Use number of chunk for HMAC as well

Prevents switching single blocks within the encrypted file.
author: Lukas Reschke <lukas@owncloud.com> 2016-02-03 14:32:04 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2016-02-09 23:43:26 +0100
commit: 3badf5caf579f8ff10c9917f62cb41cd9b0c68f8 (patch)
tree: 2251ec9415958573a4b434f0600fd48c7c29cdf6 /apps/encryption/lib/crypto/crypt.php
parent: b5824f024a1008b0195b6e8f4803774cfe644b7b (diff)
download: nextcloud-server-3badf5caf579f8ff10c9917f62cb41cd9b0c68f8.tar.gz
nextcloud-server-3badf5caf579f8ff10c9917f62cb41cd9b0c68f8.zip
1 files changed, 7 insertions, 4 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index 6c3aee47a56..b4c10f42790 100644
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -170,10 +170,11 @@ class Crypt {
 	 * @param string $plainContent
 	 * @param string $passPhrase
 	 * @param int $version
+	 * @param int $position
 	 * @return false|string
 	 * @throws EncryptionFailedException
 	 */
-	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version) {
+	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
 
 		if (!$plainContent) {
 			$this->logger->error('Encryption Library, symmetrical encryption failed no content given',
@@ -189,7 +190,7 @@ class Crypt {
 			$this->getCipher());
 
 		// Create a signature based on the key as well as the current version
-		$sig = $this->createSignature($encryptedContent, $passPhrase.$version);
+		$sig = $this->createSignature($encryptedContent, $passPhrase.$version.$position);
 
 		// combine content to encrypt the IV identifier and actual IV
 		$catFile = $this->concatIV($encryptedContent, $iv);
@@ -368,6 +369,7 @@ class Crypt {
 		$encryptedKey = $this->symmetricEncryptFileContent(
 			$privateKey,
 			$hash,
+			0,
 			0
 		);
 
@@ -444,14 +446,15 @@ class Crypt {
 	 * @param string $passPhrase
 	 * @param string $cipher
 	 * @param int $version
+	 * @param int $position
 	 * @return string
 	 * @throws DecryptionFailedException
 	 */
-	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0) {
+	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
 		$catFile = $this->splitMetaData($keyFileContents, $cipher);
 
 		if ($catFile['signature'] !== false) {
-			$this->checkSignature($catFile['encrypted'], $passPhrase.$version, $catFile['signature']);
+			$this->checkSignature($catFile['encrypted'], $passPhrase.$version.$position, $catFile['signature']);
 		}
 
 		return $this->decrypt($catFile['encrypted'],
author	Lukas Reschke <lukas@owncloud.com>	2016-02-03 14:32:04 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-02-09 23:43:26 +0100
commit	3badf5caf579f8ff10c9917f62cb41cd9b0c68f8 (patch)
tree	2251ec9415958573a4b434f0600fd48c7c29cdf6 /apps/encryption/lib/crypto/crypt.php
parent	b5824f024a1008b0195b6e8f4803774cfe644b7b (diff)
download	nextcloud-server-3badf5caf579f8ff10c9917f62cb41cd9b0c68f8.tar.gz nextcloud-server-3badf5caf579f8ff10c9917f62cb41cd9b0c68f8.zip