Commit Graph

233 Commits

Author SHA1 Message Date
Bjoern Schiessle 377d7fb8a8 don't decrease ->version for part files but only a local variable, otherwise it can happen that we decrease it twice and end up with the wrong value 2016-02-09 23:43:27 +01:00
Bjoern Schiessle 966eb4b084 realPath should contain the path to the file we want to read, e.g. the version and not the original file 2016-02-09 23:43:27 +01:00
Lukas Reschke 5ccb9dfa7e Use database for keeping track of the version 2016-02-09 23:43:27 +01:00
Lukas Reschke 3badf5caf5 Use number of chunk for HMAC as well
Prevents switching single blocks within the encrypted file.
2016-02-09 23:43:26 +01:00
Lukas Reschke b5824f024a Keep track of file version
This way it is not possible anymore for an external storage admin to put up old versions of the file.
2016-02-09 23:43:26 +01:00
Lukas Reschke d5c1596887 Clarify documentation 2016-02-09 23:43:26 +01:00
Lukas Reschke 3b62459c41 Use hash with appended "a" of the original password for the authentication 2016-02-09 23:43:26 +01:00
Björn Schießle 9bb97c714b fixing unit tests 2016-02-09 23:43:26 +01:00
Lukas Reschke b9ff16498b Use random_bytes instead OpenSSL 2016-02-09 23:43:26 +01:00
Björn Schießle 61dd191253 meta data are at the end of the file 2016-02-09 23:43:25 +01:00
Björn Schießle e7ff84df5c always use default cipher for write operations, no matter how the file was encrypted before 2016-02-09 23:43:25 +01:00
Björn Schießle cf3a8f274f make it backward compatible to work with signed and un-signed files 2016-02-09 23:43:25 +01:00
Björn Schießle 40a5ba72fc sign all encrypted blocks and check signature on decrypt 2016-02-09 23:43:25 +01:00
Lukas Reschke db8f267647 Add note about the addPadding function 2016-02-09 23:43:25 +01:00
Lukas Reschke 59ebad0b53 Use an actual 16 byte long IV
The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
2016-02-09 23:43:24 +01:00
Lukas Reschke d25b8dacb3 Use AES-256-CTR as default
CTR is recommended over CFB mode.
2016-02-09 23:43:24 +01:00
Thomas Müller e0aa6e01ab Merge pull request #21612 from owncloud/fix_21598
fix public link sharing if the master key is enabled
2016-01-13 10:34:48 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Roeland Jago Douma 876fb83ddc getMediumStrengthGenerator is deprecated and does not do anything anymore 2016-01-11 20:06:30 +01:00
Björn Schießle 46f6c289ca only use master key ID if a user is logged in. Otherwise keep the public link share key 2016-01-11 13:09:06 +01:00
Lukas Reschke 0654d37da8 Remove undefined variable 2016-01-07 21:30:44 +01:00
Lukas Reschke 00a01a8de2 Fix PHPDoc + Add handling for error cases
Makes static code analyzers happier.
2016-01-07 21:30:44 +01:00
Lukas Reschke f3360d51c6 Use PHP polyfills 2015-12-11 08:47:36 +01:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Scrutinizer Auto-Fixer be4c3a8b56 Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-11-27 15:32:44 +00:00
Robin Appelman b025f07fb7 Make Cache\Updater per storage 2015-11-25 14:16:00 +01:00
Phil Davis 46261b5ff1 Correct the description of function setEncryptHomeStorage 2015-11-03 22:47:55 +05:45
Bjoern Schiessle 5fad45b230 make encryption configurable for home storage 2015-10-27 14:24:20 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Joas Schilling e0a56317fa Fix "Call to a member function getUID() on boolean" in Crypt 2015-10-22 11:46:37 +02:00
Morris Jobke b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Bjoern Schiessle bf82015254 add some output to explain the pre-conditions for decrypt-all 2015-10-05 12:41:05 +02:00
Bjoern Schiessle 90f1e3dc94 no need to list users if all users already had a key-pair 2015-09-24 12:47:46 +02:00
Bjoern Schiessle daf5d1ff2e fix small typo 2015-09-21 16:48:15 +02:00
Bjoern Schiessle 9bd4f2d41e occ script to disable encryption and to decrypt all files again 2015-09-15 22:39:44 +02:00
Lukas Reschke 7953cc9494 Function does return void
This function does return void and not a bool.
