diff options
author | Bjoern Schiessle <schiessle@owncloud.com> | 2015-04-08 14:19:11 +0200 |
---|---|---|
committer | Bjoern Schiessle <schiessle@owncloud.com> | 2015-04-08 14:26:00 +0200 |
commit | 4ce5669419c344de561f627592349773765b064c (patch) | |
tree | 05d796cf5175c30e995ca44a0c1f90e24b813f22 /apps/encryption | |
parent | dfc0a26e57effbb9c53f383b0c7a5f55323bf810 (diff) | |
download | nextcloud-server-4ce5669419c344de561f627592349773765b064c.tar.gz nextcloud-server-4ce5669419c344de561f627592349773765b064c.zip |
read cipher from key header and always write a key header if a new private key is stored
Diffstat (limited to 'apps/encryption')
-rw-r--r-- | apps/encryption/lib/crypto/crypt.php | 31 | ||||
-rw-r--r-- | apps/encryption/lib/keymanager.php | 6 | ||||
-rw-r--r-- | apps/encryption/lib/recovery.php | 1 |
3 files changed, 29 insertions, 9 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index 6e1008d29a0..f2ae8e6db26 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -37,6 +37,8 @@ use OCP\IUserSession; class Crypt { const DEFAULT_CIPHER = 'AES-256-CFB'; + // default cipher from old ownCloud versions + const LEGACY_CIPHER = 'AES-128-CFB'; const HEADER_START = 'HBEGIN'; const HEADER_END = 'HEND'; @@ -149,6 +151,16 @@ class Crypt { } /** + * generate header for encrypted file + */ + public function generateHeader() { + $cipher = $this->getCipher(); + $header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END; + + return $header; + } + + /** * @param string $plainContent * @param string $iv * @param string $passPhrase @@ -205,23 +217,28 @@ class Crypt { } /** - * @param string $recoveryKey + * @param string $privateKey * @param string $password * @return bool|string */ - public function decryptPrivateKey($recoveryKey, $password) { + public function decryptPrivateKey($privateKey, $password) { - $header = $this->parseHeader($recoveryKey); - $cipher = $this->getCipher(); + $header = $this->parseHeader($privateKey); + + if (isset($header['cipher'])) { + $cipher = $header['cipher']; + } else { + $cipher = self::LEGACY_CIPHER; + } // If we found a header we need to remove it from the key we want to decrypt if (!empty($header)) { - $recoveryKey = substr($recoveryKey, - strpos($recoveryKey, + $privateKey = substr($privateKey, + strpos($privateKey, self::HEADER_END) + strlen(self::HEADER_START)); } - $plainKey = $this->symmetricDecryptFileContent($recoveryKey, + $plainKey = $this->symmetricDecryptFileContent($privateKey, $password, $cipher); diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 81bc082042d..a280ea9bde3 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -200,9 +200,10 @@ class KeyManager { $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $password); + $header = $this->crypt->generateHeader(); if ($encryptedKey) { - $this->setPrivateKey($uid, $encryptedKey); + $this->setPrivateKey($uid, $header . $encryptedKey); return true; } return false; @@ -219,9 +220,10 @@ class KeyManager { $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $password); + $header = $this->crypt->generateHeader(); if ($encryptedKey) { - $this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey); + $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey); return true; } return false; diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index 5c2ca67a2b4..5c1e91866a0 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -129,6 +129,7 @@ class Recovery { * * @param string $newPassword * @param string $oldPassword + * @return bool */ public function changeRecoveryKeyPassword($newPassword, $oldPassword) { $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); |