nextcloud / server

lib/public/Encryption/IEncryptionModule.php

Indentation +156 added lines, -156 removed lines

@@ -35,161 +35,161 @@
  */
 interface IEncryptionModule {
 
-	/**
-	 * @return string defining the technical unique id
-	 * @since 8.1.0
-	 */
-	public function getId();
-
-	/**
-	 * In comparison to getKey() this function returns a human readable (maybe translated) name
-	 *
-	 * @return string
-	 * @since 8.1.0
-	 */
-	public function getDisplayName();
-
-	/**
-	 * start receiving chunks from a file. This is the place where you can
-	 * perform some initial step before starting encrypting/decrypting the
-	 * chunks
-	 *
-	 * @param string $path to the file
-	 * @param string $user who read/write the file (null for public access)
-	 * @param string $mode php stream open mode
-	 * @param array $header contains the header data read from the file
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 *
-	 * $return array $header contain data as key-value pairs which should be
-	 *                       written to the header, in case of a write operation
-	 *                       or if no additional data is needed return a empty array
-	 * @since 8.1.0
-	 */
-	public function begin($path, $user, $mode, array $header, array $accessList);
-
-	/**
-	 * last chunk received. This is the place where you can perform some final
-	 * operation and return some remaining data if something is left in your
-	 * buffer.
-	 *
-	 * @param string $path to the file
-	 * @param string $position id of the last block (looks like "<Number>end")
-	 *
-	 * @return string remained data which should be written to the file in case
-	 *                of a write operation
-	 *
-	 * @since 8.1.0
-	 * @since 9.0.0 parameter $position added
-	 */
-	public function end($path, $position);
-
-	/**
-	 * encrypt data
-	 *
-	 * @param string $data you want to encrypt
-	 * @param string $position position of the block we want to encrypt (starts with '0')
-	 *
-	 * @return mixed encrypted data
-	 *
-	 * @since 8.1.0
-	 * @since 9.0.0 parameter $position added
-	 */
-	public function encrypt($data, $position);
-
-	/**
-	 * decrypt data
-	 *
-	 * @param string $data you want to decrypt
-	 * @param string $position position of the block we want to decrypt
-	 *
-	 * @return mixed decrypted data
-	 *
-	 * @since 8.1.0
-	 * @since 9.0.0 parameter $position added
-	 */
-	public function decrypt($data, $position);
-
-	/**
-	 * update encrypted file, e.g. give additional users access to the file
-	 *
-	 * @param string $path path to the file which should be updated
-	 * @param string $uid of the user who performs the operation
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 * @return boolean
-	 * @since 8.1.0
-	 */
-	public function update($path, $uid, array $accessList);
-
-	/**
-	 * should the file be encrypted or not
-	 *
-	 * @param string $path
-	 * @return boolean
-	 * @since 8.1.0
-	 */
-	public function shouldEncrypt($path);
-
-	/**
-	 * get size of the unencrypted payload per block.
-	 * ownCloud read/write files with a block size of 8192 byte
-	 *
-	 * @param bool $signed
-	 * @return int
-	 * @since 8.1.0 optional parameter $signed was added in 9.0.0
-	 */
-	public function getUnencryptedBlockSize($signed = false);
-
-	/**
-	 * check if the encryption module is able to read the file,
-	 * e.g. if all encryption keys exists
-	 *
-	 * @param string $path
-	 * @param string $uid user for whom we want to check if he can read the file
-	 * @return boolean
-	 * @since 8.1.0
-	 */
-	public function isReadable($path, $uid);
-
-	/**
-	 * Initial encryption of all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output write some status information to the terminal during encryption
-	 * @since 8.2.0
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output);
-
-	/**
-	 * prepare encryption module to decrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output write some status information to the terminal during encryption
-	 * @param $user (optional) for which the files should be decrypted, default = all users
-	 * @return bool return false on failure or if it isn't supported by the module
-	 * @since 8.2.0
-	 */
-	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '');
-
-	/**
-	 * Check if the module is ready to be used by that specific user.
-	 * In case a module is not ready - because e.g. key pairs have not been generated
-	 * upon login this method can return false before any operation starts and might
-	 * cause issues during operations.
-	 *
-	 * @param string $user
-	 * @return boolean
-	 * @since 9.1.0
-	 */
-	public function isReadyForUser($user);
-
-	/**
-	 * Does the encryption module needs a detailed list of users with access to the file?
-	 * For example if the encryption module uses per-user encryption keys and needs to know
-	 * the users with access to the file to encrypt/decrypt it.
-	 *
-	 * @since 13.0.0
-	 * @return bool
-	 */
-	public function needDetailedAccessList();
+    /**
+     * @return string defining the technical unique id
+     * @since 8.1.0
+     */
+    public function getId();
+
+    /**
+     * In comparison to getKey() this function returns a human readable (maybe translated) name
+     *
+     * @return string
+     * @since 8.1.0
+     */
+    public function getDisplayName();
+
+    /**
+     * start receiving chunks from a file. This is the place where you can
+     * perform some initial step before starting encrypting/decrypting the
+     * chunks
+     *
+     * @param string $path to the file
+     * @param string $user who read/write the file (null for public access)
+     * @param string $mode php stream open mode
+     * @param array $header contains the header data read from the file
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     *
+     * $return array $header contain data as key-value pairs which should be
+     *                       written to the header, in case of a write operation
+     *                       or if no additional data is needed return a empty array
+     * @since 8.1.0
+     */
+    public function begin($path, $user, $mode, array $header, array $accessList);
+
+    /**
+     * last chunk received. This is the place where you can perform some final
+     * operation and return some remaining data if something is left in your
+     * buffer.
+     *
+     * @param string $path to the file
+     * @param string $position id of the last block (looks like "<Number>end")
+     *
+     * @return string remained data which should be written to the file in case
+     *                of a write operation
+     *
+     * @since 8.1.0
+     * @since 9.0.0 parameter $position added
+     */
+    public function end($path, $position);
+
+    /**
+     * encrypt data
+     *
+     * @param string $data you want to encrypt
+     * @param string $position position of the block we want to encrypt (starts with '0')
+     *
+     * @return mixed encrypted data
+     *
+     * @since 8.1.0
+     * @since 9.0.0 parameter $position added
+     */
+    public function encrypt($data, $position);
+
+    /**
+     * decrypt data
+     *
+     * @param string $data you want to decrypt
+     * @param string $position position of the block we want to decrypt
+     *
+     * @return mixed decrypted data
+     *
+     * @since 8.1.0
+     * @since 9.0.0 parameter $position added
+     */
+    public function decrypt($data, $position);
+
+    /**
+     * update encrypted file, e.g. give additional users access to the file
+     *
+     * @param string $path path to the file which should be updated
+     * @param string $uid of the user who performs the operation
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     * @return boolean
+     * @since 8.1.0
+     */
+    public function update($path, $uid, array $accessList);
+
+    /**
+     * should the file be encrypted or not
+     *
+     * @param string $path
+     * @return boolean
+     * @since 8.1.0
+     */
+    public function shouldEncrypt($path);
+
+    /**
+     * get size of the unencrypted payload per block.
+     * ownCloud read/write files with a block size of 8192 byte
+     *
+     * @param bool $signed
+     * @return int
+     * @since 8.1.0 optional parameter $signed was added in 9.0.0
+     */
+    public function getUnencryptedBlockSize($signed = false);
+
+    /**
+     * check if the encryption module is able to read the file,
+     * e.g. if all encryption keys exists
+     *
+     * @param string $path
+     * @param string $uid user for whom we want to check if he can read the file
+     * @return boolean
+     * @since 8.1.0
+     */
+    public function isReadable($path, $uid);
+
+    /**
+     * Initial encryption of all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output write some status information to the terminal during encryption
+     * @since 8.2.0
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output);
+
+    /**
+     * prepare encryption module to decrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output write some status information to the terminal during encryption
+     * @param $user (optional) for which the files should be decrypted, default = all users
+     * @return bool return false on failure or if it isn't supported by the module
+     * @since 8.2.0
+     */
+    public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '');
+
+    /**
+     * Check if the module is ready to be used by that specific user.
+     * In case a module is not ready - because e.g. key pairs have not been generated
+     * upon login this method can return false before any operation starts and might
+     * cause issues during operations.
+     *
+     * @param string $user
+     * @return boolean
+     * @since 9.1.0
+     */
+    public function isReadyForUser($user);
+
+    /**
+     * Does the encryption module needs a detailed list of users with access to the file?
+     * For example if the encryption module uses per-user encryption keys and needs to know
+     * the users with access to the file to encrypt/decrypt it.
+     *
+     * @since 13.0.0
+     * @return bool
+     */
+    public function needDetailedAccessList();
 
