* @param string $password Password to encrypt, if not specified the secret from config.php will be taken
* @return string plaintext
* @throws \Exception If the HMAC does not match
+ * @throws \Exception If the decryption failed
*/
public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
$this->cipher->setPassword($password);
$parts = explode('|', $authenticatedCiphertext);
- if(\count($parts) !== 3) {
+ if (\count($parts) !== 3) {
throw new \Exception('Authenticated ciphertext could not be decoded.');
}
$this->cipher->setIV($iv);
- if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+ if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
throw new \Exception('HMAC does not match.');
}
- return $this->cipher->decrypt($ciphertext);
+ $result = $this->cipher->decrypt($ciphertext);
+ if ($result === false) {
+ throw new \Exception('Decryption failed');
+ }
+
+ return $result;
}
}
* @param string $password Password to encrypt, if not specified the secret from config.php will be taken
* @return string plaintext
* @throws \Exception If the HMAC does not match
+ * @throws \Exception If the decryption failed
* @since 8.0.0
*/
public function decrypt(string $authenticatedCiphertext, string $password = ''): string;
projects / nextcloud-server.git / commitdiff