mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make decrypt all work with the master key

This commit is contained in:
Bjoern Schiessle 2016-02-29 14:50:56 +01:00
parent a38e8b6436
commit 95ea2ccb53
3 changed files with 46 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/encryption/lib/crypto/decryptall.php
View File

@ -81,8 +81,13 @@ class DecryptAll {
public function prepare(InputInterface $input, OutputInterface $output, $user) { public function prepare(InputInterface $input, OutputInterface $output, $user) {
$question = new Question('Please enter the recovery key password: '); $question = new Question('Please enter the recovery key password: ');
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if($this->util->isMasterKeyEnabled()) {
$output->writeln('Use master key to decrypt all files');
$user = $this->keyManager->getMasterKeyId();
$password =$this->keyManager->getMasterKeyPassword();
} else {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if (!empty($user)) { if (!empty($user)) {
$output->writeln('You can only decrypt the users files if you know'); $output->writeln('You can only decrypt the users files if you know');
$output->writeln('the users password or if he activated the recovery key.'); $output->writeln('the users password or if he activated the recovery key.');
@ -110,6 +115,8 @@ class DecryptAll {
$question->setHidden(true); $question->setHidden(true);
$question->setHiddenFallback(false); $question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question); $password = $this->questionHelper->ask($input, $output, $question);
}
$privateKey = $this->getPrivateKey($user, $password); $privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) { if ($privateKey !== false) {
$this->updateSession($user, $privateKey); $this->updateSession($user, $privateKey);
@ -132,9 +139,13 @@ class DecryptAll {
*/ */
protected function getPrivateKey($user, $password) { protected function getPrivateKey($user, $password) {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId(); $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
$masterKeyId = $this->keyManager->getMasterKeyId();
if ($user === $recoveryKeyId) { if ($user === $recoveryKeyId) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId); $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password); $privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
} elseif ($user === $masterKeyId) {
$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
} else { } else {
$userKey = $this->keyManager->getPrivateKey($user); $userKey = $this->keyManager->getPrivateKey($user);
$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user); $privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);

2
apps/encryption/lib/keymanager.php
View File

@ -658,7 +658,7 @@ class KeyManager {
* @return string * @return string
* @throws \Exception * @throws \Exception
*/ */
protected function getMasterKeyPassword() { public function getMasterKeyPassword() {
$password = $this->config->getSystemValue('secret'); $password = $this->config->getSystemValue('secret');
if (empty($password)){ if (empty($password)){
throw new \Exception('Can not get secret from ownCloud instance'); throw new \Exception('Can not get secret from ownCloud instance');

14
apps/encryption/tests/lib/crypto/decryptalltest.php
View File

@ -87,7 +87,7 @@ class DecryptAllTest extends TestCase {
* @param string $user * @param string $user
* @param string $recoveryKeyId * @param string $recoveryKeyId
*/ */
public function testGetPrivateKey($user, $recoveryKeyId) { public function testGetPrivateKey($user, $recoveryKeyId, $masterKeyId) {
$password = 'passwd'; $password = 'passwd';
$recoveryKey = 'recoveryKey'; $recoveryKey = 'recoveryKey';
$userKey = 'userKey'; $userKey = 'userKey';
@ -102,6 +102,13 @@ class DecryptAllTest extends TestCase {
$this->keyManager->expects($this->never())->method('getPrivateKey'); $this->keyManager->expects($this->never())->method('getPrivateKey');
$this->crypt->expects($this->once())->method('decryptPrivateKey') $this->crypt->expects($this->once())->method('decryptPrivateKey')
->with($recoveryKey, $password)->willReturn($unencryptedKey); ->with($recoveryKey, $password)->willReturn($unencryptedKey);
} elseif ($user === $masterKeyId) {
$this->keyManager->expects($this->once())->method('getSystemPrivateKey')
->with($masterKeyId)->willReturn($masterKey);
$this->keyManager->expects($this->never())->method('getPrivateKey');
$this->crypt->expects($this->once())->method('decryptPrivateKey')
->with($masterKey, $password, $masterKeyId)->willReturn($unencryptedKey);
} else { } else {
$this->keyManager->expects($this->never())->method('getSystemPrivateKey'); $this->keyManager->expects($this->never())->method('getSystemPrivateKey');
$this->keyManager->expects($this->once())->method('getPrivateKey') $this->keyManager->expects($this->once())->method('getPrivateKey')
@ -117,8 +124,9 @@ class DecryptAllTest extends TestCase {
public function dataTestGetPrivateKey() { public function dataTestGetPrivateKey() {
return [ return [
['user1', 'recoveryKey'], ['user1', 'recoveryKey', 'masterKeyId'],
['recoveryKeyId', 'recoveryKeyId'] ['recoveryKeyId', 'recoveryKeyId', 'masterKeyId'],
['masterKeyId', 'masterKeyId', 'masterKeyId']
]; ];
} }