[Pkg-owncloud-commits] [owncloud] 35/59: introduce some encryption exceptions and catch additional error cases

David Prévot taffit at moszumanska.debian.org
Fri Jul 18 16:19:28 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit ad249155ecc0152e29e4eb4077000d5a8f1c1e77
Author: Bjoern Schiessle <schiessle at owncloud.com>
Date:   Wed Jul 16 12:06:00 2014 +0200

    introduce some encryption exceptions and catch additional error cases
---
 apps/files_encryption/appinfo/app.php    |  4 +++
 apps/files_encryption/lib/crypt.php      | 23 +++++-----------
 apps/files_encryption/lib/exceptions.php | 46 ++++++++++++++++++++++++++++++++
 apps/files_encryption/lib/util.php       | 25 ++++++++++-------
 4 files changed, 73 insertions(+), 25 deletions(-)

diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php
index 104e856..a90f618 100644
--- a/apps/files_encryption/appinfo/app.php
+++ b/apps/files_encryption/appinfo/app.php
@@ -10,6 +10,10 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php';
 OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php';
 OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php';
 
+// Exceptions
+OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyEncryptException'] = 'files_encryption/lib/exceptions.php';
+OC::$CLASSPATH['OCA\Encryption\Exceptions\MultiKeyDecryptException'] = 'files_encryption/lib/exceptions.php';
+
 \OCP\Util::addscript('files_encryption', 'encryption');
 \OCP\Util::addscript('files_encryption', 'detect-migration');
 
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index ee2c402..69ccce0 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -390,6 +390,7 @@ class Crypt {
 	 * @param string $plainContent content to be encrypted
 	 * @param array $publicKeys array keys must be the userId of corresponding user
 	 * @return array keys: keys (array, key = userId), data
+	 * @throws \OCA\Encryption\Exceptions\\MultiKeyEncryptException if encryption failed
 	 * @note symmetricDecryptFileContent() can decrypt files created using this method
 	 */
 	public static function multiKeyEncrypt($plainContent, array $publicKeys) {
@@ -397,9 +398,7 @@ class Crypt {
 		// openssl_seal returns false without errors if $plainContent
 		// is empty, so trigger our own error
 		if (empty($plainContent)) {
-
-			throw new \Exception('Cannot mutliKeyEncrypt empty plain content');
-
+			throw new Exceptions\MultiKeyEncryptException('Cannot mutliKeyEncrypt empty plain content', 10);
 		}
 
 		// Set empty vars to be set by openssl by reference
@@ -426,9 +425,7 @@ class Crypt {
 			);
 
 		} else {
-
-			return false;
-
+			throw new Exceptions\MultiKeyEncryptException('multi key encryption failed: ' . openssl_error_string(), 20);
 		}
 
 	}
@@ -438,8 +435,8 @@ class Crypt {
 	 * @param string $encryptedContent
 	 * @param string $shareKey
 	 * @param mixed $privateKey
-	 * @return false|string
-	 * @internal param string $plainContent content to be encrypted
+	 * @throws \OCA\Encryption\Exceptions\\MultiKeyDecryptException if decryption failed
+	 * @internal param string $plainContent contains decrypted content
 	 * @return string $plainContent decrypted string
 	 * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
 	 *
@@ -448,9 +445,7 @@ class Crypt {
 	public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) {
 
 		if (!$encryptedContent) {
-
-			return false;
-
+			throw new Exceptions\MultiKeyDecryptException('Cannot mutliKeyDecrypt empty plain content', 10);
 		}
 
 		if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {
@@ -458,11 +453,7 @@ class Crypt {
 			return $plainContent;
 
 		} else {
-
-			\OCP\Util::writeLog('Encryption library', 'Decryption (asymmetric) of sealed content with share-key "'.$shareKey.'" failed', \OCP\Util::ERROR);
-
-			return false;
-
+			throw new Exceptions\MultiKeyDecryptException('multiKeyDecrypt with share-key' . $shareKey . 'failed: ' . openssl_error_string(), 20);
 		}
 
 	}
diff --git a/apps/files_encryption/lib/exceptions.php b/apps/files_encryption/lib/exceptions.php
new file mode 100644
index 0000000..a409b0f
--- /dev/null
+++ b/apps/files_encryption/lib/exceptions.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Bjoern Schiessle
+ * @copyright 2014 Bjoern Schiessle <schiessle at owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Encryption\Exceptions;
+
+class EncryptionException extends \Exception {
+}
+
+/**
+ * Throw this exception if multi key encrytion fails
+ *
+ * Possible error codes:
+ * 10 - empty plain content was given
+ * 20 - openssl_seal failed
+ */
+class MultiKeyEncryptException extends EncryptionException {
+}
+
+/**
+ * Throw this encryption if multi key decryption failed
+ *
+ * Possible error codes:
+ * 10 - empty encrypted content was given
+ * 20 - openssl_open failed
+ */
+class MultiKeyDecryptException extends EncryptionException {
+}
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index eb18507..21a0a72 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -956,19 +956,26 @@ class Util {
 		// Get the current users's private key for decrypting existing keyfile
 		$privateKey = $session->getPrivateKey();
 
-		$fileOwner = \OC\Files\Filesystem::getOwner($filePath);
-
-		// Decrypt keyfile
-		$plainKeyfile = $this->decryptKeyfile($filePath, $privateKey);
-
-		// Re-enc keyfile to (additional) sharekeys
-		$multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys);
+		try {
+			// Decrypt keyfile
+			$plainKeyfile = $this->decryptKeyfile($filePath, $privateKey);
+			// Re-enc keyfile to (additional) sharekeys
+			$multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys);
+		} catch (Exceptions\EncryptionException $e) {
+			$msg = 'set shareFileKeyFailed (code: ' . $e->getCode() . '): ' . $e->getMessage();
+			\OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL);
+			return false;
+		} catch (\Exception $e) {
+			$msg = 'set shareFileKeyFailed (unknown error): ' . $e->getMessage();
+			\OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL);
+			return false;
+		}
 
 		// Save the recrypted key to it's owner's keyfiles directory
 		// Save new sharekeys to all necessary user directory
 		if (
-			!Keymanager::setFileKey($this->view, $this, $filePath, $multiEncKey['data'])
-			|| !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys'])
+				!Keymanager::setFileKey($this->view, $this, $filePath, $multiEncKey['data'])
+				|| !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys'])
 		) {
 
 			\OCP\Util::writeLog('Encryption library',

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list