2015-09-15 14:02:10 +02:00
Bjoern Schiessle acfc7d7c4d enable usage of a master key 2015-09-07 16:08:41 +02:00
Bjoern Schiessle 166e57cf61 return false if private key is not valid 2015-08-30 15:31:19 +02:00
Björn Schießle 6e210d960c Merge pull request #18423 from owncloud/occ_encrypt_all
occ command line tool to encrypt all files
2015-08-28 20:44:55 +02:00
Bjoern Schiessle 8c08dd0ac2 occ tool to encrypt all files 2015-08-26 14:58:22 +02:00
Lukas Reschke cca35f0c3e Merge pull request #18121 from owncloud/enc_improve_privkey_encryption
use password hash to encrypt private key
2015-08-24 12:03:27 +02:00
Joas Schilling e6eb74958f Remove unnecessary DB prefixes from existing query builder usages 2015-08-10 16:21:41 +02:00
Bjoern Schiessle 854fd63ea9 use uid as additional information for salt 2015-08-07 15:51:43 +02:00
Bjoern Schiessle 62bc0e5264 use password hash instead of the plain password to encrypt the private key 2015-08-07 15:21:08 +02:00
Bjoern Schiessle 2f4bebb045 only update database on the first run (first run = we have a version number from the old encryption app) 2015-07-31 10:47:02 +02:00
Joas Schilling f77e5f411d Fix existing usages by removing the quotes 2015-07-21 15:25:47 +02:00
Joas Schilling de348180ae Use the public interface and our method instead of the doctrine thing 2015-07-21 15:25:47 +02:00
Bjoern Schiessle 570dd17d4f fix mount point detection 2015-07-20 16:00:33 +02:00
Bjoern Schiessle 3000f0125f don't move keys if the key where already moved in a previous migration run 2015-07-17 15:19:10 +02:00
Thomas Müller d6f02eb703 Merge pull request #17500 from owncloud/encryption_migration_improvements
Only clean up if migration finished succesfully
2015-07-16 14:03:21 +02:00
Bjoern Schiessle 1e284b15ff only create new key pair if both keys are missing 2015-07-08 19:08:41 +02:00
Bjoern Schiessle 85c3b9d5cf only cleanUp the remaining keys if the migration really finished succesfully 2015-07-08 18:23:18 +02:00
Bjoern Schiessle 876d7c160d more secure way to update the database 2015-07-08 13:26:53 +02:00
Morris Jobke f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Bjoern Schiessle ed3dc199ae remove files_encryption from database at the end of the migration process 2015-06-19 14:15:56 +02:00
Bjoern Schiessle d743d6d356 add hint to exception 2015-06-08 21:16:23 +02:00
Bjoern Schiessle 68db3059ee detect migration status 2015-05-27 21:00:02 +02:00
Bjoern Schiessle 5549641f1f improve error messages displayed to the user 2015-05-27 21:00:02 +02:00
Thomas Müller d90b83725f Merge pull request #16085 from owncloud/encryption-module-rename
rename to 'Default encryption module'
2015-05-19 11:13:33 +02:00
Joas Schilling 30d165ebf2 Add missing import for the exception 2015-05-18 15:45:47 +02:00
Bjoern Schiessle 7676166254 add l10n to constructor 2015-05-18 15:43:53 +02:00
Vincent Petry 86cf8e1f68 Merge pull request #16404 from owncloud/enc_encrypt_files_in_trash
also encrypt files in trash bin
2015-05-18 14:59:34 +02:00
Bjoern Schiessle 7d492fefae also encrypt files in trash bin 2015-05-18 12:51:47 +02:00
Bjoern Schiessle 887be709f5 a new approach to display the error message 2015-05-18 10:15:17 +02:00
Bjoern Schiessle ccbefb6e75 delete all file keys doesn't need the encryption module as parameter; implement rmdir; getFileKeyDir should also work for part files and complete directories 2015-05-13 19:06:23 +02:00
Jan-Christoph Borchardt 35292eb66c rename to 'Default encryption module' 2015-05-06 15:31:05 +02:00
