Merge pull request #1383 from owncloud/files_encryption-style-fixes
first style fixes - @samtuke: I added some TODO regarding undefined vari...
This commit is contained in:
commit
9bf1f22d5f
10 changed files with 705 additions and 849 deletions
|
@ -1,38 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
use OCA\Encryption\Keymanager;
|
||||
|
||||
OCP\JSON::checkAppEnabled('files_encryption');
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$mode = $_POST['mode'];
|
||||
$changePasswd = false;
|
||||
$passwdChanged = false;
|
||||
|
||||
if ( isset($_POST['newpasswd']) && isset($_POST['oldpasswd']) ) {
|
||||
$oldpasswd = $_POST['oldpasswd'];
|
||||
$newpasswd = $_POST['newpasswd'];
|
||||
$changePasswd = true;
|
||||
$passwdChanged = Keymanager::changePasswd($oldpasswd, $newpasswd);
|
||||
}
|
||||
|
||||
$query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
|
||||
$result = $query->execute(array(\OCP\User::getUser()));
|
||||
|
||||
if ($result->fetchRow()){
|
||||
$query = OC_DB::prepare( 'UPDATE *PREFIX*encryption SET mode = ? WHERE uid = ?' );
|
||||
} else {
|
||||
$query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' );
|
||||
}
|
||||
|
||||
if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) {
|
||||
OCP\JSON::success();
|
||||
} else {
|
||||
OCP\JSON::error();
|
||||
}
|
|
@ -43,6 +43,6 @@ if (
|
|||
|
||||
}
|
||||
|
||||
// Reguster settings scripts
|
||||
// Register settings scripts
|
||||
OCP\App::registerAdmin( 'files_encryption', 'settings' );
|
||||
OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
|
||||
OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
|
||||
|
|
|
@ -165,16 +165,6 @@ class Hooks {
|
|||
* @brief
|
||||
*/
|
||||
public static function postShared( $params ) {
|
||||
|
||||
// Delete existing catfile
|
||||
Keymanager::deleteFileKey( );
|
||||
|
||||
// Generate new catfile and env keys
|
||||
Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
|
||||
|
||||
// Save env keys to user folders
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
/**
|
||||
* Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
$(document).ready(function(){
|
||||
$('input[name=encryption_mode]').change(function(){
|
||||
var prevmode = document.getElementById('prev_encryption_mode').value
|
||||
var client=$('input[value="client"]:checked').val()
|
||||
,server=$('input[value="server"]:checked').val()
|
||||
,user=$('input[value="user"]:checked').val()
|
||||
,none=$('input[value="none"]:checked').val()
|
||||
if (client) {
|
||||
$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'client' });
|
||||
if (prevmode == 'server') {
|
||||
OC.dialogs.info(t('encryption', 'Please switch to your ownCloud client and change your encryption password to complete the conversion.'), t('encryption', 'switched to client side encryption'));
|
||||
}
|
||||
} else if (server) {
|
||||
if (prevmode == 'client') {
|
||||
OC.dialogs.form([{text:'Login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) {
|
||||
$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) {
|
||||
if (result.status != 'success') {
|
||||
document.getElementById(prevmode+'_encryption').checked = true;
|
||||
OC.dialogs.alert(t('encryption', 'Please check your passwords and try again.'), t('encryption', 'Could not change your file encryption password to your login password'))
|
||||
} else {
|
||||
console.log("alles super");
|
||||
}
|
||||
}, true);
|
||||
});
|
||||
} else {
|
||||
$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server' });
|
||||
}
|
||||
} else {
|
||||
$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'none' });
|
||||
}
|
||||
})
|
||||
})
|
|
@ -9,38 +9,11 @@ $(document).ready(function(){
|
|||
$('#encryption_blacklist').multiSelect({
|
||||
oncheck:blackListChange,
|
||||
onuncheck:blackListChange,
|
||||
createText:'...',
|
||||
createText:'...'
