nextcloud_server/lib/private/Security/SecureRandom.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OC\Security;

use OCP\Security\ISecureRandom;

/**
 * Class SecureRandom provides a wrapper around the random_int function to generate
 * secure random strings. For PHP 7 the native CSPRNG is used, older versions do
 * use a fallback.
 *
 * Usage:
 * \OC::$server->get(ISecureRandom::class)->generate(10);
 * @package OC\Security
 */
class SecureRandom implements ISecureRandom {
	/**
	 * Generate a secure random string of specified length.
	 * @param int $length The length of the generated string
	 * @param string $characters An optional list of characters to use if no character list is
	 *                           specified all valid base64 characters are used.
	 * @throws \LengthException if an invalid length is requested
	 */
	public function generate(
		int $length,
		string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
	): string {
		if ($length <= 0) {
			throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0');
		}

		$maxCharIndex = \strlen($characters) - 1;
		$randomString = '';

		while ($length > 0) {
			$randomNumber = \random_int(0, $maxCharIndex);
			$randomString .= $characters[$randomNumber];
			$length--;
		}
		return $randomString;
	}
}
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 19:57:53 +01:00
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-01-14 11:33:53 +01:00			`declare(strict_types=1);`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 09:26:56 +02:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`*/`
			`namespace OC\Security;`

			`use OCP\Security\ISecureRandom;`

			`/**`
Use PHP polyfills 2015-12-11 06:17:47 +01:00			`* Class SecureRandom provides a wrapper around the random_int function to generate`
			`* secure random strings. For PHP 7 the native CSPRNG is used, older versions do`
			`* use a fallback.`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`*`
			`* Usage:`
Refactor `OC\Server::getSecureRandom` Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com> 2023-08-29 16:29:33 -05:00			`* \OC::$server->get(ISecureRandom::class)->generate(10);`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`* @package OC\Security`
			`*/`
			`class SecureRandom implements ISecureRandom {`
			`/**`
Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-12 13:58:18 +02:00			`* Generate a secure random string of specified length.`
Fix type annotation Obviously should be an int 2015-04-27 13:31:18 +02:00			`* @param int $length The length of the generated string`
Use native CSPRNG if available Unfortunately only PHP 7… 2015-11-06 16:24:26 +01:00			`* @param string $characters An optional list of characters to use if no character list is`
URLEncode logout attribute Otherwise logout can fail if the requesttoken contains a + 2015-02-13 11:35:12 +01:00			`* specified all valid base64 characters are used.`
Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-12 13:58:18 +02:00			`* @throws \LengthException if an invalid length is requested`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`*/`
Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at> 2023-06-26 15:20:56 +03:30			`public function generate(`
			`int $length,`
			`string $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',`
			`): string {`
Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-12 13:58:18 +02:00			`if ($length <= 0) {`
			`throw new \LengthException('Invalid length specified: ' . $length . ' must be bigger than 0');`
			`}`

Strict ISecure random * Declare strict * Scalar arguments * Return type * Use fully qualified name for strlen Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-01-13 21:39:34 +01:00			`$maxCharIndex = \strlen($characters) - 1;`
Use PHP polyfills 2015-12-11 06:17:47 +01:00			`$randomString = '';`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00
Use PHP polyfills 2015-12-11 06:17:47 +01:00			`while ($length > 0) {`
Fix usage of PHP method within namespace * introduced wiht 045ea4eb 2016-01-14 09:24:21 +01:00			`$randomNumber = \random_int(0, $maxCharIndex);`
Use PHP polyfills 2015-12-11 06:17:47 +01:00			`$randomString .= $characters[$randomNumber];`
			`$length--;`
Use native CSPRNG if available Unfortunately only PHP 7… 2015-11-06 16:24:26 +01:00			`}`
Use PHP polyfills 2015-12-11 06:17:47 +01:00			`return $randomString;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 19:02:40 +02:00			`}`
			`}`
No results found.