Browse Source

Merge pull request #15472 from owncloud/enc_backward_compatibility

make private key handling backward compatible
Clark Tomlinson 9 years ago
parent
commit
fc2711e156

+ 24 - 7
apps/encryption/lib/crypto/crypt.php

@@ -37,6 +37,8 @@ use OCP\IUserSession;
 class Crypt {
 
 	const DEFAULT_CIPHER = 'AES-256-CFB';
+	// default cipher from old ownCloud versions
+	const LEGACY_CIPHER = 'AES-128-CFB';
 
 	const HEADER_START = 'HBEGIN';
 	const HEADER_END = 'HEND';
@@ -148,6 +150,16 @@ class Crypt {
 		return $padded;
 	}
 
+	/**
+	 * generate header for encrypted file
+	 */
+	public function generateHeader() {
+		$cipher = $this->getCipher();
+		$header = self::HEADER_START . ':cipher:' . $cipher . ':' . self::HEADER_END;
+
+		return $header;
+	}
+
 	/**
 	 * @param string $plainContent
 	 * @param string $iv
@@ -205,23 +217,28 @@ class Crypt {
 	}
 
 	/**
-	 * @param string $recoveryKey
+	 * @param string $privateKey
 	 * @param string $password
 	 * @return bool|string
 	 */
-	public function decryptPrivateKey($recoveryKey, $password) {
+	public function decryptPrivateKey($privateKey, $password) {
 
-		$header = $this->parseHeader($recoveryKey);
-		$cipher = $this->getCipher();
+		$header = $this->parseHeader($privateKey);
+
+		if (isset($header['cipher'])) {
+			$cipher = $header['cipher'];
+		} else {
+			$cipher = self::LEGACY_CIPHER;
+		}
 
 		// If we found a header we need to remove it from the key we want to decrypt
 		if (!empty($header)) {
-			$recoveryKey = substr($recoveryKey,
-				strpos($recoveryKey,
+			$privateKey = substr($privateKey,
+				strpos($privateKey,
 					self::HEADER_END) + strlen(self::HEADER_START));
 		}
 
-		$plainKey = $this->symmetricDecryptFileContent($recoveryKey,
+		$plainKey = $this->symmetricDecryptFileContent($privateKey,
 			$password,
 			$cipher);
 

+ 4 - 2
apps/encryption/lib/keymanager.php

@@ -200,9 +200,10 @@ class KeyManager {
 
 		$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
 			$password);
+		$header = $this->crypt->generateHeader();
 
 		if ($encryptedKey) {
-			$this->setPrivateKey($uid, $encryptedKey);
+			$this->setPrivateKey($uid, $header . $encryptedKey);
 			return true;
 		}
 		return false;
@@ -219,9 +220,10 @@ class KeyManager {
 
 		$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
 			$password);
+		$header = $this->crypt->generateHeader();
 
 		if ($encryptedKey) {
-			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey);
+			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
 			return true;
 		}
 		return false;

+ 1 - 0
apps/encryption/lib/recovery.php

@@ -129,6 +129,7 @@ class Recovery {
 	 *
 	 * @param string $newPassword
 	 * @param string $oldPassword
+	 * @return bool
 	 */
 	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
 		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());