|
||||
});
|
||||
|
||||
function blackListChange(){
|
||||
var blackList=$('#encryption_blacklist').val().join(',');
|
||||
OC.AppConfig.setValue('files_encryption','type_blacklist',blackList);
|
||||
}
|
||||
|
||||
//TODO: Handle switch between client and server side encryption
|
||||
$('input[name=encryption_mode]').change(function(){
|
||||
var client=$('input[value="client"]:checked').val()
|
||||
,server=$('input[value="server"]:checked').val()
|
||||
,user=$('input[value="user"]:checked').val()
|
||||
,none=$('input[value="none"]:checked').val()
|
||||
,disable=false
|
||||
if (client) {
|
||||
OC.AppConfig.setValue('files_encryption','mode','client');
|
||||
disable = true;
|
||||
} else if (server) {
|
||||
OC.AppConfig.setValue('files_encryption','mode','server');
|
||||
disable = true;
|
||||
} else if (user) {
|
||||
OC.AppConfig.setValue('files_encryption','mode','user');
|
||||
disable = true;
|
||||
} else {
|
||||
OC.AppConfig.setValue('files_encryption','mode','none');
|
||||
}
|
||||
if (disable) {
|
||||
document.getElementById('server_encryption').disabled = true;
|
||||
document.getElementById('client_encryption').disabled = true;
|
||||
document.getElementById('user_encryption').disabled = true;
|
||||
document.getElementById('none_encryption').disabled = true;
|
||||
}
|
||||
})
|
||||
})
|
File diff suppressed because it is too large
Load diff
|
@ -1,325 +1,323 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud
|
||||
*
|
||||
* @author Bjoern Schiessle
|
||||
* @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Encryption;
|
||||
|
||||
/**
|
||||
* @brief Class to manage storage and retrieval of encryption keys
|
||||
* @note Where a method requires a view object, it's root must be '/'
|
||||
*/
|
||||
class Keymanager {
|
||||
|
||||
/**
|
||||
* @brief retrieve the ENCRYPTED private key from a user
|
||||
*
|
||||
* @return string private key or false
|
||||
* @note the key returned by this method must be decrypted before use
|
||||
*/
|
||||
public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
|
||||
|
||||
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
|
||||
|
||||
$key = $view->file_get_contents( $path );
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve public key for a specified user
|
||||
* @return string public key or false
|
||||
*/
|
||||
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
|
||||
|
||||
return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve both keys from a user (private and public)
|
||||
* @return array keys: privateKey, publicKey
|
||||
*/
|
||||
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
|
||||
|
||||
return array(
|
||||
'publicKey' => self::getPublicKey( $view, $userId )
|
||||
, 'privateKey' => self::getPrivateKey( $view, $userId )
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Retrieve public keys of all users with access to a file
|
||||
* @param string $path Path to file
|
||||
* @return array of public keys for the given file
|
||||
* @note Checks that the sharing app is enabled should be performed
|
||||
* by client code, that isn't checked here
|
||||
*/
|
||||
public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||
|
||||
$path = ltrim( $path, '/' );
|
||||
|
||||
$filepath = '/' . $userId . '/files/' . $filePath;
|
||||
|
||||
// Check if sharing is enabled
|
||||
if ( OC_App::isEnabled( 'files_sharing' ) ) {
|
||||
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
// check if it is a file owned by the user and not shared at all
|
||||
$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
|
||||
|
||||
if ( $userview->file_exists( $path ) ) {
|
||||
|
||||
$users[] = $userId;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$view = new \OC_FilesystemView( '/public-keys/' );
|
||||
|
||||
$keylist = array();
|
||||
|
||||
$count = 0;
|
||||
|
||||
foreach ( $users as $user ) {
|
||||
|
||||
$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
|
||||
|
||||
}
|
||||
|
||||
return $keylist;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store file encryption key
|
||||
*
|
||||
* @param string $path relative path of the file, including filename
|
||||
* @param string $key
|
||||
* @return bool true/false
|
||||
* @note The keyfile is not encrypted here. Client code must
|
||||
* asymmetrically encrypt the keyfile before passing it to this method
|
||||
*/
|
||||
public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
|
||||
|
||||
$basePath = '/' . $userId . '/files_encryption/keyfiles';
|
||||
|
||||
$targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||
|
||||
if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
|
||||
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
// Save the keyfile in parallel directory
|
||||
