diff options
| -rw-r--r-- | apps/files_encryption/appinfo/app.php | 11 | ||||
| -rw-r--r-- | apps/files_encryption/lib/cryptstream.php | 121 | ||||
| -rw-r--r-- | apps/files_encryption/lib/proxy.php | 70 | ||||
| -rw-r--r-- | lib/crypt.php | 39 | ||||
| -rw-r--r-- | lib/fileproxy.php | 8 | ||||
| -rw-r--r-- | lib/filestorage/local.php | 2 | ||||
| -rw-r--r-- | lib/filesystemview.php | 2 |
7 files changed, 239 insertions, 14 deletions
diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php new file mode 100644 index 00000000000..82d2544dd14 --- /dev/null +++ b/apps/files_encryption/appinfo/app.php @@ -0,0 +1,11 @@ +<?php + +OC::$CLASSPATH['OC_Crypt'] = 'apps/files_encryption/lib/crypt.php'; +OC::$CLASSPATH['OC_CryptStream'] = 'apps/files_encryption/lib/cryptstream.php'; +OC::$CLASSPATH['OC_FileProxy_Encryption'] = 'apps/files_encryption/lib/proxy.php'; + +OC_FileProxy::register(new OC_FileProxy_Encryption()); + +OC_Hook::connect('OC_User','post_login','OC_Crypt','loginListener'); + +stream_wrapper_register('crypt','OC_CryptStream'); diff --git a/apps/files_encryption/lib/cryptstream.php b/apps/files_encryption/lib/cryptstream.php new file mode 100644 index 00000000000..e4544313f63 --- /dev/null +++ b/apps/files_encryption/lib/cryptstream.php @@ -0,0 +1,121 @@ +<?php +/** + * ownCloud + * + * @author Robin Appelman + * @copyright 2011 Robin Appelman icewind1991@gmail.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/** + * transparently encrypted filestream + */ + +class OC_CryptStream{ + private $source; + + public function stream_open($path, $mode, $options, &$opened_path){ + $path=str_replace('crypt://','',$path); + $this->source=OC_FileSystem::fopen($path.'.enc',$mode); + if(!is_resource($this->source)){ + OC_Log::write('files_encryption','failed to open '.$path.'.enc',OC_Log::ERROR); + } + return is_resource($this->source); + } + + public function stream_seek($offset, $whence=SEEK_SET){ + fseek($this->source,$offset,$whence); + } + + public function stream_tell(){ + return ftell($this->source); + } + + public function stream_read($count){ + $pos=0; + $currentPos=ftell($this->source); + $offset=$currentPos%8192; + fseek($this->source,-$offset,SEEK_CUR); + $result=''; + while($count>$pos){ + $data=fread($this->source,8192); + $pos+=8192; + $result.=OC_Crypt::decrypt($data); + } + return substr($result,$offset,$count); + } + + public function stream_write($data){ + $length=strlen($data); + $written=0; + $currentPos=ftell($this->source); + if($currentPos%8192!=0){ + //make sure we always start on a block start + fseek($this->source,-($currentPos%8192),SEEK_CUR); + $encryptedBlock=fread($this->source,8192); + fseek($this->source,-($currentPos%8192),SEEK_CUR); + $block=OC_Crypt::decrypt($encryptedBlock); + $data=substr($block,0,$currentPos%8192).$data; + } + while(strlen($data)>0){ + if(strlen($data)<8192){ + //fetch the current data in that block and append it to the input so we always write entire blocks + $oldPos=ftell($this->source); + $encryptedBlock=fread($this->source,8192); + fseek($this->source,$oldPos); + $block=OC_Crypt::decrypt($encryptedBlock); + $data.=substr($block,strlen($data)); + } + $encrypted=OC_Crypt::encrypt(substr($data,0,8192)); + fwrite($this->source,$encrypted); + $data=substr($data,8192); + } + return $length; + } + + public function stream_set_option($option,$arg1,$arg2){ + switch($option){ + case STREAM_OPTION_BLOCKING: + stream_set_blocking($this->source,$arg1); + break; + case STREAM_OPTION_READ_TIMEOUT: + stream_set_timeout($this->source,$arg1,$arg2); + break; + case STREAM_OPTION_WRITE_BUFFER: + stream_set_write_buffer($this->source,$arg1,$arg2); + } + } + + public function stream_stat(){ + return fstat($this->source); + } + + public function stream_lock($mode){ + flock($this->source,$mode); + } + + public function stream_flush(){ + return fflush($this->source); + } + + public function stream_eof(){ + return feof($this->source); + } + + public function stream_close(){ + return fclose($this->source); + } +}
