From 7a61ffc3ddb2fa377074335f13080468eb29b3dc Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 27 Nov 2018 11:08:41 +0100 Subject: [PATCH 1/3] Allow to disable the signature check This allows you to recover encryption files even if the signature is broken Signed-off-by: Bjoern Schiessle --- apps/encryption/lib/Crypto/Crypt.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php index 70c99f808ba..a22d4551566 100644 --- a/apps/encryption/lib/Crypto/Crypt.php +++ b/apps/encryption/lib/Crypto/Crypt.php @@ -482,9 +482,15 @@ class Crypt { * @throws GenericEncryptionException */ private function checkSignature($data, $passPhrase, $expectedSignature) { + $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); + $signature = $this->createSignature($data, $passPhrase); - if (!hash_equals($expectedSignature, $signature)) { + $hash = hash_equals($expectedSignature, $signature); + + if (!$hash && $skipSignatureCheck === false) { throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature')); + } else if (!$hash && $skipSignatureCheck) { + $this->logger->info("Signature check skipped", ['app' => 'encryption']); } } From 8796c6bc783f7d37088f26004c83d89fecabd7dc Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 27 Nov 2018 23:38:41 +0100 Subject: [PATCH 2/3] in case 'encryption_skip_signature_check' was set to true we accept if the file doesn't has a signature Signed-off-by: Bjoern Schiessle --- apps/encryption/lib/Crypto/Crypt.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php index a22d4551566..a00b93927fa 100644 --- a/apps/encryption/lib/Crypto/Crypt.php +++ b/apps/encryption/lib/Crypto/Crypt.php @@ -563,11 +563,13 @@ class Crypt { * @throws GenericEncryptionException */ private function hasSignature($catFile, $cipher) { + $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); + $meta = substr($catFile, -93); $signaturePosition = strpos($meta, '00sig00'); // enforce signature for the new 'CTR' ciphers - if ($signaturePosition === false && stripos($cipher, 'ctr') !== false) { + if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) { throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature')); } From 34d4c2bc169258c414d0dd3a527335b58167a184 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 30 Nov 2018 15:24:05 +0100 Subject: [PATCH 3/3] improve variable naming Signed-off-by: Bjoern Schiessle --- apps/encryption/lib/Crypto/Crypt.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php index a00b93927fa..b2fdec513d2 100644 --- a/apps/encryption/lib/Crypto/Crypt.php +++ b/apps/encryption/lib/Crypto/Crypt.php @@ -482,14 +482,14 @@ class Crypt { * @throws GenericEncryptionException */ private function checkSignature($data, $passPhrase, $expectedSignature) { - $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); + $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false); $signature = $this->createSignature($data, $passPhrase); - $hash = hash_equals($expectedSignature, $signature); + $isCorrectHash = hash_equals($expectedSignature, $signature); - if (!$hash && $skipSignatureCheck === false) { + if (!$isCorrectHash && $enforceSignature) { throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature')); - } else if (!$hash && $skipSignatureCheck) { + } else if (!$isCorrectHash && !$enforceSignature) { $this->logger->info("Signature check skipped", ['app' => 'encryption']); } }