Skip to content

Commit

Permalink
Version 1.6.0
Browse files Browse the repository at this point in the history
  • Loading branch information
paragonie-security committed Oct 1, 2017
1 parent 650e794 commit 666506b
Show file tree
Hide file tree
Showing 25 changed files with 587 additions and 277 deletions.
8 changes: 6 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@ php:

- 5.6
- 7.0
- 7.1

before_install:
- sudo apt-get update
- sudo apt-get install make build-essential automake php5-dev php-pear
- git clone git://github.com/jedisct1/libsodium.git
- cd libsodium
- git checkout 1.0.4
- git checkout 1.0.14
- ./autogen.sh
- ./configure && make check
- sudo make install
Expand All @@ -25,4 +26,7 @@ install:
- composer update
- chmod +x ./test/phpunit.sh

script: ./test/phpunit.sh
script:

- vendor/bin/phpunit --bootstrap autoload.php test/unit
- vendor/bin/psalm
8 changes: 6 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,12 @@
"description": "High-level cryptography interface powered by libsodium",
"type": "library",
"require": {
"php": "^5.6.0 || ^7.0.0",
"ext-libsodium": "^1.0.2"
"php": ">=5.6.0 <7.2",
"paragonie/sodium_compat": "^1.3"
},
"require-dev": {
"phpunit/phpunit": "^5",
"vimeo/psalm": "^0|^1"
},
"autoload": {
"psr-4": {
Expand Down
18 changes: 18 additions & 0 deletions psalm.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<?xml version="1.0"?>
<psalm
name="Halite v1.x"
stopOnFirstError="false"
useDocblockTypes="true"
totallyTyped="true"
>
<projectFiles>
<directory name="src" />
</projectFiles>

<issueHandlers>
<UndefinedFunction errorLevel="info" />
<UndefinedConstant errorLevel="info" />
<TooFewArguments errorLevel="suppress" /> <!-- \Sodium\memzero() -->
<PropertyNotSetInConstructor errorLevel="suppress" />
</issueHandlers>
</psalm>
26 changes: 18 additions & 8 deletions src/Asymmetric/Crypto.php
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ public static function decrypt(
$ecdh = new EncryptionKey(
self::getSharedSecret($ourPrivateKey, $theirPublicKey)
);
/** @var string $ciphertext */
$ciphertext = SymmetricCrypto::decrypt($source, $ecdh, $raw);
unset($ecdh);
return $ciphertext;
Expand Down Expand Up @@ -132,7 +133,7 @@ public static function getSharedSecret(
)
);
}
return \Sodium\crypto_scalarmult(
return (string) \Sodium\crypto_scalarmult(
$privateKey->get(),
$publicKey->get()
);
Expand Down Expand Up @@ -171,12 +172,13 @@ public static function seal(
'crypto_box_seal is not available'
);
}


/** @var string $sealed */
$sealed = \Sodium\crypto_box_seal($source, $publicKey->get());
if ($raw) {
return $sealed;
return (string) $sealed;
}
return \Sodium\bin2hex($sealed);
return (string) \Sodium\bin2hex($sealed);
}

/**
Expand Down Expand Up @@ -206,14 +208,15 @@ public static function sign(
'Argument 2: Expected an instance of SignatureSecretKey'
);
}
/** @var string $signed */
$signed = \Sodium\crypto_sign_detached(
$message,
$privateKey->get()
);
if ($raw) {
return $signed;
return (string) $signed;
}
return \Sodium\bin2hex($signed);
return (string) \Sodium\bin2hex($signed);
}

/**
Expand Down Expand Up @@ -245,6 +248,7 @@ public static function unseal(
);
}
if (!$raw) {
/** @var string $source */
$source = \Sodium\hex2bin($source);
}
if (!\is_callable('\\Sodium\\crypto_box_seal_open')) {
Expand All @@ -254,8 +258,12 @@ public static function unseal(
}

// Get a box keypair (needed by crypto_box_seal_open)

