enable usage of a master key

1 files changed, 79 insertions, 1 deletions

diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 6c793e5964f..c4507228878 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -55,6 +55,10 @@ class KeyManager {
 	 */
 	private $publicShareKeyId;
 	/**
+	 * @var string
+	 */
+	private $masterKeyId;
+	/**
 	 * @var string UserID
 	 */
 	private $keyId;
@@ -131,10 +135,20 @@ class KeyManager {
 			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
 		}
 
+		$this->masterKeyId = $this->config->getAppValue('encryption',
+			'masterKeyId');
+		if (empty($this->masterKeyId)) {
+			$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
+			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
+		}
+
 		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
 		$this->log = $log;
 	}
 
+	/**
+	 * check if key pair for public link shares exists, if not we create one
+	 */
 	public function validateShareKey() {
 		$shareKey = $this->getPublicShareKey();
 		if (empty($shareKey)) {
@@ -153,6 +167,26 @@ class KeyManager {
 	}
 
 	/**
+	 * check if a key pair for the master key exists, if not we create one
+	 */
+	public function validateMasterKey() {
+		$masterKey = $this->getPublicMasterKey();
+		if (empty($masterKey)) {
+			$keyPair = $this->crypt->createKeyPair();
+
+			// Save public key
+			$this->keyStorage->setSystemUserKey(
+				$this->masterKeyId . '.publicKey', $keyPair['publicKey'],
+				Encryption::ID);
+
+			// Encrypt private key with system password
+			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
+			$header = $this->crypt->generateHeader();
+			$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
+		}
+	}
+
+	/**
 	 * @return bool
 	 */
 	public function recoveryKeyExists() {
@@ -304,8 +338,15 @@ class KeyManager {
 
 		$this->session->setStatus(Session::INIT_EXECUTED);
 
+
 		try {
-			$privateKey = $this->getPrivateKey($uid);
+			if($this->util->isMasterKeyEnabled()) {
+				$uid = $this->getMasterKeyId();
+				$passPhrase = $this->getMasterKeyPassword();
+				$privateKey = $this->getSystemPrivateKey($uid);
+			} else {
+				$privateKey = $this->getPrivateKey($uid);
+			}
 			$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
 		} catch (PrivateKeyMissingException $e) {
 			return false;
@@ -345,6 +386,10 @@ class KeyManager {
 	public function getFileKey($path, $uid) {
 		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
 
+		if ($this->util->isMasterKeyEnabled()) {
+			$uid = $this->getMasterKeyId();
+		}
+
 		if (is_null($uid)) {
 			$uid = $this->getPublicShareKeyId();
 			$shareKey = $this->getShareKey($path, $uid);
@@ -566,4 +611,37 @@ class KeyManager {
 
 		return $publicKeys;
 	}
+
+	/**
+	 * get master key password
+	 *
+	 * @return string
+	 * @throws \Exception
+	 */
+	protected function getMasterKeyPassword() {
+		$password = $this->config->getSystemValue('secret');
+		if (empty($password)){
+			throw new \Exception('Can not get secret from ownCloud instance');
+		}
+
+		return $password;
+	}
+
+	/**
+	 * return master key id
+	 *
+	 * @return string
+	 */
+	public function getMasterKeyId() {
+		return $this->masterKeyId;
+	}
+
+	/**
+	 * get public master key
+	 *
+	 * @return string
+	 */
+	public function getPublicMasterKey() {
+		return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
+	}
 }