ICrypto.php 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. * @author Morris Jobke <hey@morrisjobke.de>
  7. *
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OCP\Security;
  24. /**
  25. * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
  26. * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
  27. *
  28. * Usage:
  29. * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
  30. * $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
  31. *
  32. * @package OCP\Security
  33. * @since 8.0.0
  34. */
  35. interface ICrypto {
  36. /**
  37. * @param string $message The message to authenticate
  38. * @param string $password Password to use (defaults to `secret` in config.php)
  39. * @return string Calculated HMAC
  40. * @since 8.0.0
  41. */
  42. public function calculateHMAC($message, $password = '');
  43. /**
  44. * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
  45. * @param string $plaintext
  46. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  47. * @return string Authenticated ciphertext
  48. * @since 8.0.0
  49. */
  50. public function encrypt($plaintext, $password = '');
  51. /**
  52. * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
  53. * @param string $authenticatedCiphertext
  54. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  55. * @return string plaintext
  56. * @throws \Exception If the HMAC does not match
  57. * @since 8.0.0
  58. */
  59. public function decrypt($authenticatedCiphertext, $password = '');
  60. }