write encrypted file to disc

2015-03-26 12:23:36 +01:00 · 2015-03-26 12:23:36 +01:00 · 198b73fe32
parent 7ffd77fac9
commit 198b73fe32
4 changed files with 152 additions and 25 deletions
--- a/apps/encryption/appinfo/encryption.php
+++ b/apps/encryption/appinfo/encryption.php
@ -27,7 +27,6 @@ use OCA\Encryption\Crypto\Crypt;
 use OCA\Encryption\HookManager;
 use OCA\Encryption\Hooks\UserHooks;
 use OCA\Encryption\KeyManager;
-use OCA\Encryption\Migrator;
 use OCA\Encryption\Recovery;
 use OCA\Encryption\Users\Setup;
 use OCA\Encryption\Util;
@ -98,7 +97,7 @@ class Encryption extends \OCP\AppFramework\App {
 	public function registerEncryptionModule() {
 		$container = $this->getContainer();
 		$container->registerService('EncryptionModule', function (IAppContainer $c) {
-			return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'));
+			return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager'));
 		});
 		$module = $container->query('EncryptionModule');
 		$this->encryptionManager->registerEncryptionModule($module);
@ -122,8 +121,7 @@ class Encryption extends \OCP\AppFramework\App {
 			function (IAppContainer $c) {
 				$server = $c->getServer();

-				$moduleId = $c->query('EncryptionModule')->getId();
-				return new KeyManager($server->getEncryptionKeyStorage($moduleId),
+				return new KeyManager($server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID),
 					$c->query('Crypt'),
 					$server->getConfig(),
 					$server->getUserSession(),
@ -137,14 +135,13 @@ class Encryption extends \OCP\AppFramework\App {
 			function (IAppContainer $c) {
 				$server = $c->getServer();

-				$moduleId = $c->query('EncryptionModule')->getId();
 				return new Recovery(
 					$server->getUserSession(),
 					$c->query('Crypt'),
 					$server->getSecureRandom(),
 					$c->query('KeyManager'),
 					$server->getConfig(),
-					$server->getEncryptionKeyStorage($moduleId));
+					$server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID));
 			});

 		$container->registerService('UserSetup',
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@ -25,6 +25,7 @@ namespace OCA\Encryption\Crypto;
 use OC\Encryption\Exceptions\DecryptionFailedException;
 use OC\Encryption\Exceptions\EncryptionFailedException;
 use OC\Encryption\Exceptions\GenericEncryptionException;
+use OCA\Encryption\KeyManager;
 use OCA\Files_Encryption\Exception\MultiKeyDecryptException;
 use OCA\Files_Encryption\Exception\MultiKeyEncryptException;
 use OCP\IConfig;
@ -379,6 +380,21 @@ class Crypt {
 		throw new GenericEncryptionException('Generating IV Failed');
 	}

+	/**
+	 * Generate a pseudo random 256-bit ASCII key, used as file key
+	 * @return string
+	 */
+	public static function generateFileKey() {
+		// Generate key
+		$key = base64_encode(openssl_random_pseudo_bytes(32, $strong));
+		if (!$key || !$strong) {
+				// If OpenSSL indicates randomness is insecure, log error
+				throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');
+		}
+
+		return $key;
+	}
+
 	/**
 	 * Check if a file's contents contains an IV and is symmetrically encrypted
 	 *
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@ -11,24 +11,51 @@ namespace OCA\Encryption\Crypto;


 use OCP\Encryption\IEncryptionModule;
+use OCA\Encryption\KeyManager;

 class Encryption implements IEncryptionModule {

+	const ID = '42';
+
 	/**
 	 * @var Crypt
 	 */
 	private $crypt;

-	public function __construct(Crypt $crypt) {
+	/** @var string */
+	private $cipher;
+
+	/** @var string */
+	private $path;
+
+	/** @var string */
+	private $user;
+
+	/** @var string */
+	private $fileKey;
+
+	/** @var string */
+	private $writeCache;
+
+	/** @var KeyManager */
+	private $keymanager;
+
+	/** @var array */
+	private $accessList;
+
+	/** @var boolean */
+	private $isWriteOperation;
+
+	public function __construct(Crypt $crypt, KeyManager $keymanager) {
 		$this->crypt = $crypt;
+		$this->keymanager = $keymanager;
 	}

 	/**
 	 * @return string defining the technical unique id
 	 */
 	public function getId() {
-		// we need to hard code this value
-		return md5($this->getDisplayName());
+		return self::ID;
 	}

 	/**
@ -46,6 +73,7 @@ class Encryption implements IEncryptionModule {
 	 * chunks
 	 *
 	 * @param string $path to the file
+	 * @param string $user who read/write the file
 	 * @param array $header contains the header data read from the file
 	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
 	 *
@ -53,9 +81,23 @@ class Encryption implements IEncryptionModule {
 	 *                       written to the header, in case of a write operation
 	 *                       or if no additional data is needed return a empty array
 	 */
-	public function begin($path, $header, $accessList) {
+	public function begin($path, $user, $header, $accessList) {

