nextcloud/tests/lib/Security/CryptoTest.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace Test\Security;

use OC\Security\Crypto;
use OCP\IConfig;
use OCP\Server;

class CryptoTest extends \Test\TestCase {
	public static function defaultEncryptionProvider(): array {
		return [
			['Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'],
			[''],
			['我看这本书。 我看這本書']
		];
	}

	/** @var Crypto */
	protected $crypto;

	protected function setUp(): void {
		parent::setUp();
		$this->crypto = new Crypto(Server::get(IConfig::class));
	}

	#[\PHPUnit\Framework\Attributes\DataProvider('defaultEncryptionProvider')]
	public function testDefaultEncrypt($stringToEncrypt): void {
		$ciphertext = $this->crypto->encrypt($stringToEncrypt);
		$this->assertEquals($stringToEncrypt, $this->crypto->decrypt($ciphertext));
	}


	public function testWrongPassword(): void {
		$this->expectException(\Exception::class);
		$this->expectExceptionMessage('HMAC does not match.');

		$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
		$ciphertext = $this->crypto->encrypt($stringToEncrypt);
		$this->crypto->decrypt($ciphertext, 'A wrong password!');
	}

	public function testLaterDecryption(): void {
		$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
		$encryptedString = '44a35023cca2e7a6125e06c29fc4b2ad9d8a33d0873a8b45b0de4ef9284f260c6c46bf25dc62120644c59b8bafe4281ddc47a70c35ae6c29ef7a63d79eefacc297e60b13042ac582733598d0a6b4de37311556bb5c480fd2633de4e6ebafa868c2d1e2d80a5d24f9660360dba4d6e0c8|lhrFgK0zd9U160Wo|a75e57ab701f9124e1113543fd1dc596f21e20d456a0d1e813d5a8aaec9adcb11213788e96598b67fe9486a9f0b99642c18296d0175db44b1ae426e4e91080ee';
		$this->assertEquals($stringToEncrypt, $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'));
	}


	public function testWrongIV(): void {
		$this->expectException(\Exception::class);
		$this->expectExceptionMessage('HMAC does not match.');

		$encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0o0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa';
		$this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');
	}


	public function testWrongParameters(): void {
		$this->expectException(\Exception::class);
		$this->expectExceptionMessage('Authenticated ciphertext could not be decoded.');

		$encryptedString = '1|2';
		$this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');
	}

	public function testLegacy(): void {
		$cipherText = 'e16599188e3d212f5c7f17fdc2abca46|M1WfLAxbcAmITeD6|509457885d6ca5e6c3bfd3741852687a7f2bffce197f8d5ae97b65818b15a1b7f616b68326ff312371540f4ca8ac55f8e2de4aa13aab3474bd3431e51214e3ee';
		$password = 'mypass';

		$this->assertSame('legacy test', $this->crypto->decrypt($cipherText, $password));
	}

	public function testVersion2CiphertextDecryptsToCorrectPlaintext(): void {
		$this->assertSame(
			'This is a plaintext value that will be encrypted with version 2. Which addresses the reduced permutations on the IV.',
			$this->crypto->decrypt(
				'be006387f753e8728717e43cfc5526c37adf7b2c9b4a113ceec03b7b0bccfebee74e0acfa0015c5712b4376dacbd7bce26a8fbca916fdccee46203d8289f6b2e4c19318044d375edfc67c72e6c3ae329d4c276b8d866ac1b281844e81f7681fe83d90bc4b6fffa4f3cbc157d64257a493b67fd2af3c8976cb76df520f5739305|02e78ea7c73a32f3b407c54227a9d2ce|3e7a09628f818b7b1cd7724467f5b1b33135de6d2ec62d8c0361be4f2c5203385f10babdcae017d7b30abe5be2117803e3195fb6d9ef20949fe35dad5e9241ea|2',
				'insecure-static-password'
			)
		);
	}

	/**
	 * Test data taken from https://github.com/owncloud/core/blob/9deb8196b20354c8de0cd720ad4d18d52ccc96d8/tests/lib/Security/CryptoTest.php#L56-L60
	 */
	public function testOcVersion2CiphertextDecryptsToCorrectPlaintext(): void {
		$this->assertSame(
			'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.',
			$this->crypto->decrypt(
				'v2|d57dbe4d1317cdf19d4ddc2df807f6b5d63ab1e119c46590ce54bae56a9cd3969168c4ec1600ac9758dd7e7afb9c4c962dd23072c1463add1d9c77c467723b37bb768ef00e3c50898e59247cbb59ce56b74ce5990648ffe9e40d0e95076c27a785bdcf32c219ea4ad5c316b1f12f48c1|6bd21db258a5e406a2c288a444de195f|a19111a4cf1a11ee95fc1734699c20964eaa05bb007e1cecc4cc6872f827a4b7deedc977c13b138d728d68116aa3d82f9673e20c7e447a9788aa3be994b67cd6',
				'ThisIsAVeryS3cur3P4ssw0rd'
			)
		);
	}

