wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Development snapshot

Browse source
This commit is contained in:
Sam Tuke 2012-09-11 13:40:45 +01:00
parent 2e796b563f
commit ed980674a6
5 changed files with 301 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/files_encryption/hooks/hooks.php
View file

@ -57,6 +57,8 @@ class Hooks {
\OC_FileProxy::$enabled = true;
# TODO: dont manually encrypt the private keyfile - use the config options of openssl_pkey_export instead for better mobile compatibility
$_SESSION['enckey'] = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] );
}

2
apps/files_encryption/lib/crypt.php
View file

@ -161,7 +161,7 @@ class Crypt {
* @returns decrypted file
*/
public static function decrypt( $encryptedContent, $iv, $passphrase ) {
echo "\n\nJET \$passphrase = $passphrase , \$iv = $iv\n\n";
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $plainContent;

207
apps/files_encryption/lib/stream.php
View file

@ -32,14 +32,16 @@ namespace OCA_Encryption;
class Stream {
public static $sourceStreams = array();
private $source;
# TODO: make all below properties private again once unit testing is configured correctly
public $rawPath; // The raw path received by stream_open
private $handle; // Resource returned by fopen
private $path;
private $rawPath; // The raw path received by stream_open
private $readBuffer; // For streams that dont support seeking
private $meta = array(); // Header / meta for source stream
private $count;
private $writeCache;
private $size;
public $size;
private $keyfile;
private static $view;
@ -61,8 +63,10 @@ class Stream {
dirname( $path ) == 'streams'
and isset( self::$sourceStreams[basename( $path )] )
) {
// Is this just for unit testing purposes?
$this->source = self::$sourceStreams[basename( $path )]['stream'];
$this->handle = self::$sourceStreams[basename( $path )]['stream'];
$this->path = self::$sourceStreams[basename( $path )]['path'];
@ -81,18 +85,22 @@ class Stream {
} else {
$this->size = self::$view->filesize( $path, $mode );
//$this->size = self::$view->filesize( $path, $mode );
$this->size = filesize( $path );
}
// Disable fileproxies so we can open the source file without recursive encryption
\OC_FileProxy::$enabled = false;
$this->source = self::$view->fopen( $path, $mode );
$this->handle = fopen( $path, $mode );
//$this->handle = self::$view->fopen( $path, $mode );
\OC_FileProxy::$enabled = true;
if ( !is_resource( $this->source ) ) {
if ( !is_resource( $this->handle ) ) {
\OCP\Util::writeLog( 'files_encryption','failed to open '.$path,OCP\Util::ERROR );
@ -100,27 +108,30 @@ class Stream {
}
if ( is_resource( $this->source ) ) {
if ( is_resource( $this->handle ) ) {
$this->meta = stream_get_meta_data( $this->source );
$this->meta = stream_get_meta_data( $this->handle );
}
return is_resource( $this->source );
return is_resource( $this->handle );
}
public function stream_seek($offset, $whence=SEEK_SET) {
public function stream_seek( $offset, $whence = SEEK_SET ) {
$this->flush();
fseek($this->source,$offset,$whence);
fseek( $this->handle, $offset, $whence );
}
public function stream_tell() {
return ftell($this->source);
return ftell($this->handle);
}
public function stream_read( $count ) {
$this->writeCache = '';
if ( $count != 8192 ) {
@ -133,27 +144,49 @@ class Stream {
}
$pos = ftell( $this->source );
$data = fread( $this->source, 8192 );
if ( strlen( $data ) ) {
// $pos = ftell( $this->handle );
//
$data = fread( $this->handle, 8192 );
//echo "\n\nPRE DECRYPTION = $data\n\n";
//
// if ( strlen( $data ) ) {
$this->getKey();
echo "\n\nGROWL {$this->keyfile}\n\n";
$key = file_get_contents( '/home/samtuke/owncloud/git/oc3/data/admin/files_encryption/keyfiles/tmp-1346255589.key' );
$result = Crypt::symmetricDecryptFileContent( $data, $this->keyfile );
echo "\n\n\n\n-----------------------------\n\nNEWS";
echo "\n\n\$data = $data";
echo "\n\n\$key = $key";
echo "\n\n\$result = $result";
echo "\n\n\n\n-----------------------------\n\n";
//trigger_error("CAT $result");
} else {
// } else {
//
// $result = '';
//
// }
$result = '';
}
$length = $this->size - $pos;
if ( $length < 8192 ) {
$result = substr( $result, 0, $length );
}
// $length = $this->size - $pos;
//
// if ( $length < 8192 ) {
//
// $result = substr( $result, 0, $length );
//
// }
return $result;
@ -161,40 +194,45 @@ class Stream {
/**
* @brief Get the keyfile for the current file, generate one if necessary
* @param bool $generate if true, a new key will be generated if none can be found
*/
public function getKey() {
public function getKey( $generate = true ) {
# TODO: Move this user call out of here - it belongs elsewhere
$user = \OCP\User::getUser();
if ( self::$view->file_exists( $this->rawPath . $user ) ) {
if ( self::$view->file_exists( $this->rawPath ) ) {
