Encryption.php 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Lukas Reschke <lukas@statuscode.ch>
  9. * @author Piotr M <mrow4a@yahoo.com>
  10. * @author Robin Appelman <robin@icewind.nl>
  11. * @author Thomas Müller <thomas.mueller@tmit.eu>
  12. * @author Vincent Petry <pvince81@owncloud.com>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OC\Files\Storage\Wrapper;
  30. use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
  31. use OC\Encryption\Update;
  32. use OC\Encryption\Util;
  33. use OC\Files\Cache\CacheEntry;
  34. use OC\Files\Filesystem;
  35. use OC\Files\Mount\Manager;
  36. use OC\Files\Storage\LocalTempFileTrait;
  37. use OC\Memcache\ArrayCache;
  38. use OCP\Encryption\Exceptions\GenericEncryptionException;
  39. use OCP\Encryption\IFile;
  40. use OCP\Encryption\IManager;
  41. use OCP\Encryption\Keys\IStorage;
  42. use OCP\Files\Mount\IMountPoint;
  43. use OCP\Files\Storage;
  44. use OCP\ILogger;
  45. use OCP\Files\Cache\ICacheEntry;
  46. class Encryption extends Wrapper {
  47. use LocalTempFileTrait;
  48. /** @var string */
  49. private $mountPoint;
  50. /** @var \OC\Encryption\Util */
  51. private $util;
  52. /** @var \OCP\Encryption\IManager */
  53. private $encryptionManager;
  54. /** @var \OCP\ILogger */
  55. private $logger;
  56. /** @var string */
  57. private $uid;
  58. /** @var array */
  59. protected $unencryptedSize;
  60. /** @var \OCP\Encryption\IFile */
  61. private $fileHelper;
  62. /** @var IMountPoint */
  63. private $mount;
  64. /** @var IStorage */
  65. private $keyStorage;
  66. /** @var Update */
  67. private $update;
  68. /** @var Manager */
  69. private $mountManager;
  70. /** @var array remember for which path we execute the repair step to avoid recursions */
  71. private $fixUnencryptedSizeOf = array();
  72. /** @var ArrayCache */
  73. private $arrayCache;
  74. /**
  75. * @param array $parameters
  76. * @param IManager $encryptionManager
  77. * @param Util $util
  78. * @param ILogger $logger
  79. * @param IFile $fileHelper
  80. * @param string $uid
  81. * @param IStorage $keyStorage
  82. * @param Update $update
  83. * @param Manager $mountManager
  84. * @param ArrayCache $arrayCache
  85. */
  86. public function __construct(
  87. $parameters,
  88. IManager $encryptionManager = null,
  89. Util $util = null,
  90. ILogger $logger = null,
  91. IFile $fileHelper = null,
  92. $uid = null,
  93. IStorage $keyStorage = null,
  94. Update $update = null,
  95. Manager $mountManager = null,
  96. ArrayCache $arrayCache = null
  97. ) {
  98. $this->mountPoint = $parameters['mountPoint'];
  99. $this->mount = $parameters['mount'];
  100. $this->encryptionManager = $encryptionManager;
  101. $this->util = $util;
  102. $this->logger = $logger;
  103. $this->uid = $uid;
  104. $this->fileHelper = $fileHelper;
  105. $this->keyStorage = $keyStorage;
  106. $this->unencryptedSize = array();
  107. $this->update = $update;
  108. $this->mountManager = $mountManager;
  109. $this->arrayCache = $arrayCache;
  110. parent::__construct($parameters);
  111. }
  112. /**
  113. * see http://php.net/manual/en/function.filesize.php
  114. * The result for filesize when called on a folder is required to be 0
  115. *
  116. * @param string $path
  117. * @return int
  118. */
  119. public function filesize($path) {
  120. $fullPath = $this->getFullPath($path);
  121. /** @var CacheEntry $info */
  122. $info = $this->getCache()->get($path);
  123. if (isset($this->unencryptedSize[$fullPath])) {
  124. $size = $this->unencryptedSize[$fullPath];
  125. // update file cache
  126. if ($info instanceof ICacheEntry) {
  127. $info = $info->getData();
  128. $info['encrypted'] = $info['encryptedVersion'];
  129. } else {
  130. if (!is_array($info)) {
  131. $info = [];
  132. }
  133. $info['encrypted'] = true;
  134. }
  135. $info['size'] = $size;
  136. $this->getCache()->put($path, $info);
  137. return $size;
  138. }
  139. if (isset($info['fileid']) && $info['encrypted']) {
  140. return $this->verifyUnencryptedSize($path, $info['size']);
  141. }
  142. return $this->storage->filesize($path);
  143. }
  144. /**
  145. * @param string $path
  146. * @return array
  147. */