 }

lib/private/Encryption/Update.php

Indentation +157 added lines, -157 removed lines

@@ -33,162 +33,162 @@
  */
 class Update {
 
-	/** @var \OC\Files\View */
-	protected $view;
-
-	/** @var \OC\Encryption\Util */
-	protected $util;
-
-	 /** @var \OC\Files\Mount\Manager */
-	protected $mountManager;
-
-	/** @var \OC\Encryption\Manager */
-	protected $encryptionManager;
-
-	/** @var string */
-	protected $uid;
-
-	/** @var \OC\Encryption\File */
-	protected $file;
-
-	/**
-	 *
-	 * @param \OC\Files\View $view
-	 * @param \OC\Encryption\Util $util
-	 * @param \OC\Files\Mount\Manager $mountManager
-	 * @param \OC\Encryption\Manager $encryptionManager
-	 * @param \OC\Encryption\File $file
-	 * @param string $uid
-	 */
-	public function __construct(
-			View $view,
-			Util $util,
-			Mount\Manager $mountManager,
-			Manager $encryptionManager,
-			File $file,
-			$uid
-		) {
-
-		$this->view = $view;
-		$this->util = $util;
-		$this->mountManager = $mountManager;
-		$this->encryptionManager = $encryptionManager;
-		$this->file = $file;
-		$this->uid = $uid;
-	}
-
-	/**
-	 * hook after file was shared
-	 *
-	 * @param array $params
-	 */
-	public function postShared($params) {
-		if ($this->encryptionManager->isEnabled()) {
-			if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
-				$path = Filesystem::getPath($params['fileSource']);
-				list($owner, $ownerPath) = $this->getOwnerPath($path);
-				$absPath = '/' . $owner . '/files/' . $ownerPath;
-				$this->update($absPath);
-			}
-		}
-	}
-
-	/**
-	 * hook after file was unshared
-	 *
-	 * @param array $params
-	 */
-	public function postUnshared($params) {
-		if ($this->encryptionManager->isEnabled()) {
-			if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
-				$path = Filesystem::getPath($params['fileSource']);
-				list($owner, $ownerPath) = $this->getOwnerPath($path);
-				$absPath = '/' . $owner . '/files/' . $ownerPath;
-				$this->update($absPath);
-			}
-		}
-	}
-
-	/**
-	 * inform encryption module that a file was restored from the trash bin,
-	 * e.g. to update the encryption keys
-	 *
-	 * @param array $params
-	 */
-	public function postRestore($params) {
-		if ($this->encryptionManager->isEnabled()) {
-			$path = Filesystem::normalizePath('/' . $this->uid . '/files/' . $params['filePath']);
-			$this->update($path);
-		}
-	}
-
-	/**
-	 * inform encryption module that a file was renamed,
-	 * e.g. to update the encryption keys
-	 *
-	 * @param array $params
-	 */
-	public function postRename($params) {
-		$source = $params['oldpath'];
-		$target = $params['newpath'];
-		if(
-			$this->encryptionManager->isEnabled() &&
-			dirname($source) !== dirname($target)
-		) {
-				list($owner, $ownerPath) = $this->getOwnerPath($target);
-				$absPath = '/' . $owner . '/files/' . $ownerPath;
-				$this->update($absPath);
-		}
-	}
-
-	/**
-	 * get owner and path relative to data/<owner>/files
-	 *
-	 * @param string $path path to file for current user
-	 * @return array ['owner' => $owner, 'path' => $path]
-	 * @throw \InvalidArgumentException
-	 */
-	protected function getOwnerPath($path) {
-		$info = Filesystem::getFileInfo($path);
-		$owner = Filesystem::getOwner($path);
-		$view = new View('/' . $owner . '/files');
-		$path = $view->getPath($info->getId());
-		if ($path === null) {
-			throw new \InvalidArgumentException('No file found for ' . $info->getId());
-		}
-
-		return array($owner, $path);
-	}
-
-	/**
-	 * notify encryption module about added/removed users from a file/folder
-	 *
-	 * @param string $path relative to data/
-	 * @throws Exceptions\ModuleDoesNotExistsException
-	 */
-	public function update($path) {
-
-		$encryptionModule = $this->encryptionManager->getEncryptionModule();
-
-		// if the encryption module doesn't encrypt the files on a per-user basis
-		// we have nothing to do here.
-		if ($encryptionModule->needDetailedAccessList() === false) {
-			return;
-		}
-
-		// if a folder was shared, get a list of all (sub-)folders
-		if ($this->view->is_dir($path)) {
-			$allFiles = $this->util->getAllFiles($path);
-		} else {
-			$allFiles = array($path);
-		}
-
-
-
-		foreach ($allFiles as $file) {
-			$usersSharing = $this->file->getAccessList($file);
-			$encryptionModule->update($file, $this->uid, $usersSharing);
-		}
-	}
+    /** @var \OC\Files\View */
+    protected $view;
+
+    /** @var \OC\Encryption\Util */
+    protected $util;
+
+        /** @var \OC\Files\Mount\Manager */
+    protected $mountManager;
+
+    /** @var \OC\Encryption\Manager */
+    protected $encryptionManager;
+
+    /** @var string */
+    protected $uid;
+
+    /** @var \OC\Encryption\File */
+    protected $file;
+
+    /**
+     *
+     * @param \OC\Files\View $view
+     * @param \OC\Encryption\Util $util
+     * @param \OC\Files\Mount\Manager $mountManager
+     * @param \OC\Encryption\Manager $encryptionManager
+     * @param \OC\Encryption\File $file
+     * @param string $uid
+     */
+    public function __construct(
+            View $view,
+            Util $util,
+            Mount\Manager $mountManager,
+            Manager $encryptionManager,
+            File $file,
+            $uid
+        ) {
+
+        $this->view = $view;
+        $this->util = $util;
+        $this->mountManager = $mountManager;
+        $this->encryptionManager = $encryptionManager;
+        $this->file = $file;
+        $this->uid = $uid;
+    }
+
+    /**
+     * hook after file was shared
+     *
+     * @param array $params
+     */
+    public function postShared($params) {
+        if ($this->encryptionManager->isEnabled()) {
+            if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
+                $path = Filesystem::getPath($params['fileSource']);
+                list($owner, $ownerPath) = $this->getOwnerPath($path);
+                $absPath = '/' . $owner . '/files/' . $ownerPath;
+                $this->update($absPath);
+            }
+        }
+    }
+
+    /**
+     * hook after file was unshared
+     *
+     * @param array $params
+     */
+    public function postUnshared($params) {
+        if ($this->encryptionManager->isEnabled()) {
+            if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
+                $path = Filesystem::getPath($params['fileSource']);
+                list($owner, $ownerPath) = $this->getOwnerPath($path);
+                $absPath = '/' . $owner . '/files/' . $ownerPath;
+                $this->update($absPath);
+            }
+        }
+    }
+
+    /**
+     * inform encryption module that a file was restored from the trash bin,
+     * e.g. to update the encryption keys
+     *
+     * @param array $params
+     */
+    public function postRestore($params) {
+        if ($this->encryptionManager->isEnabled()) {
+            $path = Filesystem::normalizePath('/' . $this->uid . '/files/' . $params['filePath']);
+            $this->update($path);
+        }
+    }
+
+    /**
+     * inform encryption module that a file was renamed,
+     * e.g. to update the encryption keys
+     *
+     * @param array $params
+     */
+    public function postRename($params) {
+        $source = $params['oldpath'];
+        $target = $params['newpath'];
+        if(
+            $this->encryptionManager->isEnabled() &&
+            dirname($source) !== dirname($target)
+        ) {
+                list($owner, $ownerPath) = $this->getOwnerPath($target);
+                $absPath = '/' . $owner . '/files/' . $ownerPath;
+                $this->update($absPath);
+        }
+    }
+
+    /**
+     * get owner and path relative to data/<owner>/files
+     *
+     * @param string $path path to file for current user
+     * @return array ['owner' => $owner, 'path' => $path]
+     * @throw \InvalidArgumentException
+     */
+    protected function getOwnerPath($path) {
+        $info = Filesystem::getFileInfo($path);
+        $owner = Filesystem::getOwner($path);
+        $view = new View('/' . $owner . '/files');
+        $path = $view->getPath($info->getId());
+        if ($path === null) {
+            throw new \InvalidArgumentException('No file found for ' . $info->getId());
+        }
+
+        return array($owner, $path);
+    }
+
+    /**
+     * notify encryption module about added/removed users from a file/folder
+     *
+     * @param string $path relative to data/
+     * @throws Exceptions\ModuleDoesNotExistsException
+     */
+    public function update($path) {
+
+        $encryptionModule = $this->encryptionManager->getEncryptionModule();
+
+        // if the encryption module doesn't encrypt the files on a per-user basis
+        // we have nothing to do here.
+        if ($encryptionModule->needDetailedAccessList() === false) {
+            return;
+        }
+
+        // if a folder was shared, get a list of all (sub-)folders
+        if ($this->view->is_dir($path)) {
+            $allFiles = $this->util->getAllFiles($path);
+        } else {
+            $allFiles = array($path);
+        }
+
+
+
+        foreach ($allFiles as $file) {
+            $usersSharing = $this->file->getAccessList($file);
+            $encryptionModule->update($file, $this->uid, $usersSharing);
+        }
+    }
 
