2011-10-21 15:02:11 +00:00
< ? php
/**
* ownCloud
*
2012-07-25 17:28:56 +00:00
* @ author Sam Tuke , Robin Appelman
* @ copyright 2012 Sam Tuke samtuke @ owncloud . com , Robin Appelman
* icewind1991 @ gmail . com
2011-10-21 15:02:11 +00:00
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2013-01-30 18:52:02 +00:00
/**
* @ brief Encryption proxy which handles filesystem operations before and after
* execution and encrypts , and handles keyfiles accordingly . Used for
* webui .
*/
2012-10-17 15:35:19 +00:00
namespace OCA\Encryption ;
2012-07-25 17:28:56 +00:00
class Proxy extends \OC_FileProxy {
2012-07-25 15:25:24 +00:00
private static $blackList = null ; //mimetypes blacklisted from encryption
private static $enableEncryption = null ;
2011-11-24 00:44:54 +00:00
/**
2012-07-11 16:51:27 +00:00
* Check if a file requires encryption
2011-11-24 00:44:54 +00:00
* @ param string $path
* @ return bool
2012-07-11 16:51:27 +00:00
*
2012-08-10 10:27:09 +00:00
* Tests if server side encryption is enabled , and file is allowed by blacklists
2011-11-24 00:44:54 +00:00
*/
2012-07-11 16:51:27 +00:00
private static function shouldEncrypt ( $path ) {
2012-10-17 15:35:19 +00:00
2012-07-11 16:51:27 +00:00
if ( is_null ( self :: $enableEncryption ) ) {
2012-11-16 18:31:37 +00:00
if (
2013-01-24 18:37:34 +00:00
\OCP\Config :: getAppValue ( 'files_encryption' , 'enable_encryption' , 'true' ) == 'true'
&& Crypt :: mode () == 'server'
2012-11-16 18:31:37 +00:00
) {
self :: $enableEncryption = true ;
} else {
self :: $enableEncryption = false ;
}
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
}
2012-07-11 16:51:27 +00:00
2012-11-16 18:31:37 +00:00
if ( ! self :: $enableEncryption ) {
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
return false ;
2012-07-11 16:51:27 +00:00
2012-04-18 14:02:35 +00:00
}
2012-07-11 16:51:27 +00:00
2012-11-16 18:31:37 +00:00
if ( is_null ( self :: $blackList ) ) {
2012-07-11 16:51:27 +00:00
2013-02-22 15:08:08 +00:00
self :: $blackList = explode ( ',' , \OCP\Config :: getAppValue ( 'files_encryption' , 'type_blacklist' , '' ) );
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
2013-01-23 19:24:26 +00:00
if ( Crypt :: isCatfile ( $path ) ) {
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
return true ;
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
2013-01-24 18:37:34 +00:00
$extension = substr ( $path , strrpos ( $path , '.' ) + 1 );
2012-07-11 16:51:27 +00:00
2013-01-24 18:37:34 +00:00
if ( array_search ( $extension , self :: $blackList ) === false ) {
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
return true ;
2012-07-11 16:51:27 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-11 16:51:27 +00:00
return false ;
2011-11-24 00:44:54 +00:00
}
2013-02-26 18:11:29 +00:00
public function preFile_put_contents ( $path , & $data ) {
2012-07-11 16:51:27 +00:00
if ( self :: shouldEncrypt ( $path ) ) {
2013-02-09 18:39:32 +00:00
// Stream put contents should have been converted to fopen
if ( ! is_resource ( $data ) ) {
2012-07-11 16:51:27 +00:00
2013-01-05 17:12:23 +00:00
$userId = \OCP\USER :: getUser ();
$rootView = new \OC_FilesystemView ( '/' );
2013-02-11 10:21:23 +00:00
$util = new Util ( $rootView , $userId );
2013-02-27 18:46:44 +00:00
$session = new Session ();
$fileOwner = \OC\Files\Filesystem :: getOwner ( $path );
$privateKey = $session -> getPrivateKey ();
2013-02-11 10:21:23 +00:00
$filePath = $util -> stripUserFilesPath ( $path );
2012-07-25 17:28:56 +00:00
// Set the filesize for userland, before encrypting
