check if recovery key exists and encrypt the file with the recovery key if needed
This commit is contained in:
parent
24c6604388
commit
c64e0af4fb
|
@ -102,7 +102,10 @@ class Encryption extends \OCP\AppFramework\App {
|
||||||
public function registerEncryptionModule() {
|
public function registerEncryptionModule() {
|
||||||
$container = $this->getContainer();
|
$container = $this->getContainer();
|
||||||
$container->registerService('EncryptionModule', function (IAppContainer $c) {
|
$container->registerService('EncryptionModule', function (IAppContainer $c) {
|
||||||
return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager'));
|
return new \OCA\Encryption\Crypto\Encryption(
|
||||||
|
$c->query('Crypt'),
|
||||||
|
$c->query('KeyManager'),
|
||||||
|
$c->query('Util'));
|
||||||
});
|
});
|
||||||
$module = $container->query('EncryptionModule');
|
$module = $container->query('EncryptionModule');
|
||||||
$this->encryptionManager->registerEncryptionModule($module);
|
$this->encryptionManager->registerEncryptionModule($module);
|
||||||
|
|
|
@ -46,9 +46,19 @@ class Encryption implements IEncryptionModule {
|
||||||
/** @var boolean */
|
/** @var boolean */
|
||||||
private $isWriteOperation;
|
private $isWriteOperation;
|
||||||
|
|
||||||
public function __construct(Crypt $crypt, KeyManager $keymanager) {
|
/** @var \OC\Encryption\Util */
|
||||||
|
private $util;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param \OCA\Encryption\Crypto\Crypt $crypt
|
||||||
|
* @param KeyManager $keymanager
|
||||||
|
* @param \OC\Encryption\Util $util
|
||||||
|
*/
|
||||||
|
public function __construct(Crypt $crypt, KeyManager $keymanager, \OC\Encryption\Util $util) {
|
||||||
$this->crypt = $crypt;
|
$this->crypt = $crypt;
|
||||||
$this->keymanager = $keymanager;
|
$this->keymanager = $keymanager;
|
||||||
|
$this->util = $util;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -225,9 +235,7 @@ class Encryption implements IEncryptionModule {
|
||||||
$publicKeys[$user] = $this->keymanager->getPublicKey($user);
|
$publicKeys[$user] = $this->keymanager->getPublicKey($user);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($accessList['public'])) {
|
$publicKeys = $this->addSystemKeys($accessList, $publicKeys);
|
||||||
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
|
|
||||||
}
|
|
||||||
|
|
||||||
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
|
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
|
||||||
|
|
||||||
|
@ -238,6 +246,29 @@ class Encryption implements IEncryptionModule {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* add system keys such as the public share key and the recovery key
|
||||||
|
*
|
||||||
|
* @param array $accessList
|
||||||
|
* @param array $publicKeys
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function addSystemKeys(array $accessList, array $publicKeys) {
|
||||||
|
if (!empty($accessList['public'])) {
|
||||||
|
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->keymanager->recoveryKeyExists() &&
|
||||||
|
$this->util->recoveryEnabled($this->user)) {
|
||||||
|
|
||||||
|
$publicKeys[$this->keymanager->getRecoveryKeyId()] = $this->keymanager->getRecoveryKey();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return $publicKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* should the file be encrypted or not
|
* should the file be encrypted or not
|
||||||
*
|
*
|
||||||
|
|
|
@ -141,7 +141,25 @@ class KeyManager {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function recoveryKeyExists() {
|
public function recoveryKeyExists() {
|
||||||
return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0);
|
return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId)));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* get recovery key
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getRecoveryKey() {
|
||||||
|
return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* get recovery key ID
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getRecoveryKeyId() {
|
||||||
|
return $this->recoveryKeyId;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -26,6 +26,7 @@ namespace OC\Encryption;
|
||||||
use OC\Encryption\Exceptions\EncryptionHeaderToLargeException;
|
use OC\Encryption\Exceptions\EncryptionHeaderToLargeException;
|
||||||
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
|
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
|
||||||
use OCP\Encryption\IEncryptionModule;
|
use OCP\Encryption\IEncryptionModule;
|
||||||
|
use OCP\IConfig;
|
||||||
|
|
||||||
class Util {
|
class Util {
|
||||||
|
|
||||||
|
@ -58,19 +59,27 @@ class Util {
|
||||||
/** @var \OC\User\Manager */
|
/** @var \OC\User\Manager */
|
||||||
protected $userManager;
|
protected $userManager;
|
||||||
|
|
||||||
|
/** @var IConfig */
|
||||||
|
protected $config;
|
||||||
|
|
||||||
/** @var array paths excluded from encryption */
|
/** @var array paths excluded from encryption */
|
||||||
protected $excludedPaths;
|
protected $excludedPaths;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param \OC\Files\View $view root view
|
* @param \OC\Files\View $view root view
|
||||||
*/
|
*/
|
||||||
public function __construct(\OC\Files\View $view, \OC\User\Manager $userManager) {
|
public function __construct(
|
||||||
|
\OC\Files\View $view,
|
||||||
|
\OC\User\Manager $userManager,
|
||||||
|
IConfig $config) {
|
||||||
|
|
||||||
$this->ocHeaderKeys = [
|
$this->ocHeaderKeys = [
|
||||||
self::HEADER_ENCRYPTION_MODULE_KEY
|
self::HEADER_ENCRYPTION_MODULE_KEY
|
||||||
];
|
];
|
||||||
|
|
||||||
$this->view = $view;
|
$this->view = $view;
|
||||||
$this->userManager = $userManager;
|
$this->userManager = $userManager;
|
||||||
|
$this->config = $config;
|
||||||
|
|
||||||
$this->excludedPaths[] = 'files_encryption';
|
$this->excludedPaths[] = 'files_encryption';
|
||||||
}
|
}
|
||||||
|
@ -411,4 +420,16 @@ class Util {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check if recovery key is enabled for user
|
||||||
|
*
|
||||||
|
* @param string $uid
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function recoveryEnabled($uid) {
|
||||||
|
$enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
|
||||||
|
|
||||||
|
return ($enabled === '1') ? true : false;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue