/** * Sets up user folders and keys for serverside encryption * * @param string $passphrase to encrypt server-stored private key with * @return bool */ public function setupServerSide($passphrase = null) { // Set directories to check / create $setUpDirs = array($this->userDir, $this->publicKeyDir, $this->encryptionDir, $this->keysPath); // Check / create all necessary dirs foreach ($setUpDirs as $dirPath) { if (!$this->view->file_exists($dirPath)) { $this->view->mkdir($dirPath); } } // Create user keypair // we should never override a keyfile if (!$this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { // Generate keypair $keypair = Crypt::createKeypair(); if ($keypair) { \OC_FileProxy::$enabled = false; // Encrypt private key with user pwd as passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase, Helper::getCipher()); // Save key-pair if ($encryptedPrivateKey) { $header = crypt::generateHeader(); $this->view->file_put_contents($this->privateKeyPath, $header . $encryptedPrivateKey); $this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']); } \OC_FileProxy::$enabled = true; } } else { // check if public-key exists but private-key is missing if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { \OCP\Util::writeLog('Encryption library', 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } else { if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)) { \OCP\Util::writeLog('Encryption library', 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } } } return true; }
/** * @param string $path raw path relative to data/ * @param string $mode * @param int $options * @param string $opened_path * @return bool * @throw \OCA\Files_Encryption\Exception\EncryptionException */ public function stream_open($path, $mode, $options, &$opened_path) { // read default cipher from config $this->cipher = Helper::getCipher(); // assume that the file already exist before we decide it finally in getKey() $this->newFile = false; $this->rootView = new \OC\Files\View('/'); $this->session = new Session($this->rootView); $this->privateKey = $this->session->getPrivateKey(); if ($this->privateKey === false) { throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING); } $normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); $originalFile = Helper::getPathFromTmpFile($normalizedPath); if ($originalFile) { $this->rawPath = $originalFile; $this->isLocalTmpFile = true; $this->localTmpFile = $normalizedPath; } else { $this->rawPath = $normalizedPath; } $this->util = new Util($this->rootView, Helper::getUser($this->rawPath)); // get the key ID which we want to use, can be the users key or the // public share key $this->keyId = $this->util->getKeyId(); $fileType = Helper::detectFileType($this->rawPath); switch ($fileType) { case Util::FILE_TYPE_FILE: $this->relPath = Helper::stripUserFilesPath($this->rawPath); $user = \OC::$server->getUserSession()->getUser(); $this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath); break; case Util::FILE_TYPE_VERSION: $this->relPath = Helper::getPathFromVersion($this->rawPath); $this->userId = Helper::getUserFromPath($this->rawPath); break; case Util::FILE_TYPE_CACHE: $this->relPath = Helper::getPathFromCachedFile($this->rawPath); Helper::mkdirr($this->rawPath, new \OC\Files\View('/')); $user = \OC::$server->getUserSession()->getUser(); $this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath); break; default: \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR); return false; } // Disable fileproxies so we can get the file size and open the source file without recursive encryption $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') { // We're writing a new file so start write counter with 0 bytes $this->size = 0; $this->unencryptedSize = 0; } else { $this->size = $this->rootView->filesize($this->rawPath); $this->readHeader(); } if ($this->isLocalTmpFile) { $this->handle = fopen($this->localTmpFile, $mode); } else { $this->handle = $this->rootView->fopen($this->rawPath, $mode); } \OC_FileProxy::$enabled = $proxyStatus; if (!is_resource($this->handle)) { \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); } else { $this->meta = stream_get_meta_data($this->handle); // sometimes fopen changes the mode, e.g. for a url "r" convert to "r+" // but we need to remember the original access type $this->meta['mode'] = $mode; } return is_resource($this->handle); }
$errorMessage = $l->t('Please repeat the new recovery password'); \OCP\JSON::error(array('data' => array('message' => $errorMessage))); exit; } if ($_POST['newPassword'] !== $_POST['confirmPassword']) { $errorMessage = $l->t('Repeated recovery key password does not match the provided recovery key password'); \OCP\JSON::error(array('data' => array('message' => $errorMessage))); exit; } $view = new \OC\Files\View('/'); $util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser()); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyId = $util->getRecoveryKeyId(); $encryptedRecoveryKey = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyId); $decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false; if ($decryptedRecoveryKey) { $cipher = \OCA\Files_Encryption\Helper::getCipher(); $encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Files_Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId); $return = true; } } \OC_FileProxy::$enabled = $proxyStatus; // success or failure if ($return) { \OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.')))); } else { \OCP\JSON::error(array('data' => array('message' => $l->t('Could not change the password. Maybe the old password was not correct.')))); }
/** * @param string $path raw path relative to data/ * @param string $mode * @param int $options * @param string $opened_path * @return bool * @throw \OCA\Files_Encryption\Exception\EncryptionException */ public function stream_open($path, $mode, $options, &$opened_path) { // read default cipher from config $this->cipher = Helper::getCipher(); // assume that the file already exist before we decide it finally in getKey() $this->newFile = false; if (!isset($this->rootView)) { $this->rootView = new \OC\Files\View('/'); } $this->session = new Session($this->rootView); $this->privateKey = $this->session->getPrivateKey(); if ($this->privateKey === false) { throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING); } $normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); if ($originalFile = Helper::getPathFromTmpFile($normalizedPath)) { $this->rawPath = $originalFile; $this->isLocalTmpFile = true; $this->localTmpFile = $normalizedPath; } else { $this->rawPath = $normalizedPath; } $this->userId = Helper::getUser($this->rawPath); $util = new Util($this->rootView, $this->userId); // get the key ID which we want to use, can be the users key or the // public share key $this->keyId = $util->getKeyId(); // Strip identifier text from path, this gives us the path relative to data/<user>/files $this->relPath = Helper::stripUserFilesPath($this->rawPath); // if raw path doesn't point to a real file, check if it is a version or a file in the trash bin if ($this->relPath === false) { $this->relPath = Helper::getPathToRealFile($this->rawPath); } if ($this->relPath === false) { \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR); return false; } // Disable fileproxies so we can get the file size and open the source file without recursive encryption $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') { // We're writing a new file so start write counter with 0 bytes $this->size = 0; $this->unencryptedSize = 0; } else { if ($this->privateKey === false) { // if private key is not valid redirect user to a error page Helper::redirectToErrorPage($this->session); } $this->size = $this->rootView->filesize($this->rawPath); $this->readHeader(); } if ($this->isLocalTmpFile) { $this->handle = fopen($this->localTmpFile, $mode); } else { $this->handle = $this->rootView->fopen($this->rawPath, $mode); } \OC_FileProxy::$enabled = $proxyStatus; if (!is_resource($this->handle)) { \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); } else { $this->meta = stream_get_meta_data($this->handle); // sometimes fopen changes the mode, e.g. for a url "r" convert to "r+" // but we need to remember the original access type $this->meta['mode'] = $mode; } return is_resource($this->handle); }