-		$cipher = $header[''];
+		if (isset($header['cipher'])) {
+			$this->cipher = $header['cipher'];
+		} else {
+			$this->cipher = $this->crypt->getCipher();
+		}
+
+		$this->path = $path;
+		$this->accessList = $accessList;
+		$this->user = $user;
+		$this->writeCache = '';
+		$this->isWriteOperation = false;
+
+		$this->fileKey = $this->keymanager->getFileKey($path);
+
+		return array('cipher' => $this->cipher);
 	}

 	/**
@ -68,7 +110,20 @@ class Encryption implements IEncryptionModule {
 	 *                of a write operation
 	 */
 	public function end($path) {
-		// TODO: Implement end() method.
+		$result = '';
+		if ($this->isWriteOperation) {
+			if (!empty($this->writeCache)) {
+				$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey);
+				$this->writeCache = '';
+			}
+			$publicKeys = array();
+			foreach ($this->accessList['users'] as $user) {
+				$publicKeys[] = $this->keymanager->getPublicKey($user);
+			}
+
+			$result = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
+		}
+		return $result;
 	}

 	/**
@ -78,21 +133,80 @@ class Encryption implements IEncryptionModule {
 	 * @return mixed encrypted data
 	 */
 	public function encrypt($data) {
-		// Todo: xxx Update Signature and usages
-		// passphrase is file key decrypted with user private/share key
-		$this->symmetricEncryptFileContent($data);
+		$this->isWriteOperation = true;
+		if (empty($this->fileKey)) {
+			$this->fileKey = $this->crypt->generateFileKey();
+		}
+
+		// If extra data is left over from the last round, make sure it
+		// is integrated into the next 6126 / 8192 block
+		if ($this->writeCache) {
+
+			// Concat writeCache to start of $data
+			$data = $this->writeCache . $data;
+
+			// Clear the write cache, ready for reuse - it has been
+			// flushed and its old contents processed
+			$this->writeCache = '';
+
+		}
+
+		$encrypted = '';
+		// While there still remains some data to be processed & written
+		while (strlen($data) > 0) {
+
+			// Remaining length for this iteration, not of the
+			// entire file (may be greater than 8192 bytes)
+			$remainingLength = strlen($data);
+
+			// If data remaining to be written is less than the
+			// size of 1 6126 byte block
+			if ($remainingLength < 6126) {
+
+				// Set writeCache to contents of $data
+				// The writeCache will be carried over to the
+				// next write round, and added to the start of
+				// $data to ensure that written blocks are
+				// always the correct length. If there is still
+				// data in writeCache after the writing round
+				// has finished, then the data will be written
+				// to disk by $this->flush().
+				$this->writeCache = $data;
+
+				// Clear $data ready for next round
+				$data = '';
+
+			} else {
+
+				// Read the chunk from the start of $data
+				$chunk = substr($data, 0, 6126);
+
+				$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey);
+
+				// Remove the chunk we just processed from
+				// $data, leaving only unprocessed data in $data
+				// var, for handling on the next round
+				$data = substr($data, 6126);
+
+			}
+
+		}
+
+		return $encrypted;
 	}

 	/**
 	 * decrypt data
 	 *
 	 * @param string $data you want to decrypt
-	 * @param string $user decrypt as user (null for public access)
 	 * @return mixed decrypted data
 	 */
-	public function decrypt($data, $user) {
-		// Todo: xxx Update Usages?
-		$this->symmetricDecryptFileContent($data, $user);
+	public function decrypt($data) {
+		$result = '';
+		if (!empty($data)) {
+			$result = $this->crypt->symmetricDecryptFileContent($data, $this->fileKey);
+		}
+		return $result;
 	}

 	/**
@ -113,7 +227,7 @@ class Encryption implements IEncryptionModule {
 	 * @return boolean
 	 */
 	public function shouldEncrypt($path) {
-		// TODO: Implement shouldEncrypt() method.
+		return true;
 	}

 	/**
@ -133,6 +247,6 @@ class Encryption implements IEncryptionModule {
 	 * @return integer
 	 */
 	public function getUnencryptedBlockSize() {
-		// TODO: Implement getUnencryptedBlockSize() method.
+		return 6126;
 	}
 }
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@ -62,21 +62,21 @@ class KeyManager {
 	/**
 	 * @var string
 	 */
-	private $publicKeyId = 'public';
+	private $publicKeyId = 'publicKey';
 	/**
 	 * @var string
 	 */
-	private $privateKeyId = 'private';
+	private $privateKeyId = 'privateKey';

 	/**
 	 * @var string
 	 */
-	private $shareKeyId = 'sharekey';
+	private $shareKeyId = 'shareKey';

 	/**
 	 * @var string
 	 */
-	private $fileKeyId = 'filekey';
+	private $fileKeyId = 'fileKey';
 	/**
 	 * @var IConfig
 	 */