# TODO: add error handling for when file exists but no keyfile
// If the data is to be written to an existing file, fetch its keyfile
$this->keyfile = Keymanager::getFileKey( $this->rawPath . $user );
$this->keyfile = Keymanager::getFileKey( $this->rawPath );
} else {
// If the data is to be written to a new file, generate a new keyfile
$this->keyfile = Crypt::generateKey();
if ( $generate ) {
// If the data is to be written to a new file, generate a new keyfile
$this->keyfile = Crypt::generateKey();
}
}
}
/**
* @brief Write write plan data as encrypted data
* @brief Take plain data destined to be written, encrypt it, and write it block by block
*/
public function stream_write( $data ) {
# TODO: Find a way to get path of file in order to know where to save its parallel keyfile
\OC_FileProxy::$enabled = false;
$length = strlen( $data );
$written = 0;
$currentPos = ftell( $this->source );
$currentPos = ftell( $this->handle );
# TODO: Move this user call out of here - it belongs elsewhere
$user = \OCP\User::getUser();
@ -208,25 +246,27 @@ class Stream {
Keymanager::setFileKey( $this->rawPath, $this->keyfile, new \OC_FilesystemView( '/' ) );
}
// // Set $data to contents of writeCache
// // Concat writeCache to start of $data
// // If data exists in the writeCache
// if ( $this->writeCache ) {
//
//
// trigger_error("write cache is set");
//
// // Concat writeCache to start of $data
// $data = $this->writeCache . $data;
//
// $this->writeCache = '';
//
// }
//
// // Make sure we always start on a block start
// if ( 0 != ( $currentPos % 8192 ) ) { // If we're not at the end of file yet (in the final chunk), if there will be no bytes left to read after the current chunk
//
// fseek( $this->source, - ( $currentPos % 8192 ), SEEK_CUR );
// fseek( $this->handle, - ( $currentPos % 8192 ), SEEK_CUR );
//
// $encryptedBlock = fread( $this->source, 8192 );
// $encryptedBlock = fread( $this->handle, 8192 );
//
// fseek( $this->source, - ( $currentPos % 8192 ), SEEK_CUR );
// fseek( $this->handle, - ( $currentPos % 8192 ), SEEK_CUR );
//
// $block = Crypt::symmetricDecryptFileContent( $encryptedBlock, $this->keyfile );
//
@ -234,28 +274,36 @@ class Stream {
//
// $data = $x . $data;
//
// fseek( $this->source, - ( $currentPos % 8192 ), SEEK_CUR );
// fseek( $this->handle, - ( $currentPos % 8192 ), SEEK_CUR );
//
// }
// $currentPos = ftell( $this->source );
//
// while( $remainingLength = strlen( $data ) > 0 ) {
//
// // Set writeCache to contents of $data
/*
$currentPos = ftell( $this->handle );*/
// // While there still remains somed data to be written
// while( strlen( $data ) > 0 ) {
//
// $remainingLength = strlen( $data );
//
// // If data remaining to be written is less than the size of 1 block
// if ( $remainingLength < 8192 ) {
//
//
// //trigger_error("remaining length < 8192");
//
// // Set writeCache to contents of $data
// $this->writeCache = $data;
//
// $data = '';
//
// } else {
$encrypted = Crypt::symmetricBlockEncryptFileContent( $data, $this->keyfile );
$encrypted = Crypt::symmetricEncryptFileContent( $data, $this->keyfile );
//$encrypted = $data;
file_put_contents('/home/samtuke/tmp.txt', $encrypted);
fwrite( $this->source, $encrypted );
//echo "\n\nFRESHLY ENCRYPTED = $encrypted\n\n";
fwrite( $this->handle, $encrypted );
$data = substr( $data, 8192 );
@ -273,38 +321,53 @@ class Stream {
public function stream_set_option($option,$arg1,$arg2) {
switch($option) {
case STREAM_OPTION_BLOCKING:
stream_set_blocking($this->source,$arg1);
stream_set_blocking($this->handle,$arg1);
break;
case STREAM_OPTION_READ_TIMEOUT:
stream_set_timeout($this->source,$arg1,$arg2);
stream_set_timeout($this->handle,$arg1,$arg2);
break;
case STREAM_OPTION_WRITE_BUFFER:
stream_set_write_buffer($this->source,$arg1,$arg2);
stream_set_write_buffer($this->handle,$arg1,$arg2);
}
}
public function stream_stat() {
return fstat($this->source);
return fstat($this->handle);
}
public function stream_lock($mode) {
flock($this->source,$mode);
flock($this->handle,$mode);
}
public function stream_flush() {
return fflush($this->source);
return fflush($this->handle); // Not a typo: http://php.net/manual/en/function.fflush.php
}
public function stream_eof() {
return feof($this->source);
return feof($this->handle);
}
private function flush() {
if ($this->writeCache) {
$encrypted=Crypt::encrypt($this->writeCache);
fwrite($this->source,$encrypted);
$this->writeCache='';
if ( $this->writeCache ) {
// Set keyfile property for file in question
$this->getKey();
//echo "\n\nFLUSH = {$this->writeCache}\n\n";
$encrypted = Crypt::symmetricBlockEncryptFileContent( $this->writeCache, $this->keyfile );
//echo "\n\nENCFLUSH = $encrypted\n\n";
fwrite( $this->handle, $encrypted );
$this->writeCache = '';
}
}
public function stream_close() {
@ -317,7 +380,7 @@ class Stream {
}
return fclose($this->source);
return fclose($this->handle);
}