return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve keyfile for an encrypted file
|
||||
* @param string file name
|
||||
* @return string file key or false on failure
|
||||
* @note The keyfile returned is asymmetrically encrypted. Decryption
|
||||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||
|
||||
$filePath_f = ltrim( $filePath, '/' );
|
||||
|
||||
$catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||
|
||||
if ( $view->file_exists( $catfilePath ) ) {
|
||||
|
||||
return $view->file_get_contents( $catfilePath );
|
||||
|
||||
} else {
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Delete a keyfile
|
||||
*
|
||||
* @param OC_FilesystemView $view
|
||||
* @param string $userId username
|
||||
* @param string $path path of the file the key belongs to
|
||||
* @return bool Outcome of unlink operation
|
||||
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
|
||||
* /data/admin/files/mydoc.txt
|
||||
*/
|
||||
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
|
||||
|
||||
$trimmed = ltrim( $path, '/' );
|
||||
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key';
|
||||
|
||||
// Unlink doesn't tell us if file was deleted (not found returns
|
||||
// true), so we perform our own test
|
||||
if ( $view->file_exists( $keyPath ) ) {
|
||||
|
||||
return $view->unlink( $keyPath );
|
||||
|
||||
} else {
|
||||
|
||||
\OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store private key from the user
|
||||
* @param string key
|
||||
* @return bool
|
||||
* @note Encryption of the private key must be performed by client code
|
||||
* as no encryption takes place here
|
||||
*/
|
||||
public static function setPrivateKey( $key ) {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
|
||||
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
||||
|
||||
return $view->file_put_contents( $user . '.private.key', $key );
|
||||
|
||||
\OC_FileProxy::$enabled = true;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store private keys from the user
|
||||
*
|
||||
* @param string privatekey
|
||||
* @param string publickey
|
||||
* @return bool true/false
|
||||
*/
|
||||
public static function setUserKeys($privatekey, $publickey) {
|
||||
|
||||
return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store public key of the user
|
||||
*
|
||||
* @param string key
|
||||
* @return bool true/false
|
||||
*/
|
||||
public static function setPublicKey( $key ) {
|
||||
|
||||
$view = new \OC_FilesystemView( '/public-keys' );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
||||
|
||||
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
|
||||
|
||||
\OC_FileProxy::$enabled = true;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @note 'shareKey' is a more user-friendly name for env_key
|
||||
*/
|
||||
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
|
||||
|
||||
$basePath = '/' . $userId . '/files_encryption/share-keys';
|
||||
|
||||
$shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||
|
||||
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Make preparations to vars and filesystem for saving a keyfile
|
||||
*/
|
||||
public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
|
||||
|
||||
$targetPath = ltrim( $path, '/' );
|
||||
|
||||
$path_parts = pathinfo( $targetPath );
|
||||
|
||||
// If the file resides within a subdirectory, create it
|
||||
if (
|
||||
isset( $path_parts['dirname'] )
|
||||
&& ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
|
||||
) {
|
||||
|
||||
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
|
||||
|
||||
}
|
||||
|
||||
return $targetPath;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief change password of private encryption key
|
||||
*
|
||||
* @param string $oldpasswd old password
|
||||
* @param string $newpasswd new password
|
||||
* @return bool true/false
|
||||
*/
|
||||
public static function changePasswd($oldpasswd, $newpasswd) {
|
||||
|
||||
if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
|
||||
return Crypt::changekeypasscode($oldpasswd, $newpasswd);
|
||||
}
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Fetch the legacy encryption key from user files
|
||||
* @param string $login used to locate the legacy key
|
||||
* @param string $passphrase used to decrypt the legacy key
|
||||
* @return true / false
|
||||
*
|
||||
* if the key is left out, the default handeler will be used
|
||||
*/
|
||||
public function getLegacyKey() {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
$view = new \OC_FilesystemView( '/' . $user );
|
||||
return $view->file_get_contents( 'encryption.key' );
|
||||
|
||||
}
|
||||
|
||||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud
|
||||
*
|
||||
* @author Bjoern Schiessle
|
||||
* @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Encryption;
