implement basic encryption functionallity in core to enable multiple encryption modules

3 files changed, 324 insertions, 0 deletions

diff --git a/lib/public/encryption/iencryptionmodule.php b/lib/public/encryption/iencryptionmodule.php
new file mode 100644
index 00000000000..2527e35e639
--- /dev/null
+++ b/lib/public/encryption/iencryptionmodule.php
@@ -0,0 +1,115 @@
+<?php
+
+/**
+ * ownCloud - public interface of ownCloud for encryption modules
+ *
+ * @copyright (C) 2015 ownCloud, Inc.
+ *
+ * @author Bjoern Schiessle <schiessle@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OCP\Encryption;
+
+interface IEncryptionModule {
+
+	/**
+	 * @return string defining the technical unique id
+	 */
+	public function getId();
+
+	/**
+	 * In comparison to getKey() this function returns a human readable (maybe translated) name
+	 *
+	 * @return string
+	 */
+	public function getDisplayName();
+
+	/**
+	 * start receiving chunks from a file. This is the place where you can
+	 * perform some initial step before starting encrypting/decrypting the
+	 * chunks
+	 *
+	 * @param string $path to the file
+	 * @param string $user who read/write the file (null for public access)
+	 * @param array $header contains the header data read from the file
+	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
+	 *
+	 * $return array $header contain data as key-value pairs which should be
+	 *                       written to the header, in case of a write operation
+	 *                       or if no additional data is needed return a empty array
+	 */
+	public function begin($path, $user, $header, $accessList);
+
+	/**
+	 * last chunk received. This is the place where you can perform some final
+	 * operation and return some remaining data if something is left in your
+	 * buffer.
+	 *
+	 * @param string $path to the file
+	 * @return string remained data which should be written to the file in case
+	 *                of a write operation
+	 */
+	public function end($path);
+
+	/**
+	 * encrypt data
+	 *
+	 * @param string $data you want to encrypt
+	 * @return mixed encrypted data
+	 */
+	public function encrypt($data);
+
+	/**
+	 * decrypt data
+	 *
+	 * @param string $data you want to decrypt
+	 * @return mixed decrypted data
+	 */
+	public function decrypt($data);
+
+	/**
+	 * update encrypted file, e.g. give additional users access to the file
+	 *
+	 * @param string $path path to the file which should be updated
+	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
+	 * @return boolean
+	 */
+	public function update($path, $accessList);
+
+	/**
+	 * should the file be encrypted or not
+	 *
+	 * @param string $path
+	 * @return boolean
+	 */
+	public function shouldEncrypt($path);
+
+	/**
+	 * calculate unencrypted size
+	 *
+	 * @param string $path to file
+	 * @return integer unencrypted size
+	 */
+	public function calculateUnencryptedSize($path);
+
+	/**
+	 * get size of the unencrypted payload per block.
+	 * ownCloud read/write files with a block size of 8192 byte
+	 *
+	 * @return integer
+	 */
+	public function getUnencryptedBlockSize();
+}
diff --git a/lib/public/encryption/imanager.php b/lib/public/encryption/imanager.php
new file mode 100644
index 00000000000..9a12e401593
--- /dev/null
+++ b/lib/public/encryption/imanager.php
@@ -0,0 +1,92 @@
+<?php
+
+/**
+ * ownCloud - manage encryption modules
+ *
+ * @copyright (C) 2015 ownCloud, Inc.
+ *
+ * @author Bjoern Schiessle <schiessle@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OCP\Encryption;
+//
+// TODO: move exceptions to OCP
+//
+use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
+use OC\Encryption\Exceptions\ModuleAlreadyExistsException;
+
+/**
+ * This class provides access to files encryption apps.
+ *
+ */
+interface IManager {
+
+	/**
+	 * Check if encryption is available (at least one encryption module needs to be enabled)
+	 *
+	 * @return bool true if enabled, false if not
+	 */
+	function isEnabled();
+
+	/**
+	 * Registers an encryption module
+	 *
+	 * @param IEncryptionModule $module
+	 * @throws ModuleAlreadyExistsException
+	 */
+	function registerEncryptionModule(IEncryptionModule $module);
+
+	/**
+	 * Unregisters an encryption module
+	 *
+	 * @param IEncryptionModule $module
+	 */
+	function unregisterEncryptionModule(IEncryptionModule $module);
+
+	/**
+	 * get a list of all encryption modules
+	 *
+	 * @return array
+	 */
+	function getEncryptionModules();
+
+
+	/**
+	 * get a specific encryption module
+	 *
+	 * @param string $moduleId
+	 * @return IEncryptionModule
+	 * @throws ModuleDoesNotExistsException
+	 */
+	function getEncryptionModule($moduleId);
+
+	/**
+	 * get default encryption module
+	 *
+	 * @return \OCP\Encryption\IEncryptionModule
+	 * @throws Exceptions\ModuleDoesNotExistsException
+	 */
+	public function getDefaultEncryptionModule();
+
+	/**
+	 * set default encryption module Id
+	 *
+	 * @param string $moduleId
+	 * @return string
+	 */
+	public function setDefaultEncryptionModule($moduleId);
+
+}
diff --git a/lib/public/encryption/keys/istorage.php b/lib/public/encryption/keys/istorage.php
new file mode 100644
index 00000000000..24f6efd6e51
--- /dev/null
+++ b/lib/public/encryption/keys/istorage.php
@@ -0,0 +1,117 @@
+<?php
+
+/**
+ * ownCloud
+ *
+ * @copyright (C) 2015 ownCloud, Inc.
+ *
+ * @author Bjoern Schiessle <schiessle@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OCP\Encryption\Keys;
+
+interface IStorage {
+
+	/**
+	 * get user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want the key
+	 * @param string $keyId id of the key
+	 *
+	 * @return mixed key
+	 */
+	public function getUserKey($uid, $keyId);
+
+	/**
+	 * get file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 *
+	 * @return mixed key
+	 */
+	public function getFileKey($path, $keyId);
+
+	/**
+	 * get system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 *
+	 * @return mixed key
+	 */
+	public function getSystemUserKey($keyId);
+
+	/**
+	 * set user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want the key
+	 * @param string $keyId id of the key
+	 * @param mixed $key
+	 */
+	public function setUserKey($uid, $keyId, $key);
+
+	/**
+	 * set file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 * @param boolean
+	 */
+	public function setFileKey($path, $keyId, $key);
+
+	/**
+	 * set system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 * @param mixed $key
+	 *
+	 * @return mixed key
+	 */
+	public function setSystemUserKey($keyId, $key);
+
+	/**
+	 * delete user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want to delete the key
+	 * @param string $keyId id of the key
+	 *
+	 * @return boolean
+	 */
+	public function deleteUserKey($uid, $keyId);
+
+	/**
+	 * delete file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 *
+	 * @return boolean
+	 */
+	public function deleteFileKey($path, $keyId);
+
+	/**
+	 * delete system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 *
+	 * @return boolean
+	 */
+	public function deleteSystemUserKey($keyId);
+
+}