/** @var string $secret_key */
$secret_key = $privateKey->get();
/** @var string $public_key */
$public_key = \Sodium\crypto_box_publickey_from_secretkey($secret_key);
/** @var string $kp */
$kp = \Sodium\crypto_box_keypair_from_secretkey_and_publickey(
$secret_key,
$public_key
Expand All @@ -266,6 +274,7 @@ public static function unseal(
\Sodium\memzero($public_key);

// Now let's open that sealed box
/** @var string $message */
$message = \Sodium\crypto_box_seal_open($source, $kp);

// Always memzero after retrieving a value
Expand All @@ -288,7 +297,7 @@ public static function unseal(
* @param string $signature
* @param boolean $raw Don't hex decode the input?
*
* @return boolean
* @return bool
*
* @throws CryptoException\InvalidKey
* @throws CryptoException\InvalidType
Expand Down Expand Up @@ -317,6 +326,7 @@ public static function verify(
);
}
if (!$raw) {
/** @var string $signature */
$signature = \Sodium\hex2bin($signature);
}
if (CryptoUtil::safeStrlen($signature) !== \Sodium\CRYPTO_SIGN_BYTES) {
Expand All @@ -325,7 +335,7 @@ public static function verify(
);
}

return \Sodium\crypto_sign_verify_detached(
return (bool) \Sodium\crypto_sign_verify_detached(
$signature,
$message,
$publicKey->get()
Expand Down
3 changes: 2 additions & 1 deletion src/Asymmetric/EncryptionSecretKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,11 @@ public function __construct($keyMaterial = '', ...$args)
/**
* See the appropriate derived class.
*
* @return SignaturePublicKey
* @return EncryptionPublicKey
*/
public function derivePublicKey()
{
/** @var string $publicKey */
$publicKey = \Sodium\crypto_box_publickey_from_secretkey(
$this->get()
);
Expand Down
1 change: 1 addition & 0 deletions src/Asymmetric/PublicKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ class PublicKey extends Key implements Contract\KeyInterface
*/
public function __construct($keyMaterial = '', ...$args)
{
/** @var bool $signing */
$signing = \count($args) >= 1
? $args[0]
: false;
Expand Down
3 changes: 3 additions & 0 deletions src/Asymmetric/SecretKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ class SecretKey extends Key implements Contract\KeyInterface
*/
public function __construct($keyMaterial = '', ...$args)
{
/** @var bool $signing */
$signing = \count($args) >= 1
? $args[0]
: false;
Expand All @@ -21,6 +22,8 @@ public function __construct($keyMaterial = '', ...$args)

/**
* See the appropriate derived class.
* @throws CannotPerformOperation
* @return void
*/
public function derivePublicKey()
{
Expand Down
1 change: 1 addition & 0 deletions src/Asymmetric/SignatureSecretKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ public function __construct($keyMaterial = '', ...$args)
*/
public function derivePublicKey()
{
/** @var string $publicKey */
$publicKey = \Sodium\crypto_sign_publickey_from_secretkey(
$this->get()
);
Expand Down
1 change: 1 addition & 0 deletions src/Config.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
*/
class Config
{
/** @var array */
private $config;

public function __construct(array $set = [])
Expand Down
18 changes: 9 additions & 9 deletions src/Contract/FileInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,8 @@ public static function unsealFile(
/**
* Encrypt a (file handle)
*
* @param $input
* @param $output
* @param resource $input
* @param resource $output
* @param SymmetricKey $key
*/
public static function encryptResource(
Expand All @@ -78,8 +78,8 @@ public static function encryptResource(
/**
* Decrypt a (file handle)
*
* @param $input
* @param $output
* @param resource $input
* @param resource $output
* @param SymmetricKey $key
*/
public static function decryptResource(
Expand All @@ -91,8 +91,8 @@ public static function decryptResource(
/**
* Seal a (file handle)
*
* @param $input
* @param $output
* @param resource $input
* @param resource $output
* @param PublicKey $publickey
*/
public static function sealResource(
Expand All @@ -104,8 +104,8 @@ public static function sealResource(
/**
* Unseal a (file handle)
*
* @param $input
* @param $output
* @param resource $input
* @param resource $output
* @param SecretKey $secretkey
*/
public static function unsealResource(
Expand