diff --git a/apps/encryption/lib/crypto/encryptall.php b/apps/encryption/lib/crypto/encryptall.php index ef67523d7e..3bc2746f5f 100644 --- a/apps/encryption/lib/crypto/encryptall.php +++ b/apps/encryption/lib/crypto/encryptall.php @@ -344,7 +344,7 @@ class EncryptAll { * @return string password */ protected function generateOneTimePassword($uid) { - $password = $this->secureRandom->getMediumStrengthGenerator()->generate(8); + $password = $this->secureRandom->generate(8); $this->userPasswords[$uid] = $password; return $password; } diff --git a/apps/federation/api/ocsauthapi.php b/apps/federation/api/ocsauthapi.php index b94550fd4f..c089c89f9d 100644 --- a/apps/federation/api/ocsauthapi.php +++ b/apps/federation/api/ocsauthapi.php @@ -139,7 +139,7 @@ class OCSAuthAPI { return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } - $sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32); + $sharedSecret = $this->secureRandom->generate(32); $this->trustedServers->addSharedSecret($url, $sharedSecret); // reset token after the exchange of the shared secret was successful diff --git a/apps/federation/lib/trustedservers.php b/apps/federation/lib/trustedservers.php index 96a2917807..d1a27bf122 100644 --- a/apps/federation/lib/trustedservers.php +++ b/apps/federation/lib/trustedservers.php @@ -90,7 +90,7 @@ class TrustedServers { $url = $this->updateProtocol($url); $result = $this->dbHandler->addServer($url); if ($result) { - $token = $this->secureRandom->getMediumStrengthGenerator()->generate(16); + $token = $this->secureRandom->generate(16); $this->dbHandler->addToken($url, $token); $this->jobList->add( 'OCA\Federation\BackgroundJob\RequestSharedSecret', diff --git a/core/lostpassword/controller/lostcontroller.php b/core/lostpassword/controller/lostcontroller.php index 0cd6fcd30a..88e6fe0f63 100644 --- a/core/lostpassword/controller/lostcontroller.php +++ b/core/lostpassword/controller/lostcontroller.php @@ -227,7 +227,7 @@ class LostController extends Controller { ); } - $token = $this->secureRandom->getMediumStrengthGenerator()->generate(21, + $token = $this->secureRandom->generate(21, ISecureRandom::CHAR_DIGITS. ISecureRandom::CHAR_LOWER. ISecureRandom::CHAR_UPPER); diff --git a/lib/base.php b/lib/base.php index 80b1a2bafc..6f0cd14b5b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1076,7 +1076,7 @@ class OC { if ($config->getSystemValue('debug', false)) { self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core')); } - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); + $token = \OC::$server->getSecureRandom()->generate(32); $config->setUserValue($userId, 'login_token', $token, time()); OC_User::setMagicInCookie($userId, $token); } else { diff --git a/lib/private/db/mdb2schemamanager.php b/lib/private/db/mdb2schemamanager.php index 6fa9a63ec0..5cf1172e64 100644 --- a/lib/private/db/mdb2schemamanager.php +++ b/lib/private/db/mdb2schemamanager.php @@ -75,7 +75,7 @@ class MDB2SchemaManager { * @return \OC\DB\Migrator */ public function getMigrator() { - $random = \OC::$server->getSecureRandom()->getMediumStrengthGenerator(); + $random = \OC::$server->getSecureRandom(); $platform = $this->conn->getDatabasePlatform(); $config = \OC::$server->getConfig(); if ($platform instanceof SqlitePlatform) { diff --git a/lib/private/session/cryptowrapper.php b/lib/private/session/cryptowrapper.php index 177f11ffb7..4875788530 100644 --- a/lib/private/session/cryptowrapper.php +++ b/lib/private/session/cryptowrapper.php @@ -74,7 +74,7 @@ class CryptoWrapper { if (!is_null($request->getCookie(self::COOKIE_NAME))) { $this->passphrase = $request->getCookie(self::COOKIE_NAME); } else { - $this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128); + $this->passphrase = $this->random->generate(128); $secureCookie = $request->getServerProtocol() === 'https'; // FIXME: Required for CI if (!defined('PHPUNIT_RUN')) { diff --git a/lib/private/setup/mysql.php b/lib/private/setup/mysql.php index e8b88eb348..63ded13ede 100644 --- a/lib/private/setup/mysql.php +++ b/lib/private/setup/mysql.php @@ -143,7 +143,7 @@ class MySQL extends AbstractDatabase { $this->dbUser = $adminUser; //create a random password so we don't