Inspection of "Merge pull request #20915 from nextcloud/enh/use_r..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 09c209...7211d4 )

by Roeland

created 2020-05-11 12:21 UTC

Status

Indentation +100 added lines, -100 removed lines patch added patch discarded remove patch

@@ -46,104 +46,104 @@
 block discarded – undo
  * @package OC\Security
  */
 class Crypto implements ICrypto {
-	/** @var AES $cipher */
-	private $cipher;
-	/** @var int */
-	private $ivLength = 16;
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * @param IConfig $config
-	 * @param ISecureRandom $random
-	 */
-	public function __construct(IConfig $config) {
-		$this->cipher = new AES();
-		$this->config = $config;
-	}
-
-	/**
-	 * @param string $message The message to authenticate
-	 * @param string $password Password to use (defaults to `secret` in config.php)
-	 * @return string Calculated HMAC
-	 */
-	public function calculateHMAC(string $message, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-
-		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
-		$password = hash('sha512', $password . 'a');
-
-		$hash = new Hash('sha512');
-		$hash->setKey($password);
-		return $hash->hash($message);
-	}
-
-	/**
-	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
-	 * @param string $plaintext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string Authenticated ciphertext
-	 */
-	public function encrypt(string $plaintext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$this->cipher->setPassword($password);
-
-		$iv = \random_bytes($this->ivLength);
-		$this->cipher->setIV($iv);
-
-		$ciphertext = bin2hex($this->cipher->encrypt($plaintext));
-		$iv = bin2hex($iv);
-		$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
-
-		return $ciphertext.'|'.$iv.'|'.$hmac.'|2';
-	}
-
-	/**
-	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
-	 * @param string $authenticatedCiphertext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string plaintext
-	 * @throws \Exception If the HMAC does not match
-	 * @throws \Exception If the decryption failed
-	 */
-	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$this->cipher->setPassword($password);
-
-		$parts = explode('|', $authenticatedCiphertext);
-		$partCount = \count($parts);
-		if ($partCount < 3 || $partCount > 4) {
-			throw new \Exception('Authenticated ciphertext could not be decoded.');
-		}
-
-		$ciphertext = hex2bin($parts[0]);
-		$iv = $parts[1];
-		$hmac = hex2bin($parts[2]);
-
-		if ($partCount === 4) {
-			$version = $parts[3];
-			if ($version === '2') {
-				$iv = hex2bin($iv);
-			}
-		}
-
-		$this->cipher->setIV($iv);
-
-		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
-			throw new \Exception('HMAC does not match.');
-		}
-
-		$result = $this->cipher->decrypt($ciphertext);
-		if ($result === false) {
-			throw new \Exception('Decryption failed');
-		}
-
-		return $result;
-	}
+    /** @var AES $cipher */
+    private $cipher;
+    /** @var int */
+    private $ivLength = 16;
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * @param IConfig $config
+     * @param ISecureRandom $random
+     */
+    public function __construct(IConfig $config) {
+        $this->cipher = new AES();
+        $this->config = $config;
+    }
+
+    /**
+     * @param string $message The message to authenticate
+     * @param string $password Password to use (defaults to `secret` in config.php)
+     * @return string Calculated HMAC
+     */
+    public function calculateHMAC(string $message, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+
+        // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
+        $password = hash('sha512', $password . 'a');
+
+        $hash = new Hash('sha512');
+        $hash->setKey($password);
+        return $hash->hash($message);
+    }
+
+    /**
+     * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
+     * @param string $plaintext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string Authenticated ciphertext
+     */
+    public function encrypt(string $plaintext, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $this->cipher->setPassword($password);
+
+        $iv = \random_bytes($this->ivLength);
+        $this->cipher->setIV($iv);
+
+        $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
+        $iv = bin2hex($iv);
+        $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
+
+        return $ciphertext.'|'.$iv.'|'.$hmac.'|2';
+    }
+
+    /**
+     * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
+     * @param string $authenticatedCiphertext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string plaintext
+     * @throws \Exception If the HMAC does not match
+     * @throws \Exception If the decryption failed
+     */
+    public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $this->cipher->setPassword($password);
+
+        $parts = explode('|', $authenticatedCiphertext);
+        $partCount = \count($parts);
+        if ($partCount < 3 || $partCount > 4) {
+            throw new \Exception('Authenticated ciphertext could not be decoded.');
+        }
+
+        $ciphertext = hex2bin($parts[0]);
+        $iv = $parts[1];
+        $hmac = hex2bin($parts[2]);
+
+        if ($partCount === 4) {
+            $version = $parts[3];
+            if ($version === '2') {
+                $iv = hex2bin($iv);
+            }
+        }
+
+        $this->cipher->setIV($iv);
+
+        if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
+            throw new \Exception('HMAC does not match.');
+        }
+
+        $result = $this->cipher->decrypt($ciphertext);
+        if ($result === false) {
+            throw new \Exception('Decryption failed');
+        }
+
+        return $result;
+    }
 }

