Commit graph

163 commits

Author SHA1 Message Date
Bjoern Schiessle
fcda3a20f4
create new encryption keys on password reset and backup the old one
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-10 17:04:32 +01:00
Bjoern Schiessle
8a401ee156
check if session is initialized
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-23 12:20:43 +01:00
Maxence Lange
558a934842 init Session/privateKeys on Master Key
I can't find another way to init the session ...
2016-11-22 13:19:42 -01:00
Thomas Müller
8628d57b2c
Move console command registration to info.xml for encryption as well as files_external
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-12 08:04:15 +02:00
Joas Schilling
5e5e5b77d5
Fix encryption app 2016-09-12 16:48:11 +02:00
Arthur Schiwon
14ddf9d923
rename IAdmin to ISettings, the interface is not bound to a specific settings scope 2016-08-11 14:48:21 +02:00
Arthur Schiwon
f3b15a9ab9
fixes, improvements, and another app:
* setupSettings now also triggered on enable
* fixes detection of present admin section or settings in the DB
* add update routine in such cases
* encryption app migrated
2016-08-11 01:41:18 +02:00
Joas Schilling
352e8b3c79
More casing 2016-08-08 16:45:40 +02:00
Joas Schilling
0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling
813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Morris Jobke
e7e0dc608b
fix strings 2016-06-20 13:13:37 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Björn Schießle
0f728b4cd1
don't fail on "bad signature" during login. Most likely this happens because
the login password changed at the user back-end (e.g ldap). Such failures will
be handled after login correctly by allowing the user to adjust the passwords
2016-05-25 11:39:44 +02:00
Joas Schilling
4a3311f430 Move Encryption app to PSR-4 (#24524)
* Move Encryption to PSR-4

* Move encryption tests to PSR-4

* Fix the tests
2016-05-12 09:42:19 +02:00
Bjoern Schiessle
d86f8ba5f8
if we don't have a encrypted file key we can return a empty string right away 2016-04-26 11:06:55 +02:00
Bjoern Schiessle
088ffd05d7
don't create a private-/public-key pair for each user if the master key is enabled 2016-04-26 11:06:55 +02:00
Vincent Petry
b50d3255fb Merge pull request #22791 from owncloud/enc_master_key_improvements
Enc master key improvements
2016-04-21 11:48:26 +02:00
Thomas Müller
50e20e531e
Introduce isReadyForUser and verify in file transfer ownership - fixes #23786 2016-04-15 15:07:40 +02:00
Bjoern Schiessle
89223379ad replaceUserKeys() actually deletes the users keys -> update method name and doc-block 2016-03-18 11:06:14 +01:00
Bjoern Schiessle
5e267589d4 only create and update user specific key if no master key is enabled 2016-03-18 11:06:14 +01:00
Thomas Müller
f3f08cf910 Merge pull request #23192 from owncloud/make-ancient-users-happy-with-totally-untested-stuff
Fallback for crappy ancient distributions
2016-03-16 21:56:36 +01:00
Bjoern Schiessle
9de4a8338e allow group shares, even if not all public keys are available 2016-03-15 11:33:19 +01:00
Lukas Reschke
3a5f58c9b0 Fallback for crappy ancient distributions
Fixes https://github.com/owncloud/core/issues/23181
2016-03-12 23:11:31 +01:00
Lukas Reschke
c353d51810 Remove Scrutinizer Auto Fixer 2016-03-01 17:48:23 +01:00
Lukas Reschke
933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Bjoern Schiessle
95ea2ccb53 make decrypt all work with the master key 2016-02-29 14:54:32 +01:00
Bjoern Schiessle
9dc759b4dc remember signature version and only set it on update to make sure that other
apps like files_versions still get the old signature version
2016-02-10 13:27:32 +01:00
Bjoern Schiessle
43ed86313c use the version of the original file if we write the part file to have a proper version if we move the file over to the original location 2016-02-10 11:08:03 +01:00
Vincent Petry
45c78476f5 Use cache update instead of put for encryption version
Saves a call to fetch the file id which didn't even work for a reason.

This fix properly sets the version in the database.
2016-02-09 23:43:28 +01:00
Lukas Reschke
6724f76573 Use cache and add tests 2016-02-09 23:43:27 +01:00
Bjoern Schiessle
377d7fb8a8 don't decrease ->version for part files but only a local variable, otherwise it can happen that we decrease it twice and end up with the wrong value 2016-02-09 23:43:27 +01:00
Bjoern Schiessle
966eb4b084 realPath should contain the path to the file we want to read, e.g. the version and not the original file 2016-02-09 23:43:27 +01:00
Lukas Reschke
5ccb9dfa7e Use database for keeping track of the version 2016-02-09 23:43:27 +01:00
Lukas Reschke
3badf5caf5 Use number of chunk for HMAC as well
Prevents switching single blocks within the encrypted file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
b5824f024a Keep track of file version
This way it is not possible anymore for an external storage admin to put up old versions of the file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
d5c1596887 Clarify documentation 2016-02-09 23:43:26 +01:00
Lukas Reschke
3b62459c41 Use hash with appended "a" of the original password for the authentication 2016-02-09 23:43:26 +01:00
Björn Schießle
9bb97c714b fixing unit tests 2016-02-09 23:43:26 +01:00
Lukas Reschke
b9ff16498b Use random_bytes instead OpenSSL 2016-02-09 23:43:26 +01:00
Björn Schießle
61dd191253 meta data are at the end of the file 2016-02-09 23:43:25 +01:00
Björn Schießle
e7ff84df5c always use default cipher for write operations, no matter how the file was encrypted before 2016-02-09 23:43:25 +01:00
Björn Schießle
cf3a8f274f make it backward compatible to work with signed and un-signed files 2016-02-09 23:43:25 +01:00
Björn Schießle
40a5ba72fc sign all encrypted blocks and check signature on decrypt 2016-02-09 23:43:25 +01:00
Lukas Reschke
db8f267647 Add note about the addPadding function 2016-02-09 23:43:25 +01:00
Lukas Reschke
59ebad0b53 Use an actual 16 byte long IV
The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
2016-02-09 23:43:24 +01:00
Lukas Reschke
d25b8dacb3 Use AES-256-CTR as default
CTR is recommended over CFB mode.
2016-02-09 23:43:24 +01:00
Thomas Müller
e0aa6e01ab Merge pull request #21612 from owncloud/fix_21598
fix public link sharing if the master key is enabled
2016-01-13 10:34:48 +01:00
Thomas Müller
682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Roeland Jago Douma
876fb83ddc getMediumStrengthGenerator is deprecated and does not do anything anymore 2016-01-11 20:06:30 +01:00
Björn Schießle
46f6c289ca only use master key ID if a user is logged in. Otherwise keep the public link share key 2016-01-11 13:09:06 +01:00