Skip to content

Commit

Permalink
RPC add pwd_hash_algo and pwd_hash_params
Browse files Browse the repository at this point in the history
  • Loading branch information
杨赫然 committed Nov 18, 2023
1 parent 5b9fb7a commit 111c944
Show file tree
Hide file tree
Showing 12 changed files with 174 additions and 32 deletions.
26 changes: 21 additions & 5 deletions common/rpc-service.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ convert_repo (SeafRepo *r)
g_object_set (repo, "id", r->id, "name", r->name,
"desc", r->desc, "encrypted", r->encrypted,
"magic", r->magic, "enc_version", r->enc_version,
"pwd_hash", r->pwd_hash,
"pwd_hash_algo", r->pwd_hash_algo, "pwd_hash_params", r->pwd_hash_params,
"head_cmmt_id", r->head ? r->head->commit_id : NULL,
"root", r->root_id,
"version", r->version, "last_modify", r->last_modify,
Expand Down Expand Up @@ -696,6 +698,8 @@ GObject *
seafile_generate_magic_and_random_key(int enc_version,
const char* repo_id,
const char *passwd,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error)
{
if (!repo_id || !passwd) {
Expand All @@ -712,15 +716,22 @@ seafile_generate_magic_and_random_key(int enc_version,
}

gboolean use_default = seafile_crypt_use_default_algo ();
const char *algo = seafile_crypt_get_pwd_hash_algo ();
const char *params = seafile_crypt_get_pwd_hash_params ();
const char *algo = NULL;
const char *params = NULL;
if (pwd_hash_algo) {
algo = pwd_hash_algo;
params = pwd_hash_params;
} else {
algo = seafile_crypt_get_pwd_hash_algo ();
params = seafile_crypt_get_pwd_hash_params ();
}
seafile_generate_magic (enc_version, repo_id, passwd, salt, algo, params, magic);
if (seafile_generate_random_key (passwd, enc_version, salt, random_key) < 0) {
if (seafile_generate_random_key (passwd, enc_version, salt, algo, params, random_key) < 0) {
return NULL;
}

SeafileEncryptionInfo *sinfo;
if (use_default) {
if (use_default && !pwd_hash_algo) {
sinfo = g_object_new (SEAFILE_TYPE_ENCRYPTION_INFO,
"repo_id", repo_id,
"passwd", passwd,
Expand Down Expand Up @@ -3079,6 +3090,9 @@ seafile_create_enc_repo (const char *repo_id,
const char *random_key,
const char *salt,
int enc_version,
const char *pwd_hash,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error)
{
if (!repo_id || !repo_name || !repo_desc || !owner_email) {
Expand All @@ -3091,7 +3105,9 @@ seafile_create_enc_repo (const char *repo_id,
ret = seaf_repo_manager_create_enc_repo (seaf->repo_mgr,
repo_id, repo_name, repo_desc,
owner_email,
magic, random_key, salt, enc_version,
magic, random_key, salt,
enc_version,
pwd_hash, pwd_hash_algo, pwd_hash_params,
error);
return ret;
}
Expand Down
4 changes: 3 additions & 1 deletion common/seafile-crypt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ int
seafile_generate_random_key (const char *passwd,
int version,
const char *repo_salt,
const char *algo,
const char *params,
char *random_key)
{
SeafileCrypt *crypt;
Expand All @@ -103,7 +105,7 @@ seafile_generate_random_key (const char *passwd,
return -1;
}

seafile_derive_key (passwd, strlen(passwd), version, repo_salt, default_params.algo, default_params.params_str, key, iv);
seafile_derive_key (passwd, strlen(passwd), version, repo_salt, algo, params, key, iv);

crypt = seafile_crypt_new (version, key, iv);

Expand Down
2 changes: 2 additions & 0 deletions common/seafile-crypt.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ int
seafile_generate_random_key (const char *passwd,
int version,
const char *repo_salt,
const char *algo,
const char *params,
char *random_key);

void
Expand Down
5 changes: 5 additions & 0 deletions include/seafile-rpc.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -923,6 +923,9 @@ seafile_create_enc_repo (const char *repo_id,
const char *random_key,
const char *salt,
int enc_version,
const char *pwd_hash,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error);

char *
Expand Down Expand Up @@ -1040,6 +1043,8 @@ GObject *
seafile_generate_magic_and_random_key(int enc_version,
const char* repo_id,
const char *passwd,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error);

gint64
Expand Down
6 changes: 6 additions & 0 deletions lib/repo.vala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ public class Repo : Object {
public int enc_version { get; set; }
public string random_key { get; set; }
public string salt { get; set; }
public string pwd_hash { get; set; }
public string pwd_hash_algo { get; set; }
public string pwd_hash_params { get; set; }