 }

lib/private/Files/Stream/Encryption.php

Indentation +468 added lines, -468 removed lines

@@ -32,473 +32,473 @@
 
 class Encryption extends Wrapper {
 
-	/** @var \OC\Encryption\Util */
-	protected $util;
-
-	/** @var \OC\Encryption\File */
-	protected $file;
-
-	/** @var \OCP\Encryption\IEncryptionModule */
-	protected $encryptionModule;
-
-	/** @var \OC\Files\Storage\Storage */
-	protected $storage;
-
-	/** @var \OC\Files\Storage\Wrapper\Encryption */
-	protected $encryptionStorage;
-
-	/** @var string */
-	protected $internalPath;
-
-	/** @var string */
-	protected $cache;
-
-	/** @var integer */
-	protected $size;
-
-	/** @var integer */
-	protected $position;
-
-	/** @var integer */
-	protected $unencryptedSize;
-
-	/** @var integer */
-	protected $headerSize;
-
-	/** @var integer */
-	protected $unencryptedBlockSize;
-
-	/** @var array */
-	protected $header;
-
-	/** @var string */
-	protected $fullPath;
-
-	/** @var  bool */
-	protected $signed;
-
-	/**
-	 * header data returned by the encryption module, will be written to the file
-	 * in case of a write operation
-	 *
-	 * @var array
-	 */
-	protected $newHeader;
-
-	/**
-	 * user who perform the read/write operation null for public access
-	 *
-	 * @var string
-	 */
-	protected $uid;
-
-	/** @var bool */
-	protected $readOnly;
-
-	/** @var bool */
-	protected $writeFlag;
-
-	/** @var array */
-	protected $expectedContextProperties;
-
-	public function __construct() {
-		$this->expectedContextProperties = array(
-			'source',
-			'storage',
-			'internalPath',
-			'fullPath',
-			'encryptionModule',
-			'header',
-			'uid',
-			'file',
-			'util',
-			'size',
-			'unencryptedSize',
-			'encryptionStorage',
-			'headerSize',
-			'signed'
-		);
-	}
-
-
-	/**
-	 * Wraps a stream with the provided callbacks
-	 *
-	 * @param resource $source
-	 * @param string $internalPath relative to mount point
-	 * @param string $fullPath relative to data/
-	 * @param array $header
-	 * @param string $uid
-	 * @param \OCP\Encryption\IEncryptionModule $encryptionModule
-	 * @param \OC\Files\Storage\Storage $storage
-	 * @param \OC\Files\Storage\Wrapper\Encryption $encStorage
-	 * @param \OC\Encryption\Util $util
-	 * @param \OC\Encryption\File $file
-	 * @param string $mode
-	 * @param int $size
-	 * @param int $unencryptedSize
-	 * @param int $headerSize
-	 * @param bool $signed
-	 * @param string $wrapper stream wrapper class
-	 * @return resource
-	 *
-	 * @throws \BadMethodCallException
-	 */
-	public static function wrap($source, $internalPath, $fullPath, array $header,
-								$uid,
-								\OCP\Encryption\IEncryptionModule $encryptionModule,
-								\OC\Files\Storage\Storage $storage,
-								\OC\Files\Storage\Wrapper\Encryption $encStorage,
-								\OC\Encryption\Util $util,
-								 \OC\Encryption\File $file,
-								$mode,
-								$size,
-								$unencryptedSize,
-								$headerSize,
-								$signed,
-								$wrapper =  'OC\Files\Stream\Encryption') {
-
-		$context = stream_context_create(array(
-			'ocencryption' => array(
-				'source' => $source,
-				'storage' => $storage,
-				'internalPath' => $internalPath,
-				'fullPath' => $fullPath,
-				'encryptionModule' => $encryptionModule,
-				'header' => $header,
-				'uid' => $uid,
-				'util' => $util,
-				'file' => $file,
-				'size' => $size,
-				'unencryptedSize' => $unencryptedSize,
-				'encryptionStorage' => $encStorage,
-				'headerSize' => $headerSize,
-				'signed' => $signed
-			)
-		));
-
-		return self::wrapSource($source, $context, 'ocencryption', $wrapper, $mode);
-	}
-
-	/**
-	 * add stream wrapper
-	 *
-	 * @param resource $source
-	 * @param string $mode
-	 * @param resource $context
-	 * @param string $protocol
-	 * @param string $class
-	 * @return resource
-	 * @throws \BadMethodCallException
-	 */
-	protected static function wrapSource($source, $context, $protocol, $class, $mode = 'r+') {
-		try {
-			stream_wrapper_register($protocol, $class);
-			if (@rewinddir($source) === false) {
-				$wrapped = fopen($protocol . '://', $mode, false, $context);
-			} else {
-				$wrapped = opendir($protocol . '://', $context);
-			}
-		} catch (\BadMethodCallException $e) {
-			stream_wrapper_unregister($protocol);
-			throw $e;
-		}
-		stream_wrapper_unregister($protocol);
-		return $wrapped;
-	}
-
-	/**
-	 * Load the source from the stream context and return the context options
-	 *
-	 * @param string $name
-	 * @return array
-	 * @throws \BadMethodCallException
-	 */
-	protected function loadContext($name) {
-		$context = parent::loadContext($name);
-
-		foreach ($this->expectedContextProperties as $property) {
-			if (array_key_exists($property, $context)) {
-				$this->{$property} = $context[$property];
-			} else {
-				throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set');
-			}
-		}
-		return $context;
-
-	}
-
-	public function stream_open($path, $mode, $options, &$opened_path) {
-		$this->loadContext('ocencryption');
-
-		$this->position = 0;
-		$this->cache = '';
-		$this->writeFlag = false;
-		$this->unencryptedBlockSize = $this->encryptionModule->getUnencryptedBlockSize($this->signed);
-
-		if (
-			$mode === 'w'
-			|| $mode === 'w+'
-			|| $mode === 'wb'
-			|| $mode === 'wb+'
-			|| $mode === 'r+'
-			|| $mode === 'rb+'
-		) {
-			$this->readOnly = false;
-		} else {
-			$this->readOnly = true;
-		}
-
-		$sharePath = $this->fullPath;
-		if (!$this->storage->file_exists($this->internalPath)) {
-			$sharePath = dirname($sharePath);
-		}
-
-		$accessList = [];
-		if ($this->encryptionModule->needDetailedAccessList()) {
-			$accessList = $this->file->getAccessList($sharePath);
-		}
-		$this->newHeader = $this->encryptionModule->begin($this->fullPath, $this->uid, $mode, $this->header, $accessList);
-
-		if (
-			$mode === 'w'
-			|| $mode === 'w+'
-			|| $mode === 'wb'
-			|| $mode === 'wb+'
-		) {
-			// We're writing a new file so start write counter with 0 bytes
-			$this->unencryptedSize = 0;
-			$this->writeHeader();
-			$this->headerSize = $this->util->getHeaderSize();
-			$this->size = $this->headerSize;
-		} else {
-			$this->skipHeader();
-		}
-
-		return true;
-
-	}
-
-	public function stream_eof() {
-		return $this->position >= $this->unencryptedSize;
-	}
-
-	public function stream_read($count) {
-
-		$result = '';
-
-		$count = min($count, $this->unencryptedSize - $this->position);
-		while ($count > 0) {
-			$remainingLength = $count;
-			// update the cache of the current block
-			$this->readCache();
-			// determine the relative position in the current block
-			$blockPosition = ($this->position % $this->unencryptedBlockSize);
-			// if entire read inside current block then only position needs to be updated
-			if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
-				$result .= substr($this->cache, $blockPosition, $remainingLength);
-				$this->position += $remainingLength;
-				$count = 0;
-				// otherwise remainder of current block is fetched, the block is flushed and the position updated
-			} else {
-				$result .= substr($this->cache, $blockPosition);
-				$this->flush();
-				$this->position += ($this->unencryptedBlockSize - $blockPosition);
-				$count -= ($this->unencryptedBlockSize - $blockPosition);
-			}
-		}
-		return $result;
-
-	}
-
-	public function stream_write($data) {
-
-		$length = 0;
-		// loop over $data to fit it in 6126 sized unencrypted blocks
-		while (isset($data[0])) {
-			$remainingLength = strlen($data);
-
-			// set the cache to the current 6126 block
-			$this->readCache();
-
-			// for seekable streams the pointer is moved back to the beginning of the encrypted block
-			// flush will start writing there when the position moves to another block
-			$positionInFile = (int)floor($this->position / $this->unencryptedBlockSize) *
-				$this->util->getBlockSize() + $this->headerSize;
-			$resultFseek = $this->parentStreamSeek($positionInFile);
-
-			// only allow writes on seekable streams, or at the end of the encrypted stream
-			if (!($this->readOnly) && ($resultFseek || $positionInFile === $this->size)) {
-
-				// switch the writeFlag so flush() will write the block
-				$this->writeFlag = true;
-
-				// determine the relative position in the current block
-				$blockPosition = ($this->position % $this->unencryptedBlockSize);
-				// check if $data fits in current block
-				// if so, overwrite existing data (if any)
-				// update position and liberate $data
-				if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
-					$this->cache = substr($this->cache, 0, $blockPosition)
-						. $data . substr($this->cache, $blockPosition + $remainingLength);
-					$this->position += $remainingLength;
-					$length += $remainingLength;
-					$data = '';
-					// if $data doesn't fit the current block, the fill the current block and reiterate
-					// after the block is filled, it is flushed and $data is updatedxxx
-				} else {
-					$this->cache = substr($this->cache, 0, $blockPosition) .
-						substr($data, 0, $this->unencryptedBlockSize - $blockPosition);
-					$this->flush();
-					$this->position += ($this->unencryptedBlockSize - $blockPosition);
-					$length += ($this->unencryptedBlockSize - $blockPosition);
-					$data = substr($data, $this->unencryptedBlockSize - $blockPosition);
-				}
-			} else {
-				$data = '';
-			}
-			$this->unencryptedSize = max($this->unencryptedSize, $this->position);
-		}
-		return $length;
-	}
-
-	public function stream_tell() {
-		return $this->position;
-	}
-
-	public function stream_seek($offset, $whence = SEEK_SET) {
-
-		$return = false;
-
-		switch ($whence) {
-			case SEEK_SET:
-				$newPosition = $offset;
-				break;
-			case SEEK_CUR:
-				$newPosition = $this->position + $offset;
-				break;
-			case SEEK_END:
-				$newPosition = $this->unencryptedSize + $offset;
-				break;
-			default:
-				return $return;
-		}
-
-		if ($newPosition > $this->unencryptedSize || $newPosition < 0) {
-			return $return;
-		}
-
-		$newFilePosition = floor($newPosition / $this->unencryptedBlockSize)
-			* $this->util->getBlockSize() + $this->headerSize;
-
-		$oldFilePosition = parent::stream_tell();
-		if ($this->parentStreamSeek($newFilePosition)) {
-			$this->parentStreamSeek($oldFilePosition);
-			$this->flush();
-			$this->parentStreamSeek($newFilePosition);
-			$this->position = $newPosition;
-			$return = true;
-		}
-		return $return;
-
-	}
-
-	public function stream_close() {
-		$this->flush('end');
-		$position = (int)floor($this->position/$this->unencryptedBlockSize);
-		$remainingData = $this->encryptionModule->end($this->fullPath, $position . 'end');
-		if ($this->readOnly === false) {
-			if(!empty($remainingData)) {
-				parent::stream_write($remainingData);
-			}
-			$this->encryptionStorage->updateUnencryptedSize($this->fullPath, $this->unencryptedSize);
-		}
-		return parent::stream_close();
-	}
-
-	/**
-	 * write block to file
-	 * @param string $positionPrefix
-	 */
-	protected function flush($positionPrefix = '') {
-		// write to disk only when writeFlag was set to 1
-		if ($this->writeFlag) {
-			// Disable the file proxies so that encryption is not
-			// automatically attempted when the file is written to disk -
-			// we are handling that separately here and we don't want to
-			// get into an infinite loop
-			$position = (int)floor($this->position/$this->unencryptedBlockSize);
-			$encrypted = $this->encryptionModule->encrypt($this->cache, $position . $positionPrefix);
-			$bytesWritten = parent::stream_write($encrypted);
-			$this->writeFlag = false;
-			// Check whether the write concerns the last block
-			// If so then update the encrypted filesize
-			// Note that the unencrypted pointer and filesize are NOT yet updated when flush() is called
-			// We recalculate the encrypted filesize as we do not know the context of calling flush()
-			$completeBlocksInFile=(int)floor($this->unencryptedSize/$this->unencryptedBlockSize);
-			if ($completeBlocksInFile === (int)floor($this->position/$this->unencryptedBlockSize)) {
-				$this->size = $this->util->getBlockSize() * $completeBlocksInFile;
-				$this->size += $bytesWritten;
-				$this->size += $this->headerSize;
-			}
-		}
-		// always empty the cache (otherwise readCache() will not fill it with the new block)
-		$this->cache = '';
-	}
-
-	/**
-	 * read block to file
-	 */
-	protected function readCache() {
-		// cache should always be empty string when this function is called
-		// don't try to fill the cache when trying to write at the end of the unencrypted file when it coincides with new block
-		if ($this->cache === '' && !($this->position === $this->unencryptedSize && ($this->position % $this->unencryptedBlockSize) === 0)) {
-			// Get the data from the file handle
-			$data = parent::stream_read($this->util->getBlockSize());
-			$position = (int)floor($this->position/$this->unencryptedBlockSize);
-			$numberOfChunks = (int)($this->unencryptedSize / $this->unencryptedBlockSize);
-			if($numberOfChunks === $position) {
-				$position .= 'end';
-			}
-			$this->cache = $this->encryptionModule->decrypt($data, $position);
-		}
-	}
-
-	/**
-	 * write header at beginning of encrypted file
-	 *
-	 * @return integer
-	 * @throws EncryptionHeaderKeyExistsException if header key is already in use
-	 */
-	protected function writeHeader() {
-		$header = $this->util->createHeader($this->newHeader, $this->encryptionModule);
-		return parent::stream_write($header);
-	}
-
-	/**
-	 * read first block to skip the header
-	 */
-	protected function skipHeader() {
-		parent::stream_read($this->headerSize);
-	}
-
-	/**
-	 * call stream_seek() from parent class
-	 *
-	 * @param integer $position
-	 * @return bool
-	 */
-	protected function parentStreamSeek($position) {
-		return parent::stream_seek($position);
-	}
-
-	/**
-	 * @param string $path
-	 * @param array $options
-	 * @return bool
-	 */
-	public function dir_opendir($path, $options) {
-		return false;
-	}
+    /** @var \OC\Encryption\Util */
+    protected $util;
+
+    /** @var \OC\Encryption\File */
+    protected $file;
+
+    /** @var \OCP\Encryption\IEncryptionModule */
+    protected $encryptionModule;
+
+    /** @var \OC\Files\Storage\Storage */
+    protected $storage;
+
+    /** @var \OC\Files\Storage\Wrapper\Encryption */
+    protected $encryptionStorage;
+
+    /** @var string */
+    protected $internalPath;
+
+    /** @var string */
+    protected $cache;
+
+    /** @var integer */
+    protected $size;
+
+    /** @var integer */
+    protected $position;
+
+    /** @var integer */
+    protected $unencryptedSize;
+
+    /** @var integer */
+    protected $headerSize;
+
+    /** @var integer */
+    protected $unencryptedBlockSize;
+
+    /** @var array */
+    protected $header;
+
+    /** @var string */
+    protected $fullPath;
+
+    /** @var  bool */
+    protected $signed;
+
+    /**
+     * header data returned by the encryption module, will be written to the file
+     * in case of a write operation
+     *
+     * @var array
+     */
+    protected $newHeader;
+
+    /**
+     * user who perform the read/write operation null for public access
+     *
+     * @var string
+     */
+    protected $uid;
+
+    /** @var bool */
+    protected $readOnly;
+
+    /** @var bool */
+    protected $writeFlag;
+
+    /** @var array */
+    protected $expectedContextProperties;
