summaryrefslogtreecommitdiffstats
path: root/apps/encryption/lib
diff options
context:
space:
mode:
Diffstat (limited to 'apps/encryption/lib')
-rw-r--r--apps/encryption/lib/crypto/Encryption.php116
-rw-r--r--apps/encryption/lib/crypto/crypt.php355
-rw-r--r--apps/encryption/lib/hookmanager.php64
-rw-r--r--apps/encryption/lib/keymanager.php217
-rw-r--r--apps/encryption/lib/migrator.php123
-rw-r--r--apps/encryption/lib/recovery.php134
-rw-r--r--apps/encryption/lib/setup.php38
-rw-r--r--apps/encryption/lib/users/setup.php63
8 files changed, 1110 insertions, 0 deletions
diff --git a/apps/encryption/lib/crypto/Encryption.php b/apps/encryption/lib/crypto/Encryption.php
new file mode 100644
index 00000000000..123581b83ac
--- /dev/null
+++ b/apps/encryption/lib/crypto/Encryption.php
@@ -0,0 +1,116 @@
+<?php
+ /**
+ * @author Clark Tomlinson <fallen013@gmail.com>
+ * @since 3/6/15, 2:28 PM
+ * @link http:/www.clarkt.com
+ * @copyright Clark Tomlinson © 2015
+ *
+ */
+
+namespace OCA\Encryption\Crypto;
+
+
+use OCP\Encryption\IEncryptionModule;
+
+class Encryption extends Crypt implements IEncryptionModule {
+
+ /**
+ * @return string defining the technical unique id
+ */
+ public function getId() {
+ // TODO: Implement getId() method.
+ }
+
+ /**
+ * In comparison to getKey() this function returns a human readable (maybe translated) name
+ *
+ * @return string
+ */
+ public function getDisplayName() {
+ // TODO: Implement getDisplayName() method.
+ }
+
+ /**
+ * start receiving chunks from a file. This is the place where you can
+ * perform some initial step before starting encrypting/decrypting the
+ * chunks
+ *
+ * @param string $path to the file
+ * @param array $header contains the header data read from the file
+ * @param array $accessList who has access to the file contains the key 'users' and 'public'
+ *
+ * $return array $header contain data as key-value pairs which should be
+ * written to the header, in case of a write operation
+ * or if no additional data is needed return a empty array
+ */
+ public function begin($path, $header, $accessList) {
+ // TODO: Implement begin() method.
+ }
+
+ /**
+ * last chunk received. This is the place where you can perform some final
+ * operation and return some remaining data if something is left in your
+ * buffer.
+ *
+ * @param string $path to the file
+ * @return string remained data which should be written to the file in case
+ * of a write operation
+ */
+ public function end($path) {
+ // TODO: Implement end() method.
+ }
+
+ /**
+ * encrypt data
+ *
+ * @param string $data you want to encrypt
+ * @return mixed encrypted data
+ */
+ public function encrypt($data) {
+ // Todo: xxx Update Signature and usages
+ $this->symmetricEncryptFileContent($data);
+ }
+
+ /**
+ * decrypt data
+ *
+ * @param string $data you want to decrypt
+ * @param string $user decrypt as user (null for public access)
+ * @return mixed decrypted data
+ */
+ public function decrypt($data, $user) {
+ // Todo: xxx Update Usages?
+ $this->symmetricDecryptFileContent($data, $user);
+ }
+
+ /**
+ * update encrypted file, e.g. give additional users access to the file
+ *
+ * @param string $path path to the file which should be updated
+ * @param array $accessList who has access to the file contains the key 'users' and 'public'
+ * @return boolean
+ */
+ public function update($path, $accessList) {
+ // TODO: Implement update() method.
+ }
+
+ /**
+ * should the file be encrypted or not
+ *
+ * @param string $path
+ * @return boolean
+ */
+ public function shouldEncrypt($path) {
+ // TODO: Implement shouldEncrypt() method.
+ }
+
+ /**
+ * calculate unencrypted size
+ *
+ * @param string $path to file
+ * @return integer unencrypted size
+ */
+ public function calculateUnencryptedSize($path) {
+ // TODO: Implement calculateUnencryptedSize() method.
