- /*
- *we got a key. old code send only the key, without RINO version.
- * we assume RINO 1 if key and no RINO version
- */
- $data = DFRN::aes_decrypt(hex2bin($data), $final_key);
- break;
- case 2:
- try {
- $data = Crypto::decrypt(hex2bin($data), $final_key);
- } catch (InvalidCiphertext $ex) { // VERY IMPORTANT
- /*
- * Either:
- * 1. The ciphertext was modified by the attacker,
- * 2. The key is wrong, or
- * 3. $ciphertext is not a valid ciphertext or was corrupted.
- * Assume the worst.
- */
- logger('The ciphertext has been tampered with!');
- xml_status(0, 'The ciphertext has been tampered with!');
- } catch (Ex\CryptoTestFailed $ex) {
- logger('Cannot safely perform dencryption');
- xml_status(0, 'CryptoTestFailed');
- } catch (Ex\CannotPerformOperation $ex) {
- logger('Cannot safely perform decryption');
- xml_status(0, 'Cannot safely perform decryption');
- }
+ // we got a key. old code send only the key, without RINO version.
+ // we assume RINO 1 if key and no RINO version
+ $data = DFRN::aesDecrypt(hex2bin($data), $final_key);