Björn Schießle 2ce01ee0bf Merge pull request #15938 from owncloud/enc_update_recovery_share_key
[encryption] check recovery key setting for the correct user
2015-05-05 10:48:09 +02:00
Joas Schilling 4a6808a0f4 Simplify the test 2015-04-30 12:04:02 +02:00
Bjoern Schiessle 4ef9df8750 skip user if we don't have a public key 2015-04-30 12:04:02 +02:00
Bjoern Schiessle 70a44621be check recovery setting for the right user 2015-04-30 11:38:53 +02:00
Clark Tomlinson 4209757d61 Merge pull request #15919 from owncloud/enc_handle_empty_files
Encryption improve handling of empty and unencrypted files
2015-04-29 19:32:02 -04:00
Lukas Reschke 3e06fd9342 Merge pull request #15706 from owncloud/fix-15705-master
move creation of shared key to the login handler
2015-04-29 09:36:34 +02:00
Bjoern Schiessle 29bcfb2fdb method shouldn't be static 2015-04-28 20:21:53 +02:00
Bjoern Schiessle d5cbb66b66 also create encryption keys for empty files 2015-04-28 20:21:53 +02:00
Bjoern Schiessle df428b76ac skip update of encryption keys if file is not encrypted 2015-04-28 20:21:53 +02:00
Bjoern Schiessle 27683f9442 fall back to the ownCloud default encryption module and aes128 if we read a encrypted file without a header 2015-04-27 13:01:18 +02:00
Thomas Müller c6e243928c move creation of shared key to the login handler - fixes #15705 2015-04-17 17:51:18 +02:00
Bjoern Schiessle 7d4b1b52d0 always create a new instance of the encryption module 2015-04-17 10:31:33 +02:00
Clark Tomlinson ac133e9faa Merge pull request #15675 from owncloud/enc_error_messages
[encryption] display warning if password changed or if the keys are not initialized
2015-04-16 09:45:09 -04:00
Clark Tomlinson 1174ad0681 Merge pull request #15445 from owncloud/enc2_migration
add migration script from old encryption to new one
2015-04-16 09:34:47 -04:00
Bjoern Schiessle e93f262eac display warning if password changed or if the keys are not initialized 2015-04-16 14:30:19 +02:00
Bjoern Schiessle 959665003b decrypt private key for public shares correctly 2015-04-16 14:15:04 +02:00
Bjoern Schiessle e3d77c4b01 add migration script from old encryption to new one 2015-04-16 14:15:04 +02:00
Thomas Müller fc4127dd62 add $encryptionModuleId to methods of Keys/IStorage 2015-04-22 11:53:05 +02:00
Bjoern Schiessle 389a101de6 make sure that encrypted private keys always have a header 2015-04-15 19:52:48 +02:00
Thomas Müller cbe30f740e remove calculateUnencryptedSize() - not needed 2015-04-14 13:08:59 +02:00
Thomas Müller f816acde27 fix reading of private key 2015-04-14 12:23:25 +02:00
Bjoern Schiessle d1fa3c6b32 add unit test for crypt.php 2015-04-10 15:12:57 +02:00
Lukas Reschke ec69f2838c Fix typos and some other adjustments 2015-04-09 14:09:09 +02:00
Lukas Reschke 4ca6419475 Fix PHPDoc 2015-04-09 10:54:53 +02:00
Bjoern Schiessle 4ce5669419 read cipher from key header and always write a key header if a new private key is stored 2015-04-08 14:26:00 +02:00
Bjoern Schiessle 215a9bcbc3 fix function call 2015-04-08 09:32:55 +02:00
Thomas Müller a4483243ac fixing license headers - encryption code related 2015-04-07 17:02:49 +02:00
Thomas Müller 111fbabfb4 PHPDoc cleanup - clean code \o/ 2015-04-07 13:30:31 +02:00
Bjoern Schiessle e8fa3a2370 fix versions download and previews 2015-04-07 13:30:31 +02:00
Thomas Müller 4c899238e9 fixing unit test execution 2015-04-07 13:30:30 +02:00
Bjoern Schiessle 2511c32e61 add more descriptive message to the exception, will be displayed to the user 2015-04-07 13:30:30 +02:00
