From de69c05f992dde91beab513c4f452d9b5985aa0a Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 16 Jul 2014 11:46:13 +0200 Subject: [PATCH 1/2] make sure that the crypt library is loaded --- apps/files_encryption/files/error.php | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php index f925442612..b436587dfa 100644 --- a/apps/files_encryption/files/error.php +++ b/apps/files_encryption/files/error.php @@ -2,6 +2,7 @@ if (!isset($_)) { //also provide standalone error page require_once __DIR__ . '/../../../lib/base.php'; + require_once __DIR__ . '/../lib/crypt.php'; $l = OC_L10N::get('files_encryption'); From 8105f2ac8a6451c740a5b827724c2debcfbeba41 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 16 Jul 2014 12:06:00 +0200 Subject: [PATCH 2/2] introduce some encryption exceptions and catch additional error cases --- apps/files_encryption/appinfo/app.php | 4 +++ apps/files_encryption/lib/crypt.php | 23 ++++-------- apps/files_encryption/lib/exceptions.php | 46 ++++++++++++++++++++++++ apps/files_encryption/lib/util.php | 25 ++++++++----- 4 files changed, 73 insertions(+), 25 deletions(-) create mode 100644 apps/files_encryption/lib/exceptions.php diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 104e8568ca..a90f618e24 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,6 +10,10 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php'; OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; +// Exceptions +OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyEncryptException'] = 'files_encryption/lib/exceptions.php'; +OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyDecryptException'] = 'files_encryption/lib/exceptions.php'; + \OCP\Util::addscript('files_encryption', 'encryption'); \OCP\Util::addscript('files_encryption', 'detect-migration'); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 5632a2bc29..18f0224391 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -358,6 +358,7 @@ class Crypt { * @param string $plainContent content to be encrypted * @param array $publicKeys array keys must be the userId of corresponding user * @return array keys: keys (array, key = userId), data + * @throws \OCA\Encryption\Exceptions\\MultiKeyEncryptException if encryption failed * @note symmetricDecryptFileContent() can decrypt files created using this method */ public static function multiKeyEncrypt($plainContent, array $publicKeys) { @@ -365,9 +366,7 @@ class Crypt { // openssl_seal returns false without errors if $plainContent // is empty, so trigger our own error if (empty($plainContent)) { - - throw new \Exception('Cannot mutliKeyEncrypt empty plain content'); - + throw new Exceptions\MultiKeyEncryptException('Cannot mutliKeyEncrypt empty plain content', 10); } // Set empty vars to be set by openssl by reference @@ -394,9 +393,7 @@ class Crypt { ); } else { - - return false; - + throw new Exceptions\MultiKeyEncryptException('multi key encryption failed: ' . openssl_error_string(), 20); } } @@ -406,8 +403,8 @@ class Crypt { * @param string $encryptedContent * @param string $shareKey * @param mixed $privateKey - * @return false|string - * @internal param string $plainContent content to be encrypted + * @throws \OCA\Encryption\Exceptions\\MultiKeyDecryptException if decryption failed + * @internal param string $plainContent contains decrypted content * @return string $plainContent decrypted string * @note symmetricDecryptFileContent() can be used to decrypt files created using this method * @@ -416,9 +413,7 @@ class Crypt { public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) { if (!$encryptedContent) { - - return false; - + throw new Exceptions\MultiKeyDecryptException('Cannot mutliKeyDecrypt empty plain content', 10); } if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { @@ -426,11 +421,7 @@ class Crypt { return $plainContent; } else { - - \OCP\Util::writeLog('Encryption library', 'Decryption (asymmetric) of sealed content with share-key "'.$shareKey.'" failed', \OCP\Util::ERROR); - - return false; - + throw new Exceptions\MultiKeyDecryptException('multiKeyDecrypt with share-key' . $shareKey . 'failed: ' . openssl_error_string(), 20); } } diff --git a/apps/files_encryption/lib/exceptions.php b/apps/files_encryption/lib/exceptions.php new file mode 100644 index 0000000000..a409b0f0fb --- /dev/null +++ b/apps/files_encryption/lib/exceptions.php @@ -0,0 +1,46 @@ + + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see . + * + */ + +namespace OCA\Encryption\Exceptions; + +class EncryptionException extends \Exception { +} + +/** + * Throw this exception if multi key encrytion fails + * + * Possible error codes: + * 10 - empty plain content was given + * 20 - openssl_seal failed + */ +class MultiKeyEncryptException extends EncryptionException { +} + +/** + * Throw this encryption if multi key decryption failed + * + * Possible error codes: + * 10 - empty encrypted content was given + * 20 - openssl_open failed + */ +class MultiKeyDecryptException extends EncryptionException { +} diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ee9939318c..e44a8bd3dd 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -908,19 +908,26 @@ class Util { // Get the current users's private key for decrypting existing keyfile $privateKey = $session->getPrivateKey(); - $fileOwner = \OC\Files\Filesystem::getOwner($filePath); - - // Decrypt keyfile - $plainKeyfile = $this->decryptKeyfile($filePath, $privateKey); - - // Re-enc keyfile to (additional) sharekeys - $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); + try { + // Decrypt keyfile + $plainKeyfile = $this->decryptKeyfile($filePath, $privateKey); + // Re-enc keyfile to (additional) sharekeys + $multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys); + } catch (Exceptions\EncryptionException $e) { + $msg = 'set shareFileKeyFailed (code: ' . $e->getCode() . '): ' . $e->getMessage(); + \OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL); + return false; + } catch (\Exception $e) { + $msg = 'set shareFileKeyFailed (unknown error): ' . $e->getMessage(); + \OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL); + return false; + } // Save the recrypted key to it's owner's keyfiles directory // Save new sharekeys to all necessary user directory if ( - !Keymanager::setFileKey($this->view, $this, $filePath, $multiEncKey['data']) - || !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys']) + !Keymanager::setFileKey($this->view, $this, $filePath, $multiEncKey['data']) + || !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys']) ) { \OCP\Util::writeLog('Encryption library',