mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #12678 from nextcloud/encryption-emergency-recovery 

Allow to disable the signature check
This commit is contained in:
Björn Schießle 2018-12-18 11:41:16 +01:00 committed by GitHub
parent 6f994be665 34d4c2bc16
commit a374d8837d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/encryption/lib/Crypto/Crypt.php
View File

@ -482,9 +482,15 @@ class Crypt {
* @throws GenericEncryptionException * @throws GenericEncryptionException
*/ */
private function checkSignature($data, $passPhrase, $expectedSignature) { private function checkSignature($data, $passPhrase, $expectedSignature) {
$enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
$signature = $this->createSignature($data, $passPhrase); $signature = $this->createSignature($data, $passPhrase);
if (!hash_equals($expectedSignature, $signature)) { $isCorrectHash = hash_equals($expectedSignature, $signature);
if (!$isCorrectHash && $enforceSignature) {
throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature')); throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
} else if (!$isCorrectHash && !$enforceSignature) {
$this->logger->info("Signature check skipped", ['app' => 'encryption']);
} }
} }
@ -557,11 +563,13 @@ class Crypt {
* @throws GenericEncryptionException * @throws GenericEncryptionException
*/ */
private function hasSignature($catFile, $cipher) { private function hasSignature($catFile, $cipher) {
$skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
$meta = substr($catFile, -93); $meta = substr($catFile, -93);
$signaturePosition = strpos($meta, '00sig00'); $signaturePosition = strpos($meta, '00sig00');
// enforce signature for the new 'CTR' ciphers // enforce signature for the new 'CTR' ciphers
if ($signaturePosition === false && stripos($cipher, 'ctr') !== false) { if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature')); throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
} }