  148. public function getMetaData($path) {
  149. $data = $this->storage->getMetaData($path);
  150. if (is_null($data)) {
  151. return null;
  152. }
  153. $fullPath = $this->getFullPath($path);
  154. $info = $this->getCache()->get($path);
  155. if (isset($this->unencryptedSize[$fullPath])) {
  156. $data['encrypted'] = true;
  157. $data['size'] = $this->unencryptedSize[$fullPath];
  158. } else {
  159. if (isset($info['fileid']) && $info['encrypted']) {
  160. $data['size'] = $this->verifyUnencryptedSize($path, $info['size']);
  161. $data['encrypted'] = true;
  162. }
  163. }
  164. if (isset($info['encryptedVersion']) && $info['encryptedVersion'] > 1) {
  165. $data['encryptedVersion'] = $info['encryptedVersion'];
  166. }
  167. return $data;
  168. }
  169. /**
  170. * see http://php.net/manual/en/function.file_get_contents.php
  171. *
  172. * @param string $path
  173. * @return string
  174. */
  175. public function file_get_contents($path) {
  176. $encryptionModule = $this->getEncryptionModule($path);
  177. if ($encryptionModule) {
  178. $handle = $this->fopen($path, "r");
  179. if (!$handle) {
  180. return false;
  181. }
  182. $data = stream_get_contents($handle);
  183. fclose($handle);
  184. return $data;
  185. }
  186. return $this->storage->file_get_contents($path);
  187. }
  188. /**
  189. * see http://php.net/manual/en/function.file_put_contents.php
  190. *
  191. * @param string $path
  192. * @param string $data
  193. * @return bool
  194. */
  195. public function file_put_contents($path, $data) {
  196. // file put content will always be translated to a stream write
  197. $handle = $this->fopen($path, 'w');
  198. if (is_resource($handle)) {
  199. $written = fwrite($handle, $data);
  200. fclose($handle);
  201. return $written;
  202. }
  203. return false;
  204. }
  205. /**
  206. * see http://php.net/manual/en/function.unlink.php
  207. *
  208. * @param string $path
  209. * @return bool
  210. */
  211. public function unlink($path) {
  212. $fullPath = $this->getFullPath($path);
  213. if ($this->util->isExcluded($fullPath)) {
  214. return $this->storage->unlink($path);
  215. }
  216. $encryptionModule = $this->getEncryptionModule($path);
  217. if ($encryptionModule) {
  218. $this->keyStorage->deleteAllFileKeys($this->getFullPath($path));
  219. }
  220. return $this->storage->unlink($path);
  221. }
  222. /**
  223. * see http://php.net/manual/en/function.rename.php
  224. *
  225. * @param string $path1
  226. * @param string $path2
  227. * @return bool
  228. */
  229. public function rename($path1, $path2) {
  230. $result = $this->storage->rename($path1, $path2);
  231. if ($result &&
  232. // versions always use the keys from the original file, so we can skip
  233. // this step for versions
  234. $this->isVersion($path2) === false &&
  235. $this->encryptionManager->isEnabled()) {
  236. $source = $this->getFullPath($path1);
  237. if (!$this->util->isExcluded($source)) {
  238. $target = $this->getFullPath($path2);
  239. if (isset($this->unencryptedSize[$source])) {
  240. $this->unencryptedSize[$target] = $this->unencryptedSize[$source];
  241. }
  242. $this->keyStorage->renameKeys($source, $target);
  243. $module = $this->getEncryptionModule($path2);
  244. if ($module) {
  245. $module->update($target, $this->uid, []);
  246. }
  247. }
  248. }
  249. return $result;
  250. }
  251. /**
  252. * see http://php.net/manual/en/function.rmdir.php
  253. *
  254. * @param string $path
  255. * @return bool
  256. */
  257. public function rmdir($path) {
  258. $result = $this->storage->rmdir($path);
  259. $fullPath = $this->getFullPath($path);
  260. if ($result &&
  261. $this->util->isExcluded($fullPath) === false &&
  262. $this->encryptionManager->isEnabled()
  263. ) {
  264. $this->keyStorage->deleteAllFileKeys($fullPath);
  265. }
  266. return $result;
  267. }
  268. /**
  269. * check if a file can be read
  270. *
  271. * @param string $path
  272. * @return bool
  273. */
  274. public function isReadable($path) {
  275. $isReadable = true;
  276. $metaData = $this->getMetaData($path);
  277. if (
  278. !$this->is_dir($path) &&
  279. isset($metaData['encrypted']) &&
  280. $metaData['encrypted'] === true
  281. ) {
  282. $fullPath = $this->getFullPath($path);
  283. $module = $this->getEncryptionModule($path);
  284. $isReadable = $module->isReadable($fullPath, $this->uid);
  285. }
  286. return $this->storage->isReadable($path) && $isReadable;
  287. }
  288. /**
  289. * see http://php.net/manual/en/function.copy.php
  290. *
  291. * @param string $path1
  292. * @param string $path2
  293. * @return bool
  294. */
  295. public function copy($path1, $path2) {
  296. $source = $this->getFullPath($path1);
  297. if ($this->util->isExcluded($source)) {
  298. return $this->storage->copy($path1, $path2);
  299. }
  300. // need to stream copy file by file in case we copy between a encrypted
  301. // and a unencrypted storage
  302. $this->unlink($path2);
  303. return $this->copyFromStorage($this, $path1, $path2);
  304. }
  305. /**
  306. * see http://php.net/manual/en/function.fopen.php
  307. *
  308. * @param string $path
  309. * @param string $mode
  310. * @return resource|bool
  311. * @throws GenericEncryptionException
  312. * @throws ModuleDoesNotExistsException
  313. */
  314. public function fopen($path, $mode) {
  315. // check if the file is stored in the array cache, this means that we
  316. // copy a file over to the versions folder, in this case we don't want to
  317. // decrypt it
  318. if ($this->arrayCache->hasKey('encryption_copy_version_' . $path)) {
  319. $this->arrayCache->remove('encryption_copy_version_' . $path);
  320. return $this->storage->fopen($path, $mode);
  321. }
  322. $encryptionEnabled = $this->encryptionManager->isEnabled();
  323. $shouldEncrypt = false;
  324. $encryptionModule = null;
  325. $header = $this->getHeader($path);
  326. $signed = isset($header['signed']) && $header['signed'] === 'true';
  327. $fullPath = $this->getFullPath($path);
  328. $encryptionModuleId = $this->util->getEncryptionModuleId($header);
  329. if ($this->util->isExcluded($fullPath) === false) {
  330. $size = $unencryptedSize = 0;
  331. $realFile = $this->util->stripPartialFileExtension($path);
  332. $targetExists = $this->file_exists($realFile) || $this->file_exists($path);
  333. $targetIsEncrypted = false;
  334. if ($targetExists) {
  335. // in case the file exists we require the explicit module as
  336. // specified in the file header - otherwise we need to fail hard to
  337. // prevent data loss on client side
  338. if (!empty($encryptionModuleId)) {
  339. $targetIsEncrypted = true;
  340. $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
  341. }
  342. if ($this->file_exists($path)) {
  343. $size = $this->storage->filesize($path);
  344. $unencryptedSize = $this->filesize($path);
  345. } else {
  346. $size = $unencryptedSize = 0;
  347. }
  348. }
  349. try {
  350. if (
  351. $mode === 'w'
  352. || $mode === 'w+'
  353. || $mode === 'wb'
  354. || $mode === 'wb+'
  355. ) {
  356. // if we update a encrypted file with a un-encrypted one we change the db flag
  357. if ($targetIsEncrypted && $encryptionEnabled === false) {
  358. $cache = $this->storage->getCache();
  359. if ($cache) {
  360. $entry = $cache->get($path);
  361. $cache->update($entry->getId(), ['encrypted' => 0]);
  362. }
  363. }
  364. if ($encryptionEnabled) {
  365. // if $encryptionModuleId is empty, the default module will be used
  366. $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
  367. $shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath);
  368. $signed = true;
  369. }
  370. } else {
  371. $info = $this->getCache()->get($path);
  372. // only get encryption module if we found one in the header
  373. // or if file should be encrypted according to the file cache
  374. if (!empty($encryptionModuleId)) {
  375. $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
  376. $shouldEncrypt = true;
  377. } else if (empty($encryptionModuleId) && $info['encrypted'] === true) {
  378. // we come from a old installation. No header and/or no module defined
  379. // but the file is encrypted. In this case we need to use the
  380. // OC_DEFAULT_MODULE to read the file
  381. $encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE');
  382. $shouldEncrypt = true;
  383. $targetIsEncrypted = true;
  384. }
  385. }