+
+    public function __construct() {
+        $this->expectedContextProperties = array(
+            'source',
+            'storage',
+            'internalPath',
+            'fullPath',
+            'encryptionModule',
+            'header',
+            'uid',
+            'file',
+            'util',
+            'size',
+            'unencryptedSize',
+            'encryptionStorage',
+            'headerSize',
+            'signed'
+        );
+    }
+
+
+    /**
+     * Wraps a stream with the provided callbacks
+     *
+     * @param resource $source
+     * @param string $internalPath relative to mount point
+     * @param string $fullPath relative to data/
+     * @param array $header
+     * @param string $uid
+     * @param \OCP\Encryption\IEncryptionModule $encryptionModule
+     * @param \OC\Files\Storage\Storage $storage
+     * @param \OC\Files\Storage\Wrapper\Encryption $encStorage
+     * @param \OC\Encryption\Util $util
+     * @param \OC\Encryption\File $file
+     * @param string $mode
+     * @param int $size
+     * @param int $unencryptedSize
+     * @param int $headerSize
+     * @param bool $signed
+     * @param string $wrapper stream wrapper class
+     * @return resource
+     *
+     * @throws \BadMethodCallException
+     */
+    public static function wrap($source, $internalPath, $fullPath, array $header,
+                                $uid,
+                                \OCP\Encryption\IEncryptionModule $encryptionModule,
+                                \OC\Files\Storage\Storage $storage,
+                                \OC\Files\Storage\Wrapper\Encryption $encStorage,
+                                \OC\Encryption\Util $util,
+                                    \OC\Encryption\File $file,
+                                $mode,
+                                $size,
+                                $unencryptedSize,
+                                $headerSize,
+                                $signed,
+                                $wrapper =  'OC\Files\Stream\Encryption') {
+
+        $context = stream_context_create(array(
+            'ocencryption' => array(
+                'source' => $source,
+                'storage' => $storage,
+                'internalPath' => $internalPath,
+                'fullPath' => $fullPath,
+                'encryptionModule' => $encryptionModule,
+                'header' => $header,
+                'uid' => $uid,
+                'util' => $util,
+                'file' => $file,
+                'size' => $size,
+                'unencryptedSize' => $unencryptedSize,
+                'encryptionStorage' => $encStorage,
+                'headerSize' => $headerSize,
+                'signed' => $signed
+            )
+        ));
+
+        return self::wrapSource($source, $context, 'ocencryption', $wrapper, $mode);
+    }
+
+    /**
+     * add stream wrapper
+     *
+     * @param resource $source
+     * @param string $mode
+     * @param resource $context
+     * @param string $protocol
+     * @param string $class
+     * @return resource
+     * @throws \BadMethodCallException
+     */
+    protected static function wrapSource($source, $context, $protocol, $class, $mode = 'r+') {
+        try {
+            stream_wrapper_register($protocol, $class);
+            if (@rewinddir($source) === false) {
+                $wrapped = fopen($protocol . '://', $mode, false, $context);
+            } else {
+                $wrapped = opendir($protocol . '://', $context);
+            }
+        } catch (\BadMethodCallException $e) {
+            stream_wrapper_unregister($protocol);
+            throw $e;
+        }
+        stream_wrapper_unregister($protocol);
+        return $wrapped;
+    }
+
+    /**
+     * Load the source from the stream context and return the context options
+     *
+     * @param string $name
+     * @return array
+     * @throws \BadMethodCallException
+     */
+    protected function loadContext($name) {
+        $context = parent::loadContext($name);
+
+        foreach ($this->expectedContextProperties as $property) {
+            if (array_key_exists($property, $context)) {
+                $this->{$property} = $context[$property];
+            } else {
+                throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set');
+            }
+        }
+        return $context;
+
+    }
+
+    public function stream_open($path, $mode, $options, &$opened_path) {
+        $this->loadContext('ocencryption');
+
+        $this->position = 0;
+        $this->cache = '';
+        $this->writeFlag = false;
+        $this->unencryptedBlockSize = $this->encryptionModule->getUnencryptedBlockSize($this->signed);
+
+        if (
+            $mode === 'w'
+            || $mode === 'w+'
+            || $mode === 'wb'
+            || $mode === 'wb+'
+            || $mode === 'r+'
+            || $mode === 'rb+'
+        ) {
+            $this->readOnly = false;
+        } else {
+            $this->readOnly = true;
+        }
+
+        $sharePath = $this->fullPath;
+        if (!$this->storage->file_exists($this->internalPath)) {
+            $sharePath = dirname($sharePath);
+        }
+
+        $accessList = [];
+        if ($this->encryptionModule->needDetailedAccessList()) {
+            $accessList = $this->file->getAccessList($sharePath);
+        }
+        $this->newHeader = $this->encryptionModule->begin($this->fullPath, $this->uid, $mode, $this->header, $accessList);
+
+        if (
+            $mode === 'w'
+            || $mode === 'w+'
+            || $mode === 'wb'
+            || $mode === 'wb+'
+        ) {
+            // We're writing a new file so start write counter with 0 bytes
+            $this->unencryptedSize = 0;
+            $this->writeHeader();
+            $this->headerSize = $this->util->getHeaderSize();
+            $this->size = $this->headerSize;
+        } else {
+            $this->skipHeader();
+        }
+
+        return true;
+
+    }
+
+    public function stream_eof() {
+        return $this->position >= $this->unencryptedSize;
+    }
+
+    public function stream_read($count) {
+
+        $result = '';
+
+        $count = min($count, $this->unencryptedSize - $this->position);
+        while ($count > 0) {
+            $remainingLength = $count;
+            // update the cache of the current block
+            $this->readCache();
+            // determine the relative position in the current block
+            $blockPosition = ($this->position % $this->unencryptedBlockSize);
+            // if entire read inside current block then only position needs to be updated
+            if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
+                $result .= substr($this->cache, $blockPosition, $remainingLength);
+                $this->position += $remainingLength;
+                $count = 0;
+                // otherwise remainder of current block is fetched, the block is flushed and the position updated
+            } else {
+                $result .= substr($this->cache, $blockPosition);
+                $this->flush();
+                $this->position += ($this->unencryptedBlockSize - $blockPosition);
+                $count -= ($this->unencryptedBlockSize - $blockPosition);
+            }
+        }
+        return $result;
+
+    }
+
+    public function stream_write($data) {
+
+        $length = 0;
+        // loop over $data to fit it in 6126 sized unencrypted blocks
+        while (isset($data[0])) {
+            $remainingLength = strlen($data);
+
+            // set the cache to the current 6126 block
+            $this->readCache();
+
+            // for seekable streams the pointer is moved back to the beginning of the encrypted block
+            // flush will start writing there when the position moves to another block
+            $positionInFile = (int)floor($this->position / $this->unencryptedBlockSize) *
+                $this->util->getBlockSize() + $this->headerSize;
+            $resultFseek = $this->parentStreamSeek($positionInFile);
+
+            // only allow writes on seekable streams, or at the end of the encrypted stream
+            if (!($this->readOnly) && ($resultFseek || $positionInFile === $this->size)) {
+
+                // switch the writeFlag so flush() will write the block
+                $this->writeFlag = true;
+
+                // determine the relative position in the current block
+                $blockPosition = ($this->position % $this->unencryptedBlockSize);
+                // check if $data fits in current block
+                // if so, overwrite existing data (if any)
+                // update position and liberate $data
+                if ($remainingLength < ($this->unencryptedBlockSize - $blockPosition)) {
+                    $this->cache = substr($this->cache, 0, $blockPosition)
+                        . $data . substr($this->cache, $blockPosition + $remainingLength);
+                    $this->position += $remainingLength;
+                    $length += $remainingLength;
+                    $data = '';
+                    // if $data doesn't fit the current block, the fill the current block and reiterate
+                    // after the block is filled, it is flushed and $data is updatedxxx
+                } else {
+                    $this->cache = substr($this->cache, 0, $blockPosition) .
+                        substr($data, 0, $this->unencryptedBlockSize - $blockPosition);
+                    $this->flush();
+                    $this->position += ($this->unencryptedBlockSize - $blockPosition);
+                    $length += ($this->unencryptedBlockSize - $blockPosition);
+                    $data = substr($data, $this->unencryptedBlockSize - $blockPosition);
+                }
+            } else {
+                $data = '';
+            }
+            $this->unencryptedSize = max($this->unencryptedSize, $this->position);
+        }
+        return $length;
+    }
+
+    public function stream_tell() {
+        return $this->position;
+    }
+
+    public function stream_seek($offset, $whence = SEEK_SET) {
+
+        $return = false;
+
+        switch ($whence) {
+            case SEEK_SET:
+                $newPosition = $offset;
+                break;
+            case SEEK_CUR:
+                $newPosition = $this->position + $offset;
+                break;
+            case SEEK_END:
+                $newPosition = $this->unencryptedSize + $offset;
+                break;
+            default:
+                return $return;
+        }
+
+        if ($newPosition > $this->unencryptedSize || $newPosition < 0) {
+            return $return;
+        }
+
+        $newFilePosition = floor($newPosition / $this->unencryptedBlockSize)
+            * $this->util->getBlockSize() + $this->headerSize;
+
+        $oldFilePosition = parent::stream_tell();
+        if ($this->parentStreamSeek($newFilePosition)) {
+            $this->parentStreamSeek($oldFilePosition);
+            $this->flush();
+            $this->parentStreamSeek($newFilePosition);
+            $this->position = $newPosition;
+            $return = true;
+        }
+        return $return;
+
+    }
+
+    public function stream_close() {
+        $this->flush('end');
+        $position = (int)floor($this->position/$this->unencryptedBlockSize);
+        $remainingData = $this->encryptionModule->end($this->fullPath, $position . 'end');
+        if ($this->readOnly === false) {
+            if(!empty($remainingData)) {
+                parent::stream_write($remainingData);
+            }
+            $this->encryptionStorage->updateUnencryptedSize($this->fullPath, $this->unencryptedSize);
+        }
+        return parent::stream_close();
+    }
+
+    /**
+     * write block to file
+     * @param string $positionPrefix
+     */
+    protected function flush($positionPrefix = '') {
+        // write to disk only when writeFlag was set to 1
+        if ($this->writeFlag) {
+            // Disable the file proxies so that encryption is not
+            // automatically attempted when the file is written to disk -
+            // we are handling that separately here and we don't want to
+            // get into an infinite loop
+            $position = (int)floor($this->position/$this->unencryptedBlockSize);
+            $encrypted = $this->encryptionModule->encrypt($this->cache, $position . $positionPrefix);
+            $bytesWritten = parent::stream_write($encrypted);
+            $this->writeFlag = false;
+            // Check whether the write concerns the last block
+            // If so then update the encrypted filesize
+            // Note that the unencrypted pointer and filesize are NOT yet updated when flush() is called
+            // We recalculate the encrypted filesize as we do not know the context of calling flush()
+            $completeBlocksInFile=(int)floor($this->unencryptedSize/$this->unencryptedBlockSize);
+            if ($completeBlocksInFile === (int)floor($this->position/$this->unencryptedBlockSize)) {
+                $this->size = $this->util->getBlockSize() * $completeBlocksInFile;
+                $this->size += $bytesWritten;
+                $this->size += $this->headerSize;
+            }
+        }
+        // always empty the cache (otherwise readCache() will not fill it with the new block)
+        $this->cache = '';
+    }
+
+    /**
+     * read block to file
+     */
+    protected function readCache() {
+        // cache should always be empty string when this function is called
+        // don't try to fill the cache when trying to write at the end of the unencrypted file when it coincides with new block
+        if ($this->cache === '' && !($this->position === $this->unencryptedSize && ($this->position % $this->unencryptedBlockSize) === 0)) {
+            // Get the data from the file handle
+            $data = parent::stream_read($this->util->getBlockSize());
+            $position = (int)floor($this->position/$this->unencryptedBlockSize);
+            $numberOfChunks = (int)($this->unencryptedSize / $this->unencryptedBlockSize);
+            if($numberOfChunks === $position) {
+                $position .= 'end';
+            }
+            $this->cache = $this->encryptionModule->decrypt($data, $position);
+        }
+    }
+
+    /**
+     * write header at beginning of encrypted file
+     *
+     * @return integer
+     * @throws EncryptionHeaderKeyExistsException if header key is already in use
+     */
+    protected function writeHeader() {
+        $header = $this->util->createHeader($this->newHeader, $this->encryptionModule);
+        return parent::stream_write($header);
+    }
+
+    /**
+     * read first block to skip the header
+     */
+    protected function skipHeader() {
+        parent::stream_read($this->headerSize);
+    }
+
+    /**
+     * call stream_seek() from parent class
+     *
+     * @param integer $position
+     * @return bool
+     */
+    protected function parentStreamSeek($position) {
+        return parent::stream_seek($position);
+    }
+
+    /**
+     * @param string $path
+     * @param array $options
+     * @return bool
+     */
+    public function dir_opendir($path, $options) {
+        return false;
+    }
 
