nextcloud / server

lib/private/Security/Crypto.php

Indentation +94 added lines, -94 removed lines

@@ -44,99 +44,99 @@
  * @package OC\Security
  */
 class Crypto implements ICrypto {
-	/** @var AES $cipher */
-	private $cipher;
-	/** @var int */
-	private $ivLength = 16;
-	/** @var IConfig */
-	private $config;
-	/** @var ISecureRandom */
-	private $random;
-
-	/**
-	 * @param IConfig $config
-	 * @param ISecureRandom $random
-	 */
-	public function __construct(IConfig $config, ISecureRandom $random) {
-		$this->cipher = new AES();
-		$this->config = $config;
-		$this->random = $random;
-	}
-
-	/**
-	 * @param string $message The message to authenticate
-	 * @param string $password Password to use (defaults to `secret` in config.php)
-	 * @return string Calculated HMAC
-	 */
-	public function calculateHMAC(string $message, string $password = ''): string {
-		if($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-
-		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
-		$password = hash('sha512', $password . 'a');
-
-		$hash = new Hash('sha512');
-		$hash->setKey($password);
-		return $hash->hash($message);
-	}
-
-	/**
-	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
-	 * @param string $plaintext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string Authenticated ciphertext
-	 */
-	public function encrypt(string $plaintext, string $password = ''): string {
-		if($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$this->cipher->setPassword($password);
-
-		$iv = $this->random->generate($this->ivLength);
-		$this->cipher->setIV($iv);
-
-		$ciphertext = bin2hex($this->cipher->encrypt($plaintext));
-		$hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
-
-		return $ciphertext.'|'.$iv.'|'.$hmac;
-	}
-
-	/**
-	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
-	 * @param string $authenticatedCiphertext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string plaintext
-	 * @throws \Exception If the HMAC does not match
-	 * @throws \Exception If the decryption failed
-	 */
-	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
-		$this->cipher->setPassword($password);
-
-		$parts = explode('|', $authenticatedCiphertext);
-		if (\count($parts) !== 3) {
-			throw new \Exception('Authenticated ciphertext could not be decoded.');
-		}
-
-		$ciphertext = hex2bin($parts[0]);
-		$iv = $parts[1];
-		$hmac = hex2bin($parts[2]);
-
-		$this->cipher->setIV($iv);
-
-		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
-			throw new \Exception('HMAC does not match.');
-		}
-
-		$result = $this->cipher->decrypt($ciphertext);
-		if ($result === false) {
-			throw new \Exception('Decryption failed');
-		}
-
-		return $result;
-	}
+    /** @var AES $cipher */
+    private $cipher;
+    /** @var int */
+    private $ivLength = 16;
+    /** @var IConfig */
+    private $config;
+    /** @var ISecureRandom */
+    private $random;
+
+    /**
+     * @param IConfig $config
+     * @param ISecureRandom $random
+     */
+    public function __construct(IConfig $config, ISecureRandom $random) {
+        $this->cipher = new AES();
+        $this->config = $config;
+        $this->random = $random;
+    }
+
+    /**
+     * @param string $message The message to authenticate
+     * @param string $password Password to use (defaults to `secret` in config.php)
+     * @return string Calculated HMAC
+     */
+    public function calculateHMAC(string $message, string $password = ''): string {
+        if($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+
+        // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
+        $password = hash('sha512', $password . 'a');
+
+        $hash = new Hash('sha512');
+        $hash->setKey($password);
+        return $hash->hash($message);
+    }
+
+    /**
+     * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
+     * @param string $plaintext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string Authenticated ciphertext
+     */
+    public function encrypt(string $plaintext, string $password = ''): string {
+        if($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $this->cipher->setPassword($password);
+
+        $iv = $this->random->generate($this->ivLength);
+        $this->cipher->setIV($iv);
+
+        $ciphertext = bin2hex($this->cipher->encrypt($plaintext));
+        $hmac = bin2hex($this->calculateHMAC($ciphertext.$iv, $password));
+
+        return $ciphertext.'|'.$iv.'|'.$hmac;
+    }
+
+    /**
+     * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
+     * @param string $authenticatedCiphertext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string plaintext
+     * @throws \Exception If the HMAC does not match
+     * @throws \Exception If the decryption failed
+     */
+    public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
+        if ($password === '') {
+            $password = $this->config->getSystemValue('secret');
+        }
+        $this->cipher->setPassword($password);
+
+        $parts = explode('|', $authenticatedCiphertext);
+        if (\count($parts) !== 3) {
+            throw new \Exception('Authenticated ciphertext could not be decoded.');
+        }
+
+        $ciphertext = hex2bin($parts[0]);
+        $iv = $parts[1];
+        $hmac = hex2bin($parts[2]);
+
+        $this->cipher->setIV($iv);
+
+        if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
+            throw new \Exception('HMAC does not match.');
+        }
+
+        $result = $this->cipher->decrypt($ciphertext);
+        if ($result === false) {
+            throw new \Exception('Decryption failed');
+        }
+
+        return $result;
+    }
 
 }

Spacing +4 added lines, -4 removed lines

@@ -69,12 +69,12 @@ 
 	 * @return string Calculated HMAC
 	 */
 	public function calculateHMAC(string $message, string $password = ''): string {
-		if($password === '') {
+		if ($password === '') {
 			$password = $this->config->getSystemValue('secret');
 		}
 
 		// Append an "a" behind the password and hash it to prevent reusing the same password as for encryption
-		$password = hash('sha512', $password . 'a');
+		$password = hash('sha512', $password.'a');
 
 		$hash = new Hash('sha512');
 		$hash->setKey($password);
@@ -88,7 +88,7 @@ 
 	 * @return string Authenticated ciphertext
 	 */
 	public function encrypt(string $plaintext, string $password = ''): string {
-		if($password === '') {
+		if ($password === '') {
 			$password = $this->config->getSystemValue('secret');
 		}
 		$this->cipher->setPassword($password);
@@ -127,7 +127,7 @@ 
 
 		$this->cipher->setIV($iv);
 
-		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
+		if (!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
 			throw new \Exception('HMAC does not match.');
 		}
 

lib/public/Security/ICrypto.php

Indentation +25 added lines, -25 removed lines

@@ -37,31 +37,31 @@
  */
 interface ICrypto {
 
-	/**
-	 * @param string $message The message to authenticate
-	 * @param string $password Password to use (defaults to `secret` in config.php)
-	 * @return string Calculated HMAC
-	 * @since 8.0.0
-	 */
-	public function calculateHMAC(string $message, string $password = ''): string;
+    /**
+     * @param string $message The message to authenticate
+     * @param string $password Password to use (defaults to `secret` in config.php)
+     * @return string Calculated HMAC
+     * @since 8.0.0
+     */
+    public function calculateHMAC(string $message, string $password = ''): string;
 
-	/**
-	 * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
-	 * @param string $plaintext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string Authenticated ciphertext
-	 * @since 8.0.0
-	 */
-	public function encrypt(string $plaintext, string $password = ''): string;
+    /**
+     * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
+     * @param string $plaintext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string Authenticated ciphertext
+     * @since 8.0.0
+     */
+    public function encrypt(string $plaintext, string $password = ''): string;
 
-	/**
-	 * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
-	 * @param string $authenticatedCiphertext
-	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
-	 * @return string plaintext
-	 * @throws \Exception If the HMAC does not match
-	 * @throws \Exception If the decryption failed
-	 * @since 8.0.0
-	 */
-	public function decrypt(string $authenticatedCiphertext, string $password = ''): string;
+    /**
+     * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
+     * @param string $authenticatedCiphertext
+     * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
+     * @return string plaintext
+     * @throws \Exception If the HMAC does not match
+     * @throws \Exception If the decryption failed
+     * @since 8.0.0
+     */
+    public function decrypt(string $authenticatedCiphertext, string $password = ''): string;
 }