|
|
|
|
@ -108,15 +108,16 @@ class Crypto implements ICrypto { |
|
|
|
|
* @param string $password Password to encrypt, if not specified the secret from config.php will be taken |
|
|
|
|
* @return string plaintext |
|
|
|
|
* @throws \Exception If the HMAC does not match |
|
|
|
|
* @throws \Exception If the decryption failed |
|
|
|
|
*/ |
|
|
|
|
public function decrypt(string $authenticatedCiphertext, string $password = ''): string { |
|
|
|
|
if($password === '') { |
|
|
|
|
if ($password === '') { |
|
|
|
|
$password = $this->config->getSystemValue('secret'); |
|
|
|
|
} |
|
|
|
|
$this->cipher->setPassword($password); |
|
|
|
|
|
|
|
|
|
$parts = explode('|', $authenticatedCiphertext); |
|
|
|
|
if(\count($parts) !== 3) { |
|
|
|
|
if (\count($parts) !== 3) { |
|
|
|
|
throw new \Exception('Authenticated ciphertext could not be decoded.'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -126,11 +127,16 @@ class Crypto implements ICrypto { |
|
|
|
|
|
|
|
|
|
$this->cipher->setIV($iv); |
|
|
|
|
|
|
|
|
|
if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) { |
|
|
|
|
if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) { |
|
|
|
|
throw new \Exception('HMAC does not match.'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return $this->cipher->decrypt($ciphertext); |
|
|
|
|
$result = $this->cipher->decrypt($ciphertext); |
|
|
|
|
if ($result === false) { |
|
|
|
|
throw new \Exception('Decryption failed'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return $result; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
Roeland Jago Douma
7 years ago
committed by