diff options
| -rw-r--r-- | lib/private/security/crypto.php | 18 | ||||
| -rw-r--r-- | lib/private/server.php | 2 | ||||
| -rw-r--r-- | tests/lib/security/crypto.php | 12 |
3 files changed, 20 insertions, 12 deletions
diff --git a/lib/private/security/crypto.php b/lib/private/security/crypto.php index 659b0170ecf..34f0d4e617d 100644 --- a/lib/private/security/crypto.php +++ b/lib/private/security/crypto.php @@ -12,7 +12,9 @@ namespace OC\Security; use Crypt_AES; use Crypt_Hash; use OCP\Security\ICrypto; +use OCP\Security\ISecureRandom; use OCP\Security\StringUtils; +use OCP\IConfig; /** * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided @@ -29,9 +31,15 @@ class Crypto implements ICrypto { private $cipher; /** @var int */ private $ivLength = 16; + /** @var IConfig */ + private $config; + /** @var ISecureRandom */ + private $random; - function __construct() { + function __construct(IConfig $config, ISecureRandom $random) { $this->cipher = new Crypt_AES(); + $this->config = $config; + $this->random = $random; } /** @@ -41,7 +49,7 @@ class Crypto implements ICrypto { */ public function calculateHMAC($message, $password = '') { if($password === '') { - $password = \OC::$server->getConfig()->getSystemValue('secret'); + $password = $this->config->getSystemValue('secret'); } $hash = new Crypt_Hash('sha512'); @@ -57,11 +65,11 @@ class Crypto implements ICrypto { */ public function encrypt($plaintext, $password = '') { if($password === '') { - $password = \OC::$server->getConfig()->getSystemValue('secret'); + $password = $this->config->getSystemValue('secret'); } $this->cipher->setPassword($password); - $iv = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate($this->ivLength); + $iv = $this->random->getLowStrengthGenerator()->generate($this->ivLength); $this->cipher->setIV($iv); $ciphertext = bin2hex($this->cipher->encrypt($plaintext)); @@ -79,7 +87,7 @@ class Crypto implements ICrypto { */ public function decrypt($authenticatedCiphertext, $password = '') { if($password === '') { - $password = \OC::$server->getConfig()->getSystemValue('secret'); + $password = $this->config->getSystemValue('secret'); } $this->cipher->setPassword($password); diff --git a/lib/private/server.php b/lib/private/server.php index 86fead1daf1..d67517f13e2 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -205,7 +205,7 @@ class Server extends SimpleContainer implements IServerContainer { return new SecureRandom(); }); $this->registerService('Crypto', function($c) { - return new Crypto(); + return new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); }); $this->registerService('Db', function ($c) { return new Db(); diff --git a/tests/lib/security/crypto.php b/tests/lib/security/crypto.php index e07a60267e8..6211e3e8227 100644 --- a/tests/lib/security/crypto.php +++ b/tests/lib/security/crypto.php @@ -12,7 +12,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase { function testDefaultEncrypt() { $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; - $crypto = new Crypto(); + $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $ciphertext = $crypto->encrypt($stringToEncrypt); $this->assertEquals($stringToEncrypt, $crypto->decrypt($ciphertext)); @@ -27,17 +27,17 @@ class CryptoTest extends \PHPUnit_Framework_TestCase { */ function testWrongPassword() { $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; - $encryptCrypto = new Crypto(); + $encryptCrypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $ciphertext = $encryptCrypto->encrypt($stringToEncrypt); - $decryptCrypto = new Crypto(); + $decryptCrypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $this->assertFalse($decryptCrypto->decrypt($ciphertext, 'A wrong password!')); } function testLaterDecryption() { $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; $encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0Y0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa'; - $crypto = new Crypto(); + $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $this->assertEquals($stringToEncrypt, $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd')); } @@ -47,7 +47,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase { */ function testWrongIV() { $encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0o0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa'; - $crypto = new Crypto(); + $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); } @@ -57,7 +57,7 @@ class CryptoTest extends \PHPUnit_Framework_TestCase { */ function testWrongParameters() { $encryptedString = '1|2'; - $crypto = new Crypto(); + $crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); $crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); } } |