+ }
+}
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
new file mode 100644
index 00000000000..8018f11a370
--- /dev/null
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -0,0 +1,355 @@
+<?php
+/**
+ * @author Clark Tomlinson <clark@owncloud.com>
+ * @since 2/19/15, 1:42 PM
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption\Crypto;
+
+
+use OC\Encryption\Exceptions\DecryptionFailedException;
+use OC\Encryption\Exceptions\EncryptionFailedException;
+use OC\Encryption\Exceptions\GenericEncryptionException;
+use OCP\IConfig;
+use OCP\ILogger;
+use OCP\IUser;
+use OCP\IUserSession;
+
+class Crypt {
+
+ const ENCRYPTION_UKNOWN_ERROR = -1;
+ const ENCRYPTION_NOT_INIALIZED_ERROR = 1;
+ const ENCRYPTIION_PRIVATE_KEY_NOT_VALID_ERROR = 2;
+ const ENCRYPTION_NO_SHARE_KEY_FOUND = 3;
+
+ const BLOCKSIZE = 8192;
+ const DEFAULT_CIPHER = 'AES-256-CFB';
+
+ const HEADERSTART = 'HBEGIN';
+ const HEADEREND = 'HEND';
+ /**
+ * @var ILogger
+ */
+ private $logger;
+ /**
+ * @var IUser
+ */
+ private $user;
+ /**
+ * @var IConfig
+ */
+ private $config;
+
+ /**
+ * @param ILogger $logger
+ * @param IUserSession $userSession
+ * @param IConfig $config
+ */
+ public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config) {
+ $this->logger = $logger;
+ $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
+ $this->config = $config;
+ }
+
+ /**
+ * @param null $user
+ * @return string
+ */
+ public function mode($user = null) {
+ return 'server';
+ }
+
+ /**
+ *
+ */
+ public function createKeyPair() {
+
+ $log = $this->logger;
+ $res = $this->getOpenSSLPKey();
+
+ if (!$res) {
+ $log->error("Encryption Library could'nt generate users key-pair for {$this->user->getUID()}", ['app' => 'encryption']);
+
+ if (openssl_error_string()) {
+ $log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(), ['app' => 'encryption']);
+ }
+ } elseif (openssl_pkey_export($res, $privateKey, null, $this->getOpenSSLConfig())) {
+ $keyDetails = openssl_pkey_get_details($res);
+ $publicKey = $keyDetails['key'];
+
+ return [
+ 'publicKey' => $publicKey,
+ 'privateKey' => $privateKey
+ ];
+ }
+ $log->error('Encryption library couldn\'t export users private key, please check your servers openSSL configuration.' . $user->getUID(), ['app' => 'encryption']);
+ if (openssl_error_string()) {
+ $log->error('Encryption Library:' . openssl_error_string(), ['app' => 'encryption']);
+ }
+
+ return false;
+ }
+
+ /**
+ * @return resource
+ */
+ public function getOpenSSLPKey() {
+ $config = $this->getOpenSSLConfig();
+ return openssl_pkey_new($config);
+ }
+
+ /**
+ * @return array
+ */
+ private function getOpenSSLConfig() {
+ $config = ['private_key_bits' => 4096];
+ $config = array_merge(\OC::$server->getConfig()->getSystemValue('openssl', []), $config);
+ return $config;
+ }
+
+ /**
+ * @param $plainContent
+ * @param $passphrase
+ * @return bool|string
+ * @throws GenericEncryptionException
+ */
+ public function symmetricEncryptFileContent($plainContent, $passphrase) {
+
+ if (!$plainContent) {
+ $this->logger->error('Encryption Library, symmetrical encryption failed no content given', ['app' => 'encryption']);
+ return false;
+ }
+
+ $iv = $this->generateIv();
+
+ try {
+ $encryptedContent = $this->encrypt($plainContent, $iv, $passphrase, $this->getCipher());
+ // combine content to encrypt the IV identifier and actual IV
+ $catFile = $this->concatIV($encryptedContent, $iv);
+ $padded = $this->addPadding($catFile);
+
+ return $padded;
+ } catch (EncryptionFailedException $e) {
+ $message = 'Could not encrypt file content (code: ' . $e->getCode() . '): ';
+ $this->logger->error('files_encryption' . $message . $e->getMessage(), ['app' => 'encryption']);
+ return false;
+ }
+
+ }
+
+ /**
+ * @param $plainContent
+ * @param $iv
+ * @param string $passphrase
+ * @param string $cipher