  386. } catch (ModuleDoesNotExistsException $e) {
  387. $this->logger->logException($e, [
  388. 'message' => 'Encryption module "' . $encryptionModuleId . '" not found, file will be stored unencrypted',
  389. 'level' => ILogger::WARN,
  390. 'app' => 'core',
  391. ]);
  392. }
  393. // encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
  394. if (!$encryptionEnabled || !$this->shouldEncrypt($path)) {
  395. if (!$targetExists || !$targetIsEncrypted) {
  396. $shouldEncrypt = false;
  397. }
  398. }
  399. if ($shouldEncrypt === true && $encryptionModule !== null) {
  400. $headerSize = $this->getHeaderSize($path);
  401. $source = $this->storage->fopen($path, $mode);
  402. if (!is_resource($source)) {
  403. return false;
  404. }
  405. $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
  406. $this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode,
  407. $size, $unencryptedSize, $headerSize, $signed);
  408. return $handle;
  409. }
  410. }
  411. return $this->storage->fopen($path, $mode);
  412. }
  413. /**
  414. * perform some plausibility checks if the the unencrypted size is correct.
  415. * If not, we calculate the correct unencrypted size and return it
  416. *
  417. * @param string $path internal path relative to the storage root
  418. * @param int $unencryptedSize size of the unencrypted file
  419. *
  420. * @return int unencrypted size
  421. */
  422. protected function verifyUnencryptedSize($path, $unencryptedSize) {
  423. $size = $this->storage->filesize($path);
  424. $result = $unencryptedSize;
  425. if ($unencryptedSize < 0 ||
  426. ($size > 0 && $unencryptedSize === $size)
  427. ) {
  428. // check if we already calculate the unencrypted size for the
  429. // given path to avoid recursions
  430. if (isset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]) === false) {
  431. $this->fixUnencryptedSizeOf[$this->getFullPath($path)] = true;
  432. try {
  433. $result = $this->fixUnencryptedSize($path, $size, $unencryptedSize);
  434. } catch (\Exception $e) {
  435. $this->logger->error('Couldn\'t re-calculate unencrypted size for '. $path);
  436. $this->logger->logException($e);
  437. }
  438. unset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]);
  439. }
  440. }
  441. return $result;
  442. }
  443. /**
  444. * calculate the unencrypted size
  445. *
  446. * @param string $path internal path relative to the storage root
  447. * @param int $size size of the physical file
  448. * @param int $unencryptedSize size of the unencrypted file
  449. *
  450. * @return int calculated unencrypted size
  451. */
  452. protected function fixUnencryptedSize($path, $size, $unencryptedSize) {
  453. $headerSize = $this->getHeaderSize($path);
  454. $header = $this->getHeader($path);
  455. $encryptionModule = $this->getEncryptionModule($path);
  456. $stream = $this->storage->fopen($path, 'r');
  457. // if we couldn't open the file we return the old unencrypted size
  458. if (!is_resource($stream)) {
  459. $this->logger->error('Could not open ' . $path . '. Recalculation of unencrypted size aborted.');
  460. return $unencryptedSize;
  461. }
  462. $newUnencryptedSize = 0;
  463. $size -= $headerSize;
  464. $blockSize = $this->util->getBlockSize();
  465. // if a header exists we skip it
  466. if ($headerSize > 0) {
  467. fread($stream, $headerSize);
  468. }
  469. // fast path, else the calculation for $lastChunkNr is bogus
  470. if ($size === 0) {
  471. return 0;
  472. }
  473. $signed = isset($header['signed']) && $header['signed'] === 'true';
  474. $unencryptedBlockSize = $encryptionModule->getUnencryptedBlockSize($signed);
  475. // calculate last chunk nr
  476. // next highest is end of chunks, one subtracted is last one
  477. // we have to read the last chunk, we can't just calculate it (because of padding etc)
  478. $lastChunkNr = ceil($size/ $blockSize)-1;
  479. // calculate last chunk position
  480. $lastChunkPos = ($lastChunkNr * $blockSize);
  481. // try to fseek to the last chunk, if it fails we have to read the whole file
  482. if (@fseek($stream, $lastChunkPos, SEEK_CUR) === 0) {
  483. $newUnencryptedSize += $lastChunkNr * $unencryptedBlockSize;
  484. }
  485. $lastChunkContentEncrypted='';
  486. $count = $blockSize;
