Merge pull request #15472 from owncloud/enc_backward_compatibility

make private key handling backward compatible
This commit is contained in:
Clark Tomlinson 2015-04-08 09:38:27 -04:00
commit fc2711e156
3 changed files with 29 additions and 9 deletions

View File

@ -37,6 +37,8 @@ use OCP\IUserSession;
class Crypt { class Crypt {
const DEFAULT_CIPHER = 'AES-256-CFB'; const DEFAULT_CIPHER = 'AES-256-CFB';
// default cipher from old ownCloud versions
const LEGACY_CIPHER = 'AES-128-CFB';
const HEADER_START = 'HBEGIN'; const HEADER_START = 'HBEGIN';
const HEADER_END = 'HEND'; const HEADER_END = 'HEND';
@ -148,6 +150,16 @@ class Crypt {
return $padded; return $padded;
} }
/**
* generate header for encrypted file
*/
public function generateHeader() {
$cipher = $this->getCipher();
$header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END;
return $header;
}
/** /**
* @param string $plainContent * @param string $plainContent
* @param string $iv * @param string $iv
@ -205,23 +217,28 @@ class Crypt {
} }
/** /**
* @param string $recoveryKey * @param string $privateKey
* @param string $password * @param string $password
* @return bool|string * @return bool|string
*/ */
public function decryptPrivateKey($recoveryKey, $password) { public function decryptPrivateKey($privateKey, $password) {
$header = $this->parseHeader($recoveryKey); $header = $this->parseHeader($privateKey);
$cipher = $this->getCipher();
if (isset($header['cipher'])) {
$cipher = $header['cipher'];
} else {
$cipher = self::LEGACY_CIPHER;
}
// If we found a header we need to remove it from the key we want to decrypt // If we found a header we need to remove it from the key we want to decrypt
if (!empty($header)) { if (!empty($header)) {
$recoveryKey = substr($recoveryKey, $privateKey = substr($privateKey,
strpos($recoveryKey, strpos($privateKey,
self::HEADER_END) + strlen(self::HEADER_START)); self::HEADER_END) + strlen(self::HEADER_START));
} }
$plainKey = $this->symmetricDecryptFileContent($recoveryKey, $plainKey = $this->symmetricDecryptFileContent($privateKey,
$password, $password,
$cipher); $cipher);

View File

@ -200,9 +200,10 @@ class KeyManager {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
$password); $password);
$header = $this->crypt->generateHeader();
if ($encryptedKey) { if ($encryptedKey) {
$this->setPrivateKey($uid, $encryptedKey); $this->setPrivateKey($uid, $header . $encryptedKey);
return true; return true;
} }
return false; return false;
@ -219,9 +220,10 @@ class KeyManager {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
$password); $password);
$header = $this->crypt->generateHeader();
if ($encryptedKey) { if ($encryptedKey) {
$this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey); $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
return true; return true;
} }
return false; return false;

View File

@ -129,6 +129,7 @@ class Recovery {
* *
* @param string $newPassword * @param string $newPassword
* @param string $oldPassword * @param string $oldPassword
* @return bool
*/ */
public function changeRecoveryKeyPassword($newPassword, $oldPassword) { public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());