+ * @return string
+ * @throws EncryptionFailedException
+ */
+ private function encrypt($plainContent, $iv, $passphrase = '', $cipher = self::DEFAULT_CIPHER) {
+ $encryptedContent = openssl_encrypt($plainContent, $cipher, $passphrase, false, $iv);
+
+ if (!$encryptedContent) {
+ $error = 'Encryption (symmetric) of content failed';
+ $this->logger->error($error . openssl_error_string(), ['app' => 'encryption']);
+ throw new EncryptionFailedException($error);
+ }
+
+ return $encryptedContent;
+ }
+
+ /**
+ * @return mixed|string
+ */
+ public function getCipher() {
+ $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
+ if ($cipher !== 'AES-256-CFB' || $cipher !== 'AES-128-CFB') {
+ $this->logger->warning('Wrong cipher defined in config.php only AES-128-CFB and AES-256-CFB are supported. Fall back' . self::DEFAULT_CIPHER, ['app' => 'encryption']);
+ $cipher = self::DEFAULT_CIPHER;
+ }
+
+ return $cipher;
+ }
+
+ /**
+ * @param $encryptedContent
+ * @param $iv
+ * @return string
+ */
+ private function concatIV($encryptedContent, $iv) {
+ return $encryptedContent . '00iv00' . $iv;
+ }
+
+ /**
+ * @param $data
+ * @return string
+ */
+ private function addPadding($data) {
+ return $data . 'xx';
+ }
+
+ /**
+ * @param $recoveryKey
+ * @param $password
+ * @return bool|string
+ */
+ public function decryptPrivateKey($recoveryKey, $password) {
+
+ $header = $this->parseHeader($recoveryKey);
+ $cipher = $this->getCipher($header);
+
+ // If we found a header we need to remove it from the key we want to decrypt
+ if (!empty($header)) {
+ $recoveryKey = substr($recoveryKey, strpos($recoveryKey, self::HEADEREND) + strlen(self::HEADERSTART));
+ }
+
+ $plainKey = $this->symmetricDecryptFileContent($recoveryKey, $password, $cipher);
+
+ // Check if this is a valid private key
+ $res = openssl_get_privatekey($plainKey);
+ if (is_resource($res)) {
+ $sslInfo = openssl_pkey_get_details($res);
+ if (!isset($sslInfo['key'])) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+
+ return $plainKey;
+ }
+
+ /**
+ * @param $keyFileContents
+ * @param string $passphrase
+ * @param string $cipher
+ * @return bool|string
+ * @throws DecryptionFailedException
+ */
+ public function symmetricDecryptFileContent($keyFileContents, $passphrase = '', $cipher = self::DEFAULT_CIPHER) {
+ // Remove Padding
+ $noPadding = $this->removePadding($keyFileContents);
+
+ $catFile = $this->splitIv($noPadding);
+
+ $plainContent = $this->decrypt($catFile['encrypted'], $catFile['iv'], $passphrase, $cipher);
+
+ if ($plainContent) {
+ return $plainContent;
+ }
+
+ return false;
+ }
+
+ /**
+ * @param $padded
+ * @return bool|string
+ */
+ private function removePadding($padded) {
+ if (substr($padded, -2) === 'xx') {
+ return substr($padded, 0, -2);
+ }
+ return false;
+ }
+
+ /**
+ * @param $catFile
+ * @return array
+ */
+ private function splitIv($catFile) {
+ // Fetch encryption metadata from end of file
+ $meta = substr($catFile, -22);
+
+ // Fetch IV from end of file
+ $iv = substr($meta, -16);
+
+ // Remove IV and IV Identifier text to expose encrypted content
+
+ $encrypted = substr($catFile, 0, -22);
+
+ return [
+ 'encrypted' => $encrypted,
+ 'iv' => $iv
+ ];
+ }
+
+ /**
+ * @param $encryptedContent
+ * @param $iv
+ * @param string $passphrase
+ * @param string $cipher
+ * @return string
+ * @throws DecryptionFailedException
+ */
+ private function decrypt($encryptedContent, $iv, $passphrase = '', $cipher = self::DEFAULT_CIPHER) {
+ $plainContent = openssl_decrypt($encryptedContent, $cipher, $passphrase, false, $iv);
+
+ if ($plainContent) {
+ return $plainContent;
+ } else {
+ throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed');
+ }
+ }
+
+ /**
+ * @param $data
+ * @return array
+ */
+ private function parseHeader($data) {
+ $result = [];
+
+ if (substr($data, 0, strlen(self::HEADERSTART)) === self::HEADERSTART) {
