Bjoern Schiessle
377d7fb8a8
don't decrease ->version for part files but only a local variable, otherwise it can happen that we decrease it twice and end up with the wrong value
2016-02-09 23:43:27 +01:00
Bjoern Schiessle
966eb4b084
realPath should contain the path to the file we want to read, e.g. the version and not the original file
2016-02-09 23:43:27 +01:00
Lukas Reschke
5ccb9dfa7e
Use database for keeping track of the version
2016-02-09 23:43:27 +01:00
Lukas Reschke
3badf5caf5
Use number of chunk for HMAC as well
...
Prevents switching single blocks within the encrypted file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
b5824f024a
Keep track of file version
...
This way it is not possible anymore for an external storage admin to put up old versions of the file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
d5c1596887
Clarify documentation
2016-02-09 23:43:26 +01:00
Lukas Reschke
3b62459c41
Use hash with appended "a" of the original password for the authentication
2016-02-09 23:43:26 +01:00
Björn Schießle
9bb97c714b
fixing unit tests
2016-02-09 23:43:26 +01:00
Lukas Reschke
b9ff16498b
Use random_bytes instead OpenSSL
2016-02-09 23:43:26 +01:00
Björn Schießle
61dd191253
meta data are at the end of the file
2016-02-09 23:43:25 +01:00
Björn Schießle
e7ff84df5c
always use default cipher for write operations, no matter how the file was encrypted before
2016-02-09 23:43:25 +01:00
Björn Schießle
cf3a8f274f
make it backward compatible to work with signed and un-signed files
2016-02-09 23:43:25 +01:00
Björn Schießle
40a5ba72fc
sign all encrypted blocks and check signature on decrypt
2016-02-09 23:43:25 +01:00
Lukas Reschke
db8f267647
Add note about the addPadding function
2016-02-09 23:43:25 +01:00
Lukas Reschke
59ebad0b53
Use an actual 16 byte long IV
...
The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
2016-02-09 23:43:24 +01:00
Lukas Reschke
d25b8dacb3
Use AES-256-CTR as default
...
CTR is recommended over CFB mode.
2016-02-09 23:43:24 +01:00
Thomas Müller
e0aa6e01ab
Merge pull request #21612 from owncloud/fix_21598
...
fix public link sharing if the master key is enabled
2016-01-13 10:34:48 +01:00
Thomas Müller
682821c71e
Happy new year!
2016-01-12 15:02:18 +01:00
Roeland Jago Douma
876fb83ddc
getMediumStrengthGenerator is deprecated and does not do anything anymore
2016-01-11 20:06:30 +01:00
Björn Schießle
46f6c289ca
only use master key ID if a user is logged in. Otherwise keep the public link share key
2016-01-11 13:09:06 +01:00
Lukas Reschke
0654d37da8
Remove undefined variable
2016-01-07 21:30:44 +01:00
Lukas Reschke
00a01a8de2
Fix PHPDoc + Add handling for error cases
...
Makes static code analyzers happier.
2016-01-07 21:30:44 +01:00
Lukas Reschke
f3360d51c6
Use PHP polyfills
2015-12-11 08:47:36 +01:00
Thomas Müller
eebe2b9c23
User IUser::getEMailAddress() all over the place
2015-12-02 21:25:05 +01:00
Scrutinizer Auto-Fixer
be4c3a8b56
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-11-27 15:32:44 +00:00
Robin Appelman
b025f07fb7
Make Cache\Updater per storage
2015-11-25 14:16:00 +01:00
Phil Davis
46261b5ff1
Correct the description of function setEncryptHomeStorage
2015-11-03 22:47:55 +05:45
Bjoern Schiessle
5fad45b230
make encryption configurable for home storage
2015-10-27 14:24:20 +01:00
Lukas Reschke
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
Joas Schilling
e0a56317fa
Fix "Call to a member function getUID() on boolean" in Crypt
2015-10-22 11:46:37 +02:00
Morris Jobke
b945d71384
update licence headers via script
2015-10-05 21:15:52 +02:00
Bjoern Schiessle
bf82015254
add some output to explain the pre-conditions for decrypt-all
2015-10-05 12:41:05 +02:00
Bjoern Schiessle
90f1e3dc94
no need to list users if all users already had a key-pair
2015-09-24 12:47:46 +02:00
Bjoern Schiessle
daf5d1ff2e
fix small typo
2015-09-21 16:48:15 +02:00
Bjoern Schiessle
9bd4f2d41e
occ script to disable encryption and to decrypt all files again
2015-09-15 22:39:44 +02:00
Lukas Reschke
7953cc9494
Function does return void
...
