IEncryptionModule.php 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCP\Encryption;
  8. use Symfony\Component\Console\Input\InputInterface;
  9. use Symfony\Component\Console\Output\OutputInterface;
  10. /**
  11. * Interface IEncryptionModule
  12. *
  13. * @since 8.1.0
  14. */
  15. interface IEncryptionModule {
  16. /**
  17. * @return string defining the technical unique id
  18. * @since 8.1.0
  19. */
  20. public function getId();
  21. /**
  22. * In comparison to getKey() this function returns a human readable (maybe translated) name
  23. *
  24. * @return string
  25. * @since 8.1.0
  26. */
  27. public function getDisplayName();
  28. /**
  29. * start receiving chunks from a file. This is the place where you can
  30. * perform some initial step before starting encrypting/decrypting the
  31. * chunks
  32. *
  33. * @param string $path to the file
  34. * @param string $user who read/write the file (null for public access)
  35. * @param string $mode php stream open mode
  36. * @param array $header contains the header data read from the file
  37. * @param array $accessList who has access to the file contains the key 'users' and 'public'
  38. *
  39. * @return array $header contain data as key-value pairs which should be
  40. * written to the header, in case of a write operation
  41. * or if no additional data is needed return a empty array
  42. * @since 8.1.0
  43. */
  44. public function begin($path, $user, $mode, array $header, array $accessList);
  45. /**
  46. * last chunk received. This is the place where you can perform some final
  47. * operation and return some remaining data if something is left in your
  48. * buffer.
  49. *
  50. * @param string $path to the file
  51. * @param string $position id of the last block (looks like "<Number>end")
  52. *
  53. * @return string remained data which should be written to the file in case
  54. * of a write operation
  55. *
  56. * @since 8.1.0
  57. * @since 9.0.0 parameter $position added
  58. */
  59. public function end($path, $position);
  60. /**
  61. * encrypt data
  62. *
  63. * @param string $data you want to encrypt
  64. * @param string $position position of the block we want to encrypt (starts with '0')
  65. *
  66. * @return mixed encrypted data
  67. *
  68. * @since 8.1.0
  69. * @since 9.0.0 parameter $position added
  70. */
  71. public function encrypt($data, $position);
  72. /**
  73. * decrypt data
  74. *
  75. * @param string $data you want to decrypt
  76. * @param int|string $position position of the block we want to decrypt
  77. *
  78. * @return mixed decrypted data
  79. *
  80. * @since 8.1.0
  81. * @since 9.0.0 parameter $position added
  82. */
  83. public function decrypt($data, $position);
  84. /**
  85. * update encrypted file, e.g. give additional users access to the file
  86. *
  87. * @param string $path path to the file which should be updated
  88. * @param string $uid of the user who performs the operation
  89. * @param array $accessList who has access to the file contains the key 'users' and 'public'
  90. * @return boolean
  91. * @since 8.1.0
  92. */
  93. public function update($path, $uid, array $accessList);
  94. /**
  95. * should the file be encrypted or not
  96. *
  97. * @param string $path
  98. * @return boolean
  99. * @since 8.1.0
  100. */
  101. public function shouldEncrypt($path);
  102. /**
  103. * get size of the unencrypted payload per block.
  104. * ownCloud read/write files with a block size of 8192 byte
  105. *
  106. * @param bool $signed
  107. * @return int
  108. * @since 8.1.0 optional parameter $signed was added in 9.0.0
  109. */
  110. public function getUnencryptedBlockSize($signed = false);
  111. /**
  112. * check if the encryption module is able to read the file,
  113. * e.g. if all encryption keys exists
  114. *
  115. * @param string $path
  116. * @param string $uid user for whom we want to check if they can read the file
  117. * @return boolean
  118. * @since 8.1.0
  119. */
  120. public function isReadable($path, $uid);
  121. /**
  122. * Initial encryption of all files
  123. *
  124. * @param InputInterface $input
  125. * @param OutputInterface $output write some status information to the terminal during encryption
  126. * @since 8.2.0
  127. */
  128. public function encryptAll(InputInterface $input, OutputInterface $output);
  129. /**
  130. * prepare encryption module to decrypt all files
  131. *
  132. * @param InputInterface $input
  133. * @param OutputInterface $output write some status information to the terminal during encryption
  134. * @param $user (optional) for which the files should be decrypted, default = all users
  135. * @return bool return false on failure or if it isn't supported by the module
  136. * @since 8.2.0
  137. */
  138. public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '');
  139. /**
  140. * Check if the module is ready to be used by that specific user.
  141. * In case a module is not ready - because e.g. key pairs have not been generated
  142. * upon login this method can return false before any operation starts and might
  143. * cause issues during operations.
  144. *
  145. * @param string $user
  146. * @return boolean
  147. * @since 9.1.0
  148. */
  149. public function isReadyForUser($user);
  150. /**
  151. * Does the encryption module needs a detailed list of users with access to the file?
  152. * For example if the encryption module uses per-user encryption keys and needs to know
  153. * the users with access to the file to encrypt/decrypt it.
  154. *
  155. * @since 13.0.0
  156. * @return bool
  157. */
  158. public function needDetailedAccessList();
  159. }