]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dfc0a26)
read cipher from key header and always write a key header if a new private key is...
authorBjoern Schiessle <schiessle@owncloud.com>
Wed, 8 Apr 2015 12:19:11 +0000 (14:19 +0200)
committerBjoern Schiessle <schiessle@owncloud.com>
Wed, 8 Apr 2015 12:26:00 +0000 (14:26 +0200)
apps/encryption/lib/crypto/crypt.php patch | blob | history
apps/encryption/lib/keymanager.php patch | blob | history
apps/encryption/lib/recovery.php patch | blob | history

diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index 6e1008d29a0a03e0f4ff8e25f8803a07951452a3..f2ae8e6db2625405e00a1b0c23b1c87ab3323cae 100644 (file)
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -37,6 +37,8 @@ use OCP\IUserSession;
 class Crypt {
 
        const DEFAULT_CIPHER = 'AES-256-CFB';
+       // default cipher from old ownCloud versions
+       const LEGACY_CIPHER = 'AES-128-CFB';
 
        const HEADER_START = 'HBEGIN';
        const HEADER_END = 'HEND';
@@ -148,6 +150,16 @@ class Crypt {
                return $padded;
        }
 
+       /**
+        * generate header for encrypted file
+        */
+       public function generateHeader() {
+               $cipher = $this->getCipher();
+               $header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END;
+
+               return $header;
+       }
+
        /**
         * @param string $plainContent
         * @param string $iv
@@ -205,23 +217,28 @@ class Crypt {
        }
 
        /**
-        * @param string $recoveryKey
+        * @param string $privateKey
         * @param string $password
         * @return bool|string
         */
-       public function decryptPrivateKey($recoveryKey, $password) {
+       public function decryptPrivateKey($privateKey, $password) {
 
-               $header = $this->parseHeader($recoveryKey);
-               $cipher = $this->getCipher();
+               $header = $this->parseHeader($privateKey);
+
+               if (isset($header['cipher'])) {
+                       $cipher = $header['cipher'];
+               } else {
+                       $cipher = self::LEGACY_CIPHER;
+               }
 
                // If we found a header we need to remove it from the key we want to decrypt
                if (!empty($header)) {
-                       $recoveryKey = substr($recoveryKey,
-                               strpos($recoveryKey,
+                       $privateKey = substr($privateKey,
+                               strpos($privateKey,
                                        self::HEADER_END) + strlen(self::HEADER_START));
                }
 
-               $plainKey = $this->symmetricDecryptFileContent($recoveryKey,
+               $plainKey = $this->symmetricDecryptFileContent($privateKey,
                        $password,
                        $cipher);
 
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 81bc082042d63c7144c788617547d343c66f076f..a280ea9bde33558f7109fe808a2cad5fbc59db16 100644 (file)
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -200,9 +200,10 @@ class KeyManager {
 
                $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
                        $password);
+               $header = $this->crypt->generateHeader();
 
                if ($encryptedKey) {
-                       $this->setPrivateKey($uid, $encryptedKey);
+                       $this->setPrivateKey($uid, $header . $encryptedKey);
                        return true;
                }
                return false;
@@ -219,9 +220,10 @@ class KeyManager {
 
                $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
                        $password);
+               $header = $this->crypt->generateHeader();
 
                if ($encryptedKey) {
-                       $this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey);
+                       $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
                        return true;
                }
                return false;
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
index 5c2ca67a2b423fab3bdfc45c5e7e84b217f1c6cc..5c1e91866a0a191a1ba381526592e0029e63690b 100644 (file)
--- a/apps/encryption/lib/recovery.php
+++ b/apps/encryption/lib/recovery.php
@@ -129,6 +129,7 @@ class Recovery {
         *
         * @param string $newPassword
         * @param string $oldPassword
+        * @return bool
         */
        public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
                $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server