Skip to content

Commit

Permalink
fix(migration): Decrypt ownCloud secrets v2
Browse files Browse the repository at this point in the history 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

[skip ci]
  • Loading branch information
@ChristophWurst @backportbot
ChristophWurst authored and backportbot[bot] committed Nov 28, 2024
1 parent 4875f32 commit 33e30d9
Showing 1 changed file with 29 additions and 3 deletions.
32 changes: 29 additions & 3 deletions lib/private/Security/Crypto.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,25 @@ private function decryptWithoutSecret(string $authenticatedCiphertext, string $p
throw new Exception('Authenticated ciphertext could not be decoded.');
}

/*
* Rearrange arguments for legacy ownCloud migrations
*
* The original scheme consistent of three parts. Nextcloud added a
* fourth at the end as "2" or later "3", ownCloud added "v2" at the
* beginning.
*/
$originalParts = $parts;
$isOwnCloudV2Migration = $partCount === 4 && $originalParts[0] === 'v2';
if ($isOwnCloudV2Migration) {
$parts = [
$parts[1],
$parts[2],
$parts[3],
'2'
];
}

// Convert hex-encoded values to binary
$ciphertext = $this->hex2bin($parts[0]);
$iv = $parts[1];
$hmac = $this->hex2bin($parts[2]);
Expand All @@ -145,7 +164,7 @@ private function decryptWithoutSecret(string $authenticatedCiphertext, string $p
$iv = $this->hex2bin($iv);
}

if ($version === '3') {
if ($version === '3' || $isOwnCloudV2Migration) {
$keyMaterial = hash_hkdf('sha512', $password);
$encryptionKey = substr($keyMaterial, 0, 32);
$hmacKey = substr($keyMaterial, 32);
Expand All @@ -154,8 +173,15 @@ private function decryptWithoutSecret(string $authenticatedCiphertext, string $p
$this->cipher->setPassword($encryptionKey);
$this->cipher->setIV($iv);

if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
throw new Exception('HMAC does not match.');
if ($isOwnCloudV2Migration) {
// ownCloud uses the binary IV for HMAC calculation
if (!hash_equals($this->calculateHMAC($parts[0] . $iv, $hmacKey), $hmac)) {
throw new Exception('HMAC does not match.');
}
} else {
if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
throw new Exception('HMAC does not match.');
}
}

$result = $this->cipher->decrypt($ciphertext);
Expand Down

0 comments on commit 33e30d9

Please sign in to comment.