\r
$privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']);\r
\r
+ // check if this a valid private key\r
+ $res = openssl_pkey_get_private($privateKey);\r
+ if(is_resource($res)) {\r
+ $sslInfo = openssl_pkey_get_details($res);\r
+ if(!isset($sslInfo['key'])) {\r
+ $privateKey = null;\r
+ }\r
+ } else {\r
+ $privateKey = null;\r
+ }\r
+\r
+ if($privateKey === null) {\r
+ \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);\r
+ }\r
+\r
$session = new \OCA\Encryption\Session($view);\r
\r
$session->setPrivateKey($privateKey, $params['uid']);\r
public static function setPassphrase($params) {\r
\r
// Only attempt to change passphrase if server-side encryption\r
- // is in use (client-side encryption does not have access to \r
+ // is in use (client-side encryption does not have access to\r
// the necessary keys)\r
if (Crypt::mode() === 'server') {\r
\r
if (!is_resource($this->handle)) {
- \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
+ \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
- \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
+ \OCP\Util::writeLog('Encryption library', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
die();
// Get the data from the file handle
$data = fread($this->handle, 8192);
- $result = '';
+ $result = null;
if (strlen($data)) {
throw new \Exception(
'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream');
- }
+ } else {
- // Decrypt data
- $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
+ // Decrypt data
+ $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
+ }
}
$privateKey = $session->getPrivateKey($this->userId);
+ // if there is no valid private key return false
+ if($privateKey === false) {
+
+ \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $this->userId . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
+
+ return false;
+ }
+
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
$this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey);
projects / nextcloud-server.git / commitdiff