18:39:32 +00:00
2013-03-20 18:26:59 +00:00
// If recovery is enabled, add the
// Admin UID to list of users to share to
if ( $recoveryEnabled ) {
2013-02-09 18:39:32 +00:00
2013-03-20 18:26:59 +00:00
// FIXME: Create a separate admin user purely for recovery, and create method in util for fetching this id from DB?
$adminUid = 'recoveryAdmin' ;
2013-02-09 18:39:32 +00:00
2013-03-20 18:26:59 +00:00
$userIds [] = $adminUid ;
2013-02-09 18:39:32 +00:00
}
2012-07-25 17:28:56 +00:00
2013-03-20 18:26:59 +00:00
// Remove duplicate UIDs
$uniqueUserIds = array_unique ( $userIds );
// Fetch public keys for all users who will share the file
$publicKeys = Keymanager :: getPublicKeys ( $rootView , $uniqueUserIds );
\OC_FileProxy :: $enabled = false ;
// Encrypt plain keyfile to multiple sharefiles
$multiEncrypted = Crypt :: multiKeyEncrypt ( $plainKey , $publicKeys );
// Save sharekeys to user folders
// TODO: openssl_seal generates new shareKeys (envelope keys) each time data is encrypted, but will data still be decryptable using old shareKeys? If so we don't need to replace the old shareKeys here, we only need to set the new ones
2013-04-10 15:37:03 +00:00
2013-03-20 18:26:59 +00:00
Keymanager :: setShareKeys ( $rootView , $filePath , $multiEncrypted [ 'keys' ] );
// Set encrypted keyfile as common varname
$encKey = $multiEncrypted [ 'data' ];
2013-02-27 18:46:44 +00:00
// Save the key if its new
if ( ! $keyPreExists ) {
2012-08-01 13:11:41 +00:00
2013-02-27 18:46:44 +00:00
// Save keyfile for newly encrypted file in parallel directory tree
Keymanager :: setFileKey ( $rootView , $filePath , $fileOwner , $encKey );
}
2013-02-11 10:21:23 +00:00
// Replace plain content with encrypted content by reference
2013-02-27 18:46:44 +00:00
$data = $encData ;
2012-07-25 17:28:56 +00:00
// Update the file cache with file info
2013-01-31 16:49:07 +00:00
\OC\Files\Filesystem :: putFileInfo ( $path , array ( 'encrypted' => true , 'size' => $size ), '' );
2012-07-11 16:51:27 +00:00
2012-10-17 15:35:19 +00:00
// Re-enable proxy - our work is done
2012-08-14 18:06:56 +00:00
\OC_FileProxy :: $enabled = true ;
2011-10-21 15:02:11 +00:00
}
}
2012-11-16 18:31:37 +00:00
2011-10-21 15:02:11 +00:00
}
2012-12-11 15:10:56 +00:00
/**
* @ param string $path Path of file from which has been read
* @ param string $data Data that has been read from file
*/
2012-07-25 15:25:24 +00:00
public function postFile_get_contents ( $path , $data ) {
2013-03-26 11:23:28 +00:00
2013-02-20 19:18:00 +00:00
// FIXME: $path for shared files is just /uid/files/Shared/filepath
$userId = \OCP\USER :: getUser ();
$view = new \OC_FilesystemView ( '/' );
$util = new Util ( $view , $userId );
2013-03-26 11:23:28 +00:00
$relPath = $util -> stripUserFilesPath ( $path );
2013-02-20 19:18:00 +00:00
2013-02-11 11:12:21 +00:00
// TODO check for existing key file and reuse it if possible to avoid problems with versioning etc.
2012-11-28 18:39:19 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2012-12-11 15:10:56 +00:00
// If data is a catfile
2012-11-28 18:39:19 +00:00
if (
2013-01-24 18:37:34 +00:00
Crypt :: mode () == 'server'
2013-04-10 15:37:03 +00:00
&& Crypt :: isCatfileContent ( $data ) // TODO: Do we really need this check? Can't we assume it is properly encrypted?
2012-11-28 18:39:19 +00:00
) {
2013-02-20 19:18:00 +00:00
2013-04-10 15:37:03 +00:00
// TODO: use get owner to find correct location of key files for shared files
$session = new Session ( $view );
2013-02-11 10:21:23 +00:00
$privateKey = $session -> getPrivateKey ( $userId );
2012-11-22 20:19:03 +00:00
2013-02-20 19:18:00 +00:00
// Get the file owner so we can retrieve its keyfile
2013-04-10 15:37:03 +00:00
// list( $fileOwner, $ownerPath ) = $util->getUidAndFilename( $relPath );
$fileOwner = \OC\Files\Filesystem :: getOwner ( $path );
$ownerPath = $util -> stripUserFilesPath ( $path ); // TODO: Don't trust $path, fetch owner path
2013-03-26 11:40:31 +00:00
2013-02-11 10:21:23 +00:00
// Get the encrypted keyfile
2013-03-26 11:40:31 +00:00
$encKeyfile = Keymanager :: getFileKey ( $view , $fileOwner , $ownerPath );
2012-07-31 18:28:11 +00:00
2013-02-20 19:18:00 +00:00
// Attempt to fetch the user's shareKey
$shareKey = Keymanager :: getShareKey ( $view , $userId , $relPath );
2013-04-10 15:37:03 +00:00
// Decrypt keyfile with shareKey
$plainKeyfile = Crypt :: multiKeyDecrypt ( $encKeyfile , $shareKey , $privateKey );
2013-02-11 10:21:23 +00:00
$plainData = Crypt :: symmetricDecryptFileContent ( $data , $plainKeyfile );
2013-02-26 18:11:29 +00:00
// trigger_error("PLAINDATA = ". var_export($plainData, 1));
2012-12-11 15:10:56 +00:00
2012-11-28 18:39:19 +00:00
} elseif (
Crypt :: mode () == 'server'
&& isset ( $_SESSION [ 'legacyenckey' ] )
2012-12-04 19:53:13 +00:00
&& Crypt :: isEncryptedMeta ( $path )
2012-11-28 18:39:19 +00:00
) {
2013-02-11 10:21:23 +00:00
$plainData = Crypt :: legacyDecrypt ( $data , $session -> getLegacyKey () );
2012-11-28 18:39:19 +00:00
2011-10-21 15:02:11 +00:00
}
2012-07-25 15:25:24 +00:00
2012-11-28 18:39:19 +00:00
\OC_FileProxy :: $enabled = true ;
2013-02-11 10:21:23 +00:00
if ( ! isset ( $plainData ) ) {
2012-12-11 15:10:56 +00:00
2013-02-11 10:21:23 +00:00
$plainData = $data ;
2012-12-11 15:10:56 +00:00
}
2013-02-11 10:21:23 +00:00
return $plainData ;
2012-07-31 18:28:11 +00:00
2011-10-21 15:02:11 +00:00
}
2013-01-29 19:54:40 +00:00
/**
* @ brief When a file is deleted , remove its keyfile also
*/
2013-01-30 17:25:17 +00:00
public function preUnlink ( $path ) {
2013-01-29 19:54:40 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
$view = new \OC_FilesystemView ( '/' );
2013-03-26 15:17:26 +00:00
2013-01-30 18:52:02 +00:00
$userId = \OCP\USER :: getUser ();
2013-03-26 15:17:26 +00:00
$util = new Util ( $view , $userId );
2013-01-29 19:54:40 +00:00
// Format path to be relative to user files dir
2013-03-26 15:22:26 +00:00
$relPath = $util -> stripUserFilesPath ( $path );
2013-03-26 15:17:26 +00:00
list ( $owner , $ownerPath ) = $util -> getUidAndFilename ( $relPath );
$filePath = $owner . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $ownerPath ;
2013-03-26 15:52:58 +00:00
// Delete keyfile & shareKey so it isn't orphaned
if (
! (
Keymanager :: deleteFileKey ( $view , $owner , $ownerPath )
&& Keymanager :: delShareKey ( $view , $owner , $ownerPath )
)
) {
2013-01-29 19:54:40 +00:00
2013-03-26 15:52:58 +00:00
\OC_Log :: write ( 'Encryption library' , 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"' , \OC_Log :: ERROR );
2013-02-27 16:15:03 +00:00
2013-01-30 17:25:17 +00:00
}
2013-02-27 16:15:03 +00:00
\OC_FileProxy :: $enabled = true ;
// If we don't return true then file delete will fail; better
// to leave orphaned keyfiles than to disallow file deletion
return true ;
2013-01-29 19:54:40 +00:00
}
/**
* @ brief When a file is renamed , rename its keyfile also
* @ return bool Result of rename ()
* @ note This is pre rather than post because using post didn ' t work
*/
public function preRename ( $oldPath , $newPath ) {
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
$view = new \OC_FilesystemView ( '/' );
$userId = \OCP\USER :: getUser ();
// Format paths to be relative to user files dir
$oldTrimmed = ltrim ( $oldPath , '/' );
$oldSplit = explode ( '/' , $oldTrimmed );
$oldSliced = array_slice ( $oldSplit , 2 );
$oldRelPath = implode ( '/' , $oldSliced );
$oldKeyfilePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $oldRelPath . '.key' ;
$newTrimmed = ltrim ( $newPath , '/' );
$newSplit = explode ( '/' , $newTrimmed );
$newSliced = array_slice ( $newSplit , 2 );