// Section 3: Client only information
// Should be set for all client repo objects
Expand Down Expand Up @@ -202,6 +205,9 @@ public class EncryptionInfo: Object {
public string magic { get; set; }
public string random_key { get; set; }
public string salt { get; set; }
public string pwd_hash { get; set; }
public string pwd_hash_algo { get; set; }
public string pwd_hash_params { get; set; }
}

public class UserQuotaUsage: Object {
Expand Down
2 changes: 2 additions & 0 deletions lib/rpc_table.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
[ "string", ["string", "string", "string", "string", "string", "string", "string", "int"] ],
[ "string", ["string", "string", "string", "string", "string", "string", "string", "int64"] ],
[ "string", ["string", "string", "string", "string", "string", "string", "string", "string", "string"] ],
[ "string", ["string", "string", "string", "string", "string", "string", "string", "int", "string", "string", "string"] ],
[ "string", ["string", "int", "string", "string", "string", "string", "string", "string", "string", "string", "string", "string", "int", "string"] ],
[ "string", ["string", "int", "string", "int", "int"] ],
[ "string", ["string", "int", "string", "string", "string"] ],
Expand Down Expand Up @@ -103,6 +104,7 @@
[ "object", ["string", "string", "string"] ],
[ "object", ["string", "int", "string"] ],
[ "object", ["int", "string", "string"] ],
[ "object", ["int", "string", "string", "string", "string"] ],
[ "object", ["string", "string", "int", "int"] ],
[ "object", ["string", "string", "string", "int"] ],
[ "object", ["string", "string", "string", "string", "string", "string", "string", "int", "int"] ],
Expand Down
8 changes: 4 additions & 4 deletions python/seafile/rpcclient.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ def seafile_create_repo(name, desc, owner_email, passwd, enc_version):
pass
create_repo = seafile_create_repo

@searpc_func("string", ["string", "string", "string", "string", "string", "string", "string", "int"])
def seafile_create_enc_repo(repo_id, name, desc, owner_email, magic, random_key, salt, enc_version):
@searpc_func("string", ["string", "string", "string", "string", "string", "string", "string", "int", "string", "string", "string"])
def seafile_create_enc_repo(repo_id, name, desc, owner_email, magic, random_key, salt, enc_version, pwd_hash, pwd_hash_algo, pwd_hash_params):
pass
create_enc_repo = seafile_create_enc_repo

Expand Down Expand Up @@ -665,8 +665,8 @@ def empty_repo_trash_by_owner(owner):
def empty_repo_trash_by_owner(owner):
pass

@searpc_func("object", ["int", "string", "string"])
def generate_magic_and_random_key(enc_version, repo_id, password):
@searpc_func("object", ["int", "string", "string", "string", "string"])
def generate_magic_and_random_key(enc_version, repo_id, password, pwd_hash_algo, pwd_hash_params):
pass

@searpc_func("int64", [])
Expand Down
8 changes: 4 additions & 4 deletions python/seaserv/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,16 +81,16 @@ def set_passwd(self, repo_id, user, passwd):
def unset_passwd(self, repo_id, user):
return seafserv_threaded_rpc.unset_passwd(repo_id, user)

def generate_magic_and_random_key(self, enc_version, repo_id, password):
return seafserv_threaded_rpc.generate_magic_and_random_key(enc_version, repo_id, password)
def generate_magic_and_random_key(self, enc_version, repo_id, password, pwd_hash_algo=None, pwd_hash_params=None):
return seafserv_threaded_rpc.generate_magic_and_random_key(enc_version, repo_id, password, pwd_hash_algo, pwd_hash_params)

