sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26323 from J0WI/crypt-const 

Use constant for supported formats
pull/27269/head
blizzz 2021-06-23 11:17:05 +07:00 committed by GitHub
parent 092ff40f15 e617361250
commit c6d5653a85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
apps/encryption/lib/Crypto/Crypt.php
Unescape Escape View File

@ -56,10 +56,20 @@ use OCP\IUserSession;
* @package OCA\Encryption\Crypto
*/
class Crypt {
public const SUPPORTED_CIPHERS_AND_KEY_SIZE = [
'AES-256-CTR' => 32,
'AES-128-CTR' => 16,
'AES-256-CFB' => 32,
'AES-128-CFB' => 16,
];
// one out of SUPPORTED_CIPHERS_AND_KEY_SIZE
public const DEFAULT_CIPHER = 'AES-256-CTR';
// default cipher from old Nextcloud versions
public const LEGACY_CIPHER = 'AES-128-CFB';
public const SUPPORTED_KEY_FORMATS = ['hash', 'password'];
// one out of SUPPORTED_KEY_FORMATS
public const DEFAULT_KEY_FORMAT = 'hash';
// default key format, old Nextcloud version encrypted the private key directly
// with the user password
public const LEGACY_KEY_FORMAT = 'password';
@ -76,20 +86,9 @@ class Crypt {
/** @var IConfig */
private $config;
/** @var array */
private $supportedKeyFormats;
/** @var IL10N */
private $l;
/** @var array */
private $supportedCiphersAndKeySize = [
'AES-256-CTR' => 32,
'AES-128-CTR' => 16,
'AES-256-CFB' => 32,
'AES-128-CFB' => 16,
];
/** @var bool */
private $supportLegacy;
@ -104,8 +103,6 @@ class Crypt {
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
$this->config = $config;
$this->l = $l;
$this->supportedKeyFormats = ['hash', 'password'];
$this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
}
@ -206,12 +203,12 @@ class Crypt {
/**
* generate header for encrypted file
*
* @param string $keyFormat (can be 'hash' or 'password')
* @param string $keyFormat see SUPPORTED_KEY_FORMATS
* @return string
* @throws \InvalidArgumentException
*/
public function generateHeader($keyFormat = 'hash') {
if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
public function generateHeader($keyFormat = self::DEFAULT_KEY_FORMAT) {
if (in_array($keyFormat, self::SUPPORTED_KEY_FORMATS, true) === false) {
throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
}
@ -258,14 +255,15 @@ class Crypt {
*/
public function getCipher() {
$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
if (!isset(self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher])) {
$this->logger->warning(
sprintf(
'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
$cipher,
self::DEFAULT_CIPHER
),
['app' => 'encryption']);
sprintf(
'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
$cipher,
self::DEFAULT_CIPHER
),
['app' => 'encryption']
);
$cipher = self::DEFAULT_CIPHER;
}
@ -280,8 +278,8 @@ class Crypt {
* @throws \InvalidArgumentException
*/
protected function getKeySize($cipher) {
if (isset($this->supportedCiphersAndKeySize[$cipher])) {
return $this->supportedCiphersAndKeySize[$cipher];
if (isset(self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher])) {
return self::SUPPORTED_CIPHERS_AND_KEY_SIZE[$cipher];
}
throw new \InvalidArgumentException(
@ -403,7 +401,7 @@ class Crypt {
$keyFormat = self::LEGACY_KEY_FORMAT;
}
if ($keyFormat === 'hash') {
if ($keyFormat === self::DEFAULT_KEY_FORMAT) {
$password = $this->generatePasswordHash($password, $cipher, $uid);
}