$newRelPath = implode ( '/' , $newSliced );
$newKeyfilePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $newRelPath . '.key' ;
// Rename keyfile so it isn't orphaned
$result = $view -> rename ( $oldKeyfilePath , $newKeyfilePath );
\OC_FileProxy :: $enabled = true ;
return $result ;
}
2012-07-31 18:28:11 +00:00
public function postFopen ( $path , & $result ){
2012-11-22 19:36:48 +00:00
2012-07-31 18:28:11 +00:00
if ( ! $result ) {
2011-11-24 00:44:54 +00:00
return $result ;
2012-07-31 18:28:11 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// Reformat path for use with OC_FSV
$path_split = explode ( '/' , $path );
2013-02-09 12:42:18 +00:00
$path_f = implode ( '/' , array_slice ( $path_split , 3 ) );
2012-12-04 19:53:13 +00:00
2012-10-17 15:35:19 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2012-07-31 18:28:11 +00:00
$meta = stream_get_meta_data ( $result );
2012-11-22 14:08:19 +00:00
$view = new \OC_FilesystemView ( '' );
2012-10-17 15:35:19 +00:00
$util = new Util ( $view , \OCP\USER :: getUser ());
2012-11-22 19:36:48 +00:00
// If file is already encrypted, decrypt using crypto protocol
2012-12-04 19:53:13 +00:00
if (
2013-01-24 18:37:34 +00:00
Crypt :: mode () == 'server'
&& $util -> isEncryptedPath ( $path )
2012-12-04 19:53:13 +00:00
) {
2012-07-31 18:28:11 +00:00
2012-11-22 19:36:48 +00:00
// Close the original encrypted file
2012-10-17 15:35:19 +00:00
fclose ( $result );
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
$result = fopen ( 'crypt://' . $path_f , $meta [ 'mode' ] );
2012-11-22 19:36:48 +00:00
2012-10-17 15:35:19 +00:00
2012-11-22 14:08:19 +00:00
} elseif (
2013-01-24 18:37:34 +00:00
self :: shouldEncrypt ( $path )
and $meta [ 'mode' ] != 'r'
and $meta [ 'mode' ] != 'rb'
2012-07-31 18:28:11 +00:00
) {
2012-12-04 19:53:13 +00:00
// If the file is not yet encrypted, but should be
// encrypted when it's saved (it's not read only)
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// NOTE: this is the case for new files saved via WebDAV
2012-11-22 20:19:03 +00:00
if (
$view -> file_exists ( $path )
and $view -> filesize ( $path ) > 0
) {
$x = $view -> file_get_contents ( $path );
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
$tmp = tmpfile ();
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
// // Make a temporary copy of the original file
// \OCP\Files::streamCopy( $result, $tmp );
//
// // Close the original stream, we'll return another one
// fclose( $result );
//
// $view->file_put_contents( $path_f, $tmp );
//
// fclose( $tmp );
2011-11-24 00:44:54 +00:00
}
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
$result = fopen ( 'crypt://' . $path_f , $meta [ 'mode' ] );
2012-07-31 18:28:11 +00:00
2012-11-22 14:08:19 +00:00
}
2012-07-31 18:28:11 +00:00
2012-11-14 13:58:57 +00:00
// Re-enable the proxy
\OC_FileProxy :: $enabled = true ;
2011-11-24 00:44:54 +00:00
return $result ;
2012-07-31 18:28:11 +00:00
2011-10-21 15:02:11 +00:00
}
2012-02-15 20:44:58 +00:00
2013-01-24 18:37:34 +00:00
public function postGetMimeType ( $path , $mime ) {
2013-03-09 18:18:34 +00:00
if ( Crypt :: isCatfileContent ( $path ) ) {
2013-01-24 18:37:34 +00:00
$mime = \OCP\Files :: getMimeType ( 'crypt://' . $path , 'w' );
2012-02-21 19:48:14 +00:00
}
2013-01-24 18:37:34 +00:00
2012-02-26 14:56:47 +00:00
return $mime ;
2013-01-24 18:37:34 +00:00
2012-02-15 20:44:58 +00:00
}
2012-06-21 15:37:53 +00:00
2013-01-24 18:37:34 +00:00
public function postStat ( $path , $data ) {
2013-03-09 18:18:34 +00:00
if ( Crypt :: isCatfileContent ( $path ) ) {
2013-01-24 18:37:34 +00:00
2013-01-31 16:49:07 +00:00
$cached = \OC\Files\Filesystem :: getFileInfo ( $path , '' );
2013-01-24 18:37:34 +00:00
$data [ 'size' ] = $cached [ 'size' ];
2012-06-21 15:37:53 +00:00
}
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
return $data ;
}
2013-01-24 18:37:34 +00:00
public function postFileSize ( $path , $size ) {
2013-03-09 18:18:34 +00:00
if ( Crypt :: isCatfileContent ( $path ) ) {
2013-01-24 18:37:34 +00:00
2013-01-31 16:49:07 +00:00
$cached = \OC\Files\Filesystem :: getFileInfo ( $path , '' );
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
return $cached [ 'size' ];
2013-01-24 18:37:34 +00:00
} else {
2012-06-21 15:37:53 +00:00
return $size ;
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
}
}
2011-10-21 15:02:11 +00:00
}