  487. while ($count > 0) {
  488. $data=fread($stream, $blockSize);
  489. $count=strlen($data);
  490. $lastChunkContentEncrypted .= $data;
  491. if(strlen($lastChunkContentEncrypted) > $blockSize) {
  492. $newUnencryptedSize += $unencryptedBlockSize;
  493. $lastChunkContentEncrypted=substr($lastChunkContentEncrypted, $blockSize);
  494. }
  495. }
  496. fclose($stream);
  497. // we have to decrypt the last chunk to get it actual size
  498. $encryptionModule->begin($this->getFullPath($path), $this->uid, 'r', $header, []);
  499. $decryptedLastChunk = $encryptionModule->decrypt($lastChunkContentEncrypted, $lastChunkNr . 'end');
  500. $decryptedLastChunk .= $encryptionModule->end($this->getFullPath($path), $lastChunkNr . 'end');
  501. // calc the real file size with the size of the last chunk
  502. $newUnencryptedSize += strlen($decryptedLastChunk);
  503. $this->updateUnencryptedSize($this->getFullPath($path), $newUnencryptedSize);
  504. // write to cache if applicable
  505. $cache = $this->storage->getCache();
  506. if ($cache) {
  507. $entry = $cache->get($path);
  508. $cache->update($entry['fileid'], ['size' => $newUnencryptedSize]);
  509. }
  510. return $newUnencryptedSize;
  511. }
  512. /**
  513. * @param Storage\IStorage $sourceStorage
  514. * @param string $sourceInternalPath
  515. * @param string $targetInternalPath
  516. * @param bool $preserveMtime
  517. * @return bool
  518. */
  519. public function moveFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = true) {
  520. if ($sourceStorage === $this) {
  521. return $this->rename($sourceInternalPath, $targetInternalPath);
  522. }
  523. // TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
  524. // - call $this->storage->moveFromStorage() instead of $this->copyBetweenStorage
  525. // - copy the file cache update from $this->copyBetweenStorage to this method
  526. // - copy the copyKeys() call from $this->copyBetweenStorage to this method
  527. // - remove $this->copyBetweenStorage
  528. if (!$sourceStorage->isDeletable($sourceInternalPath)) {
  529. return false;
  530. }
  531. $result = $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, true);
  532. if ($result) {
  533. if ($sourceStorage->is_dir($sourceInternalPath)) {
  534. $result &= $sourceStorage->rmdir($sourceInternalPath);
  535. } else {
  536. $result &= $sourceStorage->unlink($sourceInternalPath);
  537. }
  538. }
  539. return $result;
  540. }
  541. /**
  542. * @param Storage\IStorage $sourceStorage
  543. * @param string $sourceInternalPath
  544. * @param string $targetInternalPath
  545. * @param bool $preserveMtime
  546. * @param bool $isRename
  547. * @return bool
  548. */
  549. public function copyFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false, $isRename = false) {
  550. // TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
  551. // - call $this->storage->copyFromStorage() instead of $this->copyBetweenStorage
  552. // - copy the file cache update from $this->copyBetweenStorage to this method
  553. // - copy the copyKeys() call from $this->copyBetweenStorage to this method
  554. // - remove $this->copyBetweenStorage
  555. return $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename);
  556. }
  557. /**
  558. * Update the encrypted cache version in the database
  559. *
  560. * @param Storage\IStorage $sourceStorage
  561. * @param string $sourceInternalPath
  562. * @param string $targetInternalPath
  563. * @param bool $isRename
  564. * @param bool $keepEncryptionVersion
  565. */
  566. private function updateEncryptedVersion(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, $keepEncryptionVersion) {
  567. $isEncrypted = $this->encryptionManager->isEnabled() && $this->shouldEncrypt($targetInternalPath);
  568. $cacheInformation = [
  569. 'encrypted' => $isEncrypted,
  570. ];
  571. if($isEncrypted) {
  572. $encryptedVersion = $sourceStorage->getCache()->get($sourceInternalPath)['encryptedVersion'];
  573. // In case of a move operation from an unencrypted to an encrypted
  574. // storage the old encrypted version would stay with "0" while the
  575. // correct value would be "1". Thus we manually set the value to "1"
  576. // for those cases.