# repo manipulation

def create_repo(self, name, desc, username, passwd=None, enc_version=2, storage_id=None):
return seafserv_threaded_rpc.create_repo(name, desc, username, passwd, enc_version)

def create_enc_repo(self, repo_id, name, desc, username, magic, random_key, salt, enc_version):
return seafserv_threaded_rpc.create_enc_repo(repo_id, name, desc, username, magic, random_key, salt, enc_version)
def create_enc_repo(self, repo_id, name, desc, username, magic, random_key, salt, enc_version, pwd_hash=None, pwd_hash_algo=None, pwd_hash_params=None):
return seafserv_threaded_rpc.create_enc_repo(repo_id, name, desc, username, magic, random_key, salt, enc_version, pwd_hash, pwd_hash_algo, pwd_hash_params)

def get_repos_by_id_prefix(self, id_prefix, start=-1, limit=-1):
"""
Expand Down
96 changes: 80 additions & 16 deletions server/repo-mgr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
#include "fs-mgr.h"
#include "seafile-error.h"
#include "seafile-crypt.h"
#include "password-hash.h"

#include "seaf-db.h"
#include "seaf-utils.h"
Expand Down Expand Up @@ -3736,16 +3737,40 @@ seaf_repo_manager_is_valid_filename (SeafRepoManager *mgr,
return 1;
}

typedef struct _RepoCryptCompat {
const char *magic;
const char *pwd_hash;
const char *pwd_hash_algo;
const char *pwd_hash_params;
gboolean is_default;
} RepoCryptCompat;

static
RepoCryptCompat *
repo_crypt_compat_new (const char *magic, const char *pwd_hash,
const char *algo, const char *params,
gboolean is_default)
{
RepoCryptCompat *crypt_compat = g_new0 (RepoCryptCompat, 1);
crypt_compat->magic = magic;
crypt_compat->pwd_hash = pwd_hash;
crypt_compat->pwd_hash_algo = algo;
crypt_compat->pwd_hash_params = params;
crypt_compat->is_default = is_default;

return crypt_compat;
}

static int
create_repo_common (SeafRepoManager *mgr,
const char *repo_id,
const char *repo_name,
const char *repo_desc,
const char *user,
const char *magic,
const char *random_key,
const char *salt,
int enc_version,
RepoCryptCompat *crypt_compat,
GError **error)
{
SeafRepo *repo = NULL;
Expand All @@ -3759,14 +3784,34 @@ create_repo_common (SeafRepoManager *mgr,
"Unsupported encryption version");
return -1;
}

if (enc_version >= 2) {
if (!magic || strlen(magic) != 64) {
seaf_warning ("Bad magic.\n");

if (crypt_compat && crypt_compat->pwd_hash_algo) {
if (g_strcmp0 (crypt_compat->pwd_hash_algo, PWD_HASH_PDKDF2) != 0 &&
g_strcmp0 (crypt_compat->pwd_hash_algo, PWD_HASH_ARGON2ID) !=0)
{
seaf_warning ("Unsupported enc algothrims %s.\n", crypt_compat->pwd_hash_algo);
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
"Bad magic");
"Unsupported encryption algothrims");
return -1;
}
}

if (enc_version >= 2) {
if (!crypt_compat->pwd_hash_algo) {
if (!crypt_compat->magic || strlen(crypt_compat->magic) != 64) {
seaf_warning ("Bad magic.\n");
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
"Bad magic");
return -1;
}
} else {
if (!crypt_compat->pwd_hash || strlen(crypt_compat->pwd_hash) != 64) {
seaf_warning ("Bad pwd_hash.\n");
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
"Bad pwd_hash");
return -1;
}
}
if (!random_key || strlen(random_key) != 96) {
seaf_warning ("Bad random key.\n");
g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS,
Expand All @@ -3789,17 +3834,20 @@ create_repo_common (SeafRepoManager *mgr,
if (enc_version >= 2) {
repo->encrypted = TRUE;
repo->enc_version = enc_version;
memcpy (repo->magic, magic, 64);
if (crypt_compat->pwd_hash_algo)
memcpy (repo->magic, crypt_compat->pwd_hash, 64);
else
memcpy (repo->magic, crypt_compat->magic, 64);
memcpy (repo->random_key, random_key, 96);
}
if (enc_version >= 3)
memcpy (repo->salt, salt, 64);

