d26a9c3c58
This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this
46 lines
1.5 KiB
PHP
46 lines
1.5 KiB
PHP
<?php
|
|
/**
|
|
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
* later.
|
|
* See the COPYING-README file.
|
|
*/
|
|
|
|
namespace OCP\Security;
|
|
|
|
/**
|
|
* Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
|
|
* it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
|
|
*
|
|
* Usage:
|
|
* $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
|
|
* $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
|
|
*
|
|
* @package OCP\Security
|
|
*/
|
|
interface ICrypto {
|
|
|
|
/**
|
|
* @param string $message The message to authenticate
|
|
* @param string $password Password to use (defaults to `secret` in config.php)
|
|
* @return string Calculated HMAC
|
|
*/
|
|
public function calculateHMAC($message, $password = '');
|
|
|
|
/**
|
|
* Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
|
|
* @param string $plaintext
|
|
* @param string $password Password to encrypt, if not specified the secret from config.php will be taken
|
|
* @return string Authenticated ciphertext
|
|
*/
|
|
public function encrypt($plaintext, $password = '');
|
|
|
|
/**
|
|
* Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
|
|
* @param string $authenticatedCiphertext
|
|
* @param string $password Password to encrypt, if not specified the secret from config.php will be taken
|
|
* @return string plaintext
|
|
* @throws \Exception If the HMAC does not match
|
|
*/
|
|
public function decrypt($authenticatedCiphertext, $password = '');
|
|
}
|