upgrade from old encryption to the new one needs to generate share keys too
This commit is contained in:
Björn Schießle
parent
95297c2469
commit
ca6a77d39b
3 changed files with 37 additions and 15 deletions
|
|
@ -97,9 +97,10 @@ class Hooks {
|
|||
);
|
||||
|
||||
}
|
||||
|
||||
|
||||
// DISABLED JUST FOR TESTING PURPOSE, ACTIVATE AGAIN!
|
||||
// Register successful migration in DB
|
||||
$util->setMigrationStatus( 1 );
|
||||
//$util->setMigrationStatus( 1 );
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -479,15 +479,33 @@ class Crypt {
|
|||
* keys: data, key
|
||||
* @note this method is a wrapper for combining other crypt class methods
|
||||
*/
|
||||
public static function keyEncryptKeyfile( $plainContent, $publicKey ) {
|
||||
|
||||
public static function keyEncryptKeyfile( $plainContent, $publicKey, $path ) {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
$view = new \OC_FilesystemView('/');
|
||||
$util = new Util($view, $user);
|
||||
|
||||
// Encrypt plain data, generate keyfile & encrypted file
|
||||
$cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );
|
||||
|
||||
// Encrypt keyfile
|
||||
$cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );
|
||||
|
||||
return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );
|
||||
|
||||
$sharingEnabled = \OCP\Share::isEnabled();
|
||||
|
||||
// if file exists try to get sharing users
|
||||
if($view->file_exists($path)) {
|
||||
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $path, $user );
|
||||
} else {
|
||||
$uniqueUserIds[] = $user;
|
||||
}
|
||||
|
||||
// Fetch public keys for all users who will share the file
|
||||
$publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
|
||||
|
||||
// Encrypt plain keyfile to multiple sharefiles
|
||||
$multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
|
||||
|
||||
return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -725,11 +743,11 @@ class Crypt {
|
|||
|
||||
}
|
||||
|
||||
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) {
|
||||
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase, $path ) {
|
||||
|
||||
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );
|
||||
|
||||
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey );
|
||||
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey, $path );
|
||||
|
||||
return $recrypted;
|
||||
|
||||
|
|
|
|||
|
|
@ -714,16 +714,19 @@ class Util {
|
|||
|
||||
// Fetch data from file
|
||||
$legacyData = $this->view->file_get_contents( $legacyFile['path'] );
|
||||
|
||||
|
||||
// Recrypt data, generate catfile
|
||||
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase );
|
||||
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'] );
|
||||
|
||||
$relPath = $legacyFile['path'];
|
||||
$rawPath = $this->userId . '/files/' . $plainFile['path'];
|
||||
$rawPath = $legacyFile['path'];
|
||||
$relPath = $this->stripUserFilesPath($rawPath);
|
||||
|
||||
// Save keyfile
|
||||
Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['key'] );
|
||||
|
||||
Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] );
|
||||
|
||||
// Save sharekeys to user folders
|
||||
Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] );
|
||||
|
||||
// Overwrite the existing file with the encrypted one
|
||||
$this->view->file_put_contents( $rawPath, $recrypted['data'] );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue