1
0

Encryption.php 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Clark Tomlinson <fallen013@gmail.com>
  9. * @author Jan-Christoph Borchardt <hey@jancborchardt.net>
  10. * @author Joas Schilling <coding@schilljs.com>
  11. * @author Julius Härtl <jus@bitgrid.net>
  12. * @author Lukas Reschke <lukas@statuscode.ch>
  13. * @author Morris Jobke <hey@morrisjobke.de>
  14. * @author Robin Appelman <robin@icewind.nl>
  15. * @author Roeland Jago Douma <roeland@famdouma.nl>
  16. * @author Thomas Müller <thomas.mueller@tmit.eu>
  17. * @author Valdnet <47037905+Valdnet@users.noreply.github.com>
  18. *
  19. * @license AGPL-3.0
  20. *
  21. * This code is free software: you can redistribute it and/or modify
  22. * it under the terms of the GNU Affero General Public License, version 3,
  23. * as published by the Free Software Foundation.
  24. *
  25. * This program is distributed in the hope that it will be useful,
  26. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  27. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  28. * GNU Affero General Public License for more details.
  29. *
  30. * You should have received a copy of the GNU Affero General Public License, version 3,
  31. * along with this program. If not, see <http://www.gnu.org/licenses/>
  32. *
  33. */
  34. namespace OCA\Encryption\Crypto;
  35. use OC\Encryption\Exceptions\DecryptionFailedException;
  36. use OC\Files\Cache\Scanner;
  37. use OC\Files\View;
  38. use OCA\Encryption\Exceptions\PublicKeyMissingException;
  39. use OCA\Encryption\KeyManager;
  40. use OCA\Encryption\Session;
  41. use OCA\Encryption\Util;
  42. use OCP\Encryption\IEncryptionModule;
  43. use OCP\IL10N;
  44. use Psr\Log\LoggerInterface;
  45. use Symfony\Component\Console\Input\InputInterface;
  46. use Symfony\Component\Console\Output\OutputInterface;
  47. class Encryption implements IEncryptionModule {
  48. public const ID = 'OC_DEFAULT_MODULE';
  49. public const DISPLAY_NAME = 'Default encryption module';
  50. /** @var string */
  51. private $cipher;
  52. /** @var string */
  53. private $path;
  54. /** @var string */
  55. private $user;
  56. private array $owner;
  57. /** @var string */
  58. private $fileKey;
  59. /** @var string */
  60. private $writeCache;
  61. /** @var array */
  62. private $accessList;
  63. /** @var boolean */
  64. private $isWriteOperation;
  65. private bool $useMasterPassword;
  66. private bool $useLegacyBase64Encoding = false;
  67. /** @var int Current version of the file */
  68. private int $version = 0;
  69. /** @var array remember encryption signature version */
  70. private static $rememberVersion = [];
  71. public function __construct(
  72. private Crypt $crypt,
  73. private KeyManager $keyManager,
  74. private Util $util,
  75. private Session $session,
  76. private EncryptAll $encryptAll,
  77. private DecryptAll $decryptAll,
  78. private LoggerInterface $logger,
  79. private IL10N $l,
  80. ) {
  81. $this->owner = [];
  82. $this->useMasterPassword = $this->util->isMasterKeyEnabled();
  83. }
  84. /**
  85. * @return string defining the technical unique id
  86. */
  87. public function getId() {
  88. return self::ID;
  89. }
  90. /**
  91. * In comparison to getKey() this function returns a human readable (maybe translated) name
  92. *
  93. * @return string
  94. */
  95. public function getDisplayName() {
  96. return self::DISPLAY_NAME;
  97. }
  98. /**
  99. * start receiving chunks from a file. This is the place where you can
  100. * perform some initial step before starting encrypting/decrypting the
  101. * chunks
  102. *
  103. * @param string $path to the file
  104. * @param string $user who read/write the file
  105. * @param string $mode php stream open mode
  106. * @param array $header contains the header data read from the file
  107. * @param array $accessList who has access to the file contains the key 'users' and 'public'
  108. *
  109. * @return array $header contain data as key-value pairs which should be
  110. * written to the header, in case of a write operation
  111. * or if no additional data is needed return a empty array
  112. */
  113. public function begin($path, $user, $mode, array $header, array $accessList) {
  114. $this->path = $this->getPathToRealFile($path);
  115. $this->accessList = $accessList;
  116. $this->user = $user;
  117. $this->isWriteOperation = false;
  118. $this->writeCache = '';
  119. $this->useLegacyBase64Encoding = true;
  120. if (isset($header['encoding'])) {
  121. $this->useLegacyBase64Encoding = $header['encoding'] !== Crypt::BINARY_ENCODING_FORMAT;
  122. }
  123. if ($this->session->isReady() === false) {
  124. // if the master key is enabled we can initialize encryption
  125. // with a empty password and user name
  126. if ($this->util->isMasterKeyEnabled()) {
  127. $this->keyManager->init('', '');
  128. }
  129. }
  130. /* If useLegacyFileKey is not specified in header, auto-detect, to be safe */
  131. $useLegacyFileKey = (($header['useLegacyFileKey'] ?? '') == 'false' ? false : null);
  132. $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user, $useLegacyFileKey, $this->session->decryptAllModeActivated());
  133. // always use the version from the original file, also part files
