check if recovery key exists and encrypt the file with the recovery key if needed

This commit is contained in:
Bjoern Schiessle 2015-03-28 11:02:26 +01:00 committed by Thomas Müller
parent 24c6604388
commit c64e0af4fb
4 changed files with 80 additions and 7 deletions

View File

@ -102,7 +102,10 @@ class Encryption extends \OCP\AppFramework\App {
public function registerEncryptionModule() { public function registerEncryptionModule() {
$container = $this->getContainer(); $container = $this->getContainer();
$container->registerService('EncryptionModule', function (IAppContainer $c) { $container->registerService('EncryptionModule', function (IAppContainer $c) {
return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager')); return new \OCA\Encryption\Crypto\Encryption(
$c->query('Crypt'),
$c->query('KeyManager'),
$c->query('Util'));
}); });
$module = $container->query('EncryptionModule'); $module = $container->query('EncryptionModule');
$this->encryptionManager->registerEncryptionModule($module); $this->encryptionManager->registerEncryptionModule($module);

View File

@ -46,9 +46,19 @@ class Encryption implements IEncryptionModule {
/** @var boolean */ /** @var boolean */
private $isWriteOperation; private $isWriteOperation;
public function __construct(Crypt $crypt, KeyManager $keymanager) { /** @var \OC\Encryption\Util */
private $util;
/**
*
* @param \OCA\Encryption\Crypto\Crypt $crypt
* @param KeyManager $keymanager
* @param \OC\Encryption\Util $util
*/
public function __construct(Crypt $crypt, KeyManager $keymanager, \OC\Encryption\Util $util) {
$this->crypt = $crypt; $this->crypt = $crypt;
$this->keymanager = $keymanager; $this->keymanager = $keymanager;
$this->util = $util;
} }
/** /**
@ -225,9 +235,7 @@ class Encryption implements IEncryptionModule {
$publicKeys[$user] = $this->keymanager->getPublicKey($user); $publicKeys[$user] = $this->keymanager->getPublicKey($user);
} }
if (!empty($accessList['public'])) { $publicKeys = $this->addSystemKeys($accessList, $publicKeys);
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
}
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
@ -238,6 +246,29 @@ class Encryption implements IEncryptionModule {
return true; return true;
} }
/**
* add system keys such as the public share key and the recovery key
*
* @param array $accessList
* @param array $publicKeys
* @return array
*/
public function addSystemKeys(array $accessList, array $publicKeys) {
if (!empty($accessList['public'])) {
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
}
if ($this->keymanager->recoveryKeyExists() &&
$this->util->recoveryEnabled($this->user)) {
$publicKeys[$this->keymanager->getRecoveryKeyId()] = $this->keymanager->getRecoveryKey();
}
return $publicKeys;
}
/** /**
* should the file be encrypted or not * should the file be encrypted or not
* *

View File

@ -141,7 +141,25 @@ class KeyManager {
* @return bool * @return bool
*/ */
public function recoveryKeyExists() { public function recoveryKeyExists() {
return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0); return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId)));
}
/**
* get recovery key
*
* @return string
*/
public function getRecoveryKey() {
return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey');
}
/**
* get recovery key ID
*
* @return string
*/
public function getRecoveryKeyId() {
return $this->recoveryKeyId;
} }
/** /**

View File

@ -26,6 +26,7 @@ namespace OC\Encryption;
use OC\Encryption\Exceptions\EncryptionHeaderToLargeException; use OC\Encryption\Exceptions\EncryptionHeaderToLargeException;
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException; use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IEncryptionModule;
use OCP\IConfig;
class Util { class Util {
@ -58,19 +59,27 @@ class Util {
/** @var \OC\User\Manager */ /** @var \OC\User\Manager */
protected $userManager; protected $userManager;
/** @var IConfig */
protected $config;
/** @var array paths excluded from encryption */ /** @var array paths excluded from encryption */
protected $excludedPaths; protected $excludedPaths;
/** /**
* @param \OC\Files\View $view root view * @param \OC\Files\View $view root view
*/ */
public function __construct(\OC\Files\View $view, \OC\User\Manager $userManager) { public function __construct(
\OC\Files\View $view,
\OC\User\Manager $userManager,
IConfig $config) {
$this->ocHeaderKeys = [ $this->ocHeaderKeys = [
self::HEADER_ENCRYPTION_MODULE_KEY self::HEADER_ENCRYPTION_MODULE_KEY
]; ];
$this->view = $view; $this->view = $view;
$this->userManager = $userManager; $this->userManager = $userManager;
$this->config = $config;
$this->excludedPaths[] = 'files_encryption'; $this->excludedPaths[] = 'files_encryption';
} }
@ -411,4 +420,16 @@ class Util {
return false; return false;
} }
/**
* check if recovery key is enabled for user
*
* @param string $uid
* @return boolean
*/
public function recoveryEnabled($uid) {
$enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
return ($enabled === '1') ? true : false;
}
} }