	public function testVersion3CiphertextDecryptsToCorrectPlaintext(): void {
		$this->assertSame(
			'Another plaintext value that will be encrypted with version 3. It addresses the related key issue. Old ciphertexts should be decrypted properly, but only use the better version for encryption.',
			$this->crypto->decrypt(
				'c99823461db746aa74f819c8640e9e3c367fa3bb9c21dff905b5dd14072c1d1b0da8b7e6b7307bf1561b6ba7aaa932a16c23b1fd5217dc019d55233ef0813c65fccaeabd6ea3a971ce1bbbdfda790ae00fb4442693cbb50072e02875b9f50591df74d00e96fd5b9bd13cb02a5f57b062ec98a4c64fc518ed325d097454883adbfc1687c2af995a392407c5e040a54afee4b2997ab158fe48ef67ccf721a6a7031fcb44d51170892ce7971021a7f3a00d19002eb9b007efe7aecf397ec0dc22064fb5d4a15ad83949f0804feca3c69cdd|8476f53c8d49a7e119798a70086d8911|ae3f7e23d469fbc791714ceb07d854624b1bbd39ac6a4edc05d552e10659adfdcada3a059fae737ffd7d842dd3fcc84bcc364cd298e814dd4967de4ad4a658eb|3',
				'insecure-static-password'
			)
		);
	}
}
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`<?php`
Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-04-19 09:50:30 -04:00
			`declare(strict_types=1);`

Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-10 09:09:14 -04:00			`* SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`*/`

Fix namespaces in security/ 2016-05-19 03:02:58 -04:00			`namespace Test\Security;`

Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-22 14:52:10 -05:00			`use OC\Security\Crypto;`
chore: run rector on tests Signed-off-by: Robin Appelman <robin@icewind.nl> 2025-06-12 12:31:58 -04:00			`use OCP\IConfig;`
			`use OCP\Server;`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00
Make remaining files extend the test base 2014-11-10 17:30:38 -05:00			`class CryptoTest extends \Test\TestCase {`
test: Fix tests/lib/Security/ Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-13 02:49:30 -04:00			`public static function defaultEncryptionProvider(): array {`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 04:30:18 -04:00			`return [`
			`['Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'],`
			`[''],`
			`['我看这本书。我看這本書']`
			`];`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`}`

			`/** @var Crypto */`
			`protected $crypto;`

Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-21 10:40:38 -05:00			`protected function setUp(): void {`
Make remaining files extend the test base 2014-11-10 17:30:38 -05:00			`parent::setUp();`
chore: run rector on tests Signed-off-by: Robin Appelman <robin@icewind.nl> 2025-06-12 12:31:58 -04:00			`$this->crypto = new Crypto(Server::get(IConfig::class));`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`}`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00
chore: run rector Signed-off-by: Robin Appelman <robin@icewind.nl> 2025-06-30 10:56:59 -04:00			`#[\PHPUnit\Framework\Attributes\DataProvider('defaultEncryptionProvider')]`
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testDefaultEncrypt($stringToEncrypt): void {`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`$ciphertext = $this->crypto->encrypt($stringToEncrypt);`
			`$this->assertEquals($stringToEncrypt, $this->crypto->decrypt($ciphertext));`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`

Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-05-11 04:31:46 -04:00
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testWrongPassword(): void {`
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-27 09:27:18 -05:00			`$this->expectException(\Exception::class);`
			`$this->expectExceptionMessage('HMAC does not match.');`

Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`$ciphertext = $this->crypto->encrypt($stringToEncrypt);`
			`$this->crypto->decrypt($ciphertext, 'A wrong password!');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`

refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testLaterDecryption(): void {`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`$stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';`
Add char consts, hash the specified password for the HMAC 2014-09-03 05:03:27 -04:00			`$encryptedString = '44a35023cca2e7a6125e06c29fc4b2ad9d8a33d0873a8b45b0de4ef9284f260c6c46bf25dc62120644c59b8bafe4281ddc47a70c35ae6c29ef7a63d79eefacc297e60b13042ac582733598d0a6b4de37311556bb5c480fd2633de4e6ebafa868c2d1e2d80a5d24f9660360dba4d6e0c8\|lhrFgK0zd9U160Wo\|a75e57ab701f9124e1113543fd1dc596f21e20d456a0d1e813d5a8aaec9adcb11213788e96598b67fe9486a9f0b99642c18296d0175db44b1ae426e4e91080ee';`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`$this->assertEquals($stringToEncrypt, $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'));`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`

Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-05-11 04:31:46 -04:00
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testWrongIV(): void {`
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-27 09:27:18 -05:00			`$this->expectException(\Exception::class);`
			`$this->expectExceptionMessage('HMAC does not match.');`

Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`$encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d\|d2kdFUspVjC0o0sr\|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa';`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`$this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`

Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-05-11 04:31:46 -04:00
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testWrongParameters(): void {`
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-27 09:27:18 -05:00			`$this->expectException(\Exception::class);`
			`$this->expectExceptionMessage('Authenticated ciphertext could not be decoded.');`

Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`$encryptedString = '1\|2';`
Refactor tests a little bit 2014-09-03 07:51:44 -04:00			`$this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd');`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`
Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-05-11 04:31:46 -04:00
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testLegacy(): void {`
Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-05-11 04:31:46 -04:00			`$cipherText = 'e16599188e3d212f5c7f17fdc2abca46\|M1WfLAxbcAmITeD6\|509457885d6ca5e6c3bfd3741852687a7f2bffce197f8d5ae97b65818b15a1b7f616b68326ff312371540f4ca8ac55f8e2de4aa13aab3474bd3431e51214e3ee';`
			`$password = 'mypass';`

			`$this->assertSame('legacy test', $this->crypto->decrypt($cipherText, $password));`
			`}`
Implement unit tests for versions 1 and 2. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com> 2020-10-16 01:15:18 -04:00
refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testVersion2CiphertextDecryptsToCorrectPlaintext(): void {`
Implement unit tests for versions 1 and 2. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com> 2020-10-16 01:15:18 -04:00			`$this->assertSame(`
			`'This is a plaintext value that will be encrypted with version 2. Which addresses the reduced permutations on the IV.',`
			`$this->crypto->decrypt(`
			`'be006387f753e8728717e43cfc5526c37adf7b2c9b4a113ceec03b7b0bccfebee74e0acfa0015c5712b4376dacbd7bce26a8fbca916fdccee46203d8289f6b2e4c19318044d375edfc67c72e6c3ae329d4c276b8d866ac1b281844e81f7681fe83d90bc4b6fffa4f3cbc157d64257a493b67fd2af3c8976cb76df520f5739305\|02e78ea7c73a32f3b407c54227a9d2ce\|3e7a09628f818b7b1cd7724467f5b1b33135de6d2ec62d8c0361be4f2c5203385f10babdcae017d7b30abe5be2117803e3195fb6d9ef20949fe35dad5e9241ea\|2',`
			`'insecure-static-password'`
			`)`
			`);`
			`}`

fix(migration): Decrypt ownCloud secrets v2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-11-27 13:19:36 -05:00			`/**`
			`* Test data taken from https://github.com/owncloud/core/blob/9deb8196b20354c8de0cd720ad4d18d52ccc96d8/tests/lib/Security/CryptoTest.php#L56-L60`
			`*/`
			`public function testOcVersion2CiphertextDecryptsToCorrectPlaintext(): void {`
			`$this->assertSame(`
			`'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.',`
			`$this->crypto->decrypt(`
			`'v2\|d57dbe4d1317cdf19d4ddc2df807f6b5d63ab1e119c46590ce54bae56a9cd3969168c4ec1600ac9758dd7e7afb9c4c962dd23072c1463add1d9c77c467723b37bb768ef00e3c50898e59247cbb59ce56b74ce5990648ffe9e40d0e95076c27a785bdcf32c219ea4ad5c316b1f12f48c1\|6bd21db258a5e406a2c288a444de195f\|a19111a4cf1a11ee95fc1734699c20964eaa05bb007e1cecc4cc6872f827a4b7deedc977c13b138d728d68116aa3d82f9673e20c7e447a9788aa3be994b67cd6',`
			`'ThisIsAVeryS3cur3P4ssw0rd'`
			`)`
			`);`
			`}`

refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2024-09-15 16:32:31 -04:00			`public function testVersion3CiphertextDecryptsToCorrectPlaintext(): void {`
Implement unit tests for versions 1 and 2. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com> 2020-10-16 01:15:18 -04:00			`$this->assertSame(`
			`'Another plaintext value that will be encrypted with version 3. It addresses the related key issue. Old ciphertexts should be decrypted properly, but only use the better version for encryption.',`
			`$this->crypto->decrypt(`
			'c99823461db746aa74f819c8640e9e3c367fa3bb9c21dff905b5dd14072c1d1b0da8b7e6b7307bf1561b6ba7aaa932a16c23b1fd5217dc019d55233ef0813c65fccaeabd6ea3a971ce1bbbdfda790ae00fb4442693cbb50072e02875b9f50591df74d00e96fd5b9bd13cb02a5f57b062ec98a4c64fc518ed325d097454883adbfc1687c2af995a392407c5e040a54afee4b2997ab158fe48ef67ccf721a6a7031fcb44d51170892ce7971021a7f3a00d19002eb9b007efe7aecf397ec0dc22064fb5d4a15ad83949f0804feca3c69cdd\|8476f53c8d49a7e119798a70086d8911\|ae3f7e23d469fbc791714ceb07d854624b1bbd39ac6a4edc05d552e10659adfdcada3a059fae737ffd7d842dd3fcc84bcc364cd298e814dd4967de4ad4a658eb\|3',
			`'insecure-static-password'`
			`)`
			`);`
			`}`
Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this 2014-08-26 13:02:40 -04:00			`}`