From 43c081bdc9cf9cabfa29d39babb6fa6454331ebb Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 27 Feb 2017 14:58:12 +0100 Subject: Fix public link for master key In public link mode there is no session, so the code should use the public key instead. --- apps/encryption/lib/KeyManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index caae154b2d3..a6708df9a1c 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -405,7 +405,7 @@ class KeyManager { return ''; } - if ($this->util->isMasterKeyEnabled()) { + if (!is_null($uid) && $this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); } -- cgit v1.2.3 From 305718370a0a202dbb1848683876ff236ec9f441 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 27 Feb 2017 16:19:48 +0100 Subject: Add tests for null user --- apps/encryption/tests/KeyManagerTest.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/encryption/tests/KeyManagerTest.php b/apps/encryption/tests/KeyManagerTest.php index 40def135816..c326f21e506 100644 --- a/apps/encryption/tests/KeyManagerTest.php +++ b/apps/encryption/tests/KeyManagerTest.php @@ -418,7 +418,11 @@ class KeyManagerTest extends TestCase { ['', false, 'privateKey', true], ['', false, false, ''], ['', true, 'privateKey', true], - ['', true, false, ''] + ['', true, false, ''], + [null, false, 'privateKey', true], + [null, false, false, ''], + [null, true, 'privateKey', true], + [null, true, false, ''] ]; } -- cgit v1.2.3 From 6b9ef15803d16de4f227f4176056c030bbed9ebf Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 2 Mar 2017 16:11:01 +0100 Subject: Use master key for public links as well --- apps/encryption/lib/KeyManager.php | 19 ++++++++++++---- apps/encryption/tests/KeyManagerTest.php | 39 ++++++++++++++++---------------- 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index a6708df9a1c..32872ae99b3 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -399,17 +399,28 @@ class KeyManager { * @return string */ public function getFileKey($path, $uid) { + if ($uid === '') { + $uid = null; + } + $publicAccess = is_null($uid); $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID); if (empty($encryptedFileKey)) { return ''; } - if (!is_null($uid) && $this->util->isMasterKeyEnabled()) { + if ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); - } - - if (is_null($uid)) { + $shareKey = $this->getShareKey($path, $uid); + if ($publicAccess) { + $privateKey = $this->getSystemPrivateKey($uid); + $privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid); + } else { + // when logged in, the master key is already decrypted in the session + $privateKey = $this->session->getPrivateKey(); + } + } else if ($publicAccess) { + // use public share key for public links $uid = $this->getPublicShareKeyId(); $shareKey = $this->getShareKey($path, $uid); $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID); diff --git a/apps/encryption/tests/KeyManagerTest.php b/apps/encryption/tests/KeyManagerTest.php index c326f21e506..a8441427a2c 100644 --- a/apps/encryption/tests/KeyManagerTest.php +++ b/apps/encryption/tests/KeyManagerTest.php @@ -349,6 +349,19 @@ class KeyManagerTest extends TestCase { $this->assertTrue($this->instance->getEncryptedFileKey('/')); } + public function dataTestGetFileKey() { + return [ + ['user1', false, 'privateKey', true], + ['user1', false, false, ''], + ['user1', true, 'privateKey', true], + ['user1', true, false, ''], + [null, false, 'privateKey', true], + [null, false, false, ''], + [null, true, 'privateKey', true], + [null, true, false, ''] + ]; + } + /** * @dataProvider dataTestGetFileKey * @@ -363,6 +376,10 @@ class KeyManagerTest extends TestCase { if ($isMasterKeyEnabled) { $expectedUid = 'masterKeyId'; + $this->configMock->expects($this->any())->method('getSystemValue')->with('secret') + ->willReturn('password'); + } else if (!$uid) { + $expectedUid = 'systemKeyId'; } else { $expectedUid = $uid; } @@ -379,6 +396,9 @@ class KeyManagerTest extends TestCase { ->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE') ->willReturn(true); + $this->utilMock->expects($this->any())->method('isMasterKeyEnabled') + ->willReturn($isMasterKeyEnabled); + if (is_null($uid)) { $this->keyStorageMock->expects($this->once()) ->method('getSystemUserKey') @@ -389,8 +409,6 @@ class KeyManagerTest extends TestCase { } else { $this->keyStorageMock->expects($this->never()) ->method('getSystemUserKey'); - $this->utilMock->expects($this->once())->method('isMasterKeyEnabled') - ->willReturn($isMasterKeyEnabled); $this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey); } @@ -409,23 +427,6 @@ class KeyManagerTest extends TestCase { } - public function dataTestGetFileKey() { - return [ - ['user1', false, 'privateKey', true], - ['user1', false, false, ''], - ['user1', true, 'privateKey', true], - ['user1', true, false, ''], - ['', false, 'privateKey', true], - ['', false, false, ''], - ['', true, 'privateKey', true], - ['', true, false, ''], - [null, false, 'privateKey', true], - [null, false, false, ''], - [null, true, 'privateKey', true], - [null, true, false, ''] - ]; - } - public function testDeletePrivateKey() { $this->keyStorageMock->expects($this->once()) ->method('deleteUserKey') -- cgit v1.2.3