|
|
|
@ -153,9 +153,6 @@ class Crypt { |
|
|
|
return openssl_pkey_new($config); |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* get openSSL Config |
|
|
|
*/ |
|
|
|
private function getOpenSSLConfig(): array { |
|
|
|
$config = ['private_key_bits' => 4096]; |
|
|
|
$config = array_merge( |
|
|
|
@ -217,13 +214,9 @@ class Crypt { |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @param string $plainContent |
|
|
|
* @param string $iv |
|
|
|
* @param string $passPhrase |
|
|
|
* @param string $cipher |
|
|
|
* @throws EncryptionFailedException |
|
|
|
*/ |
|
|
|
private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER): string { |
|
|
|
private function encrypt(string $plainContent, string $iv, string $passPhrase = '', string $cipher = self::DEFAULT_CIPHER): string { |
|
|
|
$options = $this->useLegacyBase64Encoding ? 0 : OPENSSL_RAW_DATA; |
|
|
|
$encryptedContent = openssl_encrypt($plainContent, |
|
|
|
$cipher, |
|
|
|
@ -311,19 +304,11 @@ class Crypt { |
|
|
|
return self::LEGACY_CIPHER; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @param string $encryptedContent |
|
|
|
* @param string $iv |
|
|
|
*/ |
|
|
|
private function concatIV($encryptedContent, $iv): string { |
|
|
|
private function concatIV(string $encryptedContent, string $iv): string { |
|
|
|
return $encryptedContent . '00iv00' . $iv; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @param string $encryptedContent |
|
|
|
* @param string $signature |
|
|
|
*/ |
|
|
|
private function concatSig($encryptedContent, $signature): string { |
|
|
|
private function concatSig(string $encryptedContent, string $signature): string { |
|
|
|
return $encryptedContent . '00sig00' . $signature; |
|
|
|
} |
|
|
|
|
|
|
|
@ -331,10 +316,8 @@ class Crypt { |
|
|
|
* Note: This is _NOT_ a padding used for encryption purposes. It is solely |
|
|
|
* used to achieve the PHP stream size. It has _NOTHING_ to do with the |
|
|
|
* encrypted content and is not used in any crypto primitive. |
|
|
|
* |
|
|
|
* @param string $data |
|
|
|
*/ |
|
|
|
private function addPadding($data): string { |
|
|
|
private function addPadding(string $data): string { |
|
|
|
return $data . 'xxx'; |
|
|
|
} |
|
|
|
|
|
|
|
@ -514,12 +497,9 @@ class Crypt { |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
* remove padding |
|
|
|
* |
|
|
|
* @param string $padded |
|
|
|
* @param bool $hasSignature did the block contain a signature, in this case we use a different padding |
|
|
|
*/ |
|
|
|
private function removePadding($padded, $hasSignature = false): string|false { |
|
|
|
private function removePadding(string $padded, bool $hasSignature = false): string|false { |
|
|
|
if ($hasSignature === false && substr($padded, -2) === 'xx') { |
|
|
|
return substr($padded, 0, -2); |
|
|
|
} elseif ($hasSignature === true && substr($padded, -3) === 'xxx') { |
|
|
|
@ -532,11 +512,8 @@ class Crypt { |
|
|
|
* split meta data from encrypted file |
|
|
|
* Note: for now, we assume that the meta data always start with the iv |
|
|
|
* followed by the signature, if available |
|
|
|
* |
|
|
|
* @param string $catFile |
|
|
|
* @param string $cipher |
|
|
|
*/ |
|
|
|
private function splitMetaData($catFile, $cipher): array { |
|
|
|
private function splitMetaData(string $catFile, string $cipher): array { |
|
|
|
if ($this->hasSignature($catFile, $cipher)) { |
|
|
|
$catFile = $this->removePadding($catFile, true); |
|
|
|
$meta = substr($catFile, -93); |
|
|
|
@ -561,11 +538,9 @@ class Crypt { |
|
|
|
/** |
|
|
|
* check if encrypted block is signed |
|
|
|
* |
|
|
|
* @param string $catFile |
|
|
|
* @param string $cipher |
|
|
|
* @throws GenericEncryptionException |
|
|
|
*/ |
|
|
|
private function hasSignature($catFile, $cipher): bool { |
|
|
|
private function hasSignature(string $catFile, string $cipher): bool { |
|
|
|
$skipSignatureCheck = $this->config->getSystemValueBool('encryption_skip_signature_check', false); |
|
|
|
|
|
|
|
$meta = substr($catFile, -93); |
|
|
|
|
Côme Chilliet
2 years ago
Côme Chilliet