  134. // need to have a correct version number if they get moved over to the
  135. // final location
  136. $this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
  137. if (
  138. $mode === 'w'
  139. || $mode === 'w+'
  140. || $mode === 'wb'
  141. || $mode === 'wb+'
  142. ) {
  143. $this->isWriteOperation = true;
  144. if (empty($this->fileKey)) {
  145. $this->fileKey = $this->crypt->generateFileKey();
  146. }
  147. } else {
  148. // if we read a part file we need to increase the version by 1
  149. // because the version number was also increased by writing
  150. // the part file
  151. if (Scanner::isPartialFile($path)) {
  152. $this->version = $this->version + 1;
  153. }
  154. }
  155. if ($this->isWriteOperation) {
  156. $this->cipher = $this->crypt->getCipher();
  157. $this->useLegacyBase64Encoding = $this->crypt->useLegacyBase64Encoding();
  158. } elseif (isset($header['cipher'])) {
  159. $this->cipher = $header['cipher'];
  160. } else {
  161. // if we read a file without a header we fall-back to the legacy cipher
  162. // which was used in <=oC6
  163. $this->cipher = $this->crypt->getLegacyCipher();
  164. }
  165. $result = [
  166. 'cipher' => $this->cipher,
  167. 'signed' => 'true',
  168. 'useLegacyFileKey' => 'false',
  169. ];
  170. if ($this->useLegacyBase64Encoding !== true) {
  171. $result['encoding'] = Crypt::BINARY_ENCODING_FORMAT;
  172. }
  173. return $result;
  174. }
  175. /**
  176. * last chunk received. This is the place where you can perform some final
  177. * operation and return some remaining data if something is left in your
  178. * buffer.
  179. *
  180. * @param string $path to the file
  181. * @param string $position
  182. * @return string remained data which should be written to the file in case
  183. * of a write operation
  184. * @throws PublicKeyMissingException
  185. * @throws \Exception
  186. * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
  187. */
  188. public function end($path, $position = '0') {
  189. $result = '';
  190. if ($this->isWriteOperation) {
  191. // in case of a part file we remember the new signature versions
  192. // the version will be set later on update.
  193. // This way we make sure that other apps listening to the pre-hooks
  194. // still get the old version which should be the correct value for them
  195. if (Scanner::isPartialFile($path)) {
  196. self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
  197. }
  198. if (!empty($this->writeCache)) {
  199. $result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
  200. $this->writeCache = '';
  201. }
  202. $publicKeys = [];
  203. if ($this->useMasterPassword === true) {
  204. $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
  205. } else {
  206. foreach ($this->accessList['users'] as $uid) {
  207. try {
  208. $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
  209. } catch (PublicKeyMissingException $e) {
  210. $this->logger->warning(
  211. 'no public key found for user "{uid}", user will not be able to read the file',
  212. ['app' => 'encryption', 'uid' => $uid]
  213. );
  214. // if the public key of the owner is missing we should fail
  215. if ($uid === $this->user) {
  216. throw $e;
  217. }
  218. }
  219. }
  220. }
  221. $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->getOwner($path));
  222. $shareKeys = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
  223. if (!$this->keyManager->deleteLegacyFileKey($this->path)) {
  224. $this->logger->warning(
  225. 'Failed to delete legacy filekey for {path}',
  226. ['app' => 'encryption', 'path' => $path]
  227. );
  228. }
  229. foreach ($shareKeys as $uid => $keyFile) {
  230. $this->keyManager->setShareKey($this->path, $uid, $keyFile);
  231. }
  232. }
  233. return $result ?: '';
  234. }
  235. /**
  236. * encrypt data
  237. *
  238. * @param string $data you want to encrypt
  239. * @param int $position
  240. * @return string encrypted data
  241. */
  242. public function encrypt($data, $position = 0) {
  243. // If extra data is left over from the last round, make sure it
  244. // is integrated into the next block
  245. if ($this->writeCache) {
  246. // Concat writeCache to start of $data
  247. $data = $this->writeCache . $data;
  248. // Clear the write cache, ready for reuse - it has been
  249. // flushed and its old contents processed
  250. $this->writeCache = '';
  251. }
  252. $encrypted = '';
  253. // While there still remains some data to be processed & written
  254. while (strlen($data) > 0) {
  255. // Remaining length for this iteration, not of the
  256. // entire file (may be greater than 8192 bytes)
  257. $remainingLength = strlen($data);
  258. // If data remaining to be written is less than the
  259. // size of 1 unencrypted block
  260. if ($remainingLength < $this->getUnencryptedBlockSize(true)) {
  261. // Set writeCache to contents of $data
  262. // The writeCache will be carried over to the
  263. // next write round, and added to the start of
  264. // $data to ensure that written blocks are
  265. // always the correct length. If there is still
  266. // data in writeCache after the writing round
  267. // has finished, then the data will be written
  268. // to disk by $this->flush().
