/**
* Sets up user folders and keys for serverside encryption
*
* @param string $passphrase to encrypt server-stored private key with
* @return bool
*/
public function setupServerSide($passphrase = null)
{
// Set directories to check / create
$setUpDirs = array($this->userDir, $this->publicKeyDir, $this->encryptionDir, $this->keysPath);
// Check / create all necessary dirs
foreach ($setUpDirs as $dirPath) {
if (!$this->view->file_exists($dirPath)) {
$this->view->mkdir($dirPath);
}
}
// Create user keypair
// we should never override a keyfile
if (!$this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
// Generate keypair
$keypair = Crypt::createKeypair();
if ($keypair) {
\OC_FileProxy::$enabled = false;
// Encrypt private key with user pwd as passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase, Helper::getCipher());
// Save key-pair
if ($encryptedPrivateKey) {
$header = crypt::generateHeader();
$this->view->file_put_contents($this->privateKeyPath, $header . $encryptedPrivateKey);
$this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']);
}
\OC_FileProxy::$enabled = true;
}
} else {
// check if public-key exists but private-key is missing
if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library', 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
} else {
if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library', 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
}
}
}
return true;
}
/**
* @param string $path raw path relative to data/
* @param string $mode
* @param int $options
* @param string $opened_path
* @return bool
* @throw \OCA\Files_Encryption\Exception\EncryptionException
*/
public function stream_open($path, $mode, $options, &$opened_path)
{
// read default cipher from config
$this->cipher = Helper::getCipher();
// assume that the file already exist before we decide it finally in getKey()
$this->newFile = false;
$this->rootView = new \OC\Files\View('/');
$this->session = new Session($this->rootView);
$this->privateKey = $this->session->getPrivateKey();
if ($this->privateKey === false) {
throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING);
}
$normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
$originalFile = Helper::getPathFromTmpFile($normalizedPath);
if ($originalFile) {
$this->rawPath = $originalFile;
$this->isLocalTmpFile = true;
$this->localTmpFile = $normalizedPath;
} else {
$this->rawPath = $normalizedPath;
}
$this->util = new Util($this->rootView, Helper::getUser($this->rawPath));
// get the key ID which we want to use, can be the users key or the
// public share key
$this->keyId = $this->util->getKeyId();
$fileType = Helper::detectFileType($this->rawPath);
switch ($fileType) {
case Util::FILE_TYPE_FILE:
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
$user = \OC::$server->getUserSession()->getUser();
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
break;
case Util::FILE_TYPE_VERSION:
$this->relPath = Helper::getPathFromVersion($this->rawPath);
$this->userId = Helper::getUserFromPath($this->rawPath);
break;
case Util::FILE_TYPE_CACHE:
$this->relPath = Helper::getPathFromCachedFile($this->rawPath);
Helper::mkdirr($this->rawPath, new \OC\Files\View('/'));
$user = \OC::$server->getUserSession()->getUser();
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
break;
default:
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR);
return false;
}
// Disable fileproxies so we can get the file size and open the source file without recursive encryption
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') {
// We're writing a new file so start write counter with 0 bytes
$this->size = 0;
$this->unencryptedSize = 0;
} else {
$this->size = $this->rootView->filesize($this->rawPath);
$this->readHeader();
}
if ($this->isLocalTmpFile) {
$this->handle = fopen($this->localTmpFile, $mode);
} else {
$this->handle = $this->rootView->fopen($this->rawPath, $mode);
}
\OC_FileProxy::$enabled = $proxyStatus;
if (!is_resource($this->handle)) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
$this->meta = stream_get_meta_data($this->handle);
// sometimes fopen changes the mode, e.g. for a url "r" convert to "r+"
// but we need to remember the original access type
$this->meta['mode'] = $mode;
}
return is_resource($this->handle);
}
$errorMessage = $l->t('Please repeat the new recovery password');
\OCP\JSON::error(array('data' => array('message' => $errorMessage)));
exit;
}
if ($_POST['newPassword'] !== $_POST['confirmPassword']) {
$errorMessage = $l->t('Repeated recovery key password does not match the provided recovery key password');
\OCP\JSON::error(array('data' => array('message' => $errorMessage)));
exit;
}
$view = new \OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser());
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyId = $util->getRecoveryKeyId();
$encryptedRecoveryKey = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyId);
$decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false;
if ($decryptedRecoveryKey) {
$cipher = \OCA\Files_Encryption\Helper::getCipher();
$encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher);
if ($encryptedKey) {
\OCA\Files_Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId);
$return = true;
}
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not change the password. Maybe the old password was not correct.'))));
}
/**
* @param string $path raw path relative to data/
* @param string $mode
* @param int $options
* @param string $opened_path
* @return bool
* @throw \OCA\Files_Encryption\Exception\EncryptionException
*/
public function stream_open($path, $mode, $options, &$opened_path)
{
// read default cipher from config
$this->cipher = Helper::getCipher();
// assume that the file already exist before we decide it finally in getKey()
$this->newFile = false;
if (!isset($this->rootView)) {
$this->rootView = new \OC\Files\View('/');
}
$this->session = new Session($this->rootView);
$this->privateKey = $this->session->getPrivateKey();
if ($this->privateKey === false) {
throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING);
}
$normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
if ($originalFile = Helper::getPathFromTmpFile($normalizedPath)) {
$this->rawPath = $originalFile;
$this->isLocalTmpFile = true;
$this->localTmpFile = $normalizedPath;
} else {
$this->rawPath = $normalizedPath;
}
$this->userId = Helper::getUser($this->rawPath);
$util = new Util($this->rootView, $this->userId);
// get the key ID which we want to use, can be the users key or the
// public share key
$this->keyId = $util->getKeyId();
// Strip identifier text from path, this gives us the path relative to data/<user>/files
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
if ($this->relPath === false) {
$this->relPath = Helper::getPathToRealFile($this->rawPath);
}
if ($this->relPath === false) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR);
return false;
}
// Disable fileproxies so we can get the file size and open the source file without recursive encryption
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') {
// We're writing a new file so start write counter with 0 bytes
$this->size = 0;
$this->unencryptedSize = 0;
} else {
if ($this->privateKey === false) {
// if private key is not valid redirect user to a error page
Helper::redirectToErrorPage($this->session);
}
$this->size = $this->rootView->filesize($this->rawPath);
$this->readHeader();
}
if ($this->isLocalTmpFile) {
$this->handle = fopen($this->localTmpFile, $mode);
} else {
$this->handle = $this->rootView->fopen($this->rawPath, $mode);
}
\OC_FileProxy::$enabled = $proxyStatus;
if (!is_resource($this->handle)) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
$this->meta = stream_get_meta_data($this->handle);
// sometimes fopen changes the mode, e.g. for a url "r" convert to "r+"
// but we need to remember the original access type
$this->meta['mode'] = $mode;
}
return is_resource($this->handle);
}