+ $endAt = strpos($data, self::HEADEREND);
+ $header = substr($data, 0, $endAt + strlen(self::HEADEREND));
+
+ // +1 not to start with an ':' which would result in empty element at the beginning
+ $exploded = explode(':', substr($header, strlen(self::HEADERSTART) + 1));
+
+ $element = array_shift($exploded);
+
+ while ($element != self::HEADEREND) {
+ $result[$element] = array_shift($exploded);
+ $element = array_shift($exploded);
+ }
+ }
+
+ return $result;
+ }
+
+ /**
+ * @return string
+ * @throws GenericEncryptionException
+ */
+ private function generateIv() {
+ $random = openssl_random_pseudo_bytes(12, $strong);
+ if ($random) {
+ if (!$strong) {
+ // If OpenSSL indicates randomness is insecure log error
+ $this->logger->error('Encryption Library: Insecure symmetric key was generated using openssl_random_psudo_bytes()', ['app' => 'encryption']);
+ }
+
+ /*
+ * We encode the iv purely for string manipulation
+ * purposes -it gets decoded before use
+ */
+ return base64_encode($random);
+ }
+ // If we ever get here we've failed anyway no need for an else
+ throw new GenericEncryptionException('Generating IV Failed');
+ }
+}
+
diff --git a/apps/encryption/lib/hookmanager.php b/apps/encryption/lib/hookmanager.php
new file mode 100644
index 00000000000..a535230a6a7
--- /dev/null
+++ b/apps/encryption/lib/hookmanager.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * @author Clark Tomlinson <clark@owncloud.com>
+ * @since 2/19/15, 10:13 AM
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption;
+
+
+use OCA\Encryption\Hooks\Contracts\IHook;
+
+class HookManager {
+
+ private $hookInstances = [];
+
+ /**
+ * @param array|IHook $instances
+ * - This accepts either a single instance of IHook or an array of instances of IHook
+ * @return bool
+ */
+ public function registerHook($instances) {
+ if (is_array($instances)) {
+ foreach ($instances as $instance) {
+ if (!$instance instanceof IHook) {
+ return false;
+ }
+ $this->hookInstances[] = $instance;
+ return true;
+ }
+
+ }
+ $this->hookInstances[] = $instances;
+ return true;
+ }
+
+ /**
+ *
+ */
+ public function fireHooks() {
+ foreach ($this->hookInstances as $instance) {
+ /**
+ * @var $instance IHook
+ */
+ $instance->addHooks();
+ }
+
+ }
+
+}
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
new file mode 100644
index 00000000000..272bf0849c2
--- /dev/null
+++ b/apps/encryption/lib/keymanager.php
@@ -0,0 +1,217 @@
+<?php
+/**
+ * @author Clark Tomlinson <clark@owncloud.com>
+ * @since 2/19/15, 1:20 PM
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption;
+
+
+use OC\Encryption\Exceptions\PrivateKeyMissingException;
+use OC\Encryption\Exceptions\PublicKeyMissingException;
+use OCA\Encryption\Crypto\Crypt;
+use OCP\Encryption\IKeyStorage;
+use OCP\IConfig;
+use OCP\IUser;
+use OCP\IUserSession;
+
+class KeyManager {
+
+ /**
+ * @var IKeyStorage
+ */
+ private $keyStorage;
+
+ /**
+ * @var Crypt
+ */
+ private $crypt;
+ /**
+ * @var string
+ */
+ private $recoveryKeyId;
+ /**
+ * @var string
+ */
+ private $publicShareKeyId;
+ /**
+ * @var string UserID
+ */
+ private $keyId;
+
+ /**
+ * @var string
+ */
+ private $publicKeyId = '.public';
+ /**
+ * @var string
+ */
+ private $privateKeyId = '.private';
+ /**
+ * @var IConfig
+ */
+ private $config;
+
+ /**
+ * @param IKeyStorage $keyStorage
+ * @param Crypt $crypt
+ * @param IConfig $config
+ * @param IUserSession $userSession
+ */
+ public function __construct(IKeyStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession) {
+
+ $this->keyStorage = $keyStorage;
+ $this->crypt = $crypt;
+ $this->config = $config;
+ $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId');
+ $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId');
+ $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+