|
||||
|
||||
/**
|
||||
* @brief Class to manage storage and retrieval of encryption keys
|
||||
* @note Where a method requires a view object, it's root must be '/'
|
||||
*/
|
||||
class Keymanager {
|
||||
|
||||
/**
|
||||
* @brief retrieve the ENCRYPTED private key from a user
|
||||
*
|
||||
* @return string private key or false
|
||||
* @note the key returned by this method must be decrypted before use
|
||||
*/
|
||||
public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
|
||||
|
||||
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
|
||||
|
||||
$key = $view->file_get_contents( $path );
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve public key for a specified user
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param $userId
|
||||
* @return string public key or false
|
||||
*/
|
||||
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
|
||||
|
||||
return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve both keys from a user (private and public)
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param $userId
|
||||
* @return array keys: privateKey, publicKey
|
||||
*/
|
||||
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
|
||||
|
||||
return array(
|
||||
'publicKey' => self::getPublicKey( $view, $userId )
|
||||
, 'privateKey' => self::getPrivateKey( $view, $userId )
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Retrieve public keys of all users with access to a file
|
||||
* @param string $path Path to file
|
||||
* @return array of public keys for the given file
|
||||
* @note Checks that the sharing app is enabled should be performed
|
||||
* by client code, that isn't checked here
|
||||
*/
|
||||
public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||
|
||||
$path = ltrim( $path, '/' );
|
||||
|
||||
$filepath = '/' . $userId . '/files/' . $filePath;
|
||||
|
||||
// Check if sharing is enabled
|
||||
if ( OC_App::isEnabled( 'files_sharing' ) ) {
|
||||
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
// check if it is a file owned by the user and not shared at all
|
||||
$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
|
||||
|
||||
if ( $userview->file_exists( $path ) ) {
|
||||
|
||||
$users[] = $userId;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$view = new \OC_FilesystemView( '/public-keys/' );
|
||||
|
||||
$keylist = array();
|
||||
|
||||
$count = 0;
|
||||
|
||||
foreach ( $users as $user ) {
|
||||
|
||||
$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
|
||||
|
||||
}
|
||||
|
||||
return $keylist;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store file encryption key
|
||||
*
|
||||
* @param string $path relative path of the file, including filename
|
||||
* @param string $key
|
||||
* @return bool true/false
|
||||
* @note The keyfile is not encrypted here. Client code must
|
||||
* asymmetrically encrypt the keyfile before passing it to this method
|
||||
*/
|
||||
public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
|
||||
|
||||
$basePath = '/' . $userId . '/files_encryption/keyfiles';
|
||||
|
||||
$targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||
|
||||
if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
|
||||
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
// Save the keyfile in parallel directory
|
||||
return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve keyfile for an encrypted file
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param $userId
|
||||
* @param $filePath
|
||||
* @internal param \OCA\Encryption\file $string name
|
||||
* @return string file key or false
|
||||
* @note The keyfile returned is asymmetrically encrypted. Decryption
|
||||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||
|
||||
$filePath_f = ltrim( $filePath, '/' );
|
||||
|
||||
$catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||
|
||||
if ( $view->file_exists( $catfilePath ) ) {
|
||||
|
||||
return $view->file_get_contents( $catfilePath );
|
||||
|
||||
} else {
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Delete a keyfile
|
||||
*
|
||||
* @param OC_FilesystemView $view
|
||||
* @param string $userId username
|
||||
* @param string $path path of the file the key belongs to
|
||||
* @return bool Outcome of unlink operation
|
||||
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
|
||||
* /data/admin/files/mydoc.txt
|
||||
*/
|
||||
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
|
||||
|
||||
$trimmed = ltrim( $path, '/' );
|
||||
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key';
|
||||
|
||||
// Unlink doesn't tell us if file was deleted (not found returns
|
||||
// true), so we perform our own test
|
||||
if ( $view->file_exists( $keyPath ) ) {
|
||||
|
||||
return $view->unlink( $keyPath );
|
||||
|
||||
} else {