31
apps/files_encryption/tests/crypt.php
View file

@ -24,6 +24,8 @@ class Test_Crypt extends \PHPUnit_Framework_TestCase {
$this->legacyEncryptedData = realpath( dirname(__FILE__).'/legacy-encrypted-text.txt' );
$this->view = new \OC_FilesystemView( '/' );
\OC_User::setUserId( 'admin' );
}
@ -146,29 +148,38 @@ class Test_Crypt extends \PHPUnit_Framework_TestCase {
}
function testSymmetricStreamEncryptLongFileContent() {
\OC_User::setUserId( 'admin' );
$filename = 'clockEncrypt';
$filename = 'tmp-'.time();
$cryptedFile = file_put_contents( 'crypt://' . '/' . $filename, $this->dataLong );
echo "\n\n\$filename = $filename\n\n";
$cryptedFile = file_put_contents( 'crypt://' . '/' . '/home/samtuke/owncloud/git/oc3/data/' . $filename, $this->dataLong.$this->dataLong );
// Test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// Get file contents without using any wrapper to get it's actual contents on disk
$retreivedCryptedFile = $this->view->file_get_contents( '/'. $filename );
$retreivedCryptedFile = $this->view->file_get_contents( '/' . $filename );
//echo "\n\nsock $retreivedCryptedFile\n\n";
// Check that the file was encrypted before being written to disk
$this->assertNotEquals( $this->dataLong.$this->dataLong, $retreivedCryptedFile );
$autoDecrypted = file_get_contents( 'crypt:////home/samtuke/owncloud/git/oc3/data/' . $filename );
//file_get_contents('crypt:///home/samtuke/tmp-1346255589');
$this->assertEquals( $this->dataLong.$this->dataLong, $autoDecrypted );
echo "\n\nsock $retreivedCryptedFile\n\n";
// // Check that the file was encrypted before being written to disk
// $this->assertNotEquals( $this->dataLong, $retreivedCryptedFile );
//
//
// $key = file_get_contents( '/home/samtuke/owncloud/git/oc3/data/admin/files_encryption/keyfiles/' . $filename . '.key' );
//
// $manualDecrypt = Crypt::symmetricBlockDecryptFileContent( $retreivedCryptedFile, $key );
//
// echo "\n\n\n\n\n\n\n\n\n\n\$manualDecrypt = $manualDecrypt\n\n";
//
// $this->assertEquals( $this->dataLong, $manualDecrypt );

