Add some security utilities

This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this

1 files changed, 51 insertions, 0 deletions

diff --git a/tests/lib/security/securerandom.php b/tests/lib/security/securerandom.php
new file mode 100644
index 00000000000..75f8f56fb9f
--- /dev/null
+++ b/tests/lib/security/securerandom.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+class SecureRandomTest extends \PHPUnit_Framework_TestCase {
+
+	public function stringGenerationProvider() {
+		return array(
+			array(0, 0),
+			array(1, 1),
+			array(128, 128),
+			array(256, 256),
+			array(1024, 1024),
+			array(2048, 2048),
+			array(64000, 64000),
+		);
+	}
+
+	/**
+	 * @dataProvider stringGenerationProvider
+	 */
+	function testGetLowStrengthGeneratorLength($length, $expectedLength) {
+		$rng = new \OC\Security\SecureRandom();
+		$generator = $rng->getLowStrengthGenerator();
+
+		$this->assertEquals($expectedLength, strlen($generator->generate($length)));
+	}
+
+	/**
+	 * @dataProvider stringGenerationProvider
+	 */
+	function testMediumLowStrengthGeneratorLength($length, $expectedLength) {
+		$rng = new \OC\Security\SecureRandom();
+		$generator = $rng->getMediumStrengthGenerator();
+
+		$this->assertEquals($expectedLength, strlen($generator->generate($length)));
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Generator is not initialized
+	 */
+	function testUninitializedGenerate() {
+		$rng = new \OC\Security\SecureRandom();
+		$rng->generate(30);
+	}
+}