need to store the admin password in the config file - $this->dbPassword = $this->random->getMediumStrengthGenerator()->generate(30); + $this->dbPassword = $this->random->generate(30); $this->createDBUser($connection); diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 63639461f0..960ed53984 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -819,7 +819,7 @@ class Share extends Constants { if (isset($oldToken)) { $token = $oldToken; } else { - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, + $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER. \OCP\Security\ISecureRandom::CHAR_DIGITS ); @@ -860,7 +860,7 @@ class Share extends Constants { throw new \Exception($message_t); } - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . + $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); $shareWith = $user . '@' . $remote; diff --git a/lib/private/user.php b/lib/private/user.php index fa1cea9072..9595ec5f12 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -393,7 +393,7 @@ class OC_User { * generates a password */ public static function generatePassword() { - return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); + return \OC::$server->getSecureRandom()->generate(30); } /** diff --git a/lib/private/user/session.php b/lib/private/user/session.php index be38b1b1d8..7030f3ddbc 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -260,7 +260,7 @@ class Session implements IUserSession, Emitter { } // replace successfully used token with a new one \OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken); - $newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); + $newToken = \OC::$server->getSecureRandom()->generate(32); \OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time()); $this->setMagicInCookie($user->getUID(), $newToken); diff --git a/lib/private/util.php b/lib/private/util.php index 5a7a4d8ae5..ff28f78238 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1125,7 +1125,7 @@ class OC_Util { // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. - $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength); + $requestToken = \OC::$server->getSecureRandom()->generate($tokenLength); \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it @@ -1133,7 +1133,7 @@ class OC_Util { } // XOR the token to mitigate breach-like attacks - $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength); + $sharedSecret = \OC::$server->getSecureRandom()->generate($tokenLength); self::$obfuscatedToken = base64_encode($requestToken ^ $sharedSecret) .':'.$sharedSecret; return self::$obfuscatedToken; diff --git a/tests/lib/dbschema.php b/tests/lib/dbschema.php index d96f819577..11eacbf397 100644 --- a/tests/lib/dbschema.php +++ b/tests/lib/dbschema.php @@ -26,7 +26,7 @@ class Test_DBSchema extends \Test\TestCase { $dbfile = OC::$SERVERROOT.'/tests/data/db_structure.xml'; $dbfile2 = OC::$SERVERROOT.'/tests/data/db_structure2.xml'; - $r = '_' . \OC::$server->getSecureRandom()->getMediumStrengthGenerator()-> + $r = '_' . \OC::$server->getSecureRandom()-> generate(4, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS) . '_'; $content = file_get_contents( $dbfile ); $content = str_replace( '*dbprefix*', '*dbprefix*'.$r, $content ); diff --git a/tests/lib/security/securerandom.php b/tests/lib/security/securerandom.php index 5eede9a30f..526066d92e 100644 --- a/tests/lib/security/securerandom.php +++ b/tests/lib/security/securerandom.php @@ -51,7 +51,7 @@ class SecureRandomTest extends \Test\TestCase { * @dataProvider stringGenerationProvider */ function testMediumLowStrengthGeneratorLength($length, $expectedLength) { - $generator = $this->rng->getMediumStrengthGenerator(); + $generator = $this->rng; $this->assertEquals($expectedLength, strlen($generator->generate($length))); } @@ -67,7 +67,7 @@ class SecureRandomTest extends \Test\TestCase { * @dataProvider charCombinations */ public function testScheme($charName, $chars) { - $generator = $this->rng->getMediumStrengthGenerator(); + $generator = $this->rng; $scheme = constant('OCP\Security\ISecureRandom::' . $charName); $randomString = $generator->generate(100, $scheme); $matchesRegex = preg_match('/^'.$chars.'+$/', $randomString);