From 79402526cafc6383354f3f702f749ba55155124b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E8=B5=AB=E7=84=B6?= Date: Wed, 5 Jul 2023 17:05:19 +0800 Subject: [PATCH 1/2] Support enc repo v5 --- common/commit-mgr.c | 19 ++++++++++++++++ common/commit-mgr.h | 1 + common/rpc-service.c | 10 ++++---- common/seafile-crypt.c | 34 ++++++++++++++++++---------- common/seafile-crypt.h | 13 +++++++---- fileserver/commitmgr/commitmgr.go | 1 + fileserver/repomgr/repomgr.go | 11 +++++++++ server/passwd-mgr.c | 5 ++-- server/repo-mgr.c | 19 +++++++++++++--- server/repo-mgr.h | 1 + server/seafile-session.c | 8 +++++++ server/seafile-session.h | 3 +++ server/virtual-repo.c | 5 ++-- tests/test_password/test_password.py | 10 ++++---- 14 files changed, 108 insertions(+), 32 deletions(-) diff --git a/common/commit-mgr.c b/common/commit-mgr.c index 4ba3e4f6..65b8c98c 100644 --- a/common/commit-mgr.c +++ b/common/commit-mgr.c @@ -639,6 +639,9 @@ commit_to_json_object (SeafCommit *commit) json_object_set_string_member (object, "key", commit->random_key); if (commit->enc_version >= 3) json_object_set_string_member (object, "salt", commit->salt); + if (commit->enc_version >= 5) { + json_object_set_int_member (object, "key_iter", commit->key_iter); + } } if (commit->no_local_history) json_object_set_int_member (object, "no_local_history", 1); @@ -675,6 +678,7 @@ commit_from_json_object (const char *commit_id, json_t *object) const char *magic = NULL; const char *random_key = NULL; const char *salt = NULL; + int key_iter; int no_local_history = 0; int version = 0; int conflict = 0, new_merge = 0; @@ -715,6 +719,8 @@ commit_from_json_object (const char *commit_id, json_t *object) random_key = json_object_get_string_member (object, "key"); if (enc_version >= 3) salt = json_object_get_string_member (object, "salt"); + if (enc_version >= 5) + key_iter = json_object_get_int_member (object, "key_iter"); if (json_object_has_member (object, "no_local_history")) no_local_history = json_object_get_int_member (object, "no_local_history"); @@ -768,6 +774,17 @@ commit_from_json_object (const char *commit_id, json_t *object) if (!salt || strlen(salt) != 64) return NULL; break; + case 5: + if (!magic || strlen(magic) != 64) + return NULL; + if (!random_key || strlen(random_key) != 96) + return NULL; + if (!salt || strlen(salt) != 64) + return NULL; + if (key_iter <= 0) { + return NULL; + } + break; default: seaf_warning ("Unknown encryption version %d.\n", enc_version); return NULL; @@ -800,6 +817,8 @@ commit_from_json_object (const char *commit_id, json_t *object) commit->random_key = g_strdup (random_key); if (enc_version >= 3) commit->salt = g_strdup(salt); + if (enc_version >= 5) + commit->key_iter = key_iter; } if (no_local_history) commit->no_local_history = TRUE; diff --git a/common/commit-mgr.h b/common/commit-mgr.h index 27842307..d3170761 100644 --- a/common/commit-mgr.h +++ b/common/commit-mgr.h @@ -36,6 +36,7 @@ struct _SeafCommit { char *magic; char *random_key; char *salt; + int key_iter; gboolean no_local_history; int version; diff --git a/common/rpc-service.c b/common/rpc-service.c index 741964e4..cdff1493 100644 --- a/common/rpc-service.c +++ b/common/rpc-service.c @@ -711,8 +711,8 @@ seafile_generate_magic_and_random_key(int enc_version, return NULL; } - seafile_generate_magic (enc_version, repo_id, passwd, salt, magic); - if (seafile_generate_random_key (passwd, enc_version, salt, random_key) < 0) { + seafile_generate_magic (enc_version, repo_id, passwd, salt, magic, seaf->key_iter); + if (seafile_generate_random_key (passwd, enc_version, salt, random_key, seaf->key_iter) < 0) { return NULL; } @@ -1041,7 +1041,7 @@ seafile_change_repo_passwd (const char *repo_id, } if (seafile_verify_repo_passwd (repo_id, old_passwd, repo->magic, - repo->enc_version, repo->salt) < 0) { + repo->enc_version, repo->salt, repo->key_iter) < 0) { g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Incorrect password"); return -1; } @@ -1058,10 +1058,10 @@ seafile_change_repo_passwd (const char *repo_id, char new_magic[65], new_random_key[97]; - seafile_generate_magic (repo->enc_version, repo_id, new_passwd, repo->salt, new_magic); + seafile_generate_magic (repo->enc_version, repo_id, new_passwd, repo->salt, new_magic, repo->key_iter); if (seafile_update_random_key (old_passwd, repo->random_key, new_passwd, new_random_key, - repo->enc_version, repo->salt) < 0) { + repo->enc_version, repo->salt, repo->key_iter) < 0) { ret = -1; goto out; } diff --git a/common/seafile-crypt.c b/common/seafile-crypt.c index 4dfef7c5..b9878e81 100644 --- a/common/seafile-crypt.c +++ b/common/seafile-crypt.c @@ -38,15 +38,20 @@ seafile_crypt_new (int version, unsigned char *key, unsigned char *iv) int seafile_derive_key (const char *data_in, int in_len, int version, const char *repo_salt, + int iter, unsigned char *key, unsigned char *iv) { if (version >= 3) { unsigned char repo_salt_bin[32]; hex_to_rawdata (repo_salt, repo_salt_bin, 32); + int key_iter = KEYGEN_ITERATION2; + if (version >= 5) { + key_iter = iter; + } PKCS5_PBKDF2_HMAC (data_in, in_len, repo_salt_bin, sizeof(repo_salt_bin), - KEYGEN_ITERATION2, + key_iter, EVP_sha256(), 32, key); PKCS5_PBKDF2_HMAC ((char *)key, 32, @@ -107,7 +112,8 @@ int seafile_generate_random_key (const char *passwd, int version, const char *repo_salt, - char *random_key) + char *random_key, + int iter) { SeafileCrypt *crypt; unsigned char secret_key[32], *rand_key; @@ -120,7 +126,7 @@ seafile_generate_random_key (const char *passwd, return -1; } - seafile_derive_key (passwd, strlen(passwd), version, repo_salt, key, iv); + seafile_derive_key (passwd, strlen(passwd), version, repo_salt, iter, key, iv); crypt = seafile_crypt_new (version, key, iv); @@ -139,7 +145,8 @@ void seafile_generate_magic (int version, const char *repo_id, const char *passwd, const char *repo_salt, - char *magic) + char *magic, + int iter) { GString *buf = g_string_new (NULL); unsigned char key[32], iv[16]; @@ -150,7 +157,7 @@ seafile_generate_magic (int version, const char *repo_id, */ g_string_append_printf (buf, "%s%s", repo_id, passwd); - seafile_derive_key (buf->str, buf->len, version, repo_salt, key, iv); + seafile_derive_key (buf->str, buf->len, version, repo_salt, iter, key, iv); g_string_free (buf, TRUE); rawdata_to_hex (key, magic, 32); @@ -161,13 +168,14 @@ seafile_verify_repo_passwd (const char *repo_id, const char *passwd, const char *magic, int version, - const char *repo_salt) + const char *repo_salt, + int iter) { GString *buf = g_string_new (NULL); unsigned char key[32], iv[16]; char hex[65]; - if (version != 1 && version != 2 && version != 3 && version != 4) { + if (version != 1 && version != 2 && version != 3 && version != 4 && version != 5) { seaf_warning ("Unsupported enc_version %d.\n", version); return -1; } @@ -175,7 +183,7 @@ seafile_verify_repo_passwd (const char *repo_id, /* Recompute the magic and compare it with the one comes with the repo. */ g_string_append_printf (buf, "%s%s", repo_id, passwd); - seafile_derive_key (buf->str, buf->len, version, repo_salt, key, iv); + seafile_derive_key (buf->str, buf->len, version, repo_salt, iter, key, iv); g_string_free (buf, TRUE); if (version >= 2) @@ -193,11 +201,12 @@ int seafile_decrypt_repo_enc_key (int enc_version, const char *passwd, const char *random_key, const char *repo_salt, + int