 }

apps/encryption/templates/settings-admin.php

Spacing +7 added lines, -7 removed lines

@@ -7,19 +7,19 @@ 
 ?>
 <form id="ocDefaultEncryptionModule" class="sub-section">
 	<h3><?php p($l->t("Default encryption module")); ?></h3>
-	<?php if(!$_["initStatus"] && $_['masterKeyEnabled'] === false): ?>
+	<?php if (!$_["initStatus"] && $_['masterKeyEnabled'] === false): ?>
 		<?php p($l->t("Encryption app is enabled but your keys are not initialized, please log-out and log-in again")); ?>
 	<?php else: ?>
 		<p id="encryptHomeStorageSetting">
 			<input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
 				   value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
-			<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
-			<em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
+			<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage')); ?></label></br>
+			<em><?php p($l->t("Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted")); ?></em>
 		</p>
 		<br />
-		<?php if($_['masterKeyEnabled'] === false): ?>
+		<?php if ($_['masterKeyEnabled'] === false): ?>
 			<p id="encryptionSetRecoveryKey">
-				<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
+				<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
 				<span class="msg"></span>
 				<br/>
 				<em>
@@ -38,11 +38,11 @@ 
 					   name="enableRecoveryKey"
 					   id="enableRecoveryKey"
 					   status="<?php p($_["recoveryEnabled"]) ?>"
-					   value="<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
+					   value="<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
 			</p>
 			<br/><br/>
 
-			<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
+			<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if ($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"'); ?>>
 				<?php p($l->t("Change recovery key password:")); ?>
 				<span class="msg"></span>
 				<br/>

Braces +9 added lines, -3 removed lines

@@ -9,10 +9,13 @@ 
 	<h3><?php p($l->t("Default encryption module")); ?></h3>
 	<?php if(!$_["initStatus"] && $_['masterKeyEnabled'] === false): ?>
 		<?php p($l->t("Encryption app is enabled but your keys are not initialized, please log-out and log-in again")); ?>
-	<?php else: ?>
+	<?php else {
+    : ?>
 		<p id="encryptHomeStorageSetting">
 			<input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
-				   value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
+				   value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"');
+}
+?> />
 			<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
 			<em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
 		</p>
@@ -42,7 +45,10 @@ 
 			</p>
 			<br/><br/>
 
-			<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
+			<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') {
+    print_unescaped('class="hidden"');
+}
+?>>
 				<?php p($l->t("Change recovery key password:")); ?>
 				<span class="msg"></span>
 				<br/>

apps/encryption/lib/Util.php

Indentation +162 added lines, -162 removed lines

@@ -36,167 +36,167 @@
 use OCP\PreConditionNotMetException;
 
 class Util {
-	/**
-	 * @var View
-	 */
-	private $files;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var bool|IUser
-	 */
-	private $user;
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IUserManager
-	 */
-	private $userManager;
-
-	/**
-	 * Util constructor.
-	 *
-	 * @param View $files
-	 * @param Crypt $crypt
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 */
-	public function __construct(View $files,
-								Crypt $crypt,
-								ILogger $logger,
-								IUserSession $userSession,
-								IConfig $config,
-								IUserManager $userManager
-	) {
-		$this->files = $files;
-		$this->crypt = $crypt;
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
-		$this->config = $config;
-		$this->userManager = $userManager;
-	}
-
-	/**
-	 * check if recovery key is enabled for user
-	 *
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function isRecoveryEnabledForUser($uid) {
-		$recoveryMode = $this->config->getUserValue($uid,
-			'encryption',
-			'recoveryEnabled',
-			'0');
-
-		return ($recoveryMode === '1');
-	}
-
-	/**
-	 * check if the home storage should be encrypted
-	 *
-	 * @return bool
-	 */
-	public function shouldEncryptHomeStorage() {
-		$encryptHomeStorage = $this->config->getAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			'1'
-		);
-
-		return ($encryptHomeStorage === '1');
-	}
-
-	/**
-	 * set the home storage encryption on/off
-	 *
-	 * @param bool $encryptHomeStorage
-	 */
-	public function setEncryptHomeStorage($encryptHomeStorage) {
-		$value = $encryptHomeStorage ? '1' : '0';
-		$this->config->setAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			$value
-		);
-	}
-
-	/**
-	 * check if master key is enabled
-	 *
-	 * @return bool
-	 */
-	public function isMasterKeyEnabled() {
-		$userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '1');
-		return ($userMasterKey === '1');
-	}
-
-	/**
-	 * @param $enabled
-	 * @return bool
-	 */
-	public function setRecoveryForUser($enabled) {
-		$value = $enabled ? '1' : '0';
-
-		try {
-			$this->config->setUserValue($this->user->getUID(),
-				'encryption',
-				'recoveryEnabled',
-				$value);
-			return true;
-		} catch (PreConditionNotMetException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function userHasFiles($uid) {
-		return $this->files->file_exists($uid . '/files');
-	}
-
-	/**
-	 * get owner from give path, path relative to data/ expected
-	 *
-	 * @param string $path relative to data/
-	 * @return string
-	 * @throws \BadMethodCallException
-	 */
-	public function getOwner($path) {
-		$owner = '';
-		$parts = explode('/', $path, 3);
-		if (count($parts) > 1) {
-			$owner = $parts[1];
-			if ($this->userManager->userExists($owner) === false) {
-				throw new \BadMethodCallException('Unknown user: ' .
-				'method expects path to a user folder relative to the data folder');
-			}
-
-		}
-
-		return $owner;
-	}
-
-	/**
-	 * get storage of path
-	 *
-	 * @param string $path
-	 * @return \OC\Files\Storage\Storage
-	 */
-	public function getStorage($path) {
-		$storage = $this->files->getMount($path)->getStorage();
-		return $storage;
-	}
+    /**
+     * @var View
+     */
+    private $files;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var bool|IUser
+     */
+    private $user;
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IUserManager
+     */
+    private $userManager;
+
+    /**
+     * Util constructor.
+     *
+     * @param View $files
+     * @param Crypt $crypt
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param IUserManager $userManager
+     */
+    public function __construct(View $files,
+                                Crypt $crypt,
+                                ILogger $logger,
+                                IUserSession $userSession,
+                                IConfig $config,
+                                IUserManager $userManager
+    ) {
+        $this->files = $files;
+        $this->crypt = $crypt;
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
+        $this->config = $config;
+        $this->userManager = $userManager;
+    }
+
+    /**
+     * check if recovery key is enabled for user
+     *
+     * @param string $uid
+     * @return bool
+     */
+    public function isRecoveryEnabledForUser($uid) {
+        $recoveryMode = $this->config->getUserValue($uid,
+            'encryption',
+            'recoveryEnabled',
+            '0');
+
+        return ($recoveryMode === '1');
+    }
+
+    /**
+     * check if the home storage should be encrypted
+     *
+     * @return bool
+     */
+    public function shouldEncryptHomeStorage() {
+        $encryptHomeStorage = $this->config->getAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            '1'
+        );
+
+        return ($encryptHomeStorage === '1');
+    }
+
+    /**
+     * set the home storage encryption on/off
+     *
+     * @param bool $encryptHomeStorage
+     */
+    public function setEncryptHomeStorage($encryptHomeStorage) {
+        $value = $encryptHomeStorage ? '1' : '0';
+        $this->config->setAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            $value
+        );
+    }
+
+    /**
+     * check if master key is enabled
+     *
+     * @return bool
+     */
+    public function isMasterKeyEnabled() {
+        $userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '1');
+        return ($userMasterKey === '1');
+    }
+
+    /**
+     * @param $enabled
+     * @return bool
+     */
+    public function setRecoveryForUser($enabled) {
+        $value = $enabled ? '1' : '0';
+
+        try {
+            $this->config->setUserValue($this->user->getUID(),
+                'encryption',
+                'recoveryEnabled',
+                $value);
+            return true;
+        } catch (PreConditionNotMetException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    public function userHasFiles($uid) {
+        return $this->files->file_exists($uid . '/files');
+    }
+
+    /**
+     * get owner from give path, path relative to data/ expected
+     *
+     * @param string $path relative to data/
+     * @return string
+     * @throws \BadMethodCallException
+     */
+    public function getOwner($path) {
+        $owner = '';
+        $parts = explode('/', $path, 3);
+        if (count($parts) > 1) {
+            $owner = $parts[1];
+            if ($this->userManager->userExists($owner) === false) {
+                throw new \BadMethodCallException('Unknown user: ' .
+                'method expects path to a user folder relative to the data folder');
+            }
+
+        }
+
+        return $owner;
+    }
+
+    /**
+     * get storage of path
+     *
+     * @param string $path
+     * @return \OC\Files\Storage\Storage
+     */
+    public function getStorage($path) {
+        $storage = $this->files->getMount($path)->getStorage();
+        return $storage;
+    }
 
