1
0

ICrypto.php 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-only
  7. */
  8. namespace OCP\Security;
  9. /**
  10. * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
  11. * it will use the secret defined in config.php as key. Additionally the message will be HMAC'd.
  12. *
  13. * Usage:
  14. * $encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt('EncryptedText');
  15. * $encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt('EncryptedText', 'password');
  16. *
  17. * @since 8.0.0
  18. */
  19. interface ICrypto {
  20. /**
  21. * @param string $message The message to authenticate
  22. * @param string $password Password to use (defaults to `secret` in config.php)
  23. * @return string Calculated HMAC
  24. * @since 8.0.0
  25. */
  26. public function calculateHMAC(string $message, string $password = ''): string;
  27. /**
  28. * Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
  29. * @param string $plaintext
  30. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  31. * @return string Authenticated ciphertext
  32. * @since 8.0.0
  33. */
  34. public function encrypt(string $plaintext, string $password = ''): string;
  35. /**
  36. * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
  37. * @param string $authenticatedCiphertext
  38. * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  39. * @return string plaintext
  40. * @throws \Exception If the HMAC does not match
  41. * @throws \Exception If the decryption failed
  42. * @since 8.0.0
  43. */
  44. public function decrypt(string $authenticatedCiphertext, string $password = ''): string;
  45. }