+ }
+
+ /**
+ * @param $userId
+ * @return mixed
+ * @throws PrivateKeyMissingException
+ */
+ public function getPrivateKey($userId) {
+ $privateKey = $this->keyStorage->getUserKey($userId, $this->privateKeyId);
+
+ if (strlen($privateKey) !== 0) {
+ return $privateKey;
+ }
+ throw new PrivateKeyMissingException();
+ }
+
+ /**
+ * @param $userId
+ * @return mixed
+ * @throws PublicKeyMissingException
+ */
+ public function getPublicKey($userId) {
+ $publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId);
+
+ if (strlen($publicKey) !== 0) {
+ return $publicKey;
+ }
+ throw new PublicKeyMissingException();
+ }
+
+ /**
+ * @return bool
+ */
+ public function recoveryKeyExists() {
+ return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0);
+ }
+
+ /**
+ * @param $userId
+ * @return bool
+ */
+ public function userHasKeys($userId) {
+ try {
+ $this->getPrivateKey($userId);
+ $this->getPublicKey($userId);
+ } catch (PrivateKeyMissingException $e) {
+ return false;
+ } catch (PublicKeyMissingException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * @param $password
+ * @return bool
+ */
+ public function checkRecoveryPassword($password) {
+ $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId);
+ $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+
+ if ($decryptedRecoveryKey) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * @param $userId
+ * @param $key
+ * @return bool
+ */
+ public function setPublicKey($userId, $key) {
+ return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key);
+ }
+
+ /**
+ * @param $userId
+ * @param $key
+ * @return bool
+ */
+ public function setPrivateKey($userId, $key) {
+ return $this->keyStorage->setUserKey($userId, $this->privateKeyId, $key);
+ }
+
+
+ /**
+ * @param $password
+ * @param $keyPair
+ * @return bool
+ */
+ public function storeKeyPair($password, $keyPair) {
+ // Save Public Key
+ $this->setPublicKey($this->keyId, $keyPair['publicKey']);
+
+ $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $password);
+
+ if ($encryptedKey) {
+ $this->setPrivateKey($this->keyId, $encryptedKey);
+ $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 1);
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * @return bool
+ */
+ public function ready() {
+ return $this->keyStorage->ready();
+ }
+
+
+ /**
+ * @return \OCP\ICache
+ * @throws PrivateKeyMissingException
+ */
+ public function init() {
+ try {
+ $privateKey = $this->getPrivateKey($this->keyId);
+ } catch (PrivateKeyMissingException $e) {
+ return false;
+ }
+
+ $cache = \OC::$server->getMemCacheFactory();
+
+ $cacheInstance = $cache->create('Encryption');
+ $cacheInstance->set('privateKey', $privateKey);
+
+ return $cacheInstance;
+ }
+
+}
diff --git a/apps/encryption/lib/migrator.php b/apps/encryption/lib/migrator.php
new file mode 100644
index 00000000000..8f7823cb1ae
--- /dev/null
+++ b/apps/encryption/lib/migrator.php
@@ -0,0 +1,123 @@
+<?php
+/**
+ * @author Clark Tomlinson <fallen013@gmail.com>
+ * @since 3/9/15, 2:44 PM
+ * @link http:/www.clarkt.com
+ * @copyright Clark Tomlinson © 2015
+ *
+ */
+
+namespace OCA\Encryption;
+
+
+use OCA\Encryption\Crypto\Crypt;
+use OCP\IConfig;
+use OCP\ILogger;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\PreConditionNotMetException;
+
+class Migrator {
+
+ /**
+ * @var bool
+ */
+ private $status = false;
+ /**
+ * @var IUserManager
+ */
+ private $user;
+ /**
+ * @var IConfig
+ */
+ private $config;
+ /**
+ * @var string
+ */
+ public static $migrationOpen = '0';
+ /**
+ * @var string
+ */
+ public static $migrationInProgress = '-1';
+ /**
+ * @var string
+ */
+ public static $migrationComplete = '1';
+ /**
+ * @var IUserManager
+ */
+ private $userManager;
+ /**
+ * @var ILogger
+ */
+ private $log;
+ /**
+ * @var Crypt
+ */
+ private $crypt;
+
+ /**
+ * Migrator constructor.
