function _Load_Decryption_Cipher($validate_key = true) { // If legacy, switch to legacy mode if ($this->job['legacy']) { return $this->_Legacy_Load_Decryption_Cipher($validate_key); } // Attempt to open the cipher module if ($this->job['header']['version'] >= 3) { list($module, $module_str, $key_size) = $this->_Get_Cipher($this->progress['config']['enc_type']); } else { list($module, $module_str, $key_size) = $this->_Get_Cipher_NonStandard($this->progress['config']['enc_type']); } if (false === ($this->cipher = @mcrypt_module_open($module, '', MCRYPT_MODE_CBC, ''))) { return 'Failed to open encryption module: ' . OBFW_Exception(); } if ($validate_key) { // Get the IV size $iv_size = mcrypt_enc_get_iv_size($this->cipher); // Check header IV size - if incorrect it normally means wrong encryption type selected if ($iv_size != $this->job['header']['iv_size']) { return false; } $extra = 0; // Generate the encryption key and password authentication value - allow $extra parameter to use a different section of the key $dk = WPOnlineBackup_Functions::PBKDF2($this->progress['config']['enc_key'], $this->job['header']['iv'], 1148, $key_size * (2 + $extra) + 2); $this->job['key'] = substr($dk, $extra ? $key_size * (1 + $extra) + 2 : 0, $key_size); $pass_auth = substr($dk, $key_size * 2, 2); $check_pass_auth = chr($this->job['header']['pass_auth1']) . chr($this->job['header']['pass_auth2']); // While - so we can jump out while ($pass_auth != $check_pass_auth) { // Try the broken PBKDF2 call if this is a version 1 file if ($this->job['header']['version'] == 1) { $dk = WPOnlineBackup_Functions::PBKDF2_Broken($this->progress['config']['enc_key'], $this->job['header']['iv'], 1148, $key_size * (2 + $extra) + 2); $this->job['key'] = substr($dk, $extra ? $key_size * (1 + $extra) + 2 : 0, $key_size); $pass_auth = substr($dk, $key_size * 2, 2); if ($pass_auth == $check_pass_auth) { break; } } // Password authentication didn't match return false; } } // Now initialise the cipher so we can start decrypting. Returns -2/-3 on errors, false on incorrect parameters if (false === ($ret = @mcrypt_generic_init($this->cipher, $this->job['key'], $this->job['current_iv'])) || $ret < 0) { return 'Failed to initialise encryption. PHP: ' . OBFW_Exception(); } // Flag the cipher as initialised so we deinit it $this->cipher_init = true; return true; }