From 8d7852627c674373ea369340f6b69af7d43a5b3f Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Sun, 18 Apr 2021 22:39:03 -0400 Subject: [PATCH] Migrate from Travis CI to Github Actions --- .github/workflows/ci.yml | 96 ++++++++++++++++++++++++++++++++++++++++ composer.json | 12 ++--- phpunit.xml.dist | 11 ----- psalm.xml | 20 +++++++++ src/EasyRSA.php | 23 ++++++---- src/EasyRSAInterface.php | 28 +++++++++++- src/KeyPair.php | 8 ++++ src/Kludge.php | 8 ++++ src/PrivateKey.php | 12 +++-- src/PublicKey.php | 3 +- test/EncryptionTest.php | 9 ++-- test/KeyPairTest.php | 5 ++- test/SignatureTest.php | 7 +-- 13 files changed, 201 insertions(+), 41 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100644 psalm.xml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..7a43869 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,96 @@ +name: CI + +on: [push] + +jobs: + old: + name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} + runs-on: ${{ matrix.operating-system }} + strategy: + matrix: + operating-system: ['ubuntu-16.04'] + php-versions: ['5.6', '7.0'] + phpunit-versions: ['6.5.14'] + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php-versions }} + extensions: mbstring, intl + ini-values: post_max_size=256M, max_execution_time=180 + tools: psalm, phpunit:${{ matrix.phpunit-versions }} + + - name: Install dependencies + run: composer self-update --1; composer install + + - name: PHPUnit tests + uses: php-actions/phpunit@v2 + with: + memory_limit: 256M + + moderate: + name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} + runs-on: ${{ matrix.operating-system }} + strategy: + matrix: + operating-system: ['ubuntu-latest'] + php-versions: ['7.1', '7.2', '7.3'] + phpunit-versions: ['latest'] + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php-versions }} + extensions: mbstring, intl, sodium + ini-values: post_max_size=256M, max_execution_time=180 + tools: psalm, phpunit:${{ matrix.phpunit-versions }} + + - name: Install dependencies + run: composer install; composer require --dev "vimeo/psalm:^4" + + - name: PHPUnit tests + uses: php-actions/phpunit@v2 + timeout-minutes: 30 + with: + memory_limit: 256M + + - name: Static Analysis + run: vendor/bin/psalm + + modern: + name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} + runs-on: ${{ matrix.operating-system }} + strategy: + matrix: + operating-system: ['ubuntu-latest'] + php-versions: ['7.4', '8.0'] + phpunit-versions: ['latest'] + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php-versions }} + extensions: mbstring, intl, sodium + ini-values: post_max_size=256M, max_execution_time=180 + tools: psalm, phpunit:${{ matrix.phpunit-versions }} + + - name: Install dependencies + run: composer install; composer require --dev "vimeo/psalm:^4" + + - name: PHPUnit tests + uses: php-actions/phpunit@v2 + timeout-minutes: 30 + with: + memory_limit: 256M + + - name: Static Analysis + run: vendor/bin/psalm diff --git a/composer.json b/composer.json index de51283..4b699d7 100644 --- a/composer.json +++ b/composer.json @@ -15,17 +15,17 @@ } }, "require": { - "phpseclib/phpseclib": "^2.0", - "defuse/php-encryption": "^2.0", + "php": "^5.6|^7|^8", + "phpseclib/phpseclib": "^2", + "defuse/php-encryption": "^2", "paragonie/constant_time_encoding": "^1|^2", - "paragonie/random_compat": "^1|^2", - "sarciszewski/php-future": "^0" + "paragonie/random_compat": ">= 2" }, "require-dev": { - "phpunit/phpunit": "4.*|5.*" + "phpunit/phpunit": "^5|^6|^7|^8|^9" }, "suggest": { - "ext-libsodium": "Libsodium offers far better cryptography than RSA can ever offer. Use libsodium instead of EasyRSA.", + "ext-sodium": "Libsodium offers far better cryptography than RSA can ever offer. Use libsodium instead of EasyRSA.", "paragonie/halite": "A simple and secure libsodium wrapper. Consider using Halite instead of EasyRSA." } } diff --git a/phpunit.xml.dist b/phpunit.xml.dist index 7c03b5a..82bfa16 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -9,21 +9,10 @@ processIsolation="false" stopOnError="false" stopOnFailure="false" - syntaxCheck="true" > - - - test - - ./test - - - ./lib - - \ No newline at end of file diff --git a/psalm.xml b/psalm.xml new file mode 100644 index 0000000..ac7f115 --- /dev/null +++ b/psalm.