|
||||
|
||||
\OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store private key from the user
|
||||
* @param string key
|
||||
* @return bool
|
||||
* @note Encryption of the private key must be performed by client code
|
||||
* as no encryption takes place here
|
||||
*/
|
||||
public static function setPrivateKey( $key ) {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
|
||||
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
if ( !$view->file_exists( '' ) )
|
||||
$view->mkdir( '' );
|
||||
|
||||
return $view->file_put_contents( $user . '.private.key', $key );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store private keys from the user
|
||||
*
|
||||
* @param string privatekey
|
||||
* @param string publickey
|
||||
* @return bool true/false
|
||||
*/
|
||||
public static function setUserKeys($privatekey, $publickey) {
|
||||
|
||||
return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store public key of the user
|
||||
*
|
||||
* @param string key
|
||||
* @return bool true/false
|
||||
*/
|
||||
public static function setPublicKey( $key ) {
|
||||
|
||||
$view = new \OC_FilesystemView( '/public-keys' );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
if ( !$view->file_exists( '' ) )
|
||||
$view->mkdir( '' );
|
||||
|
||||
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief store file encryption key
|
||||
*
|
||||
* @param string $path relative path of the file, including filename
|
||||
* @param string $key
|
||||
* @param null $view
|
||||
* @param string $dbClassName
|
||||
* @return bool true/false
|
||||
* @note The keyfile is not encrypted here. Client code must
|
||||
* asymmetrically encrypt the keyfile before passing it to this method
|
||||
*/
|
||||
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
|
||||
|
||||
$basePath = '/' . $userId . '/files_encryption/share-keys';
|
||||
|
||||
$shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||
|
||||
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Make preparations to vars and filesystem for saving a keyfile
|
||||
*/
|
||||
public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
|
||||
|
||||
$targetPath = ltrim( $path, '/' );
|
||||
|
||||
$path_parts = pathinfo( $targetPath );
|
||||
|
||||
// If the file resides within a subdirectory, create it
|
||||
if (
|
||||
isset( $path_parts['dirname'] )
|
||||
&& ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
|
||||
) {
|
||||
|
||||
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
|
||||
|
||||
}
|
||||
|
||||
return $targetPath;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Fetch the legacy encryption key from user files
|
||||
* @param string $login used to locate the legacy key
|
||||
* @param string $passphrase used to decrypt the legacy key
|
||||
* @return true / false
|
||||
*
|
||||
* if the key is left out, the default handler will be used
|
||||
*/
|
||||
public function getLegacyKey() {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
$view = new \OC_FilesystemView( '/' . $user );
|
||||
return $view->file_get_contents( 'encryption.key' );
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -173,7 +173,7 @@ class Stream {
|
|||
|
||||
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
|
||||
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
|
||||
\OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', OCP\Util::FATAL );
|
||||
\OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL );
|
||||
|
||||
die();
|
||||
|
||||
|
@ -209,7 +209,7 @@ class Stream {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief Encrypt and pad data ready for writting to disk
|
||||
* @brief Encrypt and pad data ready for writing to disk
|
||||
* @param string $plainData data to be encrypted
|
||||
* @param string $key key to use for encryption
|
||||
* @return encrypted data on success, false on failure
|
||||
|
@ -403,7 +403,7 @@ class Stream {
|
|||
$encrypted = $this->preWriteEncrypt( $chunk, $this->keyfile );
|
||||
|
||||
// Write the data chunk to disk. This will be
|
||||
// addended to the last data chunk if the file
|
||||
// attended to the last data chunk if the file
|
||||
// being handled totals more than 6126 bytes
|
||||
fwrite( $this->handle, $encrypted );
|
||||
|
||||
|
|
|
@ -12,8 +12,6 @@ $blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_b
|
|||
|
||||
$tmpl->assign( 'blacklist', $blackList );
|
||||
|
||||
OCP\Util::addscript('files_encryption','settings-personal');
|
||||
|
||||
return $tmpl->fetchPage();
|
||||
|
||||
return null;
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
<?php echo $type; ?>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
</p>
|
||||
</ul>
|
||||
<?php endif; ?>
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
Loading…
Reference in a new issue