From acfc7d7c4d4c2daf00ecd61b11eaa9d953868b92 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 7 Sep 2015 11:38:44 +0200 Subject: enable usage of a master key --- apps/encryption/lib/keymanager.php | 80 +++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) (limited to 'apps/encryption/lib/keymanager.php') diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 6c793e5964f..c4507228878 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -54,6 +54,10 @@ class KeyManager { * @var string */ private $publicShareKeyId; + /** + * @var string + */ + private $masterKeyId; /** * @var string UserID */ @@ -131,10 +135,20 @@ class KeyManager { $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); } + $this->masterKeyId = $this->config->getAppValue('encryption', + 'masterKeyId'); + if (empty($this->masterKeyId)) { + $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8); + $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId); + } + $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->log = $log; } + /** + * check if key pair for public link shares exists, if not we create one + */ public function validateShareKey() { $shareKey = $this->getPublicShareKey(); if (empty($shareKey)) { @@ -152,6 +166,26 @@ class KeyManager { } } + /** + * check if a key pair for the master key exists, if not we create one + */ + public function validateMasterKey() { + $masterKey = $this->getPublicMasterKey(); + if (empty($masterKey)) { + $keyPair = $this->crypt->createKeyPair(); + + // Save public key + $this->keyStorage->setSystemUserKey( + $this->masterKeyId . '.publicKey', $keyPair['publicKey'], + Encryption::ID); + + // Encrypt private key with system password + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId); + $header = $this->crypt->generateHeader(); + $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey); + } + } + /** * @return bool */ @@ -304,8 +338,15 @@ class KeyManager { $this->session->setStatus(Session::INIT_EXECUTED); + try { - $privateKey = $this->getPrivateKey($uid); + if($this->util->isMasterKeyEnabled()) { + $uid = $this->getMasterKeyId(); + $passPhrase = $this->getMasterKeyPassword(); + $privateKey = $this->getSystemPrivateKey($uid); + } else { + $privateKey = $this->getPrivateKey($uid); + } $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; @@ -345,6 +386,10 @@ class KeyManager { public function getFileKey($path, $uid) { $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID); + if ($this->util->isMasterKeyEnabled()) { + $uid = $this->getMasterKeyId(); + } + if (is_null($uid)) { $uid = $this->getPublicShareKeyId(); $shareKey = $this->getShareKey($path, $uid); @@ -566,4 +611,37 @@ class KeyManager { return $publicKeys; } + + /** + * get master key password + * + * @return string + * @throws \Exception + */ + protected function getMasterKeyPassword() { + $password = $this->config->getSystemValue('secret'); + if (empty($password)){ + throw new \Exception('Can not get secret from ownCloud instance'); + } + + return $password; + } + + /** + * return master key id + * + * @return string + */ + public function getMasterKeyId() { + return $this->masterKeyId; + } + + /** + * get public master key + * + * @return string + */ + public function getPublicMasterKey() { + return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID); + } } -- cgit v1.2.3