occ script to disable encryption and to decrypt all files again

2 files changed, 178 insertions, 1 deletions

diff --git a/apps/encryption/lib/crypto/decryptall.php b/apps/encryption/lib/crypto/decryptall.php
new file mode 100644
index 00000000000..599cd82aa4d
--- /dev/null
+++ b/apps/encryption/lib/crypto/decryptall.php
@@ -0,0 +1,143 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\Encryption\Crypto;
+
+
+use OCA\Encryption\KeyManager;
+use OCA\Encryption\Session;
+use OCA\Encryption\Util;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Question\Question;
+
+class DecryptAll {
+
+	/** @var Util  */
+	protected $util;
+
+	/** @var QuestionHelper  */
+	protected $questionHelper;
+
+	/** @var  Crypt */
+	protected $crypt;
+
+	/** @var  KeyManager */
+	protected $keyManager;
+
+	/** @var Session  */
+	protected $session;
+
+	/**
+	 * @param Util $util
+	 * @param KeyManager $keyManager
+	 * @param Crypt $crypt
+	 * @param Session $session
+	 * @param QuestionHelper $questionHelper
+	 */
+	public function __construct(
+		Util $util,
+		KeyManager $keyManager,
+		Crypt $crypt,
+		Session $session,
+		QuestionHelper $questionHelper
+	) {
+		$this->util = $util;
+		$this->keyManager = $keyManager;
+		$this->crypt = $crypt;
+		$this->session = $session;
+		$this->questionHelper = $questionHelper;
+	}
+
+	/**
+	 * prepare encryption module to decrypt all files
+	 *
+	 * @param InputInterface $input
+	 * @param OutputInterface $output
+	 * @param $user
+	 * @return bool
+	 */
+	public function prepare(InputInterface $input, OutputInterface $output, $user) {
+
+		$question = new Question('Please enter the recovery key password: ');
+		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+
+		if (!empty($user)) {
+			$questionUseLoginPassword = new ConfirmationQuestion(
+				'Do you want to use the users login password to decrypt all files? (y/n) ',
+				false
+			);
+			$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
+			if ($useLoginPassword) {
+				$question = new Question('Please enter the users login password: ');
+			} else if ($this->util->isRecoveryEnabledForUser($user) === false) {
+				$output->writeln('No recovery key available for user ' . $user);
+				return false;
+			} else {
+				$user = $recoveryKeyId;
+			}
+		} else {
+			$user = $recoveryKeyId;
+		}
+
+		$question->setHidden(true);
+		$question->setHiddenFallback(false);
+		$password = $this->questionHelper->ask($input, $output, $question);
+		$privateKey = $this->getPrivateKey($user, $password);
+		if ($privateKey !== false) {
+			$this->updateSession($user, $privateKey);
+			return true;
+		} else {
+			$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
+		}
+
+
+		return false;
+	}
+
+	/**
+	 * get the private key which will be used to decrypt all files
+	 *
+	 * @param string $user
+	 * @param string $password
+	 * @return bool|string
+	 * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
+	 */
+	protected function getPrivateKey($user, $password) {
+		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+		if ($user === $recoveryKeyId) {
+			$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
+			$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+		} else {
+			$userKey = $this->keyManager->getPrivateKey($user);
+			$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
+		}
+
+		return $privateKey;
+	}
+
+	protected function updateSession($user, $privateKey) {
+		$this->session->prepareDecryptAll($user, $privateKey);
+	}
+}
diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php
index c62afac83c1..fde4a2c4a9c 100644
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@@ -30,6 +30,7 @@ namespace OCA\Encryption\Crypto;
 
 use OC\Encryption\Exceptions\DecryptionFailedException;
 use OCA\Encryption\Exceptions\PublicKeyMissingException;
+use OCA\Encryption\Session;
 use OCA\Encryption\Util;
 use OCP\Encryption\IEncryptionModule;
 use OCA\Encryption\KeyManager;
@@ -75,6 +76,9 @@ class Encryption implements IEncryptionModule {
 	/** @var Util */
 	private $util;
 
+	/** @var  Session */
+	private $session;
+
 	/** @var  ILogger */
 	private $logger;
 
@@ -87,25 +91,34 @@ class Encryption implements IEncryptionModule {
 	/** @var  bool */
 	private $useMasterPassword;
 
+	/** @var DecryptAll  */
+	private $decryptAll;
+
 	/**
 	 *
 	 * @param Crypt $crypt
 	 * @param KeyManager $keyManager
 	 * @param Util $util
+	 * @param Session $session
 	 * @param EncryptAll $encryptAll
+	 * @param DecryptAll $decryptAll
 	 * @param ILogger $logger
 	 * @param IL10N $il10n
 	 */
 	public function __construct(Crypt $crypt,
 								KeyManager $keyManager,
 								Util $util,
+								Session $session,
 								EncryptAll $encryptAll,
+								DecryptAll $decryptAll,
 								ILogger $logger,
 								IL10N $il10n) {
 		$this->crypt = $crypt;
 		$this->keyManager = $keyManager;
 		$this->util = $util;
+		$this->session = $session;
 		$this->encryptAll = $encryptAll;
+		$this->decryptAll = $decryptAll;
 		$this->logger = $logger;
 		$this->l = $il10n;
 		$this->useMasterPassword = $util->isMasterKeyEnabled();
@@ -150,7 +163,15 @@ class Encryption implements IEncryptionModule {
 		$this->isWriteOperation = false;
 		$this->writeCache = '';
 
-		$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+		if ($this->session->decryptAllModeActivated()) {
+			$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
+			$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
+			$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+				$shareKey,
+				$this->session->getDecryptAllKey());
+		} else {
+			$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+		}
 
 		if (
 			$mode === 'w'
@@ -427,6 +448,19 @@ class Encryption implements IEncryptionModule {
 	}
 
 	/**
+	 * prepare module to perform decrypt all operation
+	 *
+	 * @param InputInterface $input
+	 * @param OutputInterface $output
+	 * @param string $user
+	 * @return bool
+	 */
+	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
+		return $this->decryptAll->prepare($input, $output, $user);
+	}
+
+
+	/**
 	 * @param string $path
 	 * @return string
 	 */