diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-06-04 17:20:20 +0200 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-06-11 08:35:06 +0000 |
| commit | ba59cc39a5438f9486e7e12ff3b6d5c35bad06f3 (patch) | |
| tree | 40e703d75f2d278f13ec5ac8f27f493c2edba423 /apps | |
| parent | 3024d71f1b2a0e63fbd7a2a91db6fcbbfa1e39dd (diff) | |
| download | nextcloud-server-ba59cc39a5438f9486e7e12ff3b6d5c35bad06f3.tar.gz nextcloud-server-ba59cc39a5438f9486e7e12ff3b6d5c35bad06f3.zip | |
fix: Autodetect legacy filekey instead of trusting the header for legacy header
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/encryption/lib/Crypto/Encryption.php | 20 | ||||
| -rw-r--r-- | apps/encryption/lib/KeyManager.php | 11 |
2 files changed, 9 insertions, 22 deletions
diff --git a/apps/encryption/lib/Crypto/Encryption.php b/apps/encryption/lib/Crypto/Encryption.php index 899d0f4315d..1339420471e 100644 --- a/apps/encryption/lib/Crypto/Encryption.php +++ b/apps/encryption/lib/Crypto/Encryption.php @@ -108,8 +108,6 @@ class Encryption implements IEncryptionModule { /** @var int Current version of the file */ private $version = 0; - private bool $useLegacyFileKey = true; - /** @var array remember encryption signature version */ private static $rememberVersion = []; @@ -184,7 +182,6 @@ class Encryption implements IEncryptionModule { $this->writeCache = ''; $this->useLegacyBase64Encoding = true; - $this->useLegacyFileKey = ($header['useLegacyFileKey'] ?? 'true') !== 'false'; if (isset($header['encoding'])) { $this->useLegacyBase64Encoding = $header['encoding'] !== Crypt::BINARY_ENCODING_FORMAT; @@ -198,19 +195,10 @@ class Encryption implements IEncryptionModule { } } - if ($this->session->decryptAllModeActivated()) { - $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid()); - if ($this->useLegacyFileKey) { - $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path); - $this->fileKey = $this->crypt->multiKeyDecryptLegacy($encryptedFileKey, - $shareKey, - $this->session->getDecryptAllKey()); - } else { - $this->fileKey = $this->crypt->multiKeyDecrypt($shareKey, $this->session->getDecryptAllKey()); - } - } else { - $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user, $this->useLegacyFileKey); - } + /* If useLegacyFileKey is not specified in header, auto-detect, to be safe */ + $useLegacyFileKey = (($header['useLegacyFileKey'] ?? '') == 'false' ? false : null); + + $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user, $useLegacyFileKey, $this->session->decryptAllModeActivated()); // always use the version from the original file, also part files // need to have a correct version number if they get moved over to the diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index f0005b45761..81aa3e9a588 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -438,12 +438,9 @@ class KeyManager { } /** - * @param string $path - * @param $uid * @param ?bool $useLegacyFileKey null means try both - * @return string */ - public function getFileKey(string $path, ?string $uid, ?bool $useLegacyFileKey): string { + public function getFileKey(string $path, ?string $uid, ?bool $useLegacyFileKey, bool $useDecryptAll): string { if ($uid === '') { $uid = null; } @@ -456,8 +453,10 @@ class KeyManager { return ''; } } - - if ($this->util->isMasterKeyEnabled()) { + if ($useDecryptAll) { + $shareKey = $this->getShareKey($path, $this->session->getDecryptAllUid()); + $privateKey = $this->session->getDecryptAllKey(); + } elseif ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); $shareKey = $this->getShareKey($path, $uid); if ($publicAccess) { |