This function does return void and not a bool.
2015-09-15 14:02:10 +02:00
Bjoern Schiessle
acfc7d7c4d
enable usage of a master key
2015-09-07 16:08:41 +02:00
Bjoern Schiessle
166e57cf61
return false if private key is not valid
2015-08-30 15:31:19 +02:00
Björn Schießle
6e210d960c
Merge pull request #18423 from owncloud/occ_encrypt_all
...
occ command line tool to encrypt all files
2015-08-28 20:44:55 +02:00
Bjoern Schiessle
8c08dd0ac2
occ tool to encrypt all files
2015-08-26 14:58:22 +02:00
Lukas Reschke
cca35f0c3e
Merge pull request #18121 from owncloud/enc_improve_privkey_encryption
...
use password hash to encrypt private key
2015-08-24 12:03:27 +02:00
Joas Schilling
e6eb74958f
Remove unnecessary DB prefixes from existing query builder usages
2015-08-10 16:21:41 +02:00
Bjoern Schiessle
854fd63ea9
use uid as additional information for salt
2015-08-07 15:51:43 +02:00
Bjoern Schiessle
62bc0e5264
use password hash instead of the plain password to encrypt the private key
2015-08-07 15:21:08 +02:00
Bjoern Schiessle
2f4bebb045
only update database on the first run (first run = we have a version number from the old encryption app)
2015-07-31 10:47:02 +02:00
Joas Schilling
f77e5f411d
Fix existing usages by removing the quotes
2015-07-21 15:25:47 +02:00
Joas Schilling
de348180ae
Use the public interface and our method instead of the doctrine thing
2015-07-21 15:25:47 +02:00
Bjoern Schiessle
570dd17d4f
fix mount point detection
2015-07-20 16:00:33 +02:00
Bjoern Schiessle
3000f0125f
don't move keys if the key where already moved in a previous migration run
2015-07-17 15:19:10 +02:00
Thomas Müller
d6f02eb703
Merge pull request #17500 from owncloud/encryption_migration_improvements
...
Only clean up if migration finished succesfully
2015-07-16 14:03:21 +02:00
Bjoern Schiessle
1e284b15ff
only create new key pair if both keys are missing
2015-07-08 19:08:41 +02:00
Bjoern Schiessle
85c3b9d5cf
only cleanUp the remaining keys if the migration really finished succesfully
2015-07-08 18:23:18 +02:00
Bjoern Schiessle
876d7c160d
more secure way to update the database
2015-07-08 13:26:53 +02:00
Morris Jobke
f63915d0c8
update license headers and authors
2015-06-25 14:13:49 +02:00
Bjoern Schiessle
ed3dc199ae
remove files_encryption from database at the end of the migration process
2015-06-19 14:15:56 +02:00
Bjoern Schiessle
d743d6d356
add hint to exception
2015-06-08 21:16:23 +02:00
Bjoern Schiessle
68db3059ee
detect migration status
2015-05-27 21:00:02 +02:00
Bjoern Schiessle
5549641f1f
improve error messages displayed to the user
2015-05-27 21:00:02 +02:00
Thomas Müller
d90b83725f
Merge pull request #16085 from owncloud/encryption-module-rename
...
rename to 'Default encryption module'
2015-05-19 11:13:33 +02:00
Joas Schilling
30d165ebf2
Add missing import for the exception
2015-05-18 15:45:47 +02:00
Bjoern Schiessle
7676166254
add l10n to constructor
2015-05-18 15:43:53 +02:00
Vincent Petry
86cf8e1f68
Merge pull request #16404 from owncloud/enc_encrypt_files_in_trash
...
also encrypt files in trash bin
2015-05-18 14:59:34 +02:00
Bjoern Schiessle
7d492fefae
also encrypt files in trash bin
2015-05-18 12:51:47 +02:00
Bjoern Schiessle
887be709f5
a new approach to display the error message
2015-05-18 10:15:17 +02:00
Bjoern Schiessle
ccbefb6e75
delete all file keys doesn't need the encryption module as parameter; implement rmdir; getFileKeyDir should also work for part files and complete directories
2015-05-13 19:06:23 +02:00
Jan-Christoph Borchardt
35292eb66c
rename to 'Default encryption module'
2015-05-06 15:31:05 +02:00
Björn Schießle
2ce01ee0bf
Merge pull request #15938 from owncloud/enc_update_recovery_share_key
...