\ No newline at end of file diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php new file mode 100644 index 00000000000..f7a991a344b --- /dev/null +++ b/apps/files_encryption/lib/proxy.php @@ -0,0 +1,70 @@ +<?php + +/** +* ownCloud +* +* @author Robin Appelman +* @copyright 2011 Robin Appelman icewind1991@gmail.com +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE +* License as published by the Free Software Foundation; either +* version 3 of the License, or any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU AFFERO GENERAL PUBLIC LICENSE for more details. +* +* You should have received a copy of the GNU Affero General Public +* License along with this library. If not, see <http://www.gnu.org/licenses/>. +* +*/ + +/** + * transparent encryption + */ + +class OC_FileProxy_Encryption extends OC_FileProxy{ + public function preFile_put_contents($path,&$data){ + if(substr($path,-4)=='.enc'){ + OC_Log::write('files_encryption','file put contents',OC_Log::DEBUG); + if (is_resource($data)) { + $newData=''; + while(!feof($data)){ + $block=fread($data,8192); + $newData.=OC_Crypt::encrypt($block); + } + $data=$newData; + }else{ + $data=OC_Crypt::blockEncrypt($data); + } + } + } + + public function postFile_get_contents($path,$data){ + if(substr($path,-4)=='.enc'){ + OC_Log::write('files_encryption','file get contents',OC_Log::DEBUG); + return OC_Crypt::blockDecrypt($data); + } + } + + public function postFopen($path,&$result){ + if(substr($path,-4)=='.enc'){ + OC_Log::write('files_encryption','fopen',OC_Log::DEBUG); + fclose($result); + $result=fopen('crypt://'.substr($path,0,-4));//remove the .enc extention so we don't catch the fopen request made by cryptstream + } + } + + public function preReadFile($path){ + if(substr($path,-4)=='.enc'){ + OC_Log::write('files_encryption','readline',OC_Log::DEBUG); + $stream=fopen('crypt://'.substr($path,0,-4)); + while(!feof($stream)){ + print(fread($stream,8192)); + } + return false;//cancel the original request + } + } +} diff --git a/lib/crypt.php b/lib/crypt.php index 60020679480..3e6fa05b85d 100644 --- a/lib/crypt.php +++ b/lib/crypt.php @@ -113,14 +113,13 @@ class OC_Crypt { return($bf->encrypt($contents)); } - - /** - * @brief encryption of a file - * @param $filename - * @param $key the encryption key - * - * This function encrypts a file - */ + /** + * @brief encryption of a file + * @param $filename + * @param $key the encryption key + * + * This function encrypts a file + */ public static function encryptfile( $filename, $key) { $handleread = fopen($filename, "rb"); if($handleread<>FALSE) { @@ -158,6 +157,30 @@ class OC_Crypt { } fclose($handleread); } + + /** + * encrypt data in 8192b sized blocks + */ + public static function blockEncrypt($data){ + $result=''; + while(strlen($data)){ + $result=self::encrypt(substr($data,0,8192)); + $data=substr($data,8192); + } + return $result; + } + + /** + * decrypt data in 8192b sized blocks + */ + public static function blockDecrypt($data){ + $result=''; + while(strlen($data)){ + $result=self::decrypt(substr($data,0,8192)); + $data=substr($data,8192); + } + return $result; + } diff --git a/lib/fileproxy.php b/lib/fileproxy.php index 1fb22bd1139..796fd95cb38 100644 --- a/lib/fileproxy.php +++ b/lib/fileproxy.php @@ -83,16 +83,16 @@ class OC_FileProxy{ return $proxies; } - public static function runPreProxies($operation,$filepath,$filepath2=null){ + public static function runPreProxies($operation,&$filepath,&$filepath2=null){ $proxies=self::getProxies($operation,false); $operation='pre'.$operation; foreach($proxies as $proxy){ - if($filepath2){ - if(!$proxy->$operation(&$filepath,&$filepath2)){ + if(!is_null($filepath2)){ + if($proxy->$operation($filepath,$filepath2)===false){ return false; } }else{ - if(!$proxy->$operation(&$filepath)){ + if($proxy->$operation($filepath)===false){ return false; } } diff --git a/lib/filestorage/local.php b/lib/filestorage/local.php index dcb516a3afb..ee4b267bcd4 100644 --- a/lib/filestorage/local.php +++ b/lib/filestorage/local.php @@ -74,7 +74,7 @@ class OC_Filestorage_Local extends OC_Filestorage{ public function file_get_contents($path){ return file_get_contents($this->datadir.$path); } - public function file_put_contents($path,$data){ + public function file_put_contents($path,$data=null){ if($return=file_put_contents($this->datadir.$path,$data)){ } } diff --git a/lib/filesystemview.php b/lib/filesystemview.php index 91c6cd17720..a78f3f652ad 100644 --- a/lib/filesystemview.php +++ b/lib/filesystemview.php @@ -302,7 +302,7 @@ class OC_FilesystemView { } } if($run){ - if($extraParam){ + if(!is_null($extraParam)){ $result=$storage->$operation($interalPath,$extraParam); }else{ $result=$storage->$operation($interalPath); |