  577. // See also https://github.com/owncloud/core/issues/23078
  578. if($encryptedVersion === 0 || !$keepEncryptionVersion) {
  579. $encryptedVersion = 1;
  580. }
  581. $cacheInformation['encryptedVersion'] = $encryptedVersion;
  582. }
  583. // in case of a rename we need to manipulate the source cache because
  584. // this information will be kept for the new target
  585. if ($isRename) {
  586. $sourceStorage->getCache()->put($sourceInternalPath, $cacheInformation);
  587. } else {
  588. $this->getCache()->put($targetInternalPath, $cacheInformation);
  589. }
  590. }
  591. /**
  592. * copy file between two storages
  593. *
  594. * @param Storage\IStorage $sourceStorage
  595. * @param string $sourceInternalPath
  596. * @param string $targetInternalPath
  597. * @param bool $preserveMtime
  598. * @param bool $isRename
  599. * @return bool
  600. * @throws \Exception
  601. */
  602. private function copyBetweenStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename) {
  603. // for versions we have nothing to do, because versions should always use the
  604. // key from the original file. Just create a 1:1 copy and done
  605. if ($this->isVersion($targetInternalPath) ||
  606. $this->isVersion($sourceInternalPath)) {
  607. // remember that we try to create a version so that we can detect it during
  608. // fopen($sourceInternalPath) and by-pass the encryption in order to
  609. // create a 1:1 copy of the file
  610. $this->arrayCache->set('encryption_copy_version_' . $sourceInternalPath, true);
  611. $result = $this->storage->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
  612. $this->arrayCache->remove('encryption_copy_version_' . $sourceInternalPath);
  613. if ($result) {
  614. $info = $this->getCache('', $sourceStorage)->get($sourceInternalPath);
  615. // make sure that we update the unencrypted size for the version
  616. if (isset($info['encrypted']) && $info['encrypted'] === true) {
  617. $this->updateUnencryptedSize(
  618. $this->getFullPath($targetInternalPath),
  619. $info['size']
  620. );
  621. }
  622. $this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, true);
  623. }
  624. return $result;
  625. }
  626. // first copy the keys that we reuse the existing file key on the target location
  627. // and don't create a new one which would break versions for example.
  628. $mount = $this->mountManager->findByStorageId($sourceStorage->getId());
  629. if (count($mount) === 1) {
  630. $mountPoint = $mount[0]->getMountPoint();
  631. $source = $mountPoint . '/' . $sourceInternalPath;
  632. $target = $this->getFullPath($targetInternalPath);
  633. $this->copyKeys($source, $target);
  634. } else {
  635. $this->logger->error('Could not find mount point, can\'t keep encryption keys');
  636. }
  637. if ($sourceStorage->is_dir($sourceInternalPath)) {
  638. $dh = $sourceStorage->opendir($sourceInternalPath);
  639. $result = $this->mkdir($targetInternalPath);
  640. if (is_resource($dh)) {
  641. while ($result and ($file = readdir($dh)) !== false) {
  642. if (!Filesystem::isIgnoredDir($file)) {
  643. $result &= $this->copyFromStorage($sourceStorage, $sourceInternalPath . '/' . $file, $targetInternalPath . '/' . $file, false, $isRename);
  644. }
  645. }
  646. }
  647. } else {
  648. try {
  649. $source = $sourceStorage->fopen($sourceInternalPath, 'r');
  650. $target = $this->fopen($targetInternalPath, 'w');
  651. list(, $result) = \OC_Helper::streamCopy($source, $target);
  652. fclose($source);
  653. fclose($target);
  654. } catch (\Exception $e) {
  655. fclose($source);
  656. fclose($target);
  657. throw $e;
  658. }
  659. if($result) {
  660. if ($preserveMtime) {
  661. $this->touch($targetInternalPath, $sourceStorage->filemtime($sourceInternalPath));
  662. }
  663. $this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, false);
  664. } else {
  665. // delete partially written target file
  666. $this->unlink($targetInternalPath);
  667. // delete cache entry that was created by fopen
  668. $this->getCache()->remove($targetInternalPath);
  669. }
  670. }
  671. return (bool)$result;
  672. }
  673. /**
  674. * get the path to a local version of the file.
