use OC\Encryption\Exceptions\DecryptionFailedException;
use OC\Encryption\Exceptions\EncryptionFailedException;
+use OC\ServerNotAvailableException;
use OCA\Encryption\Exceptions\MultiKeyDecryptException;
use OCA\Encryption\Exceptions\MultiKeyEncryptException;
use OCP\Encryption\Exceptions\GenericEncryptionException;
'AES-128-CFB' => 16,
];
+ /** @var bool */
+ private $supportLegacy;
+
/**
* @param ILogger $logger
* @param IUserSession $userSession
$this->config = $config;
$this->l = $l;
$this->supportedKeyFormats = ['hash', 'password'];
+
+ $this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
}
/**
* @return string
*/
public function getLegacyCipher() {
+ if (!$this->supportLegacy) {
+ throw new ServerNotAvailableException('Legacy cipher is no longer supported!');
+ }
+
return self::LEGACY_CIPHER;
}
if (isset($header['cipher'])) {
$cipher = $header['cipher'];
} else {
- $cipher = self::LEGACY_CIPHER;
+ $cipher = $this->getLegacyCipher();
}
if (isset($header['keyFormat'])) {
$meta = substr($catFile, -93);
$signaturePosition = strpos($meta, '00sig00');
+ // If we no longer support the legacy format then everything needs a signature
+ if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) {
+ throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
+ }
+
// enforce signature for the new 'CTR' ciphers
if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
* @dataProvider dataTestSplitMetaData
*/
public function testSplitMetaData($data, $expected) {
+ $this->config->method('getSystemValue')
+ ->with('encryption_skip_signature_check', false)
+ ->willReturn(true);
$result = self::invokePrivate($this->crypt, 'splitMetaData', [$data, 'AES-256-CFB']);
$this->assertTrue(is_array($result));
$this->assertSame(3, count($result));
* @dataProvider dataTestHasSignature
*/
public function testHasSignature($data, $expected) {
+ $this->config->method('getSystemValue')
+ ->with('encryption_skip_signature_check', false)
+ ->willReturn(true);
$this->assertSame($expected,
$this->invokePrivate($this->crypt, 'hasSignature', [$data, 'AES-256-CFB'])
);
* @dataProvider dataTestDecryptPrivateKey
*/
public function testDecryptPrivateKey($header, $privateKey, $expectedCipher, $isValidKey, $expected) {
+ $this->config->method('getSystemValueBool')
+ ->with('encryption.legacy_format_support', false)
+ ->willReturn(true);
+
/** @var \OCA\Encryption\Crypto\Crypt | \PHPUnit\Framework\MockObject\MockObject $crypt */
$crypt = $this->getMockBuilder(Crypt::class)
->setConstructorArgs(
public function testGetForm() {
$this->config
- ->expects($this->at(0))
->method('getAppValue')
- ->with('encryption', 'recoveryAdminEnabled', '0')
- ->willReturn(1);
- $this->config
- ->expects($this->at(1))
- ->method('getAppValue')
- ->with('encryption', 'encryptHomeStorage', '1')
- ->willReturn(1);
+ ->will($this->returnCallback(function ($app, $key, $default) {
+ if ($app === 'encryption' && $key === 'recoveryAdminEnabled' && $default === '0') {
+ return '1';
+ }
+ if ($app === 'encryption' && $key === 'encryptHomeStorage' && $default === '1') {
+ return '1';
+ }
+ return $default;
+ }));
$params = [
- 'recoveryEnabled' => 1,
+ 'recoveryEnabled' => '1',
'initStatus' => '0',
- 'encryptHomeStorage' => false,
- 'masterKeyEnabled' => false
+ 'encryptHomeStorage' => true,
+ 'masterKeyEnabled' => true
];
$expected = new TemplateResponse('encryption', 'settings-admin', $params, '');
$this->assertEquals($expected, $this->admin->getForm());
'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => $baseDir . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => $baseDir . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => $baseDir . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
+ 'OC\\Repair\\NC20\\EncryptionLegacyCipher' => $baseDir . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => $baseDir . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',
'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => __DIR__ . '/../../..' . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
+ 'OC\\Repair\\NC20\\EncryptionLegacyCipher' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',
use OC\Repair\NC16\CleanupCardDAVPhotoCache;
use OC\Repair\NC16\ClearCollectionsAccessCache;
use OC\Repair\NC18\ResetGeneratedAvatarFlag;
+use OC\Repair\NC20\EncryptionLegacyCipher;
use OC\Repair\OldGroupMembershipShares;
use OC\Repair\Owncloud\DropAccountTermsTable;
use OC\Repair\Owncloud\SaveAccountsTableData;
new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
\OC::$server->query(ResetGeneratedAvatarFlag::class),
+ \OC::$server->query(EncryptionLegacyCipher::class),
];
}
--- /dev/null
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Repair\NC20;
+
+use OCP\Encryption\IManager;
+use OCP\IConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+class EncryptionLegacyCipher implements IRepairStep {
+
+ /** @var IConfig */
+ private $config;
+ /** @var IManager */
+ private $manager;
+
+ public function __construct(IConfig $config,
+ IManager $manager) {
+ $this->config = $config;
+ $this->manager = $manager;
+ }
+
+ public function getName(): string {
+ return 'Keep legacy encryption enabled';
+ }
+
+ private function shouldRun(): bool {
+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+ return version_compare($versionFromBeforeUpdate, '20.0.0.0', '<=');
+ }
+
+ public function run(IOutput $output): void {
+ if ($this->manager->isEnabled()) {
+ if ($this->config->getSystemValue('encryption.legacy_format_support', '') === '') {
+ $this->config->setSystemValue('encryption.legacy_format_support', true);
+ }
+ }
+ }
+}
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
// when updating major/minor version number.
-$OC_Version = [20, 0, 0, 0];
+$OC_Version = [20, 0, 0, 1];
// The human readable string
$OC_VersionString = '20.0.0 alpha';
projects / nextcloud-server.git / commitdiff