nextcloud / server

lib/private/Security/Crypto.php

Indentation +132 added lines, -132 removed lines

@@ -47,136 +47,136 @@
  * @package OC\Security
  */
 class Crypto implements ICrypto {
-	/** @var AES $cipher */
-	private $cipher;
-	/** @var int */
-	private $ivLength = 16;
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * @param IConfig $config
-	 * @param ISecureRandom $random
-	 */
-	public function __construct(IConfig $config) {
-		$this->cipher = new AES();
-		$this->config = $config;
-	}
-
-	/**
-	 * @param string $message The message to authenticate
-	 * @param string $password Password to use (defaults to `secret` in config.php)
-	 * @return string Calculated HMAC
-	 */
-	public function calculateHMAC(string $message, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-
-		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
-		$password = hash('sha512', $password . 'a');
-
-		$hash = new Hash('sha512');
-		$hash->setKey($password);
-		return $hash->hash($message);
-	}
-
-	/**
-	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
-	 *
-	 * @param string $plaintext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string Authenticated ciphertext
-	 * @throws Exception if it was not possible to gather sufficient entropy
-	 * @throws Exception if encrypting the data failed
-	 */
-	public function encrypt(string $plaintext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$keyMaterial = hash_hkdf('sha512', $password);
-		$this->cipher->setPassword(substr($keyMaterial, 0, 32));
-
-		$iv = \random_bytes($this->ivLength);
-		$this->cipher->setIV($iv);
-
-		/** @var string|false $encrypted */
-		$encrypted = $this->cipher->encrypt($plaintext);
-		if ($encrypted === false) {
-			throw new Exception('Encrypting failed.');
-		}
-
-		$ciphertext = bin2hex($encrypted);
-		$iv = bin2hex($iv);
-		$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, substr($keyMaterial, 32)));
-
-		return $ciphertext.'|'.$iv.'|'.$hmac.'|3';
-	}
-
-	/**
-	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
-	 * @param string $authenticatedCiphertext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string plaintext
-	 * @throws Exception If the HMAC does not match
-	 * @throws Exception If the decryption failed
-	 */
-	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$hmacKey = $encryptionKey = $password;
-
-		$parts = explode('|', $authenticatedCiphertext);
-		$partCount = \count($parts);
-		if ($partCount < 3 || $partCount > 4) {
-			throw new Exception('Authenticated ciphertext could not be decoded.');
-		}
-
-		$ciphertext = $this->hex2bin($parts[0]);
-		$iv = $parts[1];
-		$hmac = $this->hex2bin($parts[2]);
-
-		if ($partCount === 4) {
-			$version = $parts[3];
-			if ($version >= '2') {
-				$iv = $this->hex2bin($iv);
-			}
-
-			if ($version === '3') {
-				$keyMaterial = hash_hkdf('sha512', $password);
-				$encryptionKey = substr($keyMaterial, 0, 32);
-				$hmacKey = substr($keyMaterial, 32);
-			}
-		}
-		$this->cipher->setPassword($encryptionKey);
-		$this->cipher->setIV($iv);
-
-		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
-			throw new Exception('HMAC does not match.');
-		}
-
-		$result = $this->cipher->decrypt($ciphertext);
-		if ($result === false) {
-			throw new Exception('Decryption failed');
-		}
-
-		return $result;
-	}
-
-	private function hex2bin(string $hex): string {
-		if (!ctype_xdigit($hex)) {
-			throw new \RuntimeException('String contains non hex chars: ' . $hex);
-		}
-		if (strlen($hex) % 2 !== 0) {
-			throw new \RuntimeException('Hex string is not of even length: ' . $hex);
-		}
-		$result = hex2bin($hex);
-
-		if ($result === false) {
-			throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
-		}
-
-		return $result;
-	}
+    /** @var AES $cipher */
+    private $cipher;
+    /** @var int */
+    private $ivLength = 16;
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * @param IConfig $config
+     * @param ISecureRandom $random
+     */
+    public function __construct(IConfig $config) {
+        $this->cipher = new AES();
+        $this->config = $config;
+    }
+
+    /**
+     * @param string $message The message to authenticate
+     * @param string $password Password to use (defaults to `secret` in config.php)
+     * @return string Calculated HMAC
+     */
+    public function calculateHMAC(string $message, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+
+        // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
+        $password = hash('sha512', $password . 'a');
+
+        $hash = new Hash('sha512');
+        $hash->setKey($password);
+        return $hash->hash($message);
+    }
+
+    /**
+     * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
+     *
+     * @param string $plaintext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string Authenticated ciphertext
+     * @throws Exception if it was not possible to gather sufficient entropy
+     * @throws Exception if encrypting the data failed
+     */
+    public function encrypt(string $plaintext, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $keyMaterial = hash_hkdf('sha512', $password);
+        $this->cipher->setPassword(substr($keyMaterial, 0, 32));
+
+        $iv = \random_bytes($this->ivLength);
+        $this->cipher->setIV($iv);
+
+        /** @var string|false $encrypted */
+        $encrypted = $this->cipher->encrypt($plaintext);
+        if ($encrypted === false) {
+            throw new Exception('Encrypting failed.');
+        }
+
+        $ciphertext = bin2hex($encrypted);
+        $iv = bin2hex($iv);
+        $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, substr($keyMaterial, 32)));
+
+        return $ciphertext.'|'.$iv.'|'.$hmac.'|3';
+    }
+
+    /**
+     * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
+     * @param string $authenticatedCiphertext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string plaintext
+     * @throws Exception If the HMAC does not match
+     * @throws Exception If the decryption failed
+     */
+    public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $hmacKey = $encryptionKey = $password;
+
+        $parts = explode('|', $authenticatedCiphertext);
+        $partCount = \count($parts);
+        if ($partCount < 3 || $partCount > 4) {
+            throw new Exception('Authenticated ciphertext could not be decoded.');
+        }
+
+        $ciphertext = $this->hex2bin($parts[0]);
+        $iv = $parts[1];
+        $hmac = $this->hex2bin($parts[2]);
+
+        if ($partCount === 4) {
+            $version = $parts[3];
+            if ($version >= '2') {
+                $iv = $this->hex2bin($iv);
+            }
+
+            if ($version === '3') {
+                $keyMaterial = hash_hkdf('sha512', $password);
+                $encryptionKey = substr($keyMaterial, 0, 32);
+                $hmacKey = substr($keyMaterial, 32);
+            }
+        }
+        $this->cipher->setPassword($encryptionKey);
+        $this->cipher->setIV($iv);
+
+        if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
+            throw new Exception('HMAC does not match.');
+        }
+
+        $result = $this->cipher->decrypt($ciphertext);
+        if ($result === false) {
+            throw new Exception('Decryption failed');
+        }
+
+        return $result;
+    }
+
+    private function hex2bin(string $hex): string {
+        if (!ctype_xdigit($hex)) {
+            throw new \RuntimeException('String contains non hex chars: ' . $hex);
+        }
+        if (strlen($hex) % 2 !== 0) {
+            throw new \RuntimeException('Hex string is not of even length: ' . $hex);
+        }
+        $result = hex2bin($hex);
+
+        if ($result === false) {
+            throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
+        }
+
+        return $result;
+    }
 }