  269. $this->writeCache = $data;
  270. // Clear $data ready for next round
  271. $data = '';
  272. } else {
  273. // Read the chunk from the start of $data
  274. $chunk = substr($data, 0, $this->getUnencryptedBlockSize(true));
  275. $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, (string)$position);
  276. // Remove the chunk we just processed from
  277. // $data, leaving only unprocessed data in $data
  278. // var, for handling on the next round
  279. $data = substr($data, $this->getUnencryptedBlockSize(true));
  280. }
  281. }
  282. return $encrypted;
  283. }
  284. /**
  285. * decrypt data
  286. *
  287. * @param string $data you want to decrypt
  288. * @param int|string $position
  289. * @return string decrypted data
  290. * @throws DecryptionFailedException
  291. */
  292. public function decrypt($data, $position = 0) {
  293. if (empty($this->fileKey)) {
  294. $msg = 'Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
  295. $hint = $this->l->t('Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
  296. $this->logger->error($msg);
  297. throw new DecryptionFailedException($msg, $hint);
  298. }
  299. return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position, !$this->useLegacyBase64Encoding);
  300. }
  301. /**
  302. * update encrypted file, e.g. give additional users access to the file
  303. *
  304. * @param string $path path to the file which should be updated
  305. * @param string $uid of the user who performs the operation
  306. * @param array $accessList who has access to the file contains the key 'users' and 'public'
  307. * @return bool
  308. */
  309. public function update($path, $uid, array $accessList) {
  310. if (empty($accessList)) {
  311. if (isset(self::$rememberVersion[$path])) {
  312. $this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
  313. unset(self::$rememberVersion[$path]);
  314. }
  315. return false;
  316. }
  317. $fileKey = $this->keyManager->getFileKey($path, $uid, null);
  318. if (!empty($fileKey)) {
  319. $publicKeys = [];
  320. if ($this->useMasterPassword === true) {
  321. $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
  322. } else {
  323. foreach ($accessList['users'] as $user) {
  324. try {
  325. $publicKeys[$user] = $this->keyManager->getPublicKey($user);
  326. } catch (PublicKeyMissingException $e) {
  327. $this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
  328. }
  329. }
  330. }
  331. $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->getOwner($path));
  332. $shareKeys = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
  333. $this->keyManager->deleteAllFileKeys($path);
  334. foreach ($shareKeys as $uid => $keyFile) {
  335. $this->keyManager->setShareKey($path, $uid, $keyFile);
  336. }
  337. } else {
  338. $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
  339. ['file' => $path, 'app' => 'encryption']);
  340. return false;
  341. }
  342. return true;
  343. }
  344. /**
  345. * should the file be encrypted or not
  346. *
  347. * @param string $path
  348. * @return boolean
  349. */
  350. public function shouldEncrypt($path) {
  351. if ($this->util->shouldEncryptHomeStorage() === false) {
  352. $storage = $this->util->getStorage($path);
  353. if ($storage && $storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
  354. return false;
  355. }
  356. }
  357. $parts = explode('/', $path);
  358. if (count($parts) < 4) {
  359. return false;
  360. }
  361. if ($parts[2] === 'files') {
  362. return true;
  363. }
  364. if ($parts[2] === 'files_versions') {
  365. return true;
  366. }
  367. if ($parts[2] === 'files_trashbin') {
  368. return true;
  369. }
  370. return false;
  371. }
  372. /**
  373. * get size of the unencrypted payload per block.
