From: Thomas Müller Date: Wed, 1 Apr 2015 11:59:29 +0000 (+0200) Subject: Finally fixing encryption with public share X-Git-Tag: v8.1.0alpha1~78^2~48 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=cac83642f2df98497ecedcded1716c28fa676313;p=nextcloud-server.git Finally fixing encryption with public share --- diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index f96c426a725..f3f96b9ef21 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -23,6 +23,7 @@ namespace OCA\Encryption; use OC\Encryption\Exceptions\DecryptionFailedException; +use OCA\Encryption\Exceptions\FileKeyMissingException; use OCA\Encryption\Exceptions\PrivateKeyMissingException; use OC\Encryption\Exceptions\PublicKeyMissingException; use OCA\Encryption\Crypto\Crypt; @@ -114,6 +115,8 @@ class KeyManager { $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; + $this->log = $log; + $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { @@ -123,34 +126,24 @@ class KeyManager { $this->recoveryKeyId); } - $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); - $this->log = $log; - if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); - $this->config->setAppValue('encryption', - 'publicShareKeyId', - $this->publicShareKeyId); + $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); + } + $shareKey = $this->getPublicShareKey(); + if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey( - $this->publicShareKeyId . '.publicKey', - $keyPair['publicKey']); + $this->publicShareKeyId . '.publicKey', $keyPair['publicKey']); // Encrypt private key empty passphrase - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], - ''); - if ($encryptedKey) { - $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', - $encryptedKey); - } else { - $this->log->error('Could not create public share keys'); - } - + $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); + $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; @@ -161,7 +154,8 @@ class KeyManager { * @return bool */ public function recoveryKeyExists() { - return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'))); + $key = $this->getRecoveryKey(); + return (!empty($key)); } /** @@ -340,19 +334,25 @@ class KeyManager { * @return string */ public function getFileKey($path, $uid) { - $key = ''; - $encryptedFileKey = $this->keyStorage->getFileKey($path, - $this->fileKeyId); - $shareKey = $this->getShareKey($path, $uid); - $privateKey = $this->session->getPrivateKey(); + $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId); + + if (is_null($uid)) { + $uid = $this->getPublicShareKeyId(); + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey'); + $privateKey = $this->crypt->symmetricDecryptFileContent($privateKey); + } else { + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->session->getPrivateKey(); + } if ($encryptedFileKey && $shareKey && $privateKey) { - $key = $this->crypt->multiKeyDecrypt($encryptedFileKey, + return $this->crypt->multiKeyDecrypt($encryptedFileKey, $shareKey, $privateKey); } - return $key; + throw new FileKeyMissingException(); } /** @@ -412,7 +412,7 @@ class KeyManager { } /** - * get public key for public link shares + * get public key for public link shares * * @return string */ @@ -504,7 +504,11 @@ class KeyManager { */ public function addSystemKeys(array $accessList, array $publicKeys) { if (!empty($accessList['public'])) { - $publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey(); + $publicShareKey = $this->getPublicShareKey(); + if (empty($publicShareKey)) { + throw new PublicKeyMissingException(); + } + $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey; } if ($this->recoveryKeyExists() && diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index 21cedde6140..e838e870502 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -93,25 +93,25 @@ class Update { * @param int $fileSource file source id */ private function update($fileSource) { - $path = \OC\Files\Filesystem::getPath($fileSource); - $absPath = '/' . $this->uid . '/files' . $path; + $path = \OC\Files\Filesystem::getPath($fileSource); + $absPath = '/' . $this->uid . '/files' . $path; - $mount = $this->mountManager->find($path); - $mountPoint = $mount->getMountPoint(); + $mount = $this->mountManager->find($path); + $mountPoint = $mount->getMountPoint(); - // if a folder was shared, get a list of all (sub-)folders - if ($this->view->is_dir($absPath)) { - $allFiles = $this->util->getAllFiles($absPath, $mountPoint); - } else { - $allFiles = array($absPath); - } + // if a folder was shared, get a list of all (sub-)folders + if ($this->view->is_dir($absPath)) { + $allFiles = $this->util->getAllFiles($absPath, $mountPoint); + } else { + $allFiles = array($absPath); + } - $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); + $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); - foreach ($allFiles as $path) { - $usersSharing = $this->file->getAccessList($path); - $encryptionModule->update($absPath, $this->uid, $usersSharing); - } + foreach ($allFiles as $path) { + $usersSharing = $this->file->getAccessList($path); + $encryptionModule->update($absPath, $this->uid, $usersSharing); + } } -} \ No newline at end of file +} diff --git a/lib/private/files/stream/encryption.php b/lib/private/files/stream/encryption.php index a96d573723c..88957825de0 100644 --- a/lib/private/files/stream/encryption.php +++ b/lib/private/files/stream/encryption.php @@ -198,7 +198,7 @@ class Encryption extends Wrapper { $context = parent::loadContext($name); foreach ($this->expectedContextProperties as $property) { - if (isset($context[$property])) { + if (array_key_exists($property, $context)) { $this->{$property} = $context[$property]; } else { throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set');