diff options
| author | Clark Tomlinson <fallen013@gmail.com> | 2015-04-29 19:32:02 -0400 |
|---|---|---|
| committer | Clark Tomlinson <fallen013@gmail.com> | 2015-04-29 19:32:02 -0400 |
| commit | 4209757d61685346b9b3eb476035b4e86597ed64 (patch) | |
| tree | 7ad0b7f6a8579838f8c0076dd81d036e73c75cf0 /apps/encryption/lib | |
| parent | 8955f38e55e5ec99e79fae6ab999185fcceb0466 (diff) | |
| parent | 29bcfb2fdbfd922b6918cd8665d4f31858d7e08e (diff) | |
| download | nextcloud-server-4209757d61685346b9b3eb476035b4e86597ed64.tar.gz nextcloud-server-4209757d61685346b9b3eb476035b4e86597ed64.zip | |
Merge pull request #15919 from owncloud/enc_handle_empty_files
Encryption improve handling of empty and unencrypted files
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/crypto/crypt.php | 2 | ||||
| -rw-r--r-- | apps/encryption/lib/crypto/encryption.php | 74 |
2 files changed, 50 insertions, 26 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index 782dbbe5a35..65af3a93d0a 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -410,7 +410,7 @@ class Crypt { * @return string * @throws \Exception */ - public static function generateFileKey() { + public function generateFileKey() { // Generate key $key = base64_encode(openssl_random_pseudo_bytes(32, $strong)); if (!$key || !$strong) { diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index 3f298481680..4e181b0712a 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -28,6 +28,7 @@ namespace OCA\Encryption\Crypto; use OCA\Encryption\Util; use OCP\Encryption\IEncryptionModule; use OCA\Encryption\KeyManager; +use OCP\ILogger; class Encryption implements IEncryptionModule { @@ -66,16 +67,24 @@ class Encryption implements IEncryptionModule { /** @var Util */ private $util; + /** @var ILogger */ + private $logger; + /** * - * @param \OCA\Encryption\Crypto\Crypt $crypt + * @param Crypt $crypt * @param KeyManager $keyManager * @param Util $util + * @param ILogger $logger */ - public function __construct(Crypt $crypt, KeyManager $keyManager, Util $util) { + public function __construct(Crypt $crypt, + KeyManager $keyManager, + Util $util, + ILogger $logger) { $this->crypt = $crypt; $this->keyManager = $keyManager; $this->util = $util; + $this->logger = $logger; } /** @@ -111,27 +120,36 @@ class Encryption implements IEncryptionModule { */ public function begin($path, $user, $mode, array $header, array $accessList) { - if (isset($header['cipher'])) { - $this->cipher = $header['cipher']; - } else if ( + $this->path = $this->getPathToRealFile($path); + $this->accessList = $accessList; + $this->user = $user; + $this->isWriteOperation = false; + $this->writeCache = ''; + + $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user); + + if ( $mode === 'w' || $mode === 'w+' || $mode === 'wb' || $mode === 'wb+' ) { + $this->isWriteOperation = true; + if (empty($this->fileKey)) { + $this->fileKey = $this->crypt->generateFileKey(); + } + } + + if (isset($header['cipher'])) { + $this->cipher = $header['cipher']; + } elseif ($this->isWriteOperation) { $this->cipher = $this->crypt->getCipher(); } else { + // if we read a file without a header we fall-back to the legacy cipher + // which was used in <=oC6 $this->cipher = $this->crypt->getLegacyCipher(); } - $this->path = $this->getPathToRealFile($path); - $this->accessList = $accessList; - $this->user = $user; - $this->writeCache = ''; - $this->isWriteOperation = false; - - $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user); - return array('cipher' => $this->cipher); } @@ -171,10 +189,6 @@ class Encryption implements IEncryptionModule { * @return mixed encrypted data */ public function encrypt($data) { - $this->isWriteOperation = true; - if (empty($this->fileKey)) { - $this->fileKey = $this->crypt->generateFileKey(); - } // If extra data is left over from the last round, make sure it // is integrated into the next 6126 / 8192 block @@ -257,18 +271,28 @@ class Encryption implements IEncryptionModule { */ public function update($path, $uid, array $accessList) { $fileKey = $this->keyManager->getFileKey($path, $uid); - $publicKeys = array(); - foreach ($accessList['users'] as $user) { - $publicKeys[$user] = $this->keyManager->getPublicKey($user); - } - $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); + if (!empty($fileKey)) { - $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); + $publicKeys = array(); + foreach ($accessList['users'] as $user) { + $publicKeys[$user] = $this->keyManager->getPublicKey($user); + } + + $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); + + $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); + + $this->keyManager->deleteAllFileKeys($path); - $this->keyManager->deleteAllFileKeys($path); + $this->keyManager->setAllFileKeys($path, $encryptedFileKey); - $this->keyManager->setAllFileKeys($path, $encryptedFileKey); + } else { + $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted', + array('file' => $path, 'app' => 'encryption')); + + return false; + } return true; } |