  374. * Nextcloud read/write files with a block size of 8192 byte
  375. *
  376. * Encrypted blocks have a 22-byte IV and 2 bytes of padding, encrypted and
  377. * signed blocks have also a 71-byte signature and 1 more byte of padding,
  378. * resulting respectively in:
  379. *
  380. * 8192 - 22 - 2 = 8168 bytes in each unsigned unencrypted block
  381. * 8192 - 22 - 2 - 71 - 1 = 8096 bytes in each signed unencrypted block
  382. *
  383. * Legacy base64 encoding then reduces the available size by a 3/4 factor:
  384. *
  385. * 8168 * (3/4) = 6126 bytes in each base64-encoded unsigned unencrypted block
  386. * 8096 * (3/4) = 6072 bytes in each base64-encoded signed unencrypted block
  387. *
  388. * @param bool $signed
  389. * @return int
  390. */
  391. public function getUnencryptedBlockSize($signed = false) {
  392. if ($this->useLegacyBase64Encoding) {
  393. return $signed ? 6072 : 6126;
  394. } else {
  395. return $signed ? 8096 : 8168;
  396. }
  397. }
  398. /**
  399. * check if the encryption module is able to read the file,
  400. * e.g. if all encryption keys exists
  401. *
  402. * @param string $path
  403. * @param string $uid user for whom we want to check if he can read the file
  404. * @return bool
  405. * @throws DecryptionFailedException
  406. */
  407. public function isReadable($path, $uid) {
  408. $fileKey = $this->keyManager->getFileKey($path, $uid, null);
  409. if (empty($fileKey)) {
  410. $owner = $this->util->getOwner($path);
  411. if ($owner !== $uid) {
  412. // if it is a shared file we throw a exception with a useful
  413. // error message because in this case it means that the file was
  414. // shared with the user at a point where the user didn't had a
  415. // valid private/public key
  416. $msg = 'Encryption module "' . $this->getDisplayName() .
  417. '" is not able to read ' . $path;
  418. $hint = $this->l->t('Cannot read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
  419. $this->logger->warning($msg);
  420. throw new DecryptionFailedException($msg, $hint);
  421. }
  422. return false;
  423. }
  424. return true;
  425. }
  426. /**
  427. * Initial encryption of all files
  428. *
  429. * @param InputInterface $input
  430. * @param OutputInterface $output write some status information to the terminal during encryption
  431. */
  432. public function encryptAll(InputInterface $input, OutputInterface $output) {
  433. $this->encryptAll->encryptAll($input, $output);
  434. }
  435. /**
  436. * prepare module to perform decrypt all operation
  437. *
  438. * @param InputInterface $input
  439. * @param OutputInterface $output
  440. * @param string $user
  441. * @return bool
  442. */
  443. public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
  444. return $this->decryptAll->prepare($input, $output, $user);
  445. }
  446. /**
  447. * @param string $path
  448. * @return string
  449. */
  450. protected function getPathToRealFile($path) {
  451. $realPath = $path;
  452. $parts = explode('/', $path);
  453. if ($parts[2] === 'files_versions') {
  454. $realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
  455. $length = strrpos($realPath, '.');
  456. $realPath = substr($realPath, 0, $length);
  457. }
  458. return $realPath;
  459. }
  460. /**
  461. * remove .part file extension and the ocTransferId from the file to get the
  462. * original file name
  463. *
  464. * @param string $path
  465. * @return string
  466. */
  467. protected function stripPartFileExtension($path) {
  468. if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
  469. $pos = strrpos($path, '.', -6);
  470. $path = substr($path, 0, $pos);
  471. }
  472. return $path;
  473. }
  474. /**
  475. * get owner of a file
  476. *
  477. * @param string $path
  478. * @return string
  479. */
  480. protected function getOwner($path) {
  481. if (!isset($this->owner[$path])) {
  482. $this->owner[$path] = $this->util->getOwner($path);
  483. }
  484. return $this->owner[$path];
  485. }
  486. /**
  487. * Check if the module is ready to be used by that specific user.
  488. * In case a module is not ready - because e.g. key pairs have not been generated
  489. * upon login this method can return false before any operation starts and might
  490. * cause issues during operations.
  491. *
  492. * @param string $user
  493. * @return boolean
  494. * @since 9.1.0
  495. */
  496. public function isReadyForUser($user) {
  497. if ($this->util->isMasterKeyEnabled()) {
  498. return true;
  499. }
  500. return $this->keyManager->userHasKeys($user);
  501. }
  502. /**
  503. * We only need a detailed access list if the master key is not enabled
  504. *
  505. * @return bool
  506. */
  507. public function needDetailedAccessList() {
  508. return !$this->util->isMasterKeyEnabled();
  509. }
  510. }