nextcloud/lib/public/security/icrypto.php

<?php
/**
 * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

namespace OCP\Security;

/**
 * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
 * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
 *
 * Usage:
 * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
 * $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
 *
 * @package OCP\Security
 */
interface ICrypto {

	/**
	 * @param string $message The message to authenticate
	 * @param string $password Password to use (defaults to `secret` in config.php)
	 * @return string Calculated HMAC
	 */
	public function calculateHMAC($message, $password = '');

	/**
	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
	 * @param string $plaintext
	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	 * @return string Authenticated ciphertext
	 */
	public function encrypt($plaintext, $password = '');

	/**
	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
	 * @param string $authenticatedCiphertext
	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	 * @return string plaintext
	 * @throws \Exception If the HMAC does not match
	 */
	public function decrypt($authenticatedCiphertext, $password = '');
}
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 21:02:40 +04:00			`<?php`
			`/**`
			`* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later.`
			`* See the COPYING-README file.`
			`*/`

			`namespace OCP\Security;`

			`/**`
			`* Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided`
			`* it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.`
			`*`
			`* Usage:`
			`* $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');`
			`* $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');`
			`*`
			`* @package OCP\Security`
			`*/`
			`interface ICrypto {`

			`/**`
			`* @param string $message The message to authenticate`
			* @param string $password Password to use (defaults to `secret` in config.php)
			`* @return string Calculated HMAC`
			`*/`
			`public function calculateHMAC($message, $password = '');`

			`/**`
			`* Encrypts a value and adds an HMAC (Encrypt-Then-MAC)`
			`* @param string $plaintext`
			`* @param string $password Password to encrypt, if not specified the secret from config.php will be taken`
			`* @return string Authenticated ciphertext`
			`*/`
			`public function encrypt($plaintext, $password = '');`

			`/**`
			`* Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)`
			`* @param string $authenticatedCiphertext`
			`* @param string $password Password to encrypt, if not specified the secret from config.php will be taken`
			`* @return string plaintext`
			`* @throws \Exception If the HMAC does not match`
			`*/`
			`public function decrypt($authenticatedCiphertext, $password = '');`
			`}`