  675. * The local version of the file can be temporary and doesn't have to be persistent across requests
  676. *
  677. * @param string $path
  678. * @return string
  679. */
  680. public function getLocalFile($path) {
  681. if ($this->encryptionManager->isEnabled()) {
  682. $cachedFile = $this->getCachedFile($path);
  683. if (is_string($cachedFile)) {
  684. return $cachedFile;
  685. }
  686. }
  687. return $this->storage->getLocalFile($path);
  688. }
  689. /**
  690. * Returns the wrapped storage's value for isLocal()
  691. *
  692. * @return bool wrapped storage's isLocal() value
  693. */
  694. public function isLocal() {
  695. if ($this->encryptionManager->isEnabled()) {
  696. return false;
  697. }
  698. return $this->storage->isLocal();
  699. }
  700. /**
  701. * see http://php.net/manual/en/function.stat.php
  702. * only the following keys are required in the result: size and mtime
  703. *
  704. * @param string $path
  705. * @return array
  706. */
  707. public function stat($path) {
  708. $stat = $this->storage->stat($path);
  709. $fileSize = $this->filesize($path);
  710. $stat['size'] = $fileSize;
  711. $stat[7] = $fileSize;
  712. return $stat;
  713. }
  714. /**
  715. * see http://php.net/manual/en/function.hash.php
  716. *
  717. * @param string $type
  718. * @param string $path
  719. * @param bool $raw
  720. * @return string
  721. */
  722. public function hash($type, $path, $raw = false) {
  723. $fh = $this->fopen($path, 'rb');
  724. $ctx = hash_init($type);
  725. hash_update_stream($ctx, $fh);
  726. fclose($fh);
  727. return hash_final($ctx, $raw);
  728. }
  729. /**
  730. * return full path, including mount point
  731. *
  732. * @param string $path relative to mount point
  733. * @return string full path including mount point
  734. */
  735. protected function getFullPath($path) {
  736. return Filesystem::normalizePath($this->mountPoint . '/' . $path);
  737. }
  738. /**
  739. * read first block of encrypted file, typically this will contain the
  740. * encryption header
  741. *
  742. * @param string $path
  743. * @return string
  744. */
  745. protected function readFirstBlock($path) {
  746. $firstBlock = '';
  747. if ($this->storage->file_exists($path)) {
  748. $handle = $this->storage->fopen($path, 'r');
  749. $firstBlock = fread($handle, $this->util->getHeaderSize());
  750. fclose($handle);
  751. }
  752. return $firstBlock;
  753. }
  754. /**
  755. * return header size of given file
  756. *
  757. * @param string $path
  758. * @return int
  759. */
  760. protected function getHeaderSize($path) {
  761. $headerSize = 0;
  762. $realFile = $this->util->stripPartialFileExtension($path);
  763. if ($this->storage->file_exists($realFile)) {
  764. $path = $realFile;
  765. }
  766. $firstBlock = $this->readFirstBlock($path);
  767. if (substr($firstBlock, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
  768. $headerSize = $this->util->getHeaderSize();
  769. }
  770. return $headerSize;
  771. }
  772. /**
  773. * parse raw header to array
  774. *
  775. * @param string $rawHeader
  776. * @return array
  777. */
  778. protected function parseRawHeader($rawHeader) {
  779. $result = array();
  780. if (substr($rawHeader, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
  781. $header = $rawHeader;
  782. $endAt = strpos($header, Util::HEADER_END);
  783. if ($endAt !== false) {
  784. $header = substr($header, 0, $endAt + strlen(Util::HEADER_END));
  785. // +1 to not start with an ':' which would result in empty element at the beginning
  786. $exploded = explode(':', substr($header, strlen(Util::HEADER_START)+1));
  787. $element = array_shift($exploded);
  788. while ($element !== Util::HEADER_END) {
  789. $result[$element] = array_shift($exploded);
  790. $element = array_shift($exploded);
  791. }
  792. }
  793. }
  794. return $result;
  795. }
  796. /**
  797. * read header from file