iter, unsigned char *key_out, unsigned char *iv_out) { unsigned char key[32], iv[16]; - seafile_derive_key (passwd, strlen(passwd), enc_version, repo_salt, key, iv); + seafile_derive_key (passwd, strlen(passwd), enc_version, repo_salt, iter, key, iv); if (enc_version == 1) { memcpy (key_out, key, 16); @@ -227,6 +236,7 @@ seafile_decrypt_repo_enc_key (int enc_version, seafile_derive_key ((char *)dec_random_key, 32, enc_version, repo_salt, + iter, key, iv); memcpy (key_out, key, 32); memcpy (iv_out, iv, 16); @@ -241,7 +251,7 @@ seafile_decrypt_repo_enc_key (int enc_version, int seafile_update_random_key (const char *old_passwd, const char *old_random_key, const char *new_passwd, char *new_random_key, - int enc_version, const char *repo_salt) + int enc_version, const char *repo_salt, int iter) { unsigned char key[32], iv[16]; unsigned char random_key_raw[48], *secret_key, *new_random_key_raw; @@ -250,7 +260,7 @@ seafile_update_random_key (const char *old_passwd, const char *old_random_key, /* First, use old_passwd to decrypt secret key from old_random_key. */ seafile_derive_key (old_passwd, strlen(old_passwd), enc_version, - repo_salt, key, iv); + repo_salt, iter, key, iv); hex_to_rawdata (old_random_key, random_key_raw, 48); @@ -266,7 +276,7 @@ seafile_update_random_key (const char *old_passwd, const char *old_random_key, /* Second, use new_passwd to encrypt secret key. */ seafile_derive_key (new_passwd, strlen(new_passwd), enc_version, - repo_salt, key, iv); + repo_salt, iter, key, iv); crypt = seafile_crypt_new (enc_version, key, iv); diff --git a/common/seafile-crypt.h b/common/seafile-crypt.h index 1d2ce4a7..4fcffc55 100644 --- a/common/seafile-crypt.h +++ b/common/seafile-crypt.h @@ -55,6 +55,7 @@ seafile_crypt_new (int version, unsigned char *key, unsigned char *iv); int seafile_derive_key (const char *data_in, int in_len, int version, const char *repo_salt, + int iter, unsigned char *key, unsigned char *iv); /* @salt must be an char array of size 65 bytes. */ @@ -69,31 +70,35 @@ int seafile_generate_random_key (const char *passwd, int version, const char *repo_salt, - char *random_key); + char *random_key, + int iter); void seafile_generate_magic (int version, const char *repo_id, const char *passwd, const char *repo_salt, - char *magic); + char *magic, + int iter); int seafile_verify_repo_passwd (const char *repo_id, const char *passwd, const char *magic, int version, - const char *repo_salt); + const char *repo_salt, + int iter); int seafile_decrypt_repo_enc_key (int enc_version, const char *passwd, const char *random_key, const char *repo_salt, + int iter, unsigned char *key_out, unsigned char *iv_out); int seafile_update_random_key (const char *old_passwd, const char *old_random_key, const char *new_passwd, char *new_random_key, - int enc_version, const char *repo_salt); + int enc_version, const char *repo_salt, int iter); int seafile_encrypt (char **data_out, diff --git a/fileserver/commitmgr/commitmgr.go b/fileserver/commitmgr/commitmgr.go index ed8c03b2..0e84d917 100644 --- a/fileserver/commitmgr/commitmgr.go +++ b/fileserver/commitmgr/commitmgr.go @@ -36,6 +36,7 @@ type Commit struct { Magic string `json:"magic,omitempty"` RandomKey string `json:"key,omitempty"` Salt string `json:"salt,omitempty"` + KeyIter int `json:"key_iter,omitempty"` Version int `json:"version,omitempty"` Conflict int `json:"conflict,omitempty"` NewMerge int `json:"new_merge,omitempty"` diff --git a/fileserver/repomgr/repomgr.go b/fileserver/repomgr/repomgr.go index a6171971..12c945ba 100644 --- a/fileserver/repomgr/repomgr.go +++ b/fileserver/repomgr/repomgr.go @@ -42,6 +42,7 @@ type Repo struct { Magic string RandomKey string