mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge 0b21799ba6 into d0cf20cc51

This commit is contained in:
Roeland Jago Douma 2021-06-02 11:31:08 -04:00 committed by GitHub
parent d0cf20cc51 0b21799ba6
commit 12e4eee388
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apps/encryption/lib/Crypto/Crypt.php
View File

@ -670,11 +670,25 @@ class Crypt {
throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
}
$prev = null;
// We need to be able to extract the IV
if (strlen($encKeyFile) > 12) {
$iv = substr($encKeyFile, -12);
$encrypted = substr($encKeyFile, 0, -12);
if (openssl_open($encrypted, $plainContent, $shareKey, $privateKey, 'aes-256-gcm', $iv)) {
return $plainContent;
}
$prev = new MultiKeyDecryptException('multikeydecrypt with share key failed (aes-256-gcm):' . openssl_error_string());
}
if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey, 'RC4')) {
return $plainContent;
} else {
throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
}
throw new MultiKeyDecryptException('multikeydecrypt with share key failed (rc4):' . openssl_error_string(), '', 0, $prev);
}
/**
@ -695,7 +709,8 @@ class Crypt {
$shareKeys = [];
$mappedShareKeys = [];
if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles, 'RC4')) {
$iv = \random_bytes(12);
if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles, 'aes-256-gcm', $iv)) {
$i = 0;
// Ensure each shareKey is labelled with its corresponding key id
@ -706,10 +721,9 @@ class Crypt {
return [
'keys' => $mappedShareKeys,
'data' => $sealed
'data' => $sealed . $iv,
];
} else {
throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
}
throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
}
}