  798. *
  799. * @param string $path
  800. * @return array
  801. */
  802. protected function getHeader($path) {
  803. $realFile = $this->util->stripPartialFileExtension($path);
  804. $exists = $this->storage->file_exists($realFile);
  805. if ($exists) {
  806. $path = $realFile;
  807. }
  808. $firstBlock = $this->readFirstBlock($path);
  809. $result = $this->parseRawHeader($firstBlock);
  810. // if the header doesn't contain a encryption module we check if it is a
  811. // legacy file. If true, we add the default encryption module
  812. if (!isset($result[Util::HEADER_ENCRYPTION_MODULE_KEY])) {
  813. if (!empty($result)) {
  814. $result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
  815. } else if ($exists) {
  816. // if the header was empty we have to check first if it is a encrypted file at all
  817. // We would do query to filecache only if we know that entry in filecache exists
  818. $info = $this->getCache()->get($path);
  819. if (isset($info['encrypted']) && $info['encrypted'] === true) {
  820. $result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
  821. }
  822. }
  823. }
  824. return $result;
  825. }
  826. /**
  827. * read encryption module needed to read/write the file located at $path
  828. *
  829. * @param string $path
  830. * @return null|\OCP\Encryption\IEncryptionModule
  831. * @throws ModuleDoesNotExistsException
  832. * @throws \Exception
  833. */
  834. protected function getEncryptionModule($path) {
  835. $encryptionModule = null;
  836. $header = $this->getHeader($path);
  837. $encryptionModuleId = $this->util->getEncryptionModuleId($header);
  838. if (!empty($encryptionModuleId)) {
  839. try {
  840. $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
  841. } catch (ModuleDoesNotExistsException $e) {
  842. $this->logger->critical('Encryption module defined in "' . $path . '" not loaded!');
  843. throw $e;
  844. }
  845. }
  846. return $encryptionModule;
  847. }
  848. /**
  849. * @param string $path
  850. * @param int $unencryptedSize
  851. */
  852. public function updateUnencryptedSize($path, $unencryptedSize) {
  853. $this->unencryptedSize[$path] = $unencryptedSize;
  854. }
  855. /**
  856. * copy keys to new location
  857. *
  858. * @param string $source path relative to data/
  859. * @param string $target path relative to data/
  860. * @return bool
  861. */
  862. protected function copyKeys($source, $target) {
  863. if (!$this->util->isExcluded($source)) {
  864. return $this->keyStorage->copyKeys($source, $target);
  865. }
  866. return false;
  867. }
  868. /**
  869. * check if path points to a files version
  870. *
  871. * @param $path
  872. * @return bool
  873. */
  874. protected function isVersion($path) {
  875. $normalized = Filesystem::normalizePath($path);
  876. return substr($normalized, 0, strlen('/files_versions/')) === '/files_versions/';
  877. }
  878. /**
  879. * check if the given storage should be encrypted or not
  880. *
  881. * @param $path
  882. * @return bool
  883. */
  884. protected function shouldEncrypt($path) {
  885. $fullPath = $this->getFullPath($path);
  886. $mountPointConfig = $this->mount->getOption('encrypt', true);
  887. if ($mountPointConfig === false) {
  888. return false;
  889. }
  890. try {
  891. $encryptionModule = $this->getEncryptionModule($fullPath);
  892. } catch (ModuleDoesNotExistsException $e) {
  893. return false;
  894. }
  895. if ($encryptionModule === null) {
  896. $encryptionModule = $this->encryptionManager->getEncryptionModule();
  897. }
  898. return $encryptionModule->shouldEncrypt($fullPath);
  899. }
  900. public function writeStream(string $path, $stream, int $size = null): int {
  901. // always fall back to fopen
  902. $target = $this->fopen($path, 'w');
  903. list($count, $result) = \OC_Helper::streamCopy($stream, $target);
  904. fclose($target);
  905. return $count;
  906. }
  907. }