[encryption] check recovery key setting for the correct user
2015-05-05 10:48:09 +02:00
Joas Schilling
4a6808a0f4
Simplify the test
2015-04-30 12:04:02 +02:00
Bjoern Schiessle
4ef9df8750
skip user if we don't have a public key
2015-04-30 12:04:02 +02:00
Bjoern Schiessle
70a44621be
check recovery setting for the right user
2015-04-30 11:38:53 +02:00
Clark Tomlinson
4209757d61
Merge pull request #15919 from owncloud/enc_handle_empty_files
...
Encryption improve handling of empty and unencrypted files
2015-04-29 19:32:02 -04:00
Lukas Reschke
3e06fd9342
Merge pull request #15706 from owncloud/fix-15705-master
...
move creation of shared key to the login handler
2015-04-29 09:36:34 +02:00
Bjoern Schiessle
29bcfb2fdb
method shouldn't be static
2015-04-28 20:21:53 +02:00
Bjoern Schiessle
d5cbb66b66
also create encryption keys for empty files
2015-04-28 20:21:53 +02:00
Bjoern Schiessle
df428b76ac
skip update of encryption keys if file is not encrypted
2015-04-28 20:21:53 +02:00
Bjoern Schiessle
27683f9442
fall back to the ownCloud default encryption module and aes128 if we read a encrypted file without a header
2015-04-27 13:01:18 +02:00
Thomas Müller
c6e243928c
move creation of shared key to the login handler - fixes #15705
2015-04-17 17:51:18 +02:00
Bjoern Schiessle
7d4b1b52d0
always create a new instance of the encryption module
2015-04-17 10:31:33 +02:00
Clark Tomlinson
ac133e9faa
Merge pull request #15675 from owncloud/enc_error_messages
...
[encryption] display warning if password changed or if the keys are not initialized
2015-04-16 09:45:09 -04:00
Clark Tomlinson
1174ad0681
Merge pull request #15445 from owncloud/enc2_migration
...
add migration script from old encryption to new one
2015-04-16 09:34:47 -04:00
Bjoern Schiessle
e93f262eac
display warning if password changed or if the keys are not initialized
2015-04-16 14:30:19 +02:00
Bjoern Schiessle
959665003b
decrypt private key for public shares correctly
2015-04-16 14:15:04 +02:00
Bjoern Schiessle
e3d77c4b01
add migration script from old encryption to new one
2015-04-16 14:15:04 +02:00
Thomas Müller
fc4127dd62
add $encryptionModuleId to methods of Keys/IStorage
2015-04-22 11:53:05 +02:00
Bjoern Schiessle
389a101de6
make sure that encrypted private keys always have a header
2015-04-15 19:52:48 +02:00
Thomas Müller
cbe30f740e
remove calculateUnencryptedSize() - not needed
2015-04-14 13:08:59 +02:00
Thomas Müller
f816acde27
fix reading of private key
2015-04-14 12:23:25 +02:00
Bjoern Schiessle
d1fa3c6b32
add unit test for crypt.php
2015-04-10 15:12:57 +02:00
Lukas Reschke
ec69f2838c
Fix typos and some other adjustments
2015-04-09 14:09:09 +02:00
Lukas Reschke
4ca6419475
Fix PHPDoc
2015-04-09 10:54:53 +02:00
Bjoern Schiessle
4ce5669419
read cipher from key header and always write a key header if a new private key is stored
2015-04-08 14:26:00 +02:00
Bjoern Schiessle
215a9bcbc3
fix function call
2015-04-08 09:32:55 +02:00
Thomas Müller
a4483243ac
fixing license headers - encryption code related
2015-04-07 17:02:49 +02:00
Thomas Müller
111fbabfb4
PHPDoc cleanup - clean code \o/
2015-04-07 13:30:31 +02:00
Bjoern Schiessle
e8fa3a2370
fix versions download and previews
2015-04-07 13:30:31 +02:00
Thomas Müller
4c899238e9
fixing unit test execution
2015-04-07 13:30:30 +02:00
Bjoern Schiessle
2511c32e61
add more descriptive message to the exception, will be displayed to the user
2015-04-07 13:30:30 +02:00
Thomas Müller
664b2bb7af
cleaning up exception mess