Thomas Müller 664b2bb7af cleaning up exception mess 2015-04-07 13:30:30 +02:00
Thomas Müller feb9a6e216 Set human readable module ids 2015-04-07 13:30:30 +02:00
Thomas Müller 43c0af2580 Fix shouldEncrypt and don't throw exception id fileKey not present - can happen 2015-04-07 13:30:30 +02:00
Bjoern Schiessle a057108c0c make recovery key work 2015-04-07 13:30:30 +02:00
Thomas Müller cac83642f2 Finally fixing encryption with public share 2015-04-07 13:30:30 +02:00
Thomas Müller d203296e35 only encrypt files and files_versions 2015-04-07 13:30:30 +02:00
Thomas Müller 035646c0f6 fix exception handling 2015-04-07 13:30:30 +02:00
Bjoern Schiessle d90663704c fix hook registration 2015-04-07 13:30:29 +02:00
Clark Tomlinson 505e0eaf61 remove useless setup base class 2015-04-07 13:30:29 +02:00
Clark Tomlinson 1fb29ec546 adding hook manager test 2015-04-07 13:30:29 +02:00
Bjoern Schiessle 4efbcb0280 cleanup keymanager test and add some additional tests 2015-04-07 13:30:29 +02:00
Bjoern Schiessle dac94679c6 delete recovery keys on disable 2015-04-07 13:30:29 +02:00
Clark Tomlinson ea6b53042d fixing test helper and undoing fubar in class... 2015-04-07 13:30:29 +02:00
Clark Tomlinson 48e3864c77 💯% coverage for session class 2015-04-07 13:30:29 +02:00
Bjoern Schiessle 1358d07d35 let user enable recovery key 2015-04-07 13:30:29 +02:00
Bjoern Schiessle e4895bda01 add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files 2015-04-07 13:30:29 +02:00
Bjoern Schiessle 4b4aeaa5b2 fix set recovery key and implement change password 2015-04-07 13:30:29 +02:00
Bjoern Schiessle 4843e5ce30 use password change logic to userhooks to avoid recursions 2015-04-07 13:30:28 +02:00
Bjoern Schiessle 0f28d538a0 add session class to handle all session operations 2015-04-07 13:30:28 +02:00
Clark Tomlinson e6dc6944c2 moving methods to their final places
and updating test some.
2015-04-07 13:30:28 +02:00
Thomas Müller 1b42b492dc kill OC_FileProxy 💥 2015-04-07 13:30:28 +02:00
Thomas Müller dbdd754c3f Further cleanup of files_encryption 2015-04-07 13:30:28 +02:00
Bjoern Schiessle a85e2e0bfd make recovery settings work 2015-04-07 13:30:28 +02:00
Bjoern Schiessle 2331298380 fix parameter declaration and class initialisation 2015-04-07 13:30:28 +02:00
Thomas Müller 48fc3f3afe fix unit test execution, variable naming and kill no longer used $cacheFactory 2015-04-07 13:30:28 +02:00
Bjoern Schiessle c64e0af4fb check if recovery key exists and encrypt the file with the recovery key if needed 2015-04-07 13:30:28 +02:00
Bjoern Schiessle 24c6604388 add public link share key to file if it was shared as public link 2015-04-07 13:30:28 +02:00
Bjoern Schiessle 37e8268447 make sharing and unsharing work 2015-04-07 13:30:27 +02:00
Clark Tomlinson d15c2e52b0 cleanup and removing cachefactory 2015-04-07 13:30:27 +02:00
Bjoern Schiessle 2e00acda07 read encrypted files 2015-04-07 13:30:27 +02:00
Bjoern Schiessle 6c9251d9f8 make sure that all file keys are written to the key storage 2015-04-07 13:30:27 +02:00
Bjoern Schiessle 198b73fe32 write encrypted file to disc 2015-04-07 13:30:27 +02:00
Bjoern Schiessle c00e728e5f encryption app: remove legacy code, we do only server-side encryption 2015-04-07 13:30:27 +02:00
Thomas Müller ecb3834554 fixing obvious bugs while testing 2015-04-07 13:30:27 +02:00
Clark Tomlinson 0c2f9ca849 Updating keystorage movement and fixing hooks 2015-04-07 13:30:27 +02:00
Clark Tomlinson 39733c8da1 Initial commit 2015-04-07 13:30:27 +02:00