2012-07-11 16:51:27 +00:00
$size = strlen ( $data );
2012-08-14 18:06:56 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2013-02-27 18:46:44 +00:00
// Check if there is an existing key we can reuse
if ( $encKeyfile = Keymanager :: getFileKey ( $rootView , $fileOwner , $filePath ) ) {
$keyPreExists = true ;
// Decrypt the keyfile
$plainKey = $util -> decryptUnknownKeyfile ( $filePath , $fileOwner , $privateKey );
} else {
$keyPreExists = false ;
// Make a new key
$plainKey = Crypt :: generateKey ();
}
2013-02-11 10:21:23 +00:00
// Encrypt data
2013-02-27 18:46:44 +00:00
$encData = Crypt :: symmetricEncryptFileContent ( $data , $plainKey );
2013-01-14 19:07:28 +00:00
2013-02-09 18:39:32 +00:00
// Check if the keyfile needs to be shared
2013-02-27 18:46:44 +00:00
if ( $userIds = \OCP\Share :: getUsersSharingFile ( $filePath , true ) ) {
2013-02-11 10:21:23 +00:00
$publicKeys = Keymanager :: getPublicKeys ( $rootView , $userIds );
\OC_FileProxy :: $enabled = false ;
// Encrypt plain keyfile to multiple sharefiles
2013-02-27 18:46:44 +00:00
$multiEncrypted = Crypt :: multiKeyEncrypt ( $plainKey , $publicKeys );
2013-02-11 10:21:23 +00:00
// Save sharekeys to user folders
2013-02-27 18:46:44 +00:00
// TODO: openssl_seal generates new shareKeys (envelope keys) each time data is encrypted, but will data still be decryptable using old shareKeys? If so we don't need to replace the old shareKeys here, we only need to set the new ones
2013-02-11 10:21:23 +00:00
Keymanager :: setShareKeys ( $rootView , $filePath , $multiEncrypted [ 'keys' ] );
// Set encrypted keyfile as common varname
$encKey = $multiEncrypted [ 'encrypted' ];
2013-02-09 18:39:32 +00:00
} else {
$publicKey = Keymanager :: getPublicKey ( $rootView , $userId );
// Encrypt plain data to a single user
2013-02-27 18:46:44 +00:00
$encKey = Crypt :: keyEncrypt ( $plainKey , $publicKey );
2013-02-09 18:39:32 +00:00
}
2012-07-25 17:28:56 +00:00
2013-02-27 18:46:44 +00:00
// Save the key if its new
if ( ! $keyPreExists ) {
2012-08-01 13:11:41 +00:00
2013-02-27 18:46:44 +00:00
// Save keyfile for newly encrypted file in parallel directory tree
Keymanager :: setFileKey ( $rootView , $filePath , $fileOwner , $encKey );
}
2013-02-11 10:21:23 +00:00
// Replace plain content with encrypted content by reference
2013-02-27 18:46:44 +00:00
$data = $encData ;
2012-07-25 17:28:56 +00:00
// Update the file cache with file info
2013-01-31 16:49:07 +00:00
\OC\Files\Filesystem :: putFileInfo ( $path , array ( 'encrypted' => true , 'size' => $size ), '' );
2012-07-11 16:51:27 +00:00
2012-10-17 15:35:19 +00:00
// Re-enable proxy - our work is done
2012-08-14 18:06:56 +00:00
\OC_FileProxy :: $enabled = true ;
2011-10-21 15:02:11 +00:00
}
}
2012-11-16 18:31:37 +00:00
2011-10-21 15:02:11 +00:00
}
2012-12-11 15:10:56 +00:00
/**
* @ param string $path Path of file from which has been read
* @ param string $data Data that has been read from file
*/
2012-07-25 15:25:24 +00:00
public function postFile_get_contents ( $path , $data ) {
2013-02-20 19:18:00 +00:00
// FIXME: $path for shared files is just /uid/files/Shared/filepath
$userId = \OCP\USER :: getUser ();
$view = new \OC_FilesystemView ( '/' );
$util = new Util ( $view , $userId );
if ( $util -> isSharedPath ( $path ) ) {
$relPath = $util -> stripSharedFilePath ( $path );
} else {
$relPath = $util -> stripUserFilesPath ( $path );
}
2013-02-11 11:12:21 +00:00
// TODO check for existing key file and reuse it if possible to avoid problems with versioning etc.
