This commit is contained in:
Lukas Reschke 2014-08-27 00:49:53 +02:00
parent d26a9c3c58
commit 3329e0f2b2
3 changed files with 20 additions and 12 deletions

View File

@ -12,7 +12,9 @@ namespace OC\Security;
use Crypt_AES; use Crypt_AES;
use Crypt_Hash; use Crypt_Hash;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
use OCP\Security\StringUtils; use OCP\Security\StringUtils;
use OCP\IConfig;
/** /**
* Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
@ -29,9 +31,15 @@ class Crypto implements ICrypto {
private $cipher; private $cipher;
/** @var int */ /** @var int */
private $ivLength = 16; private $ivLength = 16;
/** @var IConfig */
private $config;
/** @var ISecureRandom */
private $random;
function __construct() { function __construct(IConfig $config, ISecureRandom $random) {
$this->cipher = new Crypt_AES(); $this->cipher = new Crypt_AES();
$this->config = $config;
$this->random = $random;
} }
/** /**
@ -41,7 +49,7 @@ class Crypto implements ICrypto {
*/ */
public function calculateHMAC($message, $password = '') { public function calculateHMAC($message, $password = '') {
if($password === '') { if($password === '') {
$password = \OC::$server->getConfig()->getSystemValue('secret'); $password = $this->config->getSystemValue('secret');
} }
$hash = new Crypt_Hash('sha512'); $hash = new Crypt_Hash('sha512');
@ -57,11 +65,11 @@ class Crypto implements ICrypto {
*/ */
public function encrypt($plaintext, $password = '') { public function encrypt($plaintext, $password = '') {
if($password === '') { if($password === '') {
$password = \OC::$server->getConfig()->getSystemValue('secret'); $password = $this->config->getSystemValue('secret');
} }
$this->cipher->setPassword($password); $this->cipher->setPassword($password);
$iv = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate($this->ivLength); $iv = $this->random->getLowStrengthGenerator()->generate($this->ivLength);
$this->cipher->setIV($iv); $this->cipher->setIV($iv);
$ciphertext = bin2hex($this->cipher->encrypt($plaintext)); $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
@ -79,7 +87,7 @@ class Crypto implements ICrypto {
*/ */
public function decrypt($authenticatedCiphertext, $password = '') { public function decrypt($authenticatedCiphertext, $password = '') {
if($password === '') { if($password === '') {
$password = \OC::$server->getConfig()->getSystemValue('secret'); $password = $this->config->getSystemValue('secret');
} }
$this->cipher->setPassword($password); $this->cipher->setPassword($password);

View File

@ -205,7 +205,7 @@ class Server extends SimpleContainer implements IServerContainer {
return new SecureRandom(); return new SecureRandom();
}); });
$this->registerService('Crypto', function($c) { $this->registerService('Crypto', function($c) {
return new Crypto(); return new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
}); });
$this->registerService('Db', function ($c) { $this->registerService('Db', function ($c) {
return new Db(); return new Db();

View File

@ -12,7 +12,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase {
function testDefaultEncrypt() { function testDefaultEncrypt() {
$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
$crypto = new Crypto(); $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$ciphertext = $crypto->encrypt($stringToEncrypt); $ciphertext = $crypto->encrypt($stringToEncrypt);
$this->assertEquals($stringToEncrypt, $crypto->decrypt($ciphertext)); $this->assertEquals($stringToEncrypt, $crypto->decrypt($ciphertext));
@ -27,17 +27,17 @@ class CryptoTest extends \PHPUnit_Framework_TestCase {
*/ */
function testWrongPassword() { function testWrongPassword() {
$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
$encryptCrypto = new Crypto(); $encryptCrypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$ciphertext = $encryptCrypto->encrypt($stringToEncrypt); $ciphertext = $encryptCrypto->encrypt($stringToEncrypt);
$decryptCrypto = new Crypto(); $decryptCrypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$this->assertFalse($decryptCrypto->decrypt($ciphertext, 'A wrong password!')); $this->assertFalse($decryptCrypto->decrypt($ciphertext, 'A wrong password!'));
} }
function testLaterDecryption() { function testLaterDecryption() {
$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
$encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0Y0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa'; $encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0Y0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa';
$crypto = new Crypto(); $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$this->assertEquals($stringToEncrypt, $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd')); $this->assertEquals($stringToEncrypt, $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'));
} }
@ -47,7 +47,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase {
*/ */
function testWrongIV() { function testWrongIV() {
$encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0o0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa'; $encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0o0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa';
$crypto = new Crypto(); $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');
} }
@ -57,7 +57,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase {
*/ */
function testWrongParameters() { function testWrongParameters() {
$encryptedString = '1|2'; $encryptedString = '1|2';
$crypto = new Crypto(); $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom());
$crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');
} }
} }