Björn Schießle
8 years ago
5 changed files with 34 additions and 18 deletions
+ 2
- 2
apps/encryption/lib/crypto/crypt.php
View File
| @@ -462,7 +462,7 @@ class Crypt { | |||
| */ | |||
| private function checkSignature($data, $passPhrase, $expectedSignature) { | |||
| $signature = $this->createSignature($data, $passPhrase); | |||
| if (hash_equals($expectedSignature, $signature)) { | |||
| if (!hash_equals($expectedSignature, $signature)) { | |||
| throw new HintException('Bad Signature', $this->l->t('Bad Signature')); | |||
| } | |||
| } | |||
| @@ -517,7 +517,7 @@ class Crypt { | |||
| $meta = substr($catFile, -22); | |||
| $iv = substr($meta, -16); | |||
| $sig = false; | |||
| $encrypted = substr($catFile, 0, -93); | |||
| $encrypted = substr($catFile, 0, -22); | |||
| } | |||
| return [ | |||
+ 17
- 8
apps/encryption/lib/crypto/encryption.php
View File
| @@ -94,8 +94,12 @@ class Encryption implements IEncryptionModule { | |||
| /** @var DecryptAll */ | |||
| private $decryptAll; | |||
| /** @var int unencrypted block size if block contains signature */ | |||
| private $unencryptedBlockSizeSigned = 6072; | |||
| /** @var int unencrypted block size */ | |||
| private $unencryptedBlockSize = 6072; | |||
| private $unencryptedBlockSize = 6126; | |||
| /** | |||
| * | |||
| @@ -198,7 +202,7 @@ class Encryption implements IEncryptionModule { | |||
| $this->cipher = $this->crypt->getLegacyCipher(); | |||
| } | |||
| return array('cipher' => $this->cipher); | |||
| return array('cipher' => $this->cipher, 'signed' => 'true'); | |||
| } | |||
| /** | |||
| @@ -278,7 +282,7 @@ class Encryption implements IEncryptionModule { | |||
| // If data remaining to be written is less than the | |||
| // size of 1 6126 byte block | |||
| if ($remainingLength < $this->unencryptedBlockSize) { | |||
| if ($remainingLength < $this->unencryptedBlockSizeSigned) { | |||
| // Set writeCache to contents of $data | |||
| // The writeCache will be carried over to the | |||
| @@ -296,14 +300,14 @@ class Encryption implements IEncryptionModule { | |||
| } else { | |||
| // Read the chunk from the start of $data | |||
| $chunk = substr($data, 0, $this->unencryptedBlockSize); | |||
| $chunk = substr($data, 0, $this->unencryptedBlockSizeSigned); | |||
| $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey); | |||
| // Remove the chunk we just processed from | |||
| // $data, leaving only unprocessed data in $data | |||
| // var, for handling on the next round | |||
| $data = substr($data, $this->unencryptedBlockSize); | |||
| $data = substr($data, $this->unencryptedBlockSizeSigned); | |||
| } | |||
| @@ -410,10 +414,15 @@ class Encryption implements IEncryptionModule { | |||
| * get size of the unencrypted payload per block. | |||
| * ownCloud read/write files with a block size of 8192 byte | |||
| * | |||
| * @return integer | |||
| * @param bool $signed | |||
| * @return int | |||
| */ | |||
| public function getUnencryptedBlockSize() { | |||
| return $this->unencryptedBlockSize; | |||
| public function getUnencryptedBlockSize($signed = false) { | |||
| if ($signed === false) { | |||
| return $this->unencryptedBlockSize; | |||
| } | |||
| return $this->unencryptedBlockSizeSigned; | |||
| } | |||
| /** | |||
+ 4
- 2
lib/private/files/storage/wrapper/encryption.php
View File
| @@ -343,6 +343,7 @@ class Encryption extends Wrapper { | |||
| $shouldEncrypt = false; | |||
| $encryptionModule = null; | |||
| $header = $this->getHeader($path); | |||