2012-11-28 18:39:19 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2012-12-11 15:10:56 +00:00
// If data is a catfile
2012-11-28 18:39:19 +00:00
if (
2013-01-24 18:37:34 +00:00
Crypt :: mode () == 'server'
&& Crypt :: isCatfile ( $data )
2012-11-28 18:39:19 +00:00
) {
2013-02-20 19:18:00 +00:00
2013-02-11 11:12:21 +00:00
// TODO use get owner to find correct location of key files for shared files
2013-02-11 10:21:23 +00:00
$session = new Session ();
$privateKey = $session -> getPrivateKey ( $userId );
2012-11-22 20:19:03 +00:00
2013-02-20 19:18:00 +00:00
// Get the file owner so we can retrieve its keyfile
$fileOwner = \OC\Files\Filesystem :: getOwner ( $relPath ); //NOTE: This might be false! make sure the path passed to it is right
$fileOwner = 'admin' ; // FIXME: Manually set the correct UID for now
2013-02-11 10:21:23 +00:00
// Get the encrypted keyfile
2013-02-20 19:18:00 +00:00
$encKeyfile = Keymanager :: getFileKey ( $view , $fileOwner , $relPath );
2012-07-31 18:28:11 +00:00
2013-02-20 19:18:00 +00:00
// Attempt to fetch the user's shareKey
$shareKey = Keymanager :: getShareKey ( $view , $userId , $relPath );
// Check if key is shared or not
if ( $shareKey ) {
2013-02-11 10:21:23 +00:00
\OC_FileProxy :: $enabled = false ;
2013-02-26 18:11:29 +00:00
// trigger_error("\$encKeyfile = $encKeyfile, \$shareKey = $shareKey, \$privateKey = $privateKey");
2013-02-11 10:21:23 +00:00
// Decrypt keyfile with shareKey
$plainKeyfile = Crypt :: multiKeyDecrypt ( $encKeyfile , $shareKey , $privateKey );
2013-02-20 19:18:00 +00:00
2013-02-26 18:11:29 +00:00
// $plainKeyfile = $encKeyfile;
// trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1));
2013-01-06 13:56:45 +00:00
2013-02-11 10:21:23 +00:00
} else {
// If key is unshared, decrypt with user private key
$plainKeyfile = Crypt :: keyDecrypt ( $encKeyfile , $privateKey );
2013-01-06 13:56:45 +00:00
2013-02-11 10:21:23 +00:00
}
2013-01-14 19:07:28 +00:00
2013-02-11 10:21:23 +00:00
$plainData = Crypt :: symmetricDecryptFileContent ( $data , $plainKeyfile );
2013-02-26 18:11:29 +00:00
// trigger_error("PLAINDATA = ". var_export($plainData, 1));
2012-12-11 15:10:56 +00:00
2012-11-28 18:39:19 +00:00
} elseif (
Crypt :: mode () == 'server'
&& isset ( $_SESSION [ 'legacyenckey' ] )
2012-12-04 19:53:13 +00:00
&& Crypt :: isEncryptedMeta ( $path )
2012-11-28 18:39:19 +00:00
) {
2013-02-11 10:21:23 +00:00
$plainData = Crypt :: legacyDecrypt ( $data , $session -> getLegacyKey () );
2012-11-28 18:39:19 +00:00
2011-10-21 15:02:11 +00:00
}
2012-07-25 15:25:24 +00:00
2012-11-28 18:39:19 +00:00
\OC_FileProxy :: $enabled = true ;
2013-02-11 10:21:23 +00:00
if ( ! isset ( $plainData ) ) {
2012-12-11 15:10:56 +00:00
2013-02-11 10:21:23 +00:00
$plainData = $data ;
2012-12-11 15:10:56 +00:00
}
2013-02-11 10:21:23 +00:00
return $plainData ;
2012-07-31 18:28:11 +00:00
2011-10-21 15:02:11 +00:00
}
2013-01-29 19:54:40 +00:00
/**
* @ brief When a file is deleted , remove its keyfile also
*/
2013-01-30 17:25:17 +00:00
public function preUnlink ( $path ) {
2013-01-29 19:54:40 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