Spacing +5 added lines, -5 removed lines

@@ -74,7 +74,7 @@ 
 		}
 
 		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
-		$password = hash('sha512', $password . 'a');
+		$password = hash('sha512', $password.'a');
 
 		$hash = new Hash('sha512');
 		$hash->setKey($password);
@@ -152,7 +152,7 @@ 
 		$this->cipher->setPassword($encryptionKey);
 		$this->cipher->setIV($iv);
 
-		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
+		if (!hash_equals($this->calculateHMAC($parts[0].$parts[1], $hmacKey), $hmac)) {
 			throw new Exception('HMAC does not match.');
 		}
 
@@ -166,15 +166,15 @@ 
 
 	private function hex2bin(string $hex): string {
 		if (!ctype_xdigit($hex)) {
-			throw new \RuntimeException('String contains non hex chars: ' . $hex);
+			throw new \RuntimeException('String contains non hex chars: '.$hex);
 		}
 		if (strlen($hex) % 2 !== 0) {
-			throw new \RuntimeException('Hex string is not of even length: ' . $hex);
+			throw new \RuntimeException('Hex string is not of even length: '.$hex);
 		}
 		$result = hex2bin($hex);
 
 		if ($result === false) {
-			throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
+			throw new \RuntimeException('Hex to bin conversion failed: '.$hex);
 		}
 
 		return $result;