upgrade from old encryption to the new one needs to generate share keys too

This commit is contained in:
Björn Schießle 2013-05-17 11:15:36 +02:00
parent 95297c2469
commit ca6a77d39b
3 changed files with 37 additions and 15 deletions

View file

@ -97,9 +97,10 @@ class Hooks {
); );
} }
// DISABLED JUST FOR TESTING PURPOSE, ACTIVATE AGAIN!
// Register successful migration in DB // Register successful migration in DB
$util->setMigrationStatus( 1 ); //$util->setMigrationStatus( 1 );
} }

View file

@ -479,15 +479,33 @@ class Crypt {
* keys: data, key * keys: data, key
* @note this method is a wrapper for combining other crypt class methods * @note this method is a wrapper for combining other crypt class methods
*/ */
public static function keyEncryptKeyfile( $plainContent, $publicKey ) { public static function keyEncryptKeyfile( $plainContent, $publicKey, $path ) {
$user = \OCP\User::getUser();
$view = new \OC_FilesystemView('/');
$util = new Util($view, $user);
// Encrypt plain data, generate keyfile & encrypted file // Encrypt plain data, generate keyfile & encrypted file
$cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent ); $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );
// Encrypt keyfile // Encrypt keyfile
$cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );
$sharingEnabled = \OCP\Share::isEnabled();
return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );
// if file exists try to get sharing users
if($view->file_exists($path)) {
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $path, $user );
} else {
$uniqueUserIds[] = $user;
}
// Fetch public keys for all users who will share the file
$publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
// Encrypt plain keyfile to multiple sharefiles
$multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );
return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );
} }
@ -725,11 +743,11 @@ class Crypt {
} }
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) { public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase, $path ) {
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase ); $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey ); $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey, $path );
return $recrypted; return $recrypted;

View file

@ -714,16 +714,19 @@ class Util {
// Fetch data from file // Fetch data from file
$legacyData = $this->view->file_get_contents( $legacyFile['path'] ); $legacyData = $this->view->file_get_contents( $legacyFile['path'] );
// Recrypt data, generate catfile // Recrypt data, generate catfile
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase ); $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKey, $newPassphrase, $legacyFile['path'] );
$relPath = $legacyFile['path']; $rawPath = $legacyFile['path'];
$rawPath = $this->userId . '/files/' . $plainFile['path']; $relPath = $this->stripUserFilesPath($rawPath);
// Save keyfile // Save keyfile
Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['key'] ); Keymanager::setFileKey( $this->view, $relPath, $this->userId, $recrypted['filekey'] );
// Save sharekeys to user folders
Keymanager::setShareKeys( $this->view, $relPath, $recrypted['sharekeys'] );
// Overwrite the existing file with the encrypted one // Overwrite the existing file with the encrypted one
$this->view->file_put_contents( $rawPath, $recrypted['data'] ); $this->view->file_put_contents( $rawPath, $recrypted['data'] );