$view = new \OC_FilesystemView ( '/' );
2013-01-30 18:52:02 +00:00
$userId = \OCP\USER :: getUser ();
2013-01-29 19:54:40 +00:00
// Format path to be relative to user files dir
$trimmed = ltrim ( $path , '/' );
$split = explode ( '/' , $trimmed );
$sliced = array_slice ( $split , 2 );
$relPath = implode ( '/' , $sliced );
2013-02-27 16:15:03 +00:00
$filePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $relPath ;
2013-01-29 19:54:40 +00:00
2013-01-30 17:25:17 +00:00
if ( $view -> is_dir ( $path ) ) {
// Dirs must be handled separately as deleteFileKey
// doesn't handle them
2013-02-27 16:15:03 +00:00
$view -> unlink ( $filePath );
2013-01-30 17:25:17 +00:00
} else {
2013-02-27 16:15:03 +00:00
// Delete keyfile & shareKey so it isn't orphaned
if (
! (
Keymanager :: deleteFileKey ( $view , $userId , $relPath )
&& Keymanager :: delShareKey ( $view , $userId , $relPath )
)
) {
\OC_Log :: write ( 'Encryption library' , 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"' , \OC_Log :: ERROR );
}
2013-01-30 17:25:17 +00:00
}
2013-02-27 16:15:03 +00:00
\OC_FileProxy :: $enabled = true ;
// If we don't return true then file delete will fail; better
// to leave orphaned keyfiles than to disallow file deletion
return true ;
2013-01-29 19:54:40 +00:00
}
/**
* @ brief When a file is renamed , rename its keyfile also
* @ return bool Result of rename ()
* @ note This is pre rather than post because using post didn ' t work
*/
public function preRename ( $oldPath , $newPath ) {
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
$view = new \OC_FilesystemView ( '/' );
$userId = \OCP\USER :: getUser ();
// Format paths to be relative to user files dir
$oldTrimmed = ltrim ( $oldPath , '/' );
$oldSplit = explode ( '/' , $oldTrimmed );
$oldSliced = array_slice ( $oldSplit , 2 );
$oldRelPath = implode ( '/' , $oldSliced );
$oldKeyfilePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $oldRelPath . '.key' ;
$newTrimmed = ltrim ( $newPath , '/' );
$newSplit = explode ( '/' , $newTrimmed );
$newSliced = array_slice ( $newSplit , 2 );
$newRelPath = implode ( '/' , $newSliced );
$newKeyfilePath = $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $newRelPath . '.key' ;
// Rename keyfile so it isn't orphaned
$result = $view -> rename ( $oldKeyfilePath , $newKeyfilePath );
\OC_FileProxy :: $enabled = true ;
return $result ;
}
2012-07-31 18:28:11 +00:00
public function postFopen ( $path , & $result ){
2012-11-22 19:36:48 +00:00
2012-07-31 18:28:11 +00:00
if ( ! $result ) {
2011-11-24 00:44:54 +00:00
return $result ;
2012-07-31 18:28:11 +00:00
2011-11-24 00:44:54 +00:00
}
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// Reformat path for use with OC_FSV
$path_split = explode ( '/' , $path );
2013-02-09 12:42:18 +00:00
$path_f = implode ( '/' , array_slice ( $path_split , 3 ) );
2012-12-04 19:53:13 +00:00
2012-10-17 15:35:19 +00:00
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy :: $enabled = false ;
2012-07-31 18:28:11 +00:00
$meta = stream_get_meta_data ( $result );
2012-11-22 14:08:19 +00:00
$view = new \OC_FilesystemView ( '' );
2012-10-17 15:35:19 +00:00
$util = new Util ( $view , \OCP\USER :: getUser ());
2012-11-22 19:36:48 +00:00
// If file is already encrypted, decrypt using crypto protocol
2012-12-04 19:53:13 +00:00
if (
2013-01-24 18:37:34 +00:00
Crypt :: mode () == 'server'
&& $util -> isEncryptedPath ( $path )
2012-12-04 19:53:13 +00:00
) {
2012-07-31 18:28:11 +00:00
2012-11-22 19:36:48 +00:00
// Close the original encrypted file
2012-10-17 15:35:19 +00:00
fclose ( $result );
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
$result = fopen ( 'crypt://' . $path_f , $meta [ 'mode' ] );
2012-11-22 19:36:48 +00:00
2012-10-17 15:35:19 +00:00
2012-11-22 14:08:19 +00:00
} elseif (
2013-01-24 18:37:34 +00:00
self :: shouldEncrypt ( $path )
and $meta [ 'mode' ] != 'r'
and $meta [ 'mode' ] != 'rb'
2012-07-31 18:28:11 +00:00
) {
2012-12-04 19:53:13 +00:00
// If the file is not yet encrypted, but should be
// encrypted when it's saved (it's not read only)
2012-07-31 18:28:11 +00:00
2012-12-04 19:53:13 +00:00
// NOTE: this is the case for new files saved via WebDAV
2012-11-22 20:19:03 +00:00
if (
$view -> file_exists ( $path )
and $view -> filesize ( $path ) > 0
) {
$x = $view -> file_get_contents ( $path );
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
$tmp = tmpfile ();
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
// // Make a temporary copy of the original file
// \OCP\Files::streamCopy( $result, $tmp );
//
// // Close the original stream, we'll return another one
// fclose( $result );
//
// $view->file_put_contents( $path_f, $tmp );
//
// fclose( $tmp );
2011-11-24 00:44:54 +00:00
}
2012-07-31 18:28:11 +00:00
2012-11-22 20:19:03 +00:00
$result = fopen ( 'crypt://' . $path_f , $meta [ 'mode' ] );
2012-07-31 18:28:11 +00:00
2012-11-22 14:08:19 +00:00
}
2012-07-31 18:28:11 +00:00
2012-11-14 13:58:57 +00:00
// Re-enable the proxy
\OC_FileProxy :: $enabled = true ;
2011-11-24 00:44:54 +00:00
return $result ;
2012-07-31 18:28:11 +00:00
2011-10-21 15:02:11 +00:00
}
2012-02-15 20:44:58 +00:00
2013-01-24 18:37:34 +00:00
public function postGetMimeType ( $path , $mime ) {
if ( Crypt :: isCatfile ( $path ) ) {
$mime = \OCP\Files :: getMimeType ( 'crypt://' . $path , 'w' );
2012-02-21 19:48:14 +00:00
}
2013-01-24 18:37:34 +00:00
2012-02-26 14:56:47 +00:00
return $mime ;
2013-01-24 18:37:34 +00:00
2012-02-15 20:44:58 +00:00
}
2012-06-21 15:37:53 +00:00
2013-01-24 18:37:34 +00:00
public function postStat ( $path , $data ) {
if ( Crypt :: isCatfile ( $path ) ) {
2013-01-31 16:49:07 +00:00
$cached = \OC\Files\Filesystem :: getFileInfo ( $path , '' );
2013-01-24 18:37:34 +00:00
$data [ 'size' ] = $cached [ 'size' ];
2012-06-21 15:37:53 +00:00
}
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
return $data ;
}
2013-01-24 18:37:34 +00:00
public function postFileSize ( $path , $size ) {
if ( Crypt :: isCatfile ( $path ) ) {
2013-01-31 16:49:07 +00:00
$cached = \OC\Files\Filesystem :: getFileInfo ( $path , '' );
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
return $cached [ 'size' ];
2013-01-24 18:37:34 +00:00
} else {
2012-06-21 15:37:53 +00:00
return $size ;
2013-01-24 18:37:34 +00:00
2012-06-21 15:37:53 +00:00
}
}
2011-10-21 15:02:11 +00:00
}