Skip to content

Commit

Permalink
Merge pull request #163 from paragonie/ga
Browse files Browse the repository at this point in the history
Migrate from Travis CI to Github Actions
  • Loading branch information
paragonie-security authored Apr 18, 2021
2 parents 78e77b6 + b6fd5bd commit 30ecdc6
Show file tree
Hide file tree
Showing 14 changed files with 79 additions and 30 deletions.
67 changes: 67 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: CI

on: [push]

jobs:
old:
name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: ['ubuntu-latest']
php-versions: ['7.2', '7.3']
phpunit-versions: ['latest']
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-versions }}
extensions: mbstring, intl, sodium
ini-values: post_max_size=256M, max_execution_time=180
tools: psalm, phpunit:${{ matrix.phpunit-versions }}

- name: Install dependencies
run: composer install

- name: PHPUnit tests
uses: php-actions/phpunit@v2
timeout-minutes: 30
with:
memory_limit: 256M
- name: Static Analysis
run: vendor/bin/psalm

modern:
name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: ['ubuntu-latest']
php-versions: ['7.4', '8.0']
phpunit-versions: ['latest']
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-versions }}
extensions: mbstring, intl, sodium
ini-values: post_max_size=256M, max_execution_time=180
tools: psalm, phpunit:${{ matrix.phpunit-versions }}

- name: Install dependencies
run: composer install

- name: PHPUnit tests
uses: php-actions/phpunit@v2
timeout-minutes: 30
with:
memory_limit: 256M

- name: Static Analysis
run: vendor/bin/psalm
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Halite

[![Build Status](https://travis-ci.org/paragonie/halite.svg?branch=master)](https://travis-ci.org/paragonie/halite)
[![Build Status](https://github.com/paragonie/halite/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/halite/actions)
[![Latest Stable Version](https://poser.pugx.org/paragonie/halite/v/stable)](https://packagist.org/packages/paragonie/halite)
[![Latest Unstable Version](https://poser.pugx.org/paragonie/halite/v/unstable)](https://packagist.org/packages/paragonie/halite)
[![License](https://poser.pugx.org/paragonie/halite/license)](https://packagist.org/packages/paragonie/halite)
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"php": "^7.2|^8",
"paragonie/constant_time_encoding": "^2",
"paragonie/hidden-string": "^1|^2",
"paragonie/sodium_compat": "^1.14"
"paragonie/sodium_compat": "^1.15"
},
"autoload": {
"psr-4": {
Expand Down
1 change: 1 addition & 0 deletions psalm.xml
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@
<RedundantConditionGivenDocblockType errorLevel="suppress" />

<RedundantCast errorLevel="info" />
<NonInvariantDocblockPropertyType errorLevel="info" />
</issueHandlers>
</psalm>
1 change: 0 additions & 1 deletion src/Cookie.php
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ protected static function getConfig(string $stored): SymmetricConfig
);
}
if (\hash_equals(Binary::safeSubstr($stored, 0, 5), Halite::VERSION_PREFIX)) {
/** @var string $decoded */
$decoded = Base64UrlSafe::decode($stored);
return SymmetricConfig::getConfig(
$decoded,
Expand Down
11 changes: 1 addition & 10 deletions src/File.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ final class File
* @throws \Error
* @codeCoverageIgnore
*/
final private function __construct()
private function __construct()
{
throw new \Error('Do not instantiate');
}
Expand Down Expand Up @@ -521,11 +521,9 @@ protected static function checksumData(
while ($fileStream->remainingBytes() > 0) {
// Don't go past the file size even if $config->BUFFER is not an even multiple of it:
if (($fileStream->getPos() + (int) $config->BUFFER) > $size) {
/** @var int $amount_to_read */
$amount_to_read = ($size - $fileStream->getPos());
} else {
// @codeCoverageIgnoreStart
/** @var int $amount_to_read */
$amount_to_read = (int) $config->BUFFER;
// @codeCoverageIgnoreEnd
}
Expand Down Expand Up @@ -659,7 +657,6 @@ protected static function decryptData(
);
}
// Parse the header, ensuring we get 4 bytes
/** @var string $header */
$header = $input->readBytes(Halite::VERSION_TAG_LEN);

// Load the config
Expand All @@ -673,9 +670,7 @@ protected static function decryptData(
}

// Let's grab the first nonce and salt
/** @var string $firstNonce */
$firstNonce = $input->readBytes((int) $config->NONCE_BYTES);
/** @var string $hkdfSalt */
$hkdfSalt = $input->readBytes((int) $config->HKDF_SALT_LEN);

// Split our keys, begin the HMAC instance
Expand Down Expand Up @@ -1286,7 +1281,6 @@ private static function streamDecrypt(
array &$chunk_macs
): bool {
$start = $input->getPos();
/** @var int $cipher_end */
$cipher_end = $input->getSize() - (int) $config->MAC_SIZE;
// Begin the streaming decryption
$input->reset($start);
Expand Down Expand Up @@ -1368,11 +1362,9 @@ private static function streamVerify(
$mac,
Config $config
): array {
/** @var int $start */
$start = $input->getPos();