 }

apps/encryption/lib/Crypto/Encryption.php

Indentation +535 added lines, -535 removed lines

@@ -43,539 +43,539 @@
 
 class Encryption implements IEncryptionModule {
 
-	const ID = 'OC_DEFAULT_MODULE';
-	const DISPLAY_NAME = 'Default encryption module';
-
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-
-	/** @var string */
-	private $cipher;
-
-	/** @var string */
-	private $path;
-
-	/** @var string */
-	private $user;
-
-	/** @var string */
-	private $fileKey;
-
-	/** @var string */
-	private $writeCache;
-
-	/** @var KeyManager */
-	private $keyManager;
-
-	/** @var array */
-	private $accessList;
-
-	/** @var boolean */
-	private $isWriteOperation;
-
-	/** @var Util */
-	private $util;
-
-	/** @var  Session */
-	private $session;
-
-	/** @var  ILogger */
-	private $logger;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var EncryptAll */
-	private $encryptAll;
-
-	/** @var  bool */
-	private $useMasterPassword;
-
-	/** @var DecryptAll  */
-	private $decryptAll;
-
-	/** @var int unencrypted block size if block contains signature */
-	private $unencryptedBlockSizeSigned = 6072;
-
-	/** @var int unencrypted block size */
-	private $unencryptedBlockSize = 6126;
-
-	/** @var int Current version of the file */
-	private $version = 0;
-
-	/** @var array remember encryption signature version */
-	private static $rememberVersion = [];
-
-
-	/**
-	 *
-	 * @param Crypt $crypt
-	 * @param KeyManager $keyManager
-	 * @param Util $util
-	 * @param Session $session
-	 * @param EncryptAll $encryptAll
-	 * @param DecryptAll $decryptAll
-	 * @param ILogger $logger
-	 * @param IL10N $il10n
-	 */
-	public function __construct(Crypt $crypt,
-								KeyManager $keyManager,
-								Util $util,
-								Session $session,
-								EncryptAll $encryptAll,
-								DecryptAll $decryptAll,
-								ILogger $logger,
-								IL10N $il10n) {
-		$this->crypt = $crypt;
-		$this->keyManager = $keyManager;
-		$this->util = $util;
-		$this->session = $session;
-		$this->encryptAll = $encryptAll;
-		$this->decryptAll = $decryptAll;
-		$this->logger = $logger;
-		$this->l = $il10n;
-		$this->useMasterPassword = $util->isMasterKeyEnabled();
-	}
-
-	/**
-	 * @return string defining the technical unique id
-	 */
-	public function getId() {
-		return self::ID;
-	}
-
-	/**
-	 * In comparison to getKey() this function returns a human readable (maybe translated) name
-	 *
-	 * @return string
-	 */
-	public function getDisplayName() {
-		return self::DISPLAY_NAME;
-	}
-
-	/**
-	 * start receiving chunks from a file. This is the place where you can
-	 * perform some initial step before starting encrypting/decrypting the
-	 * chunks
-	 *
-	 * @param string $path to the file
-	 * @param string $user who read/write the file
-	 * @param string $mode php stream open mode
-	 * @param array $header contains the header data read from the file
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 *
-	 * @return array $header contain data as key-value pairs which should be
-	 *                       written to the header, in case of a write operation
-	 *                       or if no additional data is needed return a empty array
-	 */
-	public function begin($path, $user, $mode, array $header, array $accessList) {
-		$this->path = $this->getPathToRealFile($path);
-		$this->accessList = $accessList;
-		$this->user = $user;
-		$this->isWriteOperation = false;
-		$this->writeCache = '';
-
-		if($this->session->isReady() === false) {
-			// if the master key is enabled we can initialize encryption
-			// with a empty password and user name
-			if ($this->util->isMasterKeyEnabled()) {
-				$this->keyManager->init('', '');
-			}
-		}
-
-		if ($this->session->decryptAllModeActivated()) {
-			$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
-			$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
-			$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$this->session->getDecryptAllKey());
-		} else {
-			$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
-		}
-
-		// always use the version from the original file, also part files
-		// need to have a correct version number if they get moved over to the
-		// final location
-		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
-
-		if (
-			$mode === 'w'
-			|| $mode === 'w+'
-			|| $mode === 'wb'
-			|| $mode === 'wb+'
-		) {
-			$this->isWriteOperation = true;
-			if (empty($this->fileKey)) {
-				$this->fileKey = $this->crypt->generateFileKey();
-			}
-		} else {
-			// if we read a part file we need to increase the version by 1
-			// because the version number was also increased by writing
-			// the part file
-			if(Scanner::isPartialFile($path)) {
-				$this->version = $this->version + 1;
-			}
-		}
-
-		if ($this->isWriteOperation) {
-			$this->cipher = $this->crypt->getCipher();
-		} elseif (isset($header['cipher'])) {
-			$this->cipher = $header['cipher'];
-		} else {
-			// if we read a file without a header we fall-back to the legacy cipher
-			// which was used in <=oC6
-			$this->cipher = $this->crypt->getLegacyCipher();
-		}
-
-		return array('cipher' => $this->cipher, 'signed' => 'true');
-	}
-
-	/**
-	 * last chunk received. This is the place where you can perform some final
-	 * operation and return some remaining data if something is left in your
-	 * buffer.
-	 *
-	 * @param string $path to the file
-	 * @param int $position
-	 * @return string remained data which should be written to the file in case
-	 *                of a write operation
-	 * @throws PublicKeyMissingException
-	 * @throws \Exception
-	 * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
-	 */
-	public function end($path, $position = 0) {
-		$result = '';
-		if ($this->isWriteOperation) {
-			$this->keyManager->setVersion($path, $this->version + 1, new View());
-			// in case of a part file we remember the new signature versions
-			// the version will be set later on update.
-			// This way we make sure that other apps listening to the pre-hooks
-			// still get the old version which should be the correct value for them
-			if (Scanner::isPartialFile($path)) {
-				self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
-			}
-			if (!empty($this->writeCache)) {
-				$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
-				$this->writeCache = '';
-			}
-			$publicKeys = array();
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($this->accessList['users'] as $uid) {
-					try {
-						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning(
-							'no public key found for user "{uid}", user will not be able to read the file',
-							['app' => 'encryption', 'uid' => $uid]
-						);
-						// if the public key of the owner is missing we should fail
-						if ($uid === $this->user) {
-							throw $e;
-						}
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
-			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
-			$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
-		}
-		return $result;
-	}
-
-	/**
-	 * encrypt data
-	 *
-	 * @param string $data you want to encrypt
-	 * @param int $position
-	 * @return string encrypted data
-	 */
-	public function encrypt($data, $position = 0) {
-		// If extra data is left over from the last round, make sure it
-		// is integrated into the next block
-		if ($this->writeCache) {
-
-			// Concat writeCache to start of $data
-			$data = $this->writeCache . $data;
-
-			// Clear the write cache, ready for reuse - it has been
-			// flushed and its old contents processed
-			$this->writeCache = '';
-
-		}
-
-		$encrypted = '';
-		// While there still remains some data to be processed & written
-		while (strlen($data) > 0) {
-
-			// Remaining length for this iteration, not of the
-			// entire file (may be greater than 8192 bytes)
-			$remainingLength = strlen($data);
-
-			// If data remaining to be written is less than the
-			// size of 1 6126 byte block
-			if ($remainingLength < $this->unencryptedBlockSizeSigned) {
-
-				// Set writeCache to contents of $data
-				// The writeCache will be carried over to the
-				// next write round, and added to the start of
-				// $data to ensure that written blocks are
-				// always the correct length. If there is still
-				// data in writeCache after the writing round
-				// has finished, then the data will be written
-				// to disk by $this->flush().
-				$this->writeCache = $data;
-
-				// Clear $data ready for next round
-				$data = '';
-
-			} else {
-
-				// Read the chunk from the start of $data
-				$chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
-
-				$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
-
-				// Remove the chunk we just processed from
-				// $data, leaving only unprocessed data in $data
-				// var, for handling on the next round
-				$data = substr($data, $this->unencryptedBlockSizeSigned);
-
-			}
-
-		}
-
-		return $encrypted;
-	}
-
-	/**
-	 * decrypt data
-	 *
-	 * @param string $data you want to decrypt
-	 * @param int $position
-	 * @return string decrypted data
-	 * @throws DecryptionFailedException
-	 */
-	public function decrypt($data, $position = 0) {
-		if (empty($this->fileKey)) {
-			$msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
-			$hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-			$this->logger->error($msg);
-
-			throw new DecryptionFailedException($msg, $hint);
-		}
-
-		return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
-	}
-
-	/**
-	 * update encrypted file, e.g. give additional users access to the file
-	 *
-	 * @param string $path path to the file which should be updated
-	 * @param string $uid of the user who performs the operation
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 * @return boolean
-	 */
-	public function update($path, $uid, array $accessList) {
-
-		if (empty($accessList)) {
-			if (isset(self::$rememberVersion[$path])) {
-				$this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
-				unset(self::$rememberVersion[$path]);
-			}
-			return;
-		}
-
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-
-		if (!empty($fileKey)) {
-
-			$publicKeys = array();
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($accessList['users'] as $user) {
-					try {
-						$publicKeys[$user] = $this->keyManager->getPublicKey($user);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
-
-			$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-
-			$this->keyManager->deleteAllFileKeys($path);
-
-			$this->keyManager->setAllFileKeys($path, $encryptedFileKey);
-
-		} else {
-			$this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
-				array('file' => $path, 'app' => 'encryption'));
-
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * should the file be encrypted or not
-	 *
-	 * @param string $path
-	 * @return boolean
-	 */
-	public function shouldEncrypt($path) {
-		if ($this->util->shouldEncryptHomeStorage() === false) {
-			$storage = $this->util->getStorage($path);
-			if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
-				return false;
-			}
-		}
-		$parts = explode('/', $path);
-		if (count($parts) < 4) {
-			return false;
-		}
-
-		if ($parts[2] == 'files') {
-			return true;
-		}
-		if ($parts[2] == 'files_versions') {
-			return true;
-		}
-		if ($parts[2] == 'files_trashbin') {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * get size of the unencrypted payload per block.
-	 * Nextcloud read/write files with a block size of 8192 byte
-	 *
-	 * @param bool $signed
-	 * @return int
-	 */
-	public function getUnencryptedBlockSize($signed = false) {
-		if ($signed === false) {
-			return $this->unencryptedBlockSize;
-		}
-
-		return $this->unencryptedBlockSizeSigned;
-	}
-
-	/**
-	 * check if the encryption module is able to read the file,
-	 * e.g. if all encryption keys exists
-	 *
-	 * @param string $path
-	 * @param string $uid user for whom we want to check if he can read the file
-	 * @return bool
-	 * @throws DecryptionFailedException
-	 */
-	public function isReadable($path, $uid) {
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-		if (empty($fileKey)) {
-			$owner = $this->util->getOwner($path);
-			if ($owner !== $uid) {
-				// if it is a shared file we throw a exception with a useful
-				// error message because in this case it means that the file was
-				// shared with the user at a point where the user didn't had a
-				// valid private/public key
-				$msg = 'Encryption module "' . $this->getDisplayName() .
-					'" is not able to read ' . $path;
-				$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-				$this->logger->warning($msg);
-				throw new DecryptionFailedException($msg, $hint);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Initial encryption of all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output write some status information to the terminal during encryption
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output) {
-		$this->encryptAll->encryptAll($input, $output);
-	}
-
-	/**
-	 * prepare module to perform decrypt all operation
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param string $user
-	 * @return bool
-	 */
-	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
-		return $this->decryptAll->prepare($input, $output, $user);
-	}
-
-
-	/**
-	 * @param string $path
-	 * @return string
-	 */
-	protected function getPathToRealFile($path) {
-		$realPath = $path;
-		$parts = explode('/', $path);
-		if ($parts[2] === 'files_versions') {
-			$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
-			$length = strrpos($realPath, '.');
-			$realPath = substr($realPath, 0, $length);
-		}
-
-		return $realPath;
-	}
-
-	/**
-	 * remove .part file extension and the ocTransferId from the file to get the
-	 * original file name
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function stripPartFileExtension($path) {
-		if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
-			$pos = strrpos($path, '.', -6);
-			$path = substr($path, 0, $pos);
-		}
-
-		return $path;
-	}
-
-	/**
-	 * Check if the module is ready to be used by that specific user.
-	 * In case a module is not ready - because e.g. key pairs have not been generated
-	 * upon login this method can return false before any operation starts and might
-	 * cause issues during operations.
-	 *
-	 * @param string $user
-	 * @return boolean
-	 * @since 9.1.0
-	 */
-	public function isReadyForUser($user) {
-		return $this->keyManager->userHasKeys($user);
-	}
-
-	/**
-	 * We only need a detailed access list if the master key is not enabled
-	 *
-	 * @return bool
-	 */
-	public function needDetailedAccessList() {
-		return !$this->util->isMasterKeyEnabled();
-	}
+    const ID = 'OC_DEFAULT_MODULE';
+    const DISPLAY_NAME = 'Default encryption module';
+
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+
+    /** @var string */
+    private $cipher;
+
+    /** @var string */
+    private $path;
+
+    /** @var string */
+    private $user;
+
+    /** @var string */
+    private $fileKey;
+
+    /** @var string */
+    private $writeCache;
+
+    /** @var KeyManager */
+    private $keyManager;
+
+    /** @var array */
+    private $accessList;
+
+    /** @var boolean */
+    private $isWriteOperation;
+
+    /** @var Util */
+    private $util;
+
+    /** @var  Session */
+    private $session;
+
+    /** @var  ILogger */
+    private $logger;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var EncryptAll */
+    private $encryptAll;
+
+    /** @var  bool */
+    private $useMasterPassword;
+
+    /** @var DecryptAll  */
+    private $decryptAll;
+
+    /** @var int unencrypted block size if block contains signature */
+    private $unencryptedBlockSizeSigned = 6072;
+
+    /** @var int unencrypted block size */
+    private $unencryptedBlockSize = 6126;
+