Salt string + KeyIter int Version int } @@ -145,6 +146,11 @@ func Get(id string) *Repo { repo.Magic = commit.Magic repo.RandomKey = commit.RandomKey repo.Salt = commit.Salt + } else if repo.EncVersion == 5 { + repo.Magic = commit.Magic + repo.RandomKey = commit.RandomKey + repo.Salt = commit.Salt + repo.KeyIter = commit.KeyIter } } @@ -171,6 +177,11 @@ func RepoToCommit(repo *Repo, commit *commitmgr.Commit) { commit.Magic = repo.Magic commit.RandomKey = repo.RandomKey commit.Salt = repo.Salt + } else if repo.EncVersion == 5 { + commit.Magic = repo.Magic + commit.RandomKey = repo.RandomKey + commit.Salt = repo.Salt + commit.KeyIter = repo.KeyIter } } else { commit.Encrypted = "false" diff --git a/server/passwd-mgr.c b/server/passwd-mgr.c index d2c17097..5de61b52 100644 --- a/server/passwd-mgr.c +++ b/server/passwd-mgr.c @@ -118,7 +118,7 @@ seaf_passwd_manager_set_passwd (SeafPasswdManager *mgr, return -1; } - if (repo->enc_version != 1 && repo->enc_version != 2 && repo->enc_version != 3 && repo->enc_version != 4) { + if (repo->enc_version != 1 && repo->enc_version != 2 && repo->enc_version != 3 && repo->enc_version != 4 && repo->enc_version != 5) { seaf_repo_unref (repo); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Unsupported encryption version"); @@ -126,7 +126,7 @@ seaf_passwd_manager_set_passwd (SeafPasswdManager *mgr, } if (seafile_verify_repo_passwd (repo->id, passwd, - repo->magic, repo->enc_version, repo->salt) < 0) { + repo->magic, repo->enc_version, repo->salt, repo->key_iter) < 0) { seaf_repo_unref (repo); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_GENERAL, "Incorrect password"); @@ -143,6 +143,7 @@ seaf_passwd_manager_set_passwd (SeafPasswdManager *mgr, } if (seafile_decrypt_repo_enc_key (repo->enc_version, passwd, repo->random_key, repo->salt, + repo->key_iter, crypt_key->key, crypt_key->iv) < 0) { seaf_repo_unref (repo); g_free (crypt_key); diff --git a/server/repo-mgr.c b/server/repo-mgr.c index 84d4fe61..5ab928bf 100644 --- a/server/repo-mgr.c +++ b/server/repo-mgr.c @@ -150,6 +150,11 @@ seaf_repo_from_commit (SeafRepo *repo, SeafCommit *commit) memcpy (repo->magic, commit->magic, 64); memcpy (repo->random_key, commit->random_key, 96); memcpy (repo->salt, commit->salt, 64); + } else if (repo->enc_version == 5) { + memcpy (repo->magic, commit->magic, 64); + memcpy (repo->random_key, commit->random_key, 96); + memcpy (repo->salt, commit->salt, 64); + repo->key_iter = commit->key_iter; } } repo->no_local_history = commit->no_local_history; @@ -179,6 +184,11 @@ seaf_repo_to_commit (SeafRepo *repo, SeafCommit *commit) commit->magic = g_strdup (repo->magic); commit->random_key = g_strdup (repo->random_key); commit->salt = g_strdup (repo->salt); + } else if (commit->enc_version == 5) { + commit->magic = g_strdup (repo->magic); + commit->random_key = g_strdup (repo->random_key); + commit->salt = g_strdup (repo->salt); + commit->key_iter = repo->key_iter; } } commit->no_local_history = repo->no_local_history; @@ -3741,7 +3751,7 @@ create_repo_common (SeafRepoManager *mgr, SeafBranch *master = NULL; int ret = -1; - if (enc_version != 4 && enc_version != 3 && enc_version != 2 && enc_version != -1) { + if (enc_version != 5 && enc_version != 4 && enc_version != 3 && enc_version != 2 && enc_version != -1) { seaf_warning ("Unsupported enc version %d.