From 3badf5caf579f8ff10c9917f62cb41cd9b0c68f8 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 3 Feb 2016 14:32:04 +0100
Subject: Use number of chunk for HMAC as well

Prevents switching single blocks within the encrypted file.
---
 apps/encryption/lib/crypto/crypt.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'apps/encryption/lib/crypto/crypt.php')

diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index 6c3aee47a56..b4c10f42790 100644
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -170,10 +170,11 @@ class Crypt {
 	 * @param string $plainContent
 	 * @param string $passPhrase
 	 * @param int $version
+	 * @param int $position
 	 * @return false|string
 	 * @throws EncryptionFailedException
 	 */
-	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version) {
+	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
 
 		if (!$plainContent) {
 			$this->logger->error('Encryption Library, symmetrical encryption failed no content given',
@@ -189,7 +190,7 @@ class Crypt {
 			$this->getCipher());
 
 		// Create a signature based on the key as well as the current version
-		$sig = $this->createSignature($encryptedContent, $passPhrase.$version);
+		$sig = $this->createSignature($encryptedContent, $passPhrase.$version.$position);
 
 		// combine content to encrypt the IV identifier and actual IV
 		$catFile = $this->concatIV($encryptedContent, $iv);
@@ -368,6 +369,7 @@ class Crypt {
 		$encryptedKey = $this->symmetricEncryptFileContent(
 			$privateKey,
 			$hash,
+			0,
 			0
 		);
 
@@ -444,14 +446,15 @@ class Crypt {
 	 * @param string $passPhrase
 	 * @param string $cipher
 	 * @param int $version
+	 * @param int $position
 	 * @return string
 	 * @throws DecryptionFailedException
 	 */
-	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0) {
+	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
 		$catFile = $this->splitMetaData($keyFileContents, $cipher);
 
 		if ($catFile['signature'] !== false) {
-			$this->checkSignature($catFile['encrypted'], $passPhrase.$version, $catFile['signature']);
+			$this->checkSignature($catFile['encrypted'], $passPhrase.$version.$position, $catFile['signature']);
 		}
 
 		return $this->decrypt($catFile['encrypted'],
-- 
cgit v1.2.3