+    /** @var int Current version of the file */
+    private $version = 0;
+
+    /** @var array remember encryption signature version */
+    private static $rememberVersion = [];
+
+
+    /**
+     *
+     * @param Crypt $crypt
+     * @param KeyManager $keyManager
+     * @param Util $util
+     * @param Session $session
+     * @param EncryptAll $encryptAll
+     * @param DecryptAll $decryptAll
+     * @param ILogger $logger
+     * @param IL10N $il10n
+     */
+    public function __construct(Crypt $crypt,
+                                KeyManager $keyManager,
+                                Util $util,
+                                Session $session,
+                                EncryptAll $encryptAll,
+                                DecryptAll $decryptAll,
+                                ILogger $logger,
+                                IL10N $il10n) {
+        $this->crypt = $crypt;
+        $this->keyManager = $keyManager;
+        $this->util = $util;
+        $this->session = $session;
+        $this->encryptAll = $encryptAll;
+        $this->decryptAll = $decryptAll;
+        $this->logger = $logger;
+        $this->l = $il10n;
+        $this->useMasterPassword = $util->isMasterKeyEnabled();
+    }
+
+    /**
+     * @return string defining the technical unique id
+     */
+    public function getId() {
+        return self::ID;
+    }
+
+    /**
+     * In comparison to getKey() this function returns a human readable (maybe translated) name
+     *
+     * @return string
+     */
+    public function getDisplayName() {
+        return self::DISPLAY_NAME;
+    }
+
+    /**
+     * start receiving chunks from a file. This is the place where you can
+     * perform some initial step before starting encrypting/decrypting the
+     * chunks
+     *
+     * @param string $path to the file
+     * @param string $user who read/write the file
+     * @param string $mode php stream open mode
+     * @param array $header contains the header data read from the file
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     *
+     * @return array $header contain data as key-value pairs which should be
+     *                       written to the header, in case of a write operation
+     *                       or if no additional data is needed return a empty array
+     */
+    public function begin($path, $user, $mode, array $header, array $accessList) {
+        $this->path = $this->getPathToRealFile($path);
+        $this->accessList = $accessList;
+        $this->user = $user;
+        $this->isWriteOperation = false;
+        $this->writeCache = '';
+
+        if($this->session->isReady() === false) {
+            // if the master key is enabled we can initialize encryption
+            // with a empty password and user name
+            if ($this->util->isMasterKeyEnabled()) {
+                $this->keyManager->init('', '');
+            }
+        }
+
+        if ($this->session->decryptAllModeActivated()) {
+            $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
+            $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
+            $this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $this->session->getDecryptAllKey());
+        } else {
+            $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+        }
+
+        // always use the version from the original file, also part files
+        // need to have a correct version number if they get moved over to the
+        // final location
+        $this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
+
+        if (
+            $mode === 'w'
+            || $mode === 'w+'
+            || $mode === 'wb'
+            || $mode === 'wb+'
+        ) {
+            $this->isWriteOperation = true;
+            if (empty($this->fileKey)) {
+                $this->fileKey = $this->crypt->generateFileKey();
+            }
+        } else {
+            // if we read a part file we need to increase the version by 1
+            // because the version number was also increased by writing
+            // the part file
+            if(Scanner::isPartialFile($path)) {
+                $this->version = $this->version + 1;
+            }
+        }
+
+        if ($this->isWriteOperation) {
+            $this->cipher = $this->crypt->getCipher();
+        } elseif (isset($header['cipher'])) {
+            $this->cipher = $header['cipher'];
+        } else {
+            // if we read a file without a header we fall-back to the legacy cipher
+            // which was used in <=oC6
+            $this->cipher = $this->crypt->getLegacyCipher();
+        }
+
+        return array('cipher' => $this->cipher, 'signed' => 'true');
+    }
+
+    /**
+     * last chunk received. This is the place where you can perform some final
+     * operation and return some remaining data if something is left in your
+     * buffer.
+     *
+     * @param string $path to the file
+     * @param int $position
+     * @return string remained data which should be written to the file in case
+     *                of a write operation
+     * @throws PublicKeyMissingException
+     * @throws \Exception
+     * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
+     */
+    public function end($path, $position = 0) {
+        $result = '';
+        if ($this->isWriteOperation) {
+            $this->keyManager->setVersion($path, $this->version + 1, new View());
+            // in case of a part file we remember the new signature versions
+            // the version will be set later on update.
+            // This way we make sure that other apps listening to the pre-hooks
+            // still get the old version which should be the correct value for them
+            if (Scanner::isPartialFile($path)) {
+                self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
+            }
+            if (!empty($this->writeCache)) {
+                $result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
+                $this->writeCache = '';
+            }
+            $publicKeys = array();
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($this->accessList['users'] as $uid) {
+                    try {
+                        $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning(
+                            'no public key found for user "{uid}", user will not be able to read the file',
+                            ['app' => 'encryption', 'uid' => $uid]
+                        );
+                        // if the public key of the owner is missing we should fail
+                        if ($uid === $this->user) {
+                            throw $e;
+                        }
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
+            $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
+            $this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
+        }
+        return $result;
+    }
+
+    /**
+     * encrypt data
+     *
+     * @param string $data you want to encrypt
+     * @param int $position
+     * @return string encrypted data
+     */
+    public function encrypt($data, $position = 0) {
+        // If extra data is left over from the last round, make sure it
+        // is integrated into the next block
+        if ($this->writeCache) {
+
+            // Concat writeCache to start of $data
+            $data = $this->writeCache . $data;
+
+            // Clear the write cache, ready for reuse - it has been
+            // flushed and its old contents processed
+            $this->writeCache = '';
+
+        }
+
+        $encrypted = '';
+        // While there still remains some data to be processed & written
+        while (strlen($data) > 0) {
+
+            // Remaining length for this iteration, not of the
+            // entire file (may be greater than 8192 bytes)
+            $remainingLength = strlen($data);
+
+            // If data remaining to be written is less than the
+            // size of 1 6126 byte block
+            if ($remainingLength < $this->unencryptedBlockSizeSigned) {
+
+                // Set writeCache to contents of $data
+                // The writeCache will be carried over to the
+                // next write round, and added to the start of
+                // $data to ensure that written blocks are
+                // always the correct length. If there is still
+                // data in writeCache after the writing round
+                // has finished, then the data will be written
+                // to disk by $this->flush().
+                $this->writeCache = $data;
+
+                // Clear $data ready for next round
+                $data = '';
+
+            } else {
+
+                // Read the chunk from the start of $data
+                $chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
+
+                $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
+
+                // Remove the chunk we just processed from
+                // $data, leaving only unprocessed data in $data
+                // var, for handling on the next round
+                $data = substr($data, $this->unencryptedBlockSizeSigned);
+
+            }
+
+        }
+
+        return $encrypted;
+    }
+
+    /**
+     * decrypt data
+     *
+     * @param string $data you want to decrypt
+     * @param int $position
+     * @return string decrypted data
+     * @throws DecryptionFailedException
+     */
+    public function decrypt($data, $position = 0) {
+        if (empty($this->fileKey)) {
+            $msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
+            $hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+            $this->logger->error($msg);
+
+            throw new DecryptionFailedException($msg, $hint);
+        }
+
+        return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
+    }
+
+    /**
+     * update encrypted file, e.g. give additional users access to the file
+     *
+     * @param string $path path to the file which should be updated
+     * @param string $uid of the user who performs the operation
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     * @return boolean
+     */
+    public function update($path, $uid, array $accessList) {
+
+        if (empty($accessList)) {
+            if (isset(self::$rememberVersion[$path])) {
+                $this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
+                unset(self::$rememberVersion[$path]);
+            }
+            return;
+        }
+
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+
+        if (!empty($fileKey)) {
+
+            $publicKeys = array();
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($accessList['users'] as $user) {
+                    try {
+                        $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
+
+            $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+
+            $this->keyManager->deleteAllFileKeys($path);
+
+            $this->keyManager->setAllFileKeys($path, $encryptedFileKey);
+
+        } else {
+            $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
+                array('file' => $path, 'app' => 'encryption'));
+
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * should the file be encrypted or not
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public function shouldEncrypt($path) {
+        if ($this->util->shouldEncryptHomeStorage() === false) {
+            $storage = $this->util->getStorage($path);
+            if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
+                return false;
+            }
+        }
+        $parts = explode('/', $path);
+        if (count($parts) < 4) {
+            return false;
+        }
+
+        if ($parts[2] == 'files') {
+            return true;
+        }
+        if ($parts[2] == 'files_versions') {
+            return true;
+        }
+        if ($parts[2] == 'files_trashbin') {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * get size of the unencrypted payload per block.
+     * Nextcloud read/write files with a block size of 8192 byte
+     *
+     * @param bool $signed
+     * @return int
+     */
+    public function getUnencryptedBlockSize($signed = false) {
+        if ($signed === false) {
+            return $this->unencryptedBlockSize;
+        }
+
+        return $this->unencryptedBlockSizeSigned;
+    }
+
+    /**
+     * check if the encryption module is able to read the file,
+     * e.g. if all encryption keys exists
+     *
+     * @param string $path
+     * @param string $uid user for whom we want to check if he can read the file
+     * @return bool
+     * @throws DecryptionFailedException
+     */
+    public function isReadable($path, $uid) {
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+        if (empty($fileKey)) {
+            $owner = $this->util->getOwner($path);
+            if ($owner !== $uid) {
+                // if it is a shared file we throw a exception with a useful
+                // error message because in this case it means that the file was
+                // shared with the user at a point where the user didn't had a
+                // valid private/public key
+                $msg = 'Encryption module "' . $this->getDisplayName() .
+                    '" is not able to read ' . $path;
+                $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+                $this->logger->warning($msg);
+                throw new DecryptionFailedException($msg, $hint);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Initial encryption of all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output write some status information to the terminal during encryption
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output) {
+        $this->encryptAll->encryptAll($input, $output);
+    }
+
+    /**
+     * prepare module to perform decrypt all operation
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param string $user
+     * @return bool
+     */
+    public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
+        return $this->decryptAll->prepare($input, $output, $user);
+    }
+
+
+    /**
+     * @param string $path
+     * @return string
+     */
+    protected function getPathToRealFile($path) {
+        $realPath = $path;
+        $parts = explode('/', $path);
+        if ($parts[2] === 'files_versions') {
+            $realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
+            $length = strrpos($realPath, '.');
+            $realPath = substr($realPath, 0, $length);
+        }
+
+        return $realPath;
+    }
+
+    /**
+     * remove .part file extension and the ocTransferId from the file to get the
+     * original file name
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function stripPartFileExtension($path) {
+        if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
+            $pos = strrpos($path, '.', -6);
+            $path = substr($path, 0, $pos);
+        }
+
+        return $path;
+    }
+
+    /**
+     * Check if the module is ready to be used by that specific user.
+     * In case a module is not ready - because e.g. key pairs have not been generated
+     * upon login this method can return false before any operation starts and might
+     * cause issues during operations.
+     *
+     * @param string $user
+     * @return boolean
+     * @since 9.1.0
+     */
+    public function isReadyForUser($user) {
+        return $this->keyManager->userHasKeys($user);
+    }
+
+    /**
+     * We only need a detailed access list if the master key is not enabled
+     *
+     * @return bool
+     */
+    public function needDetailedAccessList() {
+        return !$this->util->isMasterKeyEnabled();
+    }
 }

