diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-06-04 17:20:20 +0200 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-06-11 08:36:36 +0000 |
| commit | 5d15fc738ca51d8badf9e8abbe70c98fe83cbd5b (patch) | |
| tree | 8b88fc36bcdb4b42a52bac88fcc92964f3578062 /apps/encryption/lib | |
| parent | 84a9b08fe5c6d3984a44c64d92e55866dae23658 (diff) | |
| download | nextcloud-server-5d15fc738ca51d8badf9e8abbe70c98fe83cbd5b.tar.gz nextcloud-server-5d15fc738ca51d8badf9e8abbe70c98fe83cbd5b.zip | |
fix: Autodetect legacy filekey instead of trusting the header for legacy header
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/Crypto/Encryption.php | 20 | ||||
| -rw-r--r-- | apps/encryption/lib/KeyManager.php | 11 |
2 files changed, 9 insertions, 22 deletions
diff --git a/apps/encryption/lib/Crypto/Encryption.php b/apps/encryption/lib/Crypto/Encryption.php index 1481d3a9a23..9980def3388 100644 --- a/apps/encryption/lib/Crypto/Encryption.php +++ b/apps/encryption/lib/Crypto/Encryption.php @@ -80,8 +80,6 @@ class Encryption implements IEncryptionModule { /** @var int Current version of the file */ private int $version = 0; - private bool $useLegacyFileKey = true; - /** @var array remember encryption signature version */ private static $rememberVersion = []; @@ -138,7 +136,6 @@ class Encryption implements IEncryptionModule { $this->writeCache = ''; $this->useLegacyBase64Encoding = true; - $this->useLegacyFileKey = ($header['useLegacyFileKey'] ?? 'true') !== 'false'; if (isset($header['encoding'])) { $this->useLegacyBase64Encoding = $header['encoding'] !== Crypt::BINARY_ENCODING_FORMAT; @@ -152,19 +149,10 @@ class Encryption implements IEncryptionModule { } } - if ($this->session->decryptAllModeActivated()) { - $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid()); - if ($this->useLegacyFileKey) { - $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path); - $this->fileKey = $this->crypt->multiKeyDecryptLegacy($encryptedFileKey, - $shareKey, - $this->session->getDecryptAllKey()); - } else { - $this->fileKey = $this->crypt->multiKeyDecrypt($shareKey, $this->session->getDecryptAllKey()); - } - } else { - $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user, $this->useLegacyFileKey); - } + /* If useLegacyFileKey is not specified in header, auto-detect, to be safe */ + $useLegacyFileKey = (($header['useLegacyFileKey'] ?? '') == 'false' ? false : null); + + $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user, $useLegacyFileKey, $this->session->decryptAllModeActivated()); // always use the version from the original file, also part files // need to have a correct version number if they get moved over to the diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index 7d6380f3b83..87daccc1868 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -367,12 +367,9 @@ class KeyManager { } /** - * @param string $path - * @param $uid * @param ?bool $useLegacyFileKey null means try both - * @return string */ - public function getFileKey(string $path, ?string $uid, ?bool $useLegacyFileKey): string { + public function getFileKey(string $path, ?string $uid, ?bool $useLegacyFileKey, bool $useDecryptAll): string { if ($uid === '') { $uid = null; } @@ -385,8 +382,10 @@ class KeyManager { return ''; } } - - if ($this->util->isMasterKeyEnabled()) { + if ($useDecryptAll) { + $shareKey = $this->getShareKey($path, $this->session->getDecryptAllUid()); + $privateKey = $this->session->getDecryptAllKey(); + } elseif ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); $shareKey = $this->getShareKey($path, $uid); if ($publicAccess) { |