+ *
+ * @param IUserSession $userSession
+ * @param IConfig $config
+ * @param IUserManager $userManager
+ * @param ILogger $log
+ * @param Crypt $crypt
+ */
+ public function __construct(IUserSession $userSession, IConfig $config, IUserManager $userManager, ILogger $log, Crypt $crypt) {
+ $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
+ $this->config = $config;
+ $this->userManager = $userManager;
+ $this->log = $log;
+ $this->crypt = $crypt;
+ }
+
+ /**
+ * @param $userId
+ * @return bool|string
+ */
+ public function getStatus($userId) {
+ if ($this->userManager->userExists($userId)) {
+ $this->status = $this->config->getUserValue($userId, 'encryption', 'migrationStatus', false);
+
+ if (!$this->status) {
+ $this->config->setUserValue($userId, 'encryption', 'migrationStatus', self::$migrationOpen);
+ $this->status = self::$migrationOpen;
+ }
+ }
+
+ return $this->status;
+ }
+
+ /**
+ * @return bool
+ */
+ public function beginMigration() {
+ $status = $this->setMigrationStatus(self::$migrationInProgress, self::$migrationOpen);
+
+ if ($status) {
+ $this->log->info('Encryption Library Start migration to encrypt for ' . $this->user->getUID());
+ return $status;
+ }
+ $this->log->warning('Encryption Library Could not activate migration for ' . $this->user->getUID() . '. Probably another process already started the inital encryption');
+ return $status;
+ }
+
+ /**
+ * @param $status
+ * @param bool $preCondition
+ * @return bool
+ */
+ private function setMigrationStatus($status, $preCondition = false) {
+ // Convert to string if preCondition is set
+ $preCondition = ($preCondition === false) ? false : (string)$preCondition;
+
+ try {
+ $this->config->setUserValue($this->user->getUID(), 'encryption', 'migrationStatus', (string)$status, $preCondition);
+ return true;
+ } catch (PreConditionNotMetException $e) {
+ return false;
+ }
+ }
+}
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
new file mode 100644
index 00000000000..88350e96c53
--- /dev/null
+++ b/apps/encryption/lib/recovery.php
@@ -0,0 +1,134 @@
+<?php
+/**
+ * @author Clark Tomlinson <clark@owncloud.com>
+ * @since 2/19/15, 11:45 AM
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption;
+
+
+use OC\Files\View;
+use OCA\Encryption\Crypto\Crypt;
+use OCP\Encryption\IKeyStorage;
+use OCP\IConfig;
+use OCP\IUser;
+use OCP\Security\ISecureRandom;
+
+class Recovery {
+
+
+ /**
+ * @var null|IUser
+ */
+ protected $user;
+ /**
+ * @var Crypt
+ */
+ protected $crypt;
+ /**
+ * @var ISecureRandom
+ */
+ private $random;
+ /**
+ * @var KeyManager
+ */
+ private $keyManager;
+ /**
+ * @var IConfig
+ */
+ private $config;
+ /**
+ * @var IEncryptionKeyStorage
+ */
+ private $keyStorage;
+
+ /**
+ * @param IUser $user
+ * @param Crypt $crypt
+ * @param ISecureRandom $random
+ * @param KeyManager $keyManager
+ * @param IConfig $config
+ * @param IKeyStorage $keyStorage
+ */
+ public function __construct(IUser $user,
+ Crypt $crypt,
+ ISecureRandom $random,
+ KeyManager $keyManager,
+ IConfig $config,
+ IKeyStorage $keyStorage) {
+ $this->user = $user;
+ $this->crypt = $crypt;
+ $this->random = $random;
+ $this->keyManager = $keyManager;
+ $this->config = $config;
+ $this->keyStorage = $keyStorage;
+ }
+
+ /**
+ * @param $recoveryKeyId
+ * @param $password
+ * @return bool
+ */
+ public function enableAdminRecovery($recoveryKeyId, $password) {
+ $appConfig = $this->config;
+
+ if ($recoveryKeyId === null) {
+ $recoveryKeyId = $this->random->getLowStrengthGenerator();
+ $appConfig->setAppValue('encryption', 'recoveryKeyId', $recoveryKeyId);
+ }
+
+ $keyManager = $this->keyManager;
+
+ if (!$keyManager->recoveryKeyExists()) {
+ $keyPair = $this->crypt->createKeyPair();
+
+ return $this->keyManager->storeKeyPair($password, $keyPair);
+ }
+
+ if ($keyManager->checkRecoveryPassword($password)) {
+ $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * @param $recoveryPassword
+ * @return bool
+ */
+ public function disableAdminRecovery($recoveryPassword) {
+ $keyManager = $this->keyManager;
+
+ if ($keyManager->checkRecoveryPassword($recoveryPassword)) {
+ // Set recoveryAdmin as disabled
+ $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0);
+ return true;
+ }
+ return false;
+ }
+
+ public function addRecoveryKeys($keyId) {
+ // No idea new way to do this....
