Integrate HSM changes to encryption

[sharidas]

Integrate HSM changes to encryption

Signed-off-by: Sujith H sharidasan@owncloud.com

[codecov]

Codecov Report

Merging #90 into master will increase coverage by 1.53%.
The diff coverage is 85.38%.

@@             Coverage Diff              @@
##             master      #90      +/-   ##
============================================
+ Coverage     62.75%   64.28%   +1.53%     
- Complexity      568      594      +26     
============================================
  Files            30       33       +3     
  Lines          2081     2201     +120     
============================================
+ Hits           1306     1415     +109     
- Misses          775      786      +11

Impacted Files	Coverage Δ	Complexity Δ
lib/Crypto/Crypt.php	54.58% <ø> (+0.83%)	67 <0> (ø)	⬇️
lib/AppInfo/Application.php	0% <0%> (ø)	25 <0> (+4)	⬆️
lib/Users/Setup.php	100% <100%> (ø)	6 <0> (ø)	⬇️
lib/Command/HSMDaemon.php	100% <100%> (ø)	7 <7> (?)
lib/JWT.php	100% <100%> (ø)	5 <5> (?)
lib/Recovery.php	79.62% <100%> (ø)	37 <0> (ø)	⬇️
lib/Hooks/UserHooks.php	72.82% <100%> (ø)	36 <0> (ø)	⬇️
lib/KeyManager.php	73.06% <50%> (ø)	83 <0> (ø)	⬇️
lib/Crypto/CryptHSM.php	92.85% <92.85%> (ø)	10 <10> (?)
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6702a06...5fea266. Read the comment docs.

[codecov]

Codecov Report

Merging #90 into master will increase coverage by 1.51%.
The diff coverage is 85.49%.

@@             Coverage Diff              @@
##             master      #90      +/-   ##
============================================
+ Coverage     62.75%   64.26%   +1.51%     
- Complexity      572      598      +26     
============================================
  Files            30       33       +3     
  Lines          2089     2211     +122     
============================================
+ Hits           1311     1421     +110     
- Misses          778      790      +12

Impacted Files	Coverage Δ	Complexity Δ
lib/Crypto/Crypt.php	54.58% <ø> (+0.83%)	67 <0> (ø)	⬇️
lib/AppInfo/Application.php	0% <0%> (ø)	25 <0> (+4)	⬆️
lib/Users/Setup.php	100% <100%> (ø)	6 <0> (ø)	⬇️
lib/Command/HSMDaemon.php	100% <100%> (ø)	7 <7> (?)
lib/JWT.php	100% <100%> (ø)	5 <5> (?)
lib/Recovery.php	78.44% <100%> (ø)	41 <0> (ø)	⬇️
lib/Hooks/UserHooks.php	72.82% <100%> (ø)	36 <0> (ø)	⬇️
lib/KeyManager.php	73.06% <50%> (ø)	83 <0> (ø)	⬇️
lib/Crypto/CryptHSM.php	92.85% <92.85%> (ø)	10 <10> (?)
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f17d4b2...994b361. Read the comment docs.

[phil-davis]

@sharidas PR #92 fixed an issue related to changes to core CI yesterday. That has been merged and CI passes now in this app.

You will need to rebase this PR to get CI to pass.

[sharidas]

@phil-davis Rebased the PR. Thanks for the helping hand.

[sharidas]

• Integrated the HSM patch with the encryption app
• Unit test added. The tests would just improve coverage.
• Command encryption:hsmdaemon is added as part of the patch.
• Have not tested encryption:hsmdaemon.

[PVince81]

Looks fine to me apart from some minor things

@butonic quick look ?

[PVince81]

@sharidas can you test it ? #90 (comment)

would also be good to have a docs ticket that explain how to set this up with the mock HSM for testing

[sharidas]

Updating my tests here... regarding #90 (comment)

Regarding encryption:hsmdaemon below are the options available in the command:

• --export-masterkey
• --import-masterkey=IMPORT-MASTERKEY
• --decrypt=DECRYPT

The --import-masterkey option is missing in the code. May be its a TODO.

export-masterkey

• export-masterkey prints the base64_encode of the file data/files_encryption/OC_DEFAULT_MODULE/master_*.privateKey

decrypt

• Quite not able to get this option.

[butonic]

just do document ... this causes the hsm.url app config to be two things:

1. the url for the hsm endpoint
2. the toggle for using an hsm or the internal crypto implementation

these are two different things and I have a bad feeling about it. Maybe an additional property crypto.engine with internal and hsm makes more sense.

[PVince81]

a second key would be better, yes. @sharidas please add

[sharidas]

Updated the PR, by setting https://github.com/owncloud/encryption/pull/90/files#diff-b8a11151e44bcffc222c5fddc9ab92c9R133

Have also verified that it works with and without hsm.

[butonic]

@PVince81 a detailed setup is in the hsmdaemon Readme.md and Installation.md

I would merge and deal with the todos if we get opportunity for it.

[PVince81]

@sharidas please check the test failures

[sharidas]

Most likely this failure https://drone.owncloud.com/owncloud/encryption/479/576 has nothing to do with my change. Because the failure happens in scenario https://github.com/owncloud/core/blob/master/tests/acceptance/features/webUISharingExternal/federationSharing.feature#L293 which has a tag @skipOnEncryption. Let me rebase and try my luck again.

[sharidas]

I have updated the PR based on the requests made:

• Integrate HSM changes to encryption #90 (comment)
• Integrate HSM changes to encryption #90 (comment)

[PVince81]

restarted cancelled build

[PVince81]

can't restart the build https://drone.owncloud.com/owncloud/encryption/494/1297 :-(

maybe rebase ?

[sharidas]

can't restart the build https://drone.owncloud.com/owncloud/encryption/494/1297 :-(

maybe rebase ?

Rebasing it.

[sharidas]

Backport to stable10: owncloud/core#34527