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + diff --git a/src/EasyRSA.php b/src/EasyRSA.php index 34bd333..99fd843 100644 --- a/src/EasyRSA.php +++ b/src/EasyRSA.php @@ -3,26 +3,32 @@ // PHPSecLib: use ParagonIE\EasyRSA\Exception\InvalidKeyException; -use \phpseclib\Crypt\RSA; +use phpseclib\Crypt\RSA; // defuse/php-encryption: -use \ParagonIE\ConstantTime\Base64; -use \Defuse\Crypto\Key; -use \Defuse\Crypto\Crypto; +use ParagonIE\ConstantTime\Base64; +use Defuse\Crypto\Key; +use Defuse\Crypto\Crypto; // Typed Exceptions: -use \ParagonIE\EasyRSA\Exception\InvalidChecksumException; -use \ParagonIE\EasyRSA\Exception\InvalidCiphertextException; +use ParagonIE\EasyRSA\Exception\InvalidChecksumException; +use ParagonIE\EasyRSA\Exception\InvalidCiphertextException; +/** + * Class EasyRSA + * @package ParagonIE\EasyRSA + */ class EasyRSA implements EasyRSAInterface { const SEPARATOR = '$'; const VERSION_TAG = "EzR2"; + /** @var ?RSA $rsa */ static private $rsa; /** * Set RSA to use in between calls * * @param RSA|null $rsa + * @return void */ public static function setRsa(RSA $rsa = null) { @@ -38,7 +44,8 @@ public static function setRsa(RSA $rsa = null) */ public static function getRsa($mode) { - if (self::$rsa) { + /** @var RSA $rsa */ + if (!\is_null(self::$rsa)) { $rsa = self::$rsa; } else { $rsa = new RSA(); @@ -225,7 +232,7 @@ protected static function rsaDecrypt($ciphertext, PrivateKey $rsaPrivateKey) } $return = @$rsa->decrypt($ciphertext); - if ($return === false) { + if (!\is_string($return)) { throw new InvalidCiphertextException('Decryption failed'); } return $return; diff --git a/src/EasyRSAInterface.php b/src/EasyRSAInterface.php index b4e1188..5dbf445 100644 --- a/src/EasyRSAInterface.php +++ b/src/EasyRSAInterface.php @@ -3,8 +3,32 @@ interface EasyRSAInterface { + /** + * @param string $plaintext + * @param PublicKey $rsaPublicKey + * @return string + */ public static function encrypt($plaintext, PublicKey $rsaPublicKey); + + /** + * @param string $ciphertext + * @param PrivateKey $rsaPrivateKey + * @return string + */ public static function decrypt($ciphertext, PrivateKey $rsaPrivateKey); - public static function sign($plaintext, PrivateKey $rsaPrivateKey); - public static function verify($ciphertext, $signature, PublicKey $rsaPublicKey); + + /** + * @param string $message + * @param PrivateKey $rsaPrivateKey + * @return string + */ + public static function sign($message, PrivateKey $rsaPrivateKey); + + /** + * @param string $message + * @param string $signature + * @param PublicKey $rsaPublicKey + * @return bool + */ + public static function verify($message, $signature, PublicKey $rsaPublicKey); } diff --git a/src/KeyPair.php b/src/KeyPair.php index 688cf2a..b3a0615 100644 --- a/src/KeyPair.php +++ b/src/KeyPair.php @@ -4,9 +4,16 @@ use \phpseclib\Crypt\RSA; use \ParagonIE\EasyRSA\Exception\InvalidKeyException; +/** + * Class KeyPair + * @package ParagonIE\EasyRSA + */ class KeyPair { + /** @var PrivateKey $privateKey */ private $privateKey; + + /** @var PublicKey $publicKey */ protected $publicKey; public function __construct(PrivateKey $privateKey, PublicKey $publicKey = null) @@ -33,6 +40,7 @@ public static function generateKeyPair($size = 2048) throw new InvalidKeyException('Key size must be at least 2048 bits.'); } $rsa = new RSA(); + /** @var array{privatekey: string, publickey: string} $keypair */ $keypair = $rsa->createKey($size); return new KeyPair( new PrivateKey($keypair['privatekey']), diff --git a/src/Kludge.php b/src/Kludge.php index 1f5e0cd..b474777 100644 --- a/src/Kludge.php +++ b/src/Kludge.php @@ -3,6 +3,10 @@ use Defuse\Crypto\Key; +/** + * Class Kludge + * @package ParagonIE\EasyRSA + */ class Kludge { /** @@ -10,11 +14,15 @@ class Kludge * * @param string $randomBytes * @return Key + * @psalm-suppress MissingClosureParamType + * @psalm-suppress MissingClosureReturnType + * @psalm-suppress PossiblyInvalidFunctionCall */ public function defuseKey($randomBytes) { $key = Key::createNewRandomKey(); $func = function ($bytes) { + /** @psalm-suppress UndefinedThisPropertyAssignment */ $this->key_bytes = $bytes; }; $helper = $func->bindTo($key, $key); diff --git a/src/PrivateKey.php b/src/PrivateKey.php index e72424c..22ccc63 100644 --- a/src/PrivateKey.php +++ b/src/PrivateKey.php @@ -1,14 +1,18 @@ keyMaterial); $pubkey = \openssl_pkey_get_details($res); $public = \rtrim( - \str_replace("\n", "\r\n", $pubkey['key']), + \str_replace("\n", "\r\n", (string) $pubkey['key']), "\r\n" ); return new PublicKey($public); diff --git a/src/PublicKey.php b/src/PublicKey.php index e1c770b..64cfcc7 100644 --- a/src/PublicKey.php +++ b/src/PublicKey.php @@ -3,11 +3,12 @@ class PublicKey { + /** @var string $keyMaterial */ protected $keyMaterial = ''; /** * PrivateKey constructor. - * @param $string + * @param string $string */ public function __construct($string) { diff --git a/test/EncryptionTest.php b/test/EncryptionTest.php index 5ee860b..add3ed1 100644 --- a/test/EncryptionTest.php +++ b/test/EncryptionTest.php @@ -1,9 +1,10 @@