+ }
+
+ public function removeRecoveryKeys() {
+ // No idea new way to do this....
+ }
+
+}
diff --git a/apps/encryption/lib/setup.php b/apps/encryption/lib/setup.php
new file mode 100644
index 00000000000..cc8f00f0a40
--- /dev/null
+++ b/apps/encryption/lib/setup.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * @author Clark Tomlinson <fallen013@gmail.com>
+ * @since 3/6/15, 11:30 AM
+ * @link http:/www.clarkt.com
+ * @copyright Clark Tomlinson © 2015
+ *
+ */
+
+namespace OCA\Encryption;
+
+
+use OCP\ILogger;
+use OCP\IUser;
+use OCP\IUserSession;
+
+class Setup {
+ /**
+ * @var ILogger
+ */
+ protected $logger;
+ /**
+ * @var IUser
+ */
+ protected $user;
+
+ /**
+ * Setup constructor.
+ *
+ * @param ILogger $logger
+ * @param IUserSession $userSession
+ */
+ public function __construct(ILogger $logger, IUserSession $userSession) {
+ $this->logger = $logger;
+ $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+
+ }
+}
diff --git a/apps/encryption/lib/users/setup.php b/apps/encryption/lib/users/setup.php
new file mode 100644
index 00000000000..123d6973be9
--- /dev/null
+++ b/apps/encryption/lib/users/setup.php
@@ -0,0 +1,63 @@
+<?php
+/**
+ * @author Clark Tomlinson <fallen013@gmail.com>
+ * @since 3/6/15, 11:36 AM
+ * @link http:/www.clarkt.com
+ * @copyright Clark Tomlinson © 2015
+ *
+ */
+
+namespace OCA\Encryption\Users;
+
+
+use OCA\Encryption\Crypto\Crypt;
+use OCA\Encryption\KeyManager;
+use OCP\ILogger;
+use OCP\IUserSession;
+
+class Setup extends \OCA\Encryption\Setup {
+ /**
+ * @var Crypt
+ */
+ private $crypt;
+ /**
+ * @var KeyManager
+ */
+ private $keyManager;
+
+
+ /**
+ * @param ILogger $logger
+ * @param IUserSession $userSession
+ * @param Crypt $crypt
+ * @param KeyManager $keyManager
+ */
+ public function __construct(ILogger $logger, IUserSession $userSession, Crypt $crypt, KeyManager $keyManager) {
+ parent::__construct($logger, $userSession);
+ $this->crypt = $crypt;
+ $this->keyManager = $keyManager;
+ }
+
+ /**
+ * @param $password
+ * @return bool
+ */
+ public function setupUser($password) {
+ if ($this->keyManager->ready()) {
+ $this->logger->debug('Encryption Library: User Account ' . $this->user->getUID() . ' Is not ready for encryption; configuration started');
+ return $this->setupServerSide($password);
+ }
+ }
+
+ /**
+ * @param $password
+ * @return bool
+ */
+ private function setupServerSide($password) {
+ // Check if user already has keys
+ if (!$this->keyManager->userHasKeys($this->user->getUID())) {
+ return $this->keyManager->storeKeyPair($password, $this->crypt->createKeyPair());
+ }
+ return true;
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 08:01:56 +0000