refactor hash_equals usage in the EncryptService decrypt method

Signed-off-by: binsky <timo@binsky.org>

lib/Service/EncryptService.php

@@ -152,16 +152,16 @@ class EncryptService {
 
 		list ($cipherKey, $macKey, $iv) = $this->getKeys($salt, $key);
 
-		if (!$this->hash_equals(hash_hmac('sha512', $enc, $macKey, true), $mac)) {
+		if (hash_equals(hash_hmac('sha512', $enc, $macKey, true), $mac)) {
-			return false;
-		}
-
 			$dec = openssl_decrypt($enc, $this->cipher, $cipherKey, true, $iv);
 			$data = $this->unpad($dec);
 
 			return $data;
 		}
 
+		return false;
+	}
+
 	/**
 	 * Encrypt the supplied data using the supplied key
 	 *
@@ -206,26 +206,6 @@ class EncryptService {
 		return array($cipherKey, $macKey, $iv);
 	}
 
-    /**
-     * Use Double HMAC Comparison with a random key to truly blind the comparison operation.
-     * It is not strictly required by using hash_equals (https://www.php.net/manual/en/function.hash-equals.php),
-     * but it is a second layer of security to prevent timing attacks.
-     *
-     * @param string $a
-     * @param string $b
-     *
-     * @return bool
-     * @throws \Exception
-     */
-	protected function hash_equals($a, $b) {
-		if (function_exists('random_bytes')) {
-			$key = random_bytes(128);
-		} else {
-			$key = openssl_random_pseudo_bytes(128);
-		}
-		return hash_equals(hash_hmac('sha512', $a, $key), hash_hmac('sha512', $b, $key));
-	}
-
 	/**
 	 * Stretch the key using the PBKDF2 algorithm
 	 *