read cipher from key header and always write a key header if a new private key is stored

This commit is contained in:
Bjoern Schiessle 2015-04-08 14:19:11 +02:00
parent dfc0a26e57
commit 4ce5669419
3 changed files with 29 additions and 9 deletions

View File

@ -37,6 +37,8 @@ use OCP\IUserSession;
class Crypt {
const DEFAULT_CIPHER = 'AES-256-CFB';
// default cipher from old ownCloud versions
const LEGACY_CIPHER = 'AES-128-CFB';
const HEADER_START = 'HBEGIN';
const HEADER_END = 'HEND';
@ -148,6 +150,16 @@ class Crypt {
return $padded;
}
/**
* generate header for encrypted file
*/
public function generateHeader() {
$cipher = $this->getCipher();
$header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END;
return $header;
}
/**
* @param string $plainContent
* @param string $iv
@ -205,23 +217,28 @@ class Crypt {
}
/**
* @param string $recoveryKey
* @param string $privateKey
* @param string $password
* @return bool|string
*/
public function decryptPrivateKey($recoveryKey, $password) {
public function decryptPrivateKey($privateKey, $password) {
$header = $this->parseHeader($recoveryKey);
$cipher = $this->getCipher();
$header = $this->parseHeader($privateKey);
if (isset($header['cipher'])) {
$cipher = $header['cipher'];
} else {
$cipher = self::LEGACY_CIPHER;
}
// If we found a header we need to remove it from the key we want to decrypt
if (!empty($header)) {
$recoveryKey = substr($recoveryKey,
strpos($recoveryKey,
$privateKey = substr($privateKey,
strpos($privateKey,
self::HEADER_END) + strlen(self::HEADER_START));
}
$plainKey = $this->symmetricDecryptFileContent($recoveryKey,
$plainKey = $this->symmetricDecryptFileContent($privateKey,
$password,
$cipher);

View File

@ -200,9 +200,10 @@ class KeyManager {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
$password);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->setPrivateKey($uid, $encryptedKey);
$this->setPrivateKey($uid, $header . $encryptedKey);
return true;
}
return false;
@ -219,9 +220,10 @@ class KeyManager {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
$password);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey);
$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
return true;
}
return false;

View File

@ -129,6 +129,7 @@ class Recovery {
*
* @param string $newPassword
* @param string $oldPassword
* @return bool
*/
public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());