Please login to merge, or discard this patch.

		@@ -46,104 +46,104 @@
		block discarded – undo
46	46	* @package OC\Security
47	47	*/
48	48	class Crypto implements ICrypto {
49		- /** @var AES $cipher */
50		- private $cipher;
51		- /** @var int */
52		- private $ivLength = 16;
53		- /** @var IConfig */
54		- private $config;
55		-
56		- /**
57		- * @param IConfig $config
58		- * @param ISecureRandom $random
59		- */
60		- public function __construct(IConfig $config) {
61		- $this->cipher = new AES();
62		- $this->config = $config;
63		- }
64		-
65		- /**
66		- * @param string $message The message to authenticate
67		- * @param string $password Password to use (defaults to `secret` in config.php)
68		- * @return string Calculated HMAC
69		- */
70		- public function calculateHMAC(string $message, string $password = ''): string {
71		- if ($password === '') {
72		- $password = $this->config->getSystemValue('secret');
73		- }
74		-
75		- // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
76		- $password = hash('sha512', $password . 'a');
77		-
78		- $hash = new Hash('sha512');
79		- $hash->setKey($password);
80		- return $hash->hash($message);
81		- }
82		-
83		- /**
84		- * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
85		- * @param string $plaintext
86		- * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
87		- * @return string Authenticated ciphertext
88		- */
89		- public function encrypt(string $plaintext, string $password = ''): string {
90		- if ($password === '') {
91		- $password = $this->config->getSystemValue('secret');
92		- }
93		- $this->cipher->setPassword($password);
94		-
95		- $iv = \random_bytes($this->ivLength);
96		- $this->cipher->setIV($iv);
97		-
98		- $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
99		- $iv = bin2hex($iv);
100		- $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
101		-
102		- return $ciphertext.'\|'.$iv.'\|'.$hmac.'\|2';
103		- }
104		-
105		- /**
106		- * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
107		- * @param string $authenticatedCiphertext
108		- * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
109		- * @return string plaintext
110		- * @throws \Exception If the HMAC does not match
111		- * @throws \Exception If the decryption failed
112		- */
113		- public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
114		- if ($password === '') {
115		- $password = $this->config->getSystemValue('secret');
116		- }
117		- $this->cipher->setPassword($password);
118		-
119		- $parts = explode('\|', $authenticatedCiphertext);
120		- $partCount = \count($parts);
121		- if ($partCount < 3 \|\| $partCount > 4) {
122		- throw new \Exception('Authenticated ciphertext could not be decoded.');
123		- }
124		-
125		- $ciphertext = hex2bin($parts[0]);
126		- $iv = $parts[1];
127		- $hmac = hex2bin($parts[2]);
128		-
129		- if ($partCount === 4) {
130		- $version = $parts[3];
131		- if ($version === '2') {
132		- $iv = hex2bin($iv);
133		- }
134		- }
135		-
136		- $this->cipher->setIV($iv);
137		-
138		- if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
139		- throw new \Exception('HMAC does not match.');
140		- }
141		-
142		- $result = $this->cipher->decrypt($ciphertext);
143		- if ($result === false) {
144		- throw new \Exception('Decryption failed');
145		- }
146		-
147		- return $result;
148		- }
