diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-11-20 18:02:32 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-11-20 18:05:42 +0300 |
| commit | ec853da5ad54af7e6eabb40923784a56330b095a (patch) | |
| tree | 923772b3571478dc4d5a7d3a6f4d94c8ab487a51 /lib/public | |
| parent | f64c6c9c9cb48ce2291c5c613e80794e6130a85d (diff) | |
Backport \OC\Security\Crypto to ownCloud 7
Conflicts:
lib/repair/repairconfig.php
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/security/icrypto.php | 46 | ||||
| -rw-r--r-- | lib/public/security/stringutils.php | 25 |
2 files changed, 71 insertions, 0 deletions
diff --git a/lib/public/security/icrypto.php b/lib/public/security/icrypto.php new file mode 100644 index 00000000000..204935d73ac --- /dev/null +++ b/lib/public/security/icrypto.php @@ -0,0 +1,46 @@ +<?php +/** + * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OCP\Security; + +/** + * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided + * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd. + * + * Usage: + * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText'); + * $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password'); + * + * @package OCP\Security + */ +interface ICrypto { + + /** + * @param string $message The message to authenticate + * @param string $password Password to use (defaults to `secret` in config.php) + * @return string Calculated HMAC + */ + public function calculateHMAC($message, $password = ''); + + /** + * Encrypts a value and adds an HMAC (Encrypt-Then-MAC) + * @param string $plaintext + * @param string $password Password to encrypt, if not specified the secret from config.php will be taken + * @return string Authenticated ciphertext + */ + public function encrypt($plaintext, $password = ''); + + /** + * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac) + * @param string $authenticatedCiphertext + * @param string $password Password to encrypt, if not specified the secret from config.php will be taken + * @return string plaintext + * @throws \Exception If the HMAC does not match + */ + public function decrypt($authenticatedCiphertext, $password = ''); +}
\ No newline at end of file diff --git a/lib/public/security/stringutils.php b/lib/public/security/stringutils.php new file mode 100644 index 00000000000..e74efec4fde --- /dev/null +++ b/lib/public/security/stringutils.php @@ -0,0 +1,25 @@ +<?php +/** + * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + + +namespace OCP\Security; + +class StringUtils { + /** + * Compares whether two strings are equal. To prevent guessing of the string + * length this is done by comparing two hashes against each other and afterwards + * a comparison of the real string to prevent against the unlikely chance of + * collisions. + * @param string $expected The expected value + * @param string $input The input to compare against + * @return bool True if the two strings are equal, otherwise false. + */ + public static function equals($expected, $input) { + return \OC\Security\StringUtils::equals($expected, $input); + } +}
\ No newline at end of file |