| $signed = (isset($header['signed']) && $header['signed'] === 'true') ? true : false; | |||
| $fullPath = $this->getFullPath($path); | |||
| $encryptionModuleId = $this->util->getEncryptionModuleId($header); | |||
| @@ -377,7 +378,7 @@ class Encryption extends Wrapper { | |||
| || $mode === 'wb' | |||
| || $mode === 'wb+' | |||
| ) { | |||
| // don't overwrite encrypted files if encyption is not enabled | |||
| // don't overwrite encrypted files if encryption is not enabled | |||
| if ($targetIsEncrypted && $encryptionEnabled === false) { | |||
| throw new GenericEncryptionException('Tried to access encrypted file but encryption is not enabled'); | |||
| } | |||
| @@ -385,6 +386,7 @@ class Encryption extends Wrapper { | |||
| // if $encryptionModuleId is empty, the default module will be used | |||
| $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); | |||
| $shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath); | |||
| $signed = true; | |||
| } | |||
| } else { | |||
| $info = $this->getCache()->get($path); | |||
| @@ -422,7 +424,7 @@ class Encryption extends Wrapper { | |||
| } | |||
| $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, | |||
| $this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode, | |||
| $size, $unencryptedSize, $headerSize); | |||
| $size, $unencryptedSize, $headerSize, $signed); | |||
| return $handle; | |||
| } | |||
+ 7
- 3
lib/private/files/stream/encryption.php
View File
| @@ -110,7 +110,8 @@ class Encryption extends Wrapper { | |||
| 'size', | |||
| 'unencryptedSize', | |||
| 'encryptionStorage', | |||
| 'headerSize' | |||
| 'headerSize', | |||
| 'signed' | |||
| ); | |||
| } | |||
| @@ -132,6 +133,7 @@ class Encryption extends Wrapper { | |||
| * @param int $size | |||
| * @param int $unencryptedSize | |||
| * @param int $headerSize | |||
| * @param bool $signed | |||
| * @param string $wrapper stream wrapper class | |||
| * @return resource | |||
| * | |||
| @@ -148,6 +150,7 @@ class Encryption extends Wrapper { | |||
| $size, | |||
| $unencryptedSize, | |||
| $headerSize, | |||
| $signed, | |||
| $wrapper = 'OC\Files\Stream\Encryption') { | |||
| $context = stream_context_create(array( | |||
| @@ -164,7 +167,8 @@ class Encryption extends Wrapper { | |||
| 'size' => $size, | |||
| 'unencryptedSize' => $unencryptedSize, | |||
| 'encryptionStorage' => $encStorage, | |||
| 'headerSize' => $headerSize | |||
| 'headerSize' => $headerSize, | |||
| 'signed' => $signed | |||
| ) | |||
| )); | |||
| @@ -225,7 +229,7 @@ class Encryption extends Wrapper { | |||
| $this->position = 0; | |||
| $this->cache = ''; | |||
| $this->writeFlag = false; | |||
| $this->unencryptedBlockSize = $this->encryptionModule->getUnencryptedBlockSize(); | |||
| $this->unencryptedBlockSize = $this->encryptionModule->getUnencryptedBlockSize($this->signed); | |||
| if ( | |||
| $mode === 'w' | |||
+ 4
- 3
lib/public/encryption/iencryptionmodule.php
View File
| @@ -119,10 +119,11 @@ interface IEncryptionModule { | |||
| * get size of the unencrypted payload per block. | |||
| * ownCloud read/write files with a block size of 8192 byte | |||
| * | |||
| * @return integer | |||
| * @since 8.1.0 | |||
| * @param bool $signed | |||
| * @return int | |||
| * @since 8.1.0 optional parameter $signed was added in 9.0.0 | |||
| */ | |||
| public function getUnencryptedBlockSize(); | |||
| public function getUnencryptedBlockSize($signed = false); | |||
| /** | |||
| * check if the encryption module is able to read the file, | |||
Loading…