	49	+ /** @var AES $cipher */
	50	+ private $cipher;
	51	+ /** @var int */
	52	+ private $ivLength = 16;
	53	+ /** @var IConfig */
	54	+ private $config;
	55	+
	56	+ /**
	57	+ * @param IConfig $config
	58	+ * @param ISecureRandom $random
	59	+ */
	60	+ public function __construct(IConfig $config) {
	61	+ $this->cipher = new AES();
	62	+ $this->config = $config;
	63	+ }
	64	+
	65	+ /**
	66	+ * @param string $message The message to authenticate
	67	+ * @param string $password Password to use (defaults to `secret` in config.php)
	68	+ * @return string Calculated HMAC
	69	+ */
	70	+ public function calculateHMAC(string $message, string $password = ''): string {
	71	+ if ($password === '') {
	72	+ $password = $this->config->getSystemValue('secret');
	73	+ }
	74	+
	75	+ // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
	76	+ $password = hash('sha512', $password . 'a');
	77	+
	78	+ $hash = new Hash('sha512');
	79	+ $hash->setKey($password);
	80	+ return $hash->hash($message);
	81	+ }
	82	+
	83	+ /**
	84	+ * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
	85	+ * @param string $plaintext
	86	+ * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	87	+ * @return string Authenticated ciphertext
	88	+ */
	89	+ public function encrypt(string $plaintext, string $password = ''): string {
	90	+ if ($password === '') {
	91	+ $password = $this->config->getSystemValue('secret');
	92	+ }
	93	+ $this->cipher->setPassword($password);
	94	+
	95	+ $iv = \random_bytes($this->ivLength);
	96	+ $this->cipher->setIV($iv);
	97	+
	98	+ $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
	99	+ $iv = bin2hex($iv);
	100	+ $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
	101	+
	102	+ return $ciphertext.'\|'.$iv.'\|'.$hmac.'\|2';
	103	+ }
	104	+
	105	+ /**
	106	+ * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
	107	+ * @param string $authenticatedCiphertext
	108	+ * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
	109	+ * @return string plaintext
	110	+ * @throws \Exception If the HMAC does not match
	111	+ * @throws \Exception If the decryption failed
	112	+ */
	113	+ public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
	114	+ if ($password === '') {
	115	+ $password = $this->config->getSystemValue('secret');
	116	+ }
	117	+ $this->cipher->setPassword($password);
	118	+
	119	+ $parts = explode('\|', $authenticatedCiphertext);
	120	+ $partCount = \count($parts);
	121	+ if ($partCount < 3 \|\| $partCount > 4) {
	122	+ throw new \Exception('Authenticated ciphertext could not be decoded.');
	123	+ }
	124	+
	125	+ $ciphertext = hex2bin($parts[0]);
	126	+ $iv = $parts[1];
	127	+ $hmac = hex2bin($parts[2]);
	128	+
	129	+ if ($partCount === 4) {
	130	+ $version = $parts[3];
	131	+ if ($version === '2') {
	132	+ $iv = hex2bin($iv);
	133	+ }
	134	+ }
	135	+
	136	+ $this->cipher->setIV($iv);
	137	+
	138	+ if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
	139	+ throw new \Exception('HMAC does not match.');
	140	+ }
	141	+
	142	+ $result = $this->cipher->decrypt($ciphertext);
	143	+ if ($result === false) {
	144	+ throw new \Exception('Decryption failed');
	145	+ }
	146	+
	147	+ return $result;
	148	+ }
149	149	}

nextcloud / server

Push — master ( 09c209...7211d4 )

Status

Category

Indentation +100 added lines, -100 removed lines patch added patch discarded remove patch