2015-04-07 13:30:30 +02:00
Thomas Müller
feb9a6e216
Set human readable module ids
2015-04-07 13:30:30 +02:00
Thomas Müller
43c0af2580
Fix shouldEncrypt and don't throw exception id fileKey not present - can happen
2015-04-07 13:30:30 +02:00
Bjoern Schiessle
a057108c0c
make recovery key work
2015-04-07 13:30:30 +02:00
Thomas Müller
cac83642f2
Finally fixing encryption with public share
2015-04-07 13:30:30 +02:00
Thomas Müller
d203296e35
only encrypt files and files_versions
2015-04-07 13:30:30 +02:00
Thomas Müller
035646c0f6
fix exception handling
2015-04-07 13:30:30 +02:00
Bjoern Schiessle
d90663704c
fix hook registration
2015-04-07 13:30:29 +02:00
Clark Tomlinson
505e0eaf61
remove useless setup base class
2015-04-07 13:30:29 +02:00
Clark Tomlinson
1fb29ec546
adding hook manager test
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
4efbcb0280
cleanup keymanager test and add some additional tests
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
dac94679c6
delete recovery keys on disable
2015-04-07 13:30:29 +02:00
Clark Tomlinson
ea6b53042d
fixing test helper and undoing fubar in class...
2015-04-07 13:30:29 +02:00
Clark Tomlinson
48e3864c77
💯 % coverage for session class
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
1358d07d35
let user enable recovery key
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
e4895bda01
add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
4b4aeaa5b2
fix set recovery key and implement change password
2015-04-07 13:30:29 +02:00
Bjoern Schiessle
4843e5ce30
use password change logic to userhooks to avoid recursions
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
0f28d538a0
add session class to handle all session operations
2015-04-07 13:30:28 +02:00
Clark Tomlinson
e6dc6944c2
moving methods to their final places
...
and updating test some.
2015-04-07 13:30:28 +02:00
Thomas Müller
1b42b492dc
kill OC_FileProxy 💥
2015-04-07 13:30:28 +02:00
Thomas Müller
dbdd754c3f
Further cleanup of files_encryption
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
a85e2e0bfd
make recovery settings work
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
2331298380
fix parameter declaration and class initialisation
2015-04-07 13:30:28 +02:00
Thomas Müller
48fc3f3afe
fix unit test execution, variable naming and kill no longer used $cacheFactory
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
c64e0af4fb
check if recovery key exists and encrypt the file with the recovery key if needed
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
24c6604388
add public link share key to file if it was shared as public link
2015-04-07 13:30:28 +02:00
Bjoern Schiessle
37e8268447
make sharing and unsharing work
2015-04-07 13:30:27 +02:00
Clark Tomlinson
d15c2e52b0
cleanup and removing cachefactory
2015-04-07 13:30:27 +02:00
Bjoern Schiessle
2e00acda07
read encrypted files
2015-04-07 13:30:27 +02:00
Bjoern Schiessle
6c9251d9f8
make sure that all file keys are written to the key storage
2015-04-07 13:30:27 +02:00
Bjoern Schiessle
198b73fe32
write encrypted file to disc
2015-04-07 13:30:27 +02:00
Bjoern Schiessle
c00e728e5f
encryption app: remove legacy code, we do only server-side encryption
2015-04-07 13:30:27 +02:00
Thomas Müller
ecb3834554
fixing obvious bugs while testing
2015-04-07 13:30:27 +02:00
Clark Tomlinson
0c2f9ca849
Updating keystorage movement and fixing hooks
2015-04-07 13:30:27 +02:00
Clark Tomlinson
39733c8da1
Initial commit
2015-04-07 13:30:27 +02:00