summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Schießle <bjoern@schiessle.org>2018-12-18 11:41:16 +0100
committerGitHub <noreply@github.com>2018-12-18 11:41:16 +0100
commita374d8837d6de459500e619cf608e0721ea14574 (patch)
treee2442322c06facca239cbe2147336a69627e3c29
parent6f994be665b876c35fa73d4672e81264c43efe8d (diff)
parent34d4c2bc169258c414d0dd3a527335b58167a184 (diff)
downloadnextcloud-server-a374d8837d6de459500e619cf608e0721ea14574.tar.gz
nextcloud-server-a374d8837d6de459500e619cf608e0721ea14574.zip
Merge pull request #12678 from nextcloud/encryption-emergency-recovery
Allow to disable the signature check
-rw-r--r--apps/encryption/lib/Crypto/Crypt.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php
index 70c99f808ba..b2fdec513d2 100644
--- a/apps/encryption/lib/Crypto/Crypt.php
+++ b/apps/encryption/lib/Crypto/Crypt.php
@@ -482,9 +482,15 @@ class Crypt {
* @throws GenericEncryptionException
*/
private function checkSignature($data, $passPhrase, $expectedSignature) {
+ $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
+
$signature = $this->createSignature($data, $passPhrase);
- if (!hash_equals($expectedSignature, $signature)) {
+ $isCorrectHash = hash_equals($expectedSignature, $signature);
+
+ if (!$isCorrectHash && $enforceSignature) {
throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
+ } else if (!$isCorrectHash && !$enforceSignature) {
+ $this->logger->info("Signature check skipped", ['app' => 'encryption']);
}
}
@@ -557,11 +563,13 @@ class Crypt {
* @throws GenericEncryptionException
*/
private function hasSignature($catFile, $cipher) {
+ $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
+
$meta = substr($catFile, -93);
$signaturePosition = strpos($meta, '00sig00');
// enforce signature for the new 'CTR' ciphers
- if ($signaturePosition === false && stripos($cipher, 'ctr') !== false) {
+ if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
}