haiwen/seafile-server
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server.git synced 2025-09-16 15:18:58 +00:00
Code Issues Releases Wiki Activity

Support encrypted repo of V4 (#411)

Browse Source 
* Support encrypted repo of V4

* Use aes128 for V3 encrypted repo
This commit is contained in:
feiniks
2020-09-22 17:06:15 +08:00
committed by GitHub
parent 56e8554b57
commit 7ff3282975
5 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
common/commit-mgr.c
View File

@@ -758,6 +758,14 @@ commit_from_json_object (const char *commit_id, json_t *object)
if (!salt || strlen(salt) != 64)
return NULL;
break;
case 4:
if (!magic || strlen(magic) != 64)
return NULL;
if (!random_key || strlen(random_key) != 96)
return NULL;
if (!salt || strlen(salt) != 64)
return NULL;
break;
default:
seaf_warning ("Unknown encryption version %d.\n", enc_version);
return NULL;

38
common/seafile-crypt.c
View File

@@ -40,7 +40,7 @@ seafile_derive_key (const char *data_in, int in_len, int version,
const char *repo_salt,
unsigned char *key, unsigned char *iv)
{
if (version == 3) {
if (version >= 3) {
unsigned char repo_salt_bin[32];
hex_to_rawdata (repo_salt, repo_salt_bin, 32);
@@ -167,7 +167,7 @@ seafile_verify_repo_passwd (const char *repo_id,
unsigned char key[32], iv[16];
char hex[65];
if (version != 1 && version != 2 && version != 3) {
if (version != 1 && version != 2 && version != 3 && version != 4) {
seaf_warning ("Unsupported enc_version %d.\n", version);
return -1;
}
@@ -305,24 +305,24 @@ seafile_encrypt (char **data_out,
/* Prepare CTX for encryption. */
ctx = EVP_CIPHER_CTX_new ();
if (crypt->version == 2)
ret = EVP_EncryptInit_ex (ctx,
EVP_aes_256_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else if (crypt->version == 1)
if (crypt->version == 1)
ret = EVP_EncryptInit_ex (ctx,
EVP_aes_128_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else
else if (crypt->version == 3)
ret = EVP_EncryptInit_ex (ctx,
EVP_aes_128_ecb(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else
ret = EVP_EncryptInit_ex (ctx,
EVP_aes_256_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
if (ret == ENC_FAILURE) {
EVP_CIPHER_CTX_free (ctx);
@@ -416,24 +416,24 @@ seafile_decrypt (char **data_out,
/* Prepare CTX for decryption. */
ctx = EVP_CIPHER_CTX_new ();
if (crypt->version == 2)
ret = EVP_DecryptInit_ex (ctx,
EVP_aes_256_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else if (crypt->version == 1)
if (crypt->version == 1)
ret = EVP_DecryptInit_ex (ctx,
EVP_aes_128_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else
else if (crypt->version == 3)
ret = EVP_DecryptInit_ex (ctx,
EVP_aes_128_ecb(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
else
ret = EVP_DecryptInit_ex (ctx,
EVP_aes_256_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */
crypt->key, /* derived key */
crypt->iv); /* initial vector */
if (ret == DEC_FAILURE) {
EVP_CIPHER_CTX_free (ctx);
@@ -501,7 +501,7 @@ seafile_decrypt_init (EVP_CIPHER_CTX **ctx,
/* Prepare CTX for decryption. */
*ctx = EVP_CIPHER_CTX_new ();
if (version == 2)
if (version >= 2)
ret = EVP_DecryptInit_ex (*ctx,
EVP_aes_256_cbc(), /* cipher mode */
NULL, /* engine, NULL for default */

2
server/passwd-mgr.c
View File

@@ -118,7 +118,7 @@ seaf_passwd_manager_set_passwd (SeafPasswdManager *mgr,
return -1;
}
if (repo->enc_version != 1 && repo->enc_version != 2 && repo->enc_version != 3) {
if (repo->enc_version != 1 && repo->enc_version != 2 && repo->enc_version != 3 && repo->enc_version != 4) {
seaf_repo_unref (repo);
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
"Unsupported encryption version");

10
server/repo-mgr.c
View File

@@ -146,6 +146,10 @@ seaf_repo_from_commit (SeafRepo *repo, SeafCommit *commit)
memcpy (repo->magic, commit->magic, 64);
memcpy (repo->random_key, commit->random_key, 96);
memcpy (repo->salt, commit->salt, 64);
} else if (repo->enc_version == 4) {
memcpy (repo->magic, commit->magic, 64);
memcpy (repo->random_key, commit->random_key, 96);
memcpy (repo->salt, commit->salt, 64);
}
}
repo->no_local_history = commit->no_local_history;
@@ -171,6 +175,10 @@ seaf_repo_to_commit (SeafRepo *repo, SeafCommit *commit)
commit->magic = g_strdup (repo->magic);
commit->random_key = g_strdup (repo->random_key);
commit->salt = g_strdup (repo->salt);
} else if (commit->enc_version == 4) {
commit->magic = g_strdup (repo->magic);
commit->random_key = g_strdup (repo->random_key);
commit->salt = g_strdup (repo->salt);
}
}
commit->no_local_history = repo->no_local_history;
@@ -3580,7 +3588,7 @@ create_repo_common (SeafRepoManager *mgr,
SeafBranch *master = NULL;
int ret = -1;
if (enc_version != 3 && enc_version != 2 && enc_version != -1) {
if (enc_version != 4 && enc_version != 3 && enc_version != 2 && enc_version != -1) {
seaf_warning ("Unsupported enc version %d.\n", enc_version);
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
"Unsupported encryption version");

10
tests/test_password/test_password.py
View File

@@ -3,8 +3,8 @@ from tests.config import USER
from seaserv import seafile_api as api
@pytest.mark.parametrize('rpc, enc_version',
[('create_repo', 2), ('create_repo', 3),
('create_enc_repo', 2), ('create_enc_repo', 3)])
[('create_repo', 2), ('create_repo', 3), ('create_repo', 4),
('create_enc_repo', 2), ('create_enc_repo', 3), ('create_enc_repo', 4)])
def test_encrypted_repo(rpc, enc_version):
test_repo_name = 'test_enc_repo'
test_repo_desc = 'test_enc_repo'
@@ -16,8 +16,10 @@ def test_encrypted_repo(rpc, enc_version):
else:
if enc_version == 2:
repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb762'
else:
elif enc_version == 3:
repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb763'
else:
repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb764'
enc_info = api.generate_magic_and_random_key(enc_version, repo_id, test_repo_passwd)
assert enc_info
ret_repo_id = api.create_enc_repo(repo_id, test_repo_name, test_repo_desc,
@@ -30,7 +32,7 @@ def test_encrypted_repo(rpc, enc_version):
assert repo.enc_version == enc_version
assert len(repo.magic) == 64
assert len(repo.random_key) == 96
if enc_version == 3:
if enc_version == 3 or enc_version == 4:
assert len(repo.salt) == 64
new_passwd = 'new password'