\n", enc_version); g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Unsupported encryption version"); @@ -3782,6 +3792,9 @@ create_repo_common (SeafRepoManager *mgr, } if (enc_version >= 3) memcpy (repo->salt, salt, 64); + if (enc_version >= 5) { + repo->key_iter = seaf->key_iter; + } repo->version = CURRENT_REPO_VERSION; memcpy (repo->store_id, repo_id, 36); @@ -3855,8 +3868,8 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr, if (seafile_generate_repo_salt (salt) < 0) { goto bad; } - seafile_generate_magic (enc_version, repo_id, passwd, salt, magic); - if (seafile_generate_random_key (passwd, enc_version, salt, random_key) < 0) { + seafile_generate_magic (enc_version, repo_id, passwd, salt, magic, seaf->key_iter); + if (seafile_generate_random_key (passwd, enc_version, salt, random_key, seaf->key_iter) < 0) { goto bad; } } diff --git a/server/repo-mgr.h b/server/repo-mgr.h index 0be20faf..5bbef723 100644 --- a/server/repo-mgr.h +++ b/server/repo-mgr.h @@ -35,6 +35,7 @@ struct _SeafRepo { gchar magic[65]; /* hash(repo_id + passwd), key stretched. */ gchar random_key[97]; gchar salt[65]; + int key_iter; gboolean no_local_history; gint64 last_modify; gint64 size; diff --git a/server/seafile-session.c b/server/seafile-session.c index bf586f5a..367ca8b6 100644 --- a/server/seafile-session.c +++ b/server/seafile-session.c @@ -127,6 +127,14 @@ seafile_session_new(const char *central_config_dir, g_free (type); } + session->key_iter = g_key_file_get_integer (config, + "general", "pbkdf2_iter_times", + NULL); + if (session->key_iter <= 0) { + session->key_iter = 1000; + } + + notif_enabled = g_key_file_get_boolean (config, "notification", "enabled", NULL); diff --git a/server/seafile-session.h b/server/seafile-session.h index 0aae960d..9465deed 100644 --- a/server/seafile-session.h +++ b/server/seafile-session.h @@ -83,6 +83,9 @@ struct _SeafileSession { // For notification server NotifManager *notif_mgr; char *private_key; + + // For pbkdf2 iter parameter. + int key_iter; }; extern SeafileSession *seaf; diff --git a/server/virtual-repo.c b/server/virtual-repo.c index a77ced0d..135dbf76 100644 --- a/server/virtual-repo.c +++ b/server/virtual-repo.c @@ -85,7 +85,7 @@ do_create_virtual_repo (SeafRepoManager *mgr, repo->enc_version = origin_repo->enc_version; if (repo->enc_version >= 3) memcpy (repo->salt, origin_repo->salt, 64); - seafile_generate_magic (repo->enc_version, repo_id, passwd, repo->salt, repo->magic); + seafile_generate_magic (repo->enc_version, repo_id, passwd, repo->salt, repo->magic, repo->key_iter); if (repo->enc_version >= 2) memcpy (repo->random_key, origin_repo->random_key, 96); } @@ -224,7 +224,8 @@ create_virtual_repo_common (SeafRepoManager *mgr, passwd, origin_repo->magic, origin_repo->enc_version, - origin_repo->salt) < 0) { + origin_repo->salt, + origin_repo->key_iter) < 0) { g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_GENERAL, "Incorrect password"); seaf_repo_unref (origin_repo); diff --git a/tests/test_password/test_password.py b/tests/test_password/test_password.py index d0b76b64..a446abab 100644 --- a/tests/test_password/test_password.py +++ b/tests/test_password/test_password.py @@ -3,8 +3,8 @@ from seaserv import seafile_api as api @pytest.mark.parametrize('rpc, enc_version', - [('create_repo', 2), ('create_repo', 3), ('create_repo', 4), - ('create_enc_repo', 2), ('create_enc_repo', 3), ('create_enc_repo', 4)]) + [('create_repo', 2), ('create_repo', 3), ('create_repo', 4), ('create_repo', 5), + ('create_enc_repo', 2), ('create_enc_repo', 3), ('create_enc_repo', 4), ('create_enc_repo', 5)]) def test_encrypted_repo(rpc, enc_version): test_repo_name = 'test_enc_repo' test_repo_desc = 'test_enc_repo' @@ -18,8 +18,10 @@ def test_encrypted_repo(rpc, enc_version): repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb762' elif enc_version == 3: repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb763' - else: + elif enc_version == 4: repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb764' + else: + repo_id = 'd17bf8ca-3019-40ee-8fdb-0258c89fb765' enc_info = api.generate_magic_and_random_key(enc_version, repo_id, test_repo_passwd) assert enc_info ret_repo_id = api.create_enc_repo(repo_id, test_repo_name, test_repo_desc, @@ -32,7 +34,7 @@ def test_encrypted_repo(rpc, enc_version): assert repo.enc_version == enc_version assert len(repo.magic) == 64 assert len(repo.random_key) == 96 - if enc_version == 3 or enc_version == 4: + if enc_version == 3 or enc_version == 4 or enc_version == 5: assert len(repo.salt) == 64 new_passwd = 'new password' From 63b4a6eaf8b80beab0d9671a4a7df664b5ed3969 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E8=B5=AB=E7=84=B6?= Date: Wed, 5 Jul 2023 18:11:08 +0800 Subject: [PATCH 2/2] create_enc_repo add key_iter parameter --- common/rpc-service.c | 2 ++ include/seafile-rpc.h | 1 + lib/rpc_table.py | 1 + python/seafile/rpcclient.py | 4 ++-- python/seaserv/api.py | 4 ++-- server/repo-mgr.c | 18 ++++++++++++++---- server/repo-mgr.h | 1 + server/seaf-server.c | 2 +- 8 files changed, 24 insertions(+), 9 deletions(-) diff --git a/common/rpc-service.c b/common/rpc-service.c index cdff1493..54cbd3ec 100644 --- a/common/rpc-service.c +++ b/common/rpc-service.c @@ -3056,6 +3056,7 @@ seafile_create_enc_repo (const char *repo_id, const char *random_key, const char *salt, int enc_version, + int key_iter, GError **error) { if (!repo_id || !repo_name || !repo_desc || !owner_email) { @@ -3069,6 +3070,7 @@ seafile_create_enc_repo (const char *repo_id, repo_id, repo_name, repo_desc, owner_email, magic, random_key, salt, enc_version, + key_iter, error); return ret; } diff --git a/include/seafile-rpc.h b/include/seafile-rpc.h index c9717b62..0b445a0b 100644 --- a/include/seafile-rpc.h +++ b/include/seafile-rpc.h @@ -923,6 +923,7 @@ seafile_create_enc_repo (const char *repo_id, const char *random_key, const char *salt, int enc_version, + int key_iter, GError **error); char * diff --git a/lib/rpc_table.py b/lib/rpc_table.py index e10bb2f7..0f6c1394 100644 --- a/lib/rpc_table.py +++ b/lib/rpc_table.py @@ -66,6 +66,7 @@ [ "string", ["string", "string", "string", "string", "string", "string", "int64", "int"] ], [ "string", ["string", "string", "string", "string", "string", "string", "string"] ], [ "string", ["string", "string", "string", "string", "string", "string", "string", "int"] ], + [ "string", ["string", "string", "string", "string", "string", "string", "string", "int", "int"] ], [ "string", ["string", "string", "string", "string", "string", "string", "string", "int64"] ], [ "string", ["string", "string", "string", "string", "string", "string", "string", "string", "string"] ], [ "string", ["string", "int", "string", "string", "string", "string", "string", "string", "string", "string", "string", "string", "int", "string"] ], diff --git a/python/seafile/rpcclient.py b/python/seafile/rpcclient.py index 6559c2dd..1413f8e1 100644 --- a/python/seafile/rpcclient.py +++ b/python/seafile/rpcclient.py @@ -11,8 +11,8 @@ def seafile_create_repo(name, desc, owner_email, passwd, enc_version): pass create_repo = seafile_create_repo - @searpc_func("string", ["string", "string", "string", "string", "string", "string", "string", "int"]) - def seafile_create_enc_repo(repo_id, name, desc, owner_email, magic, random_key, salt, enc_version): + @searpc_func("string", ["string", "string", "string", "string", "string", "string", "string", "int", "int"]) + def seafile_create_enc_repo(repo_id, name, desc, owner_email, magic, random_key, salt, enc_version, key_iter): pass create_enc_repo = seafile_create_enc_repo diff --git a/python/seaserv/api.py b/python/seaserv/api.py index ece5270c..691b65c1 100644 --- a/python/seaserv/api.py +++ b/python/seaserv/api.py @@ -89,8 +89,8 @@ def generate_magic_and_random_key(self, enc_version, repo_id, password): def create_repo(self, name, desc, username, passwd=None, enc_version=2, storage_id=None): return seafserv_threaded_rpc.create_repo(name, desc, username, passwd, enc_version) - def create_enc_repo(self, repo_id, name, desc, username, magic, random_key, salt, enc_version): - return seafserv_threaded_rpc.create_enc_repo(repo_id, name, desc, username, magic, random_key, salt, enc_version) + def create_enc_repo(self, repo_id, name, desc, username, magic, random_key, salt, enc_version, key_iter=1000): + return seafserv_threaded_rpc.create_enc_repo(repo_id, name, desc, username, magic, random_key, salt, enc_version, key_iter) def get_repos_by_id_prefix(self, id_prefix, start=-1, limit=-1): """ diff --git a/server/repo-mgr.c b/server/repo-mgr.c index 5ab928bf..815316d2 100644 --- a/server/repo-mgr.c +++ b/server/repo-mgr.c @@ -3744,6 +3744,7 @@ create_repo_common (SeafRepoManager *mgr, const char *random_key, const char *salt, int enc_version, + int key_iter, GError **error) { SeafRepo *repo = NULL; @@ -3780,6 +3781,14 @@ create_repo_common (SeafRepoManager *mgr, return -1; } } + if (enc_version >= 5) { + if (key_iter <= 0) { + seaf_warning ("Bad key iteration times.\n"); + g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, + "Bad key iteration times"); + return -1; + } + } repo = seaf_repo_new (repo_id, repo_name, repo_desc); @@ -3793,7 +3802,7 @@ create_repo_common (SeafRepoManager *mgr, if (enc_version >= 3) memcpy (repo->salt, salt, 64); if (enc_version >= 5) { - repo->key_iter = seaf->key_iter; + repo->key_iter = key_iter; } repo->version = CURRENT_REPO_VERSION; @@ -3877,10 +3886,10 @@ seaf_repo_manager_create_new_repo (SeafRepoManager *mgr, int rc; if (passwd) rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, - magic, random_key, salt, enc_version, error); + magic, random_key, salt, enc_version, seaf->key_iter, error); else rc = create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, - NULL, NULL, NULL, -1, error); + NULL, NULL, NULL, -1, -1, error); if (rc < 0) goto bad; @@ -3909,6 +3918,7 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr, const char *random_key, const char *salt, int enc_version, + int key_iter, GError **error) { if (!repo_id || !is_uuid_valid (repo_id)) { @@ -3926,7 +3936,7 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr, } if (create_repo_common (mgr, repo_id, repo_name, repo_desc, owner_email, - magic, random_key, salt, enc_version, error) < 0) + magic, random_key, salt, enc_version, key_iter, error) < 0) return NULL; if (seaf_repo_manager_set_repo_owner (mgr, repo_id, owner_email) < 0) { diff --git a/server/repo-mgr.h b/server/repo-mgr.h index 5bbef723..08e75263 100644 --- a/server/repo-mgr.h +++ b/server/repo-mgr.h @@ -514,6 +514,7 @@ seaf_repo_manager_create_enc_repo (SeafRepoManager *mgr, const char *random_key, const char *salt, int enc_version, + int key_iter, GError **error); /* Give a repo and a path in this repo, returns a list of commits, where every diff --git a/server/seaf-server.c b/server/seaf-server.c index 46c0b310..87d9f176 100644 --- a/server/seaf-server.c +++ b/server/seaf-server.c @@ -227,7 +227,7 @@ static void start_rpc_service (const char *seafile_dir, searpc_server_register_function ("seafserv-threaded-rpcserver", seafile_create_enc_repo, "seafile_create_enc_repo", - searpc_signature_string__string_string_string_string_string_string_string_int()); + searpc_signature_string__string_string_string_string_string_string_string_int_int()); searpc_server_register_function ("seafserv-threaded-rpcserver", seafile_get_commit,