apps/encryption/lib/Migration/SetMasterKeyStatus.php

Indentation +32 added lines, -32 removed lines

@@ -35,43 +35,43 @@
 class SetMasterKeyStatus implements IRepairStep {
 
 
-	/** @var  IConfig */
-	private $config;
+    /** @var  IConfig */
+    private $config;
 
 
-	public function __construct(IConfig $config) {
-		$this->config = $config;
-	}
+    public function __construct(IConfig $config) {
+        $this->config = $config;
+    }
 
-	/**
-	 * Returns the step's name
-	 *
-	 * @return string
-	 * @since 9.1.0
-	 */
-	public function getName() {
-		return 'Write default encryption module configuration to the database';
-	}
+    /**
+     * Returns the step's name
+     *
+     * @return string
+     * @since 9.1.0
+     */
+    public function getName() {
+        return 'Write default encryption module configuration to the database';
+    }
 
-	/**
-	 * @param IOutput $output
-	 */
-	public function run(IOutput $output) {
-		if (!$this->shouldRun()) {
-			return;
-		}
+    /**
+     * @param IOutput $output
+     */
+    public function run(IOutput $output) {
+        if (!$this->shouldRun()) {
+            return;
+        }
 
-		// if no config for the master key is set we set it explicitly to '0' in
-		// order not to break old installations because the default changed to '1'.
-		$configAlreadySet = $this->config->getAppValue('encryption', 'useMasterKey', false);
-		if ($configAlreadySet === false) {
-			$this->config->setAppValue('encryption', 'useMasterKey', '0');
-		}
-	}
+        // if no config for the master key is set we set it explicitly to '0' in
+        // order not to break old installations because the default changed to '1'.
+        $configAlreadySet = $this->config->getAppValue('encryption', 'useMasterKey', false);
+        if ($configAlreadySet === false) {
+            $this->config->setAppValue('encryption', 'useMasterKey', '0');
+        }
+    }
 
-	protected function shouldRun() {
-		$appVersion = $this->config->getAppValue('encryption', 'installed_version', '0.0.0');
-		return version_compare($appVersion, '2.0.0', '<');
-	}
+    protected function shouldRun() {
+        $appVersion = $this->config->getAppValue('encryption', 'installed_version', '0.0.0');
+        return version_compare($appVersion, '2.0.0', '<');
+    }
 
 }

apps/encryption/lib/Controller/StatusController.php

Indentation +68 added lines, -68 removed lines

@@ -34,79 +34,79 @@
 
 class StatusController extends Controller {
 
-	/** @var IL10N */
-	private $l;
+    /** @var IL10N */
+    private $l;
 
-	/** @var Session */
-	private $session;
+    /** @var Session */
+    private $session;
 
-	/** @var IManager */
-	private $encryptionManager;
+    /** @var IManager */
+    private $encryptionManager;
 
-	/**
-	 * @param string $AppName
-	 * @param IRequest $request
-	 * @param IL10N $l10n
-	 * @param Session $session
-	 * @param IManager $encryptionManager
-	 */
-	public function __construct($AppName,
-								IRequest $request,
-								IL10N $l10n,
-								Session $session,
-								IManager $encryptionManager
-								) {
-		parent::__construct($AppName, $request);
-		$this->l = $l10n;
-		$this->session = $session;
-		$this->encryptionManager = $encryptionManager;
-	}
+    /**
+     * @param string $AppName
+     * @param IRequest $request
+     * @param IL10N $l10n
+     * @param Session $session
+     * @param IManager $encryptionManager
+     */
+    public function __construct($AppName,
+                                IRequest $request,
+                                IL10N $l10n,
+                                Session $session,
+                                IManager $encryptionManager
+                                ) {
+        parent::__construct($AppName, $request);
+        $this->l = $l10n;
+        $this->session = $session;
+        $this->encryptionManager = $encryptionManager;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @return DataResponse
-	 */
-	public function getStatus() {
+    /**
+     * @NoAdminRequired
+     * @return DataResponse
+     */
+    public function getStatus() {
 
-		$status = 'error';
-		$message = 'no valid init status';
-		switch( $this->session->getStatus()) {
-			case Session::RUN_MIGRATION:
-				$status = 'interactionNeeded';
-				$message = (string)$this->l->t(
-					'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please run \'occ encryption:migrate\' or contact your administrator'
-				);
-				break;
-			case Session::INIT_EXECUTED:
-				$status = 'interactionNeeded';
-				$message = (string)$this->l->t(
-					'Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.'
-				);
-				break;
-			case Session::NOT_INITIALIZED:
-				$status = 'interactionNeeded';
-				if ($this->encryptionManager->isEnabled()) {
-					$message = (string)$this->l->t(
-						'Encryption App is enabled, but your keys are not initialized. Please log-out and log-in again.'
-					);
-				} else {
-					$message = (string)$this->l->t(
-						'Please enable server side encryption in the admin settings in order to use the encryption module.'
-					);
-				}
-				break;
-			case Session::INIT_SUCCESSFUL:
-				$status = 'success';
-				$message = (string)$this->l->t('Encryption app is enabled and ready');
-		}
+        $status = 'error';
+        $message = 'no valid init status';
+        switch( $this->session->getStatus()) {
+            case Session::RUN_MIGRATION:
+                $status = 'interactionNeeded';
+                $message = (string)$this->l->t(
+                    'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please run \'occ encryption:migrate\' or contact your administrator'
+                );
+                break;
+            case Session::INIT_EXECUTED:
+                $status = 'interactionNeeded';
+                $message = (string)$this->l->t(
+                    'Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.'
+                );
+                break;
+            case Session::NOT_INITIALIZED:
+                $status = 'interactionNeeded';
+                if ($this->encryptionManager->isEnabled()) {
+                    $message = (string)$this->l->t(
+                        'Encryption App is enabled, but your keys are not initialized. Please log-out and log-in again.'
+                    );
+                } else {
+                    $message = (string)$this->l->t(
+                        'Please enable server side encryption in the admin settings in order to use the encryption module.'
+                    );
+                }
+                break;
+            case Session::INIT_SUCCESSFUL:
+                $status = 'success';
+                $message = (string)$this->l->t('Encryption app is enabled and ready');
+        }
 
-		return new DataResponse(
-			[
-				'status' => $status,
-				'data' => [
-					'message' => $message]
-			]
-		);
-	}
+        return new DataResponse(
+            [
+                'status' => $status,
+                'data' => [
+                    'message' => $message]
+            ]
+        );
+    }
 
 }

Spacing +6 added lines, -6 removed lines

@@ -70,34 +70,34 @@
 
 		$status = 'error';
 		$message = 'no valid init status';
-		switch( $this->session->getStatus()) {
+		switch ($this->session->getStatus()) {
 			case Session::RUN_MIGRATION:
 				$status = 'interactionNeeded';
-				$message = (string)$this->l->t(
+				$message = (string) $this->l->t(
 					'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please run \'occ encryption:migrate\' or contact your administrator'
 				);
 				break;
 			case Session::INIT_EXECUTED:
 				$status = 'interactionNeeded';
-				$message = (string)$this->l->t(
+				$message = (string) $this->l->t(
 					'Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.'
 				);
 				break;
 			case Session::NOT_INITIALIZED:
 				$status = 'interactionNeeded';
 				if ($this->encryptionManager->isEnabled()) {
-					$message = (string)$this->l->t(
+					$message = (string) $this->l->t(
 						'Encryption App is enabled, but your keys are not initialized. Please log-out and log-in again.'
 					);
 				} else {
-					$message = (string)$this->l->t(
+					$message = (string) $this->l->t(
 						'Please enable server side encryption in the admin settings in order to use the encryption module.'
 					);
 				}
 				break;
 			case Session::INIT_SUCCESSFUL:
 				$status = 'success';
-				$message = (string)$this->l->t('Encryption app is enabled and ready');
+				$message = (string) $this->l->t('Encryption app is enabled and ready');
 		}
 
 		return new DataResponse(

apps/encryption/lib/Command/DisableMasterKey.php

Indentation +52 added lines, -52 removed lines

@@ -33,57 +33,57 @@
 
 class DisableMasterKey extends Command {
 
-	/** @var Util */
-	protected $util;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/**
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(Util $util,
-								IConfig $config,
-								QuestionHelper $questionHelper) {
-
-		$this->util = $util;
-		$this->config = $config;
-		$this->questionHelper = $questionHelper;
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('encryption:disable-master-key')
-			->setDescription('Disable the master key and use per-user keys instead. Only available for fresh installations with no existing encrypted data! There is no way to enable it again.');
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-
-		$isMasterKeyEnabled = $this->util->isMasterKeyEnabled();
-
-		if(!$isMasterKeyEnabled) {
-			$output->writeln('Master key already disabled');
-		} else {
-			$question = new ConfirmationQuestion(
-				'Warning: Only perform this operation for a fresh installations with no existing encrypted data! '
-				. 'There is no way to enable the master key again. '
-				. 'We strongly recommend to keep the master key, it provides significant performance improvements '
-				. 'and is easier to handle for both, users and administrators. '
-				. 'Do you really want to switch to per-user keys? (y/n) ', false);
-			if ($this->questionHelper->ask($input, $output, $question)) {
-				$this->config->setAppValue('encryption', 'useMasterKey', '0');
-				$output->writeln('Master key successfully disabled.');
-			} else {
-				$output->writeln('aborted.');
-			}
-		}
-
-	}
+    /** @var Util */
+    protected $util;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /**
+     * @param Util $util
+     * @param IConfig $config
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(Util $util,
+                                IConfig $config,
+                                QuestionHelper $questionHelper) {
+
+        $this->util = $util;
+        $this->config = $config;
+        $this->questionHelper = $questionHelper;
+        parent::__construct();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('encryption:disable-master-key')
+            ->setDescription('Disable the master key and use per-user keys instead. Only available for fresh installations with no existing encrypted data! There is no way to enable it again.');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output) {
+
+        $isMasterKeyEnabled = $this->util->isMasterKeyEnabled();
+
+        if(!$isMasterKeyEnabled) {
+            $output->writeln('Master key already disabled');
+        } else {
+            $question = new ConfirmationQuestion(
+                'Warning: Only perform this operation for a fresh installations with no existing encrypted data! '
+                . 'There is no way to enable the master key again. '
+                . 'We strongly recommend to keep the master key, it provides significant performance improvements '
+                . 'and is easier to handle for both, users and administrators. '
+                . 'Do you really want to switch to per-user keys? (y/n) ', false);
+            if ($this->questionHelper->ask($input, $output, $question)) {
+                $this->config->setAppValue('encryption', 'useMasterKey', '0');
+                $output->writeln('Master key successfully disabled.');
+            } else {
+                $output->writeln('aborted.');
+            }
+        }
+
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -67,7 +67,7 @@
 
 		$isMasterKeyEnabled = $this->util->isMasterKeyEnabled();
 
-		if(!$isMasterKeyEnabled) {
+		if (!$isMasterKeyEnabled) {
 			$output->writeln('Master key already disabled');
 		} else {
 			$question = new ConfirmationQuestion(