if (enc_version >= 2 && !seafile_crypt_use_default_algo ()) {
if (enc_version >= 2 && !crypt_compat->is_default) {
// set pwd_hash fields here.
memcpy (repo->pwd_hash, magic, 64);
repo->pwd_hash_algo = g_strdup (seafile_crypt_get_pwd_hash_algo ());
repo->pwd_hash_params = g_strdup (seafile_crypt_get_pwd_hash_params ());
memcpy (repo->pwd_hash, crypt_compat->pwd_hash, 64);
repo->pwd_hash_algo = g_strdup (crypt_compat->pwd_hash_algo);
repo->pwd_hash_params = g_strdup (crypt_compat->pwd_hash_params);
}

repo->version = CURRENT_REPO_VERSION;
Expand Down Expand Up @@ -3869,6 +3917,7 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr,
char salt[65], magic[65], random_key[97];
const char *algo = seafile_crypt_get_pwd_hash_algo ();
const char *params = seafile_crypt_get_pwd_hash_params ();
gboolean is_default = seafile_crypt_use_default_algo ();

repo_id = gen_uuid ();

Expand All @@ -3877,18 +3926,21 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr,
goto bad;
}
seafile_generate_magic (enc_version, repo_id, passwd, salt, algo, params, magic);
if (seafile_generate_random_key (passwd, enc_version, salt, random_key) < 0) {
if (seafile_generate_random_key (passwd, enc_version, salt, algo, params, random_key) < 0) {
goto bad;
}
}

int rc;
if (passwd)
if (passwd) {
RepoCryptCompat *crypt_compat = repo_crypt_compat_new (magic, magic, algo, params, is_default);
rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email,
magic, random_key, salt, enc_version, error);
random_key, salt, enc_version, crypt_compat, error);
g_free (crypt_compat);
}
else
rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email,
NULL, NULL, NULL, -1, error);
NULL, NULL, -1, NULL, error);
if (rc < 0)
goto bad;

Expand Down Expand Up @@ -3917,6 +3969,9 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr,
const char *random_key,
const char *salt,
int enc_version,
const char *pwd_hash,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error)
{
if (!repo_id || !is_uuid_valid (repo_id)) {
Expand All @@ -3933,9 +3988,18 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr,
return NULL;
}

gboolean is_default = TRUE;
if (pwd_hash_algo) {
is_default = FALSE;
}

RepoCryptCompat *crypt_compat = repo_crypt_compat_new (magic, pwd_hash, pwd_hash_algo, pwd_hash_params, is_default);
if (create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email,
magic, random_key, salt, enc_version, error) < 0)
random_key, salt, enc_version, crypt_compat, error) < 0) {
g_free (crypt_compat);
return NULL;
}
g_free (crypt_compat);

if (seaf_repo_manager_set_repo_owner (mgr, repo_id, owner_email) < 0) {
seaf_warning ("Failed to set repo owner.\n");
Expand Down
3 changes: 3 additions & 0 deletions server/repo-mgr.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -516,6 +516,9 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr,
const char *random_key,
const char *salt,
int enc_version,
const char *pwd_hash,
const char *pwd_hash_algo,
const char *pwd_hash_params,
GError **error);

/* Give a repo and a path in this repo, returns a list of commits, where every
Expand Down
4 changes: 2 additions & 2 deletions server/seaf-server.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ static void start_rpc_service (const char *seafile_dir,
searpc_server_register_function ("seafserv-threaded-rpcserver",
seafile_create_enc_repo,
"seafile_create_enc_repo",
searpc_signature_string__string_string_string_string_string_string_string_int());
searpc_signature_string__string_string_string_string_string_string_string_int_string_string_string());

searpc_server_register_function ("seafserv-threaded-rpcserver",
seafile_get_commit,
Expand Down Expand Up @@ -745,7 +745,7 @@ static void start_rpc_service (const char *seafile_dir,
searpc_server_register_function ("seafserv-threaded-rpcserver",
seafile_generate_magic_and_random_key,
"generate_magic_and_random_key",
searpc_signature_object__int_string_string());
searpc_signature_object__int_string_string_string_string());

/* Config */
searpc_server_register_function ("seafserv-threaded-rpcserver",
Expand Down
Loading

0 comments on commit 111c944

Please sign in to comment.