Browse Source
read cipher from key header and always write a key header if a new private key is stored
tags/v8.1.0alpha1
Bjoern Schiessle
9 years ago
3 changed files with 29 additions and 9 deletions
+ 24
- 7
apps/encryption/lib/crypto/crypt.php
View File
| @@ -37,6 +37,8 @@ use OCP\IUserSession; | |||
| class Crypt { | |||
| const DEFAULT_CIPHER = 'AES-256-CFB'; | |||
| // default cipher from old ownCloud versions | |||
| const LEGACY_CIPHER = 'AES-128-CFB'; | |||
| const HEADER_START = 'HBEGIN'; | |||
| const HEADER_END = 'HEND'; | |||
| @@ -148,6 +150,16 @@ class Crypt { | |||
| return $padded; | |||
| } | |||
| /** | |||
| * generate header for encrypted file | |||
| */ | |||
| public function generateHeader() { | |||
| $cipher = $this->getCipher(); | |||
| $header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END; | |||
| return $header; | |||
| } | |||
| /** | |||
| * @param string $plainContent | |||
| * @param string $iv | |||
| @@ -205,23 +217,28 @@ class Crypt { | |||
| } | |||
| /** | |||
| * @param string $recoveryKey | |||
| * @param string $privateKey | |||
| * @param string $password | |||
| * @return bool|string | |||
| */ | |||
| public function decryptPrivateKey($recoveryKey, $password) { | |||
| public function decryptPrivateKey($privateKey, $password) { | |||
| $header = $this->parseHeader($recoveryKey); | |||
| $cipher = $this->getCipher(); | |||
| $header = $this->parseHeader($privateKey); | |||
| if (isset($header['cipher'])) { | |||
| $cipher = $header['cipher']; | |||
| } else { | |||
| $cipher = self::LEGACY_CIPHER; | |||
| } | |||
| // If we found a header we need to remove it from the key we want to decrypt | |||
| if (!empty($header)) { | |||
| $recoveryKey = substr($recoveryKey, | |||
| strpos($recoveryKey, | |||
| $privateKey = substr($privateKey, | |||
| strpos($privateKey, | |||
| self::HEADER_END) + strlen(self::HEADER_START)); | |||
| } | |||
| $plainKey = $this->symmetricDecryptFileContent($recoveryKey, | |||
| $plainKey = $this->symmetricDecryptFileContent($privateKey, | |||
| $password, | |||
| $cipher); | |||
+ 4
- 2
apps/encryption/lib/keymanager.php
View File
| @@ -200,9 +200,10 @@ class KeyManager { | |||
| $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], | |||
| $password); | |||
| $header = $this->crypt->generateHeader(); | |||
| if ($encryptedKey) { | |||
| $this->setPrivateKey($uid, $encryptedKey); | |||
| $this->setPrivateKey($uid, $header . $encryptedKey); | |||
| return true; | |||
| } | |||
| return false; | |||
| @@ -219,9 +220,10 @@ class KeyManager { | |||
| $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], | |||
| $password); | |||
| $header = $this->crypt->generateHeader(); | |||
| if ($encryptedKey) { | |||
| $this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey); | |||
| $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey); | |||
| return true; | |||
| } | |||
| return false; | |||
+ 1
- 0
apps/encryption/lib/recovery.php
View File
| @@ -129,6 +129,7 @@ class Recovery { | |||
| * | |||
| * @param string $newPassword | |||
| * @param string $oldPassword | |||
| * @return bool | |||
| */ | |||
| public function changeRecoveryKeyPassword($newPassword, $oldPassword) { | |||
| $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); | |||
Loading…