Improved support for detecting and recrypting legacy files. Bugs remain.
This commit is contained in:
parent
c6b3bdd5a0
commit
06847f609b
|
@ -70,7 +70,7 @@ class Hooks {
|
|||
$view1->file_exists( 'encryption.key' )
|
||||
&& $encLegacyKey = $view1->file_get_contents( 'encryption.key' )
|
||||
) {
|
||||
|
||||
|
||||
$plainLegacyKey = Crypt::legacyDecrypt( $encLegacyKey, $params['password'] );
|
||||
|
||||
$session->setLegacyKey( $plainLegacyKey );
|
||||
|
@ -87,7 +87,7 @@ class Hooks {
|
|||
) {
|
||||
|
||||
\OC_Log::write(
|
||||
'Encryption library', 'Encryption of file belonging to "' . $params['uid'] . '" was started at login'
|
||||
'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" started at login'
|
||||
, \OC_Log::INFO
|
||||
);
|
||||
|
||||
|
|
|
@ -184,19 +184,18 @@ class Crypt {
|
|||
* @brief Check if a file is encrypted via legacy system
|
||||
* @return true / false
|
||||
*/
|
||||
public static function isLegacyEncryptedContent( $content ) {
|
||||
public static function isLegacyEncryptedContent( $data, $path ) {
|
||||
|
||||
// Fetch all file metadata from DB
|
||||
$metadata = \OC\Files\Filesystem::getFileInfo( $content, '' );
|
||||
|
||||
$metadata = \OC\Files\Filesystem::getFileInfo( $path, '' );
|
||||
|
||||
// If a file is flagged with encryption in DB, but isn't a
|
||||
// valid content + IV combination, it's probably using the
|
||||
// legacy encryption system
|
||||
if (
|
||||
$content
|
||||
and isset( $metadata['encrypted'] )
|
||||
and $metadata['encrypted'] === true
|
||||
and ! self::isCatfile( $content )
|
||||
isset( $metadata['encrypted'] )
|
||||
and $metadata['encrypted'] === true
|
||||
and ! self::isCatfile( $data )
|
||||
) {
|
||||
|
||||
return true;
|
||||
|
|
|
@ -70,7 +70,7 @@ class Session {
|
|||
*/
|
||||
public function setLegacyKey( $legacyKey ) {
|
||||
|
||||
$_SESSION['legacyKey'] = $LegacyKey;
|
||||
$_SESSION['legacyKey'] = $legacyKey;
|
||||
|
||||
return true;
|
||||
|
||||
|
|
|
@ -37,8 +37,9 @@ namespace OCA\Encryption;
|
|||
|
||||
/**
|
||||
* @brief Class for utilities relating to encrypted file storage system
|
||||
* @param $view OC_FilesystemView object, expected to have OC '/' as root path
|
||||
* @param $client flag indicating status of client side encryption. Currently
|
||||
* @param OC_FilesystemView $view expected to have OC '/' as root path
|
||||
* @param string $userId ID of the logged in user
|
||||
* @param int $client indicating status of client side encryption. Currently
|
||||
* unused, likely to become obsolete shortly
|
||||
*/
|
||||
|
||||
|
@ -262,17 +263,25 @@ class Util {
|
|||
} elseif ( $this->view->is_file( $filePath ) ) {
|
||||
|
||||
// Disable proxies again, some-
|
||||
// how they get re-enabled :/
|
||||
// where they got re-enabled :/
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$data = $this->view->file_get_contents( $filePath );
|
||||
|
||||
// If the file is encrypted
|
||||
if ( Keymanager::getFileKey( $this->view, $this->userId, $file ) ) {
|
||||
// NOTE: If the userId is
|
||||
// empty or not set, file will
|
||||
// detected as plain
|
||||
if (
|
||||
Keymanager::getFileKey( $this->view, $this->userId, $file )
|
||||
&& Crypt::isCatfile( $filePath )
|
||||
) {
|
||||
|
||||
$found['encrypted'][] = array( 'name' => $file, 'path' => $filePath );
|
||||
|
||||
// If the file uses old
|
||||
// encryption system
|
||||
} elseif ( Crypt::isLegacyEncryptedContent( $this->view->file_get_contents( $filePath ) ) ) {
|
||||
} elseif ( Crypt::isLegacyEncryptedContent( $this->view->file_get_contents( $filePath ), $filePath ) ) {
|
||||
|
||||
$found['legacy'][] = array( 'name' => $file, 'path' => $filePath );
|
||||
|
||||
|
@ -355,11 +364,16 @@ class Util {
|
|||
$sliced = array_slice( $split, 2 );
|
||||
$relPath = implode( '/', $sliced );
|
||||
|
||||
// Save catfile
|
||||
// Save keyfile
|
||||
Keymanager::setFileKey( $this->view, $relPath, $this->userId, $encrypted['key'] );
|
||||
|
||||
// Overwrite the existing file with the encrypted one
|
||||
$this->view->file_put_contents( $plainFile['path'], $encrypted['data'] );
|
||||
|
||||
$size = strlen( $encrypted['data'] );
|
||||
|
||||
// Add the file to the cache
|
||||
\OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' );
|
||||
|
||||
}
|
||||
|
||||
|
@ -370,6 +384,8 @@ class Util {
|
|||
&& ! empty( $newPassphrase )
|
||||
) {
|
||||
|
||||
trigger_error("LEGACY FOUND");
|
||||
|
||||
foreach ( $found['legacy'] as $legacyFilePath ) {
|
||||
|
||||
// Fetch data from file
|
||||
|
@ -378,11 +394,16 @@ class Util {
|
|||
// Recrypt data, generate catfile
|
||||
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase );
|
||||
|
||||
// Save catfile
|
||||
// Save keyfile
|
||||
Keymanager::setFileKey( $this->view, $plainFile['path'], $this->userId, $recrypted['key'] );
|
||||
|
||||
// Overwrite the existing file with the encrypted one
|
||||
$this->view->file_put_contents( $plainFile['path'], $recrypted['data'] );
|
||||
|
||||
$size = strlen( $recrypted['data'] );
|
||||
|
||||
// Add the file to the cache
|
||||
\OC\Files\Filesystem::putFileInfo( $plainFile['path'], array( 'encrypted'=>true, 'size' => $size ), '' );
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue