You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

69 lines
2.4 KiB

3 years ago
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Morris Jobke <hey@morrisjobke.de>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OCP\Security;
  26. /**
  27. * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
  28. * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
  29. *
  30. * Usage:
  31. * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
  32. * $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
  33. *
  34. * @since 8.0.0
  35. */
  36. interface ICrypto {
  37. /**
  38. * @param string $message The message to authenticate
  39. * @param string $password Password to use (defaults to `secret` in config.php)
  40. * @return string Calculated HMAC
  41. * @since 8.0.0
  42. */
  43. public function calculateHMAC(string $message, string $password = ''): string;
  44. /**
  45. * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
  46. * @param string $plaintext
  47. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  48. * @return string Authenticated ciphertext
  49. * @since 8.0.0
  50. */
  51. public function encrypt(string $plaintext, string $password = ''): string;
  52. /**
  53. * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
  54. * @param string $authenticatedCiphertext
  55. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  56. * @return string plaintext
  57. * @throws \Exception If the HMAC does not match
  58. * @throws \Exception If the decryption failed
  59. * @since 8.0.0
  60. */
  61. public function decrypt(string $authenticatedCiphertext, string $password = ''): string;
  62. }