The layout of the request differs based on whether it comes from an untrusted device or a trusted device with encrypted enabled. Handle both. Closes #8819.
This commit is contained in:
parent
fb89898462
commit
f378e63147
|
@ -96,12 +96,19 @@ func (e encryptedModel) Request(deviceID DeviceID, folder, name string, blockNo,
|
||||||
return nil, errors.New("short request")
|
return nil, errors.New("short request")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decrypt the block hash.
|
// Attempt to decrypt the block hash; it may be nil depending on what
|
||||||
|
// type of device the request comes from. Trusted devices with
|
||||||
|
// encryption enabled know the hash but don't bother to encrypt & send
|
||||||
|
// it to us. Untrusted devices have the hash from the encrypted index
|
||||||
|
// data and do send it. The model knows to only verify the hash if it
|
||||||
|
// actually gets one.
|
||||||
|
|
||||||
|
var realHash []byte
|
||||||
fileKey := e.keyGen.FileKey(realName, folderKey)
|
fileKey := e.keyGen.FileKey(realName, folderKey)
|
||||||
|
if len(hash) > 0 {
|
||||||
var additional [8]byte
|
var additional [8]byte
|
||||||
binary.BigEndian.PutUint64(additional[:], uint64(realOffset))
|
binary.BigEndian.PutUint64(additional[:], uint64(realOffset))
|
||||||
realHash, err := decryptDeterministic(hash, fileKey, additional[:])
|
realHash, err = decryptDeterministic(hash, fileKey, additional[:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// "Legacy", no offset additional data?
|
// "Legacy", no offset additional data?
|
||||||
realHash, err = decryptDeterministic(hash, fileKey, nil)
|
realHash, err = decryptDeterministic(hash, fileKey, nil)
|
||||||
|
@ -109,6 +116,7 @@ func (e encryptedModel) Request(deviceID DeviceID, folder, name string, blockNo,
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("decrypting block hash: %w", err)
|
return nil, fmt.Errorf("decrypting block hash: %w", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Perform that request and grab the data.
|
// Perform that request and grab the data.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue