From c64e0af4fb44b1464ca3433e99b12b729a2084b2 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Sat, 28 Mar 2015 11:02:26 +0100 Subject: [PATCH] check if recovery key exists and encrypt the file with the recovery key if needed --- apps/encryption/appinfo/encryption.php | 5 ++- apps/encryption/lib/crypto/encryption.php | 39 ++++++++++++++++++++--- apps/encryption/lib/keymanager.php | 20 +++++++++++- lib/private/encryption/util.php | 23 ++++++++++++- 4 files changed, 80 insertions(+), 7 deletions(-) diff --git a/apps/encryption/appinfo/encryption.php b/apps/encryption/appinfo/encryption.php index d97aa07738c..dd8004a4880 100644 --- a/apps/encryption/appinfo/encryption.php +++ b/apps/encryption/appinfo/encryption.php @@ -102,7 +102,10 @@ class Encryption extends \OCP\AppFramework\App { public function registerEncryptionModule() { $container = $this->getContainer(); $container->registerService('EncryptionModule', function (IAppContainer $c) { - return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager')); + return new \OCA\Encryption\Crypto\Encryption( + $c->query('Crypt'), + $c->query('KeyManager'), + $c->query('Util')); }); $module = $container->query('EncryptionModule'); $this->encryptionManager->registerEncryptionModule($module); diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index da805892eaf..8c00077729e 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -46,9 +46,19 @@ class Encryption implements IEncryptionModule { /** @var boolean */ private $isWriteOperation; - public function __construct(Crypt $crypt, KeyManager $keymanager) { + /** @var \OC\Encryption\Util */ + private $util; + + /** + * + * @param \OCA\Encryption\Crypto\Crypt $crypt + * @param KeyManager $keymanager + * @param \OC\Encryption\Util $util + */ + public function __construct(Crypt $crypt, KeyManager $keymanager, \OC\Encryption\Util $util) { $this->crypt = $crypt; $this->keymanager = $keymanager; + $this->util = $util; } /** @@ -225,9 +235,7 @@ class Encryption implements IEncryptionModule { $publicKeys[$user] = $this->keymanager->getPublicKey($user); } - if (!empty($accessList['public'])) { - $publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey(); - } + $publicKeys = $this->addSystemKeys($accessList, $publicKeys); $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); @@ -238,6 +246,29 @@ class Encryption implements IEncryptionModule { return true; } + /** + * add system keys such as the public share key and the recovery key + * + * @param array $accessList + * @param array $publicKeys + * @return array + */ + public function addSystemKeys(array $accessList, array $publicKeys) { + if (!empty($accessList['public'])) { + $publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey(); + } + + if ($this->keymanager->recoveryKeyExists() && + $this->util->recoveryEnabled($this->user)) { + + $publicKeys[$this->keymanager->getRecoveryKeyId()] = $this->keymanager->getRecoveryKey(); + } + + + return $publicKeys; + } + + /** * should the file be encrypted or not * diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 44a46458692..ea338f88ea7 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -141,7 +141,25 @@ class KeyManager { * @return bool */ public function recoveryKeyExists() { - return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0); + return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId))); + } + + /** + * get recovery key + * + * @return string + */ + public function getRecoveryKey() { + return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'); + } + + /** + * get recovery key ID + * + * @return string + */ + public function getRecoveryKeyId() { + return $this->recoveryKeyId; } /** diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php index 85e852ec2c9..e3390f155d4 100644 --- a/lib/private/encryption/util.php +++ b/lib/private/encryption/util.php @@ -26,6 +26,7 @@ namespace OC\Encryption; use OC\Encryption\Exceptions\EncryptionHeaderToLargeException; use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException; use OCP\Encryption\IEncryptionModule; +use OCP\IConfig; class Util { @@ -58,19 +59,27 @@ class Util { /** @var \OC\User\Manager */ protected $userManager; + /** @var IConfig */ + protected $config; + /** @var array paths excluded from encryption */ protected $excludedPaths; /** * @param \OC\Files\View $view root view */ - public function __construct(\OC\Files\View $view, \OC\User\Manager $userManager) { + public function __construct( + \OC\Files\View $view, + \OC\User\Manager $userManager, + IConfig $config) { + $this->ocHeaderKeys = [ self::HEADER_ENCRYPTION_MODULE_KEY ]; $this->view = $view; $this->userManager = $userManager; + $this->config = $config; $this->excludedPaths[] = 'files_encryption'; } @@ -411,4 +420,16 @@ class Util { return false; } + /** + * check if recovery key is enabled for user + * + * @param string $uid + * @return boolean + */ + public function recoveryEnabled($uid) { + $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0'); + + return ($enabled === '1') ? true : false; + } + } -- 2.39.5