// Grab the stored MAC:
/** @var int $cipher_end */
$cipher_end = $input->getSize() - (int) $config->MAC_SIZE;
$input->reset($cipher_end);
$stored_mac = $input->readBytes((int) $config->MAC_SIZE);
Expand Down Expand Up @@ -1402,7 +1394,6 @@ private static function streamVerify(
\sodium_crypto_generichash_update($mac, $read);
$mac = (string) $mac;
// Copy the hash state then store the MAC of this chunk
/** @var string $chunkMAC */
$chunkMAC = Util::safeStrcpy($mac);
$chunkMACs []= \sodium_crypto_generichash_final(
// @codeCoverageIgnoreStart
Expand Down
6 changes: 1 addition & 5 deletions src/KeyFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,6 @@ public static function deriveAuthenticationKey(
);
// @codeCoverageIgnoreEnd
}
/** @var string $secretKey */
$secretKey = @\sodium_crypto_pwhash(
\SODIUM_CRYPTO_AUTH_KEYBYTES,
$password->getString(),
Expand Down Expand Up @@ -214,8 +213,7 @@ public static function deriveEncryptionKey(
);
// @codeCoverageIgnoreEnd
}
/** @var string $secretKey */
$secretKey = @\sodium_crypto_pwhash(
$secretKey = \sodium_crypto_pwhash(
\SODIUM_CRYPTO_STREAM_KEYBYTES,
$password->getString(),
$salt,
Expand Down Expand Up @@ -261,7 +259,6 @@ public static function deriveEncryptionKeyPair(
// @codeCoverageIgnoreEnd
}
// Diffie Hellman key exchange key pair
/** @var string $seed */
$seed = @\sodium_crypto_pwhash(
\SODIUM_CRYPTO_BOX_SEEDBYTES,
$password->getString(),
Expand Down Expand Up @@ -315,7 +312,6 @@ public static function deriveSignatureKeyPair(
// @codeCoverageIgnoreEnd
}
// Digital signature keypair
/** @var string $seed */
$seed = @\sodium_crypto_pwhash(
\SODIUM_CRYPTO_SIGN_SEEDBYTES,
$password->getString(),
Expand Down
1 change: 0 additions & 1 deletion src/Password.php
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,6 @@ protected static function getConfig(string $stored): SymmetricConfig
||
\hash_equals(Binary::safeSubstr($stored, 0, 5), Halite::VERSION_OLD_PREFIX)
) {
/** @var string $decoded */
$decoded = Base64UrlSafe::decode($stored);
return SymmetricConfig::getConfig(
$decoded,
Expand Down
1 change: 0 additions & 1 deletion src/Stream/MutableFile.php
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,6 @@ public function readBytes(int $num, bool $skipTests = false): string
break;
// @codeCoverageIgnoreEnd
}
/** @var int $bufSize */
$bufSize = \min($remaining, self::CHUNK);
/** @var string|bool $read */
$read = \fread($this->fp, $bufSize);
Expand Down
6 changes: 2 additions & 4 deletions src/Structure/MerkleTree.php
Original file line number Diff line number Diff line change
Expand Up @@ -225,10 +225,8 @@ protected function calculateRoot(): string
);
// @codeCoverageIgnoreEnd
} else {
/** @var string $curr */
$curr = (string) ($hash[$i] ?? '');
/** @var string $next */
$next = (string) ($hash[$i + 1] ?? '');
$curr = ($hash[$i] ?? '');
$next = ($hash[$i + 1] ?? '');
$tmp[$j] = Util::raw_hash(
self::MERKLE_BRANCH .
$this->personalization .
Expand Down
1 change: 0 additions & 1 deletion src/Structure/TrimmedMerkleTree.php
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,6 @@ protected function calculateRoot(): string
}
++$j;
}
/** @var array<int, string> $hash */
$hash = $tmp;
$size >>= 1;
} while ($size > 1);
Expand Down
3 changes: 0 additions & 3 deletions src/Symmetric/Crypto.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@ public static function authenticate(
Halite::HALITE_VERSION,
'auth'
);
/** @var string $mac */
$mac = self::calculateMAC(
$message,
$secretKey->getRawKeyMaterial(),
Expand Down Expand Up @@ -199,7 +198,6 @@ public static function decryptWithAd(
CryptoUtil::memzero($authKey);

// crypto_stream_xor() can be used to encrypt and decrypt
/** @var string $plaintext */
$plaintext = \sodium_crypto_stream_xor(
(string) $encrypted,
(string) $nonce,
Expand Down Expand Up @@ -283,7 +281,6 @@ public static function encryptWithAd(
list($encKey, $authKey) = self::splitKeys($secretKey, $salt, $config);

// Encrypt our message with the encryption key:
/** @var string $encrypted */
$encrypted = \sodium_crypto_stream_xor(
$plaintext->getString(),
$nonce,
Expand Down
2 changes: 0 additions & 2 deletions src/Util.php
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,6 @@ public static function hkdfBlake2b(
$t .= $last_block;
}
// ORM = first L octets of T
/** @var string $orm */
$orm = Binary::safeSubstr($t, 0, $length);
return $orm;
}
Expand Down Expand Up @@ -268,7 +267,6 @@ public static function safeStrcpy(string $string): string
{
$length = Binary::safeStrlen($string);
$return = '';
/** @var int $chunk */
$chunk = $length >> 1;
if ($chunk < 1) {
$chunk = 1;
Expand Down
5 changes: 5 additions & 0 deletions test/unit/StreamTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ public function testUnreadableFile()
$buf = random_bytes(65537);
file_put_contents($filename, $buf);
chmod($filename, 0000);
$perms = fileperms($filename);
if (!is_int($perms) || ($perms & 0777) !== 0 || is_readable($filename)) {
$this->markTestSkipped('chmod failed to remove read access, so the test will fail; skipping');
return;
}

try {
new ReadOnlyFile($filename);
Expand Down

0 comments on commit 30ecdc6

Please sign in to comment.