diff options
author | Björn Schießle <bjoern@schiessle.org> | 2018-12-18 11:41:16 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-18 11:41:16 +0100 |
commit | a374d8837d6de459500e619cf608e0721ea14574 (patch) | |
tree | e2442322c06facca239cbe2147336a69627e3c29 | |
parent | 6f994be665b876c35fa73d4672e81264c43efe8d (diff) | |
parent | 34d4c2bc169258c414d0dd3a527335b58167a184 (diff) | |
download | nextcloud-server-a374d8837d6de459500e619cf608e0721ea14574.tar.gz nextcloud-server-a374d8837d6de459500e619cf608e0721ea14574.zip |
Merge pull request #12678 from nextcloud/encryption-emergency-recovery
Allow to disable the signature check
-rw-r--r-- | apps/encryption/lib/Crypto/Crypt.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php index 70c99f808ba..b2fdec513d2 100644 --- a/apps/encryption/lib/Crypto/Crypt.php +++ b/apps/encryption/lib/Crypto/Crypt.php @@ -482,9 +482,15 @@ class Crypt { * @throws GenericEncryptionException */ private function checkSignature($data, $passPhrase, $expectedSignature) { + $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false); + $signature = $this->createSignature($data, $passPhrase); - if (!hash_equals($expectedSignature, $signature)) { + $isCorrectHash = hash_equals($expectedSignature, $signature); + + if (!$isCorrectHash && $enforceSignature) { throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature')); + } else if (!$isCorrectHash && !$enforceSignature) { + $this->logger->info("Signature check skipped", ['app' => 'encryption']); } } @@ -557,11 +563,13 @@ class Crypt { * @throws GenericEncryptionException */ private function hasSignature($catFile, $cipher) { + $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); + $meta = substr($catFile, -93); $signaturePosition = strpos($meta, '00sig00'); // enforce signature for the new 'CTR' ciphers - if ($signaturePosition === false && stripos($cipher, 'ctr') !== false) { + if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) { throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature')); } |