142
apps/files_encryption/tests/stream.php
View file

@ -5,6 +5,148 @@
* later.
* See the COPYING-README file.
*/
namespace OCA_Encryption;
require_once "PHPUnit/Framework/TestCase.php";
require_once realpath( dirname(__FILE__).'/../../../lib/base.php' );
class Test_Stream extends \PHPUnit_Framework_TestCase {
function setUp() {
$this->empty = '';
$this->stream = new Stream();
$this->dataLong = file_get_contents( realpath( dirname(__FILE__).'/../lib/crypt.php' ) );
$this->dataShort = 'hats';
$this->emptyTmpFilePath = \OCP\Files::tmpFile();
$this->dataTmpFilePath = \OCP\Files::tmpFile();
file_put_contents( $this->dataTmpFilePath, "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec a diam lectus. Sed sit amet ipsum mauris. Maecenas congue ligula ac quam viverra nec consectetur ante hendrerit. Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean ut gravida lorem. Ut turpis felis, pulvinar a semper sed, adipiscing id dolor. Pellentesque auctor nisi id magna consequat sagittis. Curabitur dapibus enim sit amet elit pharetra tincidunt feugiat nisl imperdiet. Ut convallis libero in urna ultrices accumsan. Donec sed odio eros. Donec viverra mi quis quam pulvinar at malesuada arcu rhoncus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In rutrum accumsan ultricies. Mauris vitae nisi at sem facilisis semper ac in est." );
}
function testStreamOpen() {
$stream1 = new Stream();
$handle1 = $stream1->stream_open( $this->emptyTmpFilePath, 'wb', array(), $this->empty );
// Test that resource was returned successfully
$this->assertTrue( $handle1 );
// Test that file has correct size
$this->assertEquals( 0, $stream1->size );
// Test that path is correct
$this->assertEquals( $this->emptyTmpFilePath, $stream1->rawPath );
$stream2 = new Stream();
$handle2 = $stream2->stream_open( 'crypt://' . $this->emptyTmpFilePath, 'wb', array(), $this->empty );
// Test that protocol identifier is removed from path
$this->assertEquals( $this->emptyTmpFilePath, $stream2->rawPath );
// "Stat failed error" prevents this test from executing
// $stream3 = new Stream();
//
// $handle3 = $stream3->stream_open( $this->dataTmpFilePath, 'r', array(), $this->empty );
//
// $this->assertEquals( 0, $stream3->size );
}
function testStreamWrite() {
$stream1 = new Stream();
$handle1 = $stream1->stream_open( $this->emptyTmpFilePath, 'r+b', array(), $this->empty );
# what about the keymanager? there is no key for the newly created temporary file!
$stream1->stream_write( $this->dataShort );
}
// function getStream( $id, $mode, $size ) {
//
// if ( $id === '' ) {
//
// $id = uniqid();
// }
//
//
// if ( !isset( $this->tmpFiles[$id] ) ) {
//
// // If tempfile with given name does not already exist, create it
//
// $file = OCP\Files::tmpFile();
//
// $this->tmpFiles[$id] = $file;
//
// } else {
//
// $file = $this->tmpFiles[$id];
//
// }
//
// $stream = fopen( $file, $mode );
//
// Stream::$sourceStreams[$id] = array( 'path' => 'dummy' . $id, 'stream' => $stream, 'size' => $size );
//
// return fopen( 'crypt://streams/'.$id, $mode );
//
// }
//
// function testStream( ){
//
// $stream = $this->getStream( 'test1', 'w', strlen( 'foobar' ) );
//
// fwrite( $stream, 'foobar' );
//
// fclose( $stream );
//
//
// $stream = $this->getStream( 'test1', 'r', strlen( 'foobar' ) );
//
// $data = fread( $stream, 6 );
//
// fclose( $stream );
//
// $this->assertEqual( 'foobar', $data );
//
//
// $file = OC::$SERVERROOT.'/3rdparty/MDB2.php';
//
// $source = fopen( $file, 'r' );
//
// $target = $this->getStream( 'test2', 'w', 0 );
//
// OCP\Files::streamCopy( $source, $target );
//
// fclose( $target );
//
// fclose( $source );
//
//
// $stream = $this->getStream( 'test2', 'r', filesize( $file ) );
//
// $data = stream_get_contents( $stream );
//
// $original = file_get_contents( $file );
//
// $this->assertEqual( strlen( $original ), strlen( $data ) );
//
// $this->assertEqual( $original, $data );
//
// }
}
// class Test_CryptStream extends UnitTestCase {
// private $tmpFiles=array();