mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check if the decrypted private key is valid on login and on read/write files

This commit is contained in:
Florin Peter 2013-05-31 13:58:58 +02:00
parent d636e168a6
commit 2e3bfdb12c
2 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/files_encryption/hooks/hooks.php
View File

@ -57,6 +57,21 @@ class Hooks {
$privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']);
// check if this a valid private key
$res = openssl_pkey_get_private($privateKey);
if(is_resource($res)) {
$sslInfo = openssl_pkey_get_details($res);
if(!isset($sslInfo['key'])) {
$privateKey = null;
}
} else {
$privateKey = null;
}
if($privateKey === null) {
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
}
$session = new \OCA\Encryption\Session($view);
$session->setPrivateKey($privateKey, $params['uid']);
@ -143,7 +158,7 @@ class Hooks {
public static function setPassphrase($params) {
// Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to
// is in use (client-side encryption does not have access to
// the necessary keys)
if (Crypt::mode() === 'server') {

21
apps/files_encryption/lib/stream.php
View File

@ -118,7 +118,7 @@ class Stream {
if (!is_resource($this->handle)) {
\OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
@ -156,7 +156,7 @@ class Stream {
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
\OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
\OCP\Util::writeLog('Encryption library', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
die();
@ -165,7 +165,7 @@ class Stream {
// Get the data from the file handle
$data = fread($this->handle, 8192);
$result = '';
$result = null;
if (strlen($data)) {
@ -175,10 +175,11 @@ class Stream {
throw new \Exception(
'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream');
}
} else {
// Decrypt data
$result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
// Decrypt data
$result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
}
}
@ -232,6 +233,14 @@ class Stream {
$privateKey = $session->getPrivateKey($this->userId);
// if there is no valid private key return false
if($privateKey === false) {
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $this->userId . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
return false;
}
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
$this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey);