From 2e3bfdb12c5789e1e384777a7906c2c6a6ecef56 Mon Sep 17 00:00:00 2001 From: Florin Peter Date: Fri, 31 May 2013 13:58:58 +0200 Subject: [PATCH] check if the decrypted private key is valid on login and on read/write files --- apps/files_encryption/hooks/hooks.php | 17 ++++++++++++++++- apps/files_encryption/lib/stream.php | 21 +++++++++++++++------ 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index eb9a2600d7..639d576915 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -57,6 +57,21 @@ class Hooks { $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']); + // check if this a valid private key + $res = openssl_pkey_get_private($privateKey); + if(is_resource($res)) { + $sslInfo = openssl_pkey_get_details($res); + if(!isset($sslInfo['key'])) { + $privateKey = null; + } + } else { + $privateKey = null; + } + + if($privateKey === null) { + \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); + } + $session = new \OCA\Encryption\Session($view); $session->setPrivateKey($privateKey, $params['uid']); @@ -143,7 +158,7 @@ class Hooks { public static function setPassphrase($params) { // Only attempt to change passphrase if server-side encryption - // is in use (client-side encryption does not have access to + // is in use (client-side encryption does not have access to // the necessary keys) if (Crypt::mode() === 'server') { diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 072c528664..56322c100b 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -118,7 +118,7 @@ class Stream { if (!is_resource($this->handle)) { - \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); + \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); } else { @@ -156,7 +156,7 @@ class Stream { // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); + \OCP\Util::writeLog('Encryption library', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); die(); @@ -165,7 +165,7 @@ class Stream { // Get the data from the file handle $data = fread($this->handle, 8192); - $result = ''; + $result = null; if (strlen($data)) { @@ -175,10 +175,11 @@ class Stream { throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream'); - } + } else { - // Decrypt data - $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey); + // Decrypt data + $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey); + } } @@ -232,6 +233,14 @@ class Stream { $privateKey = $session->getPrivateKey($this->userId); + // if there is no valid private key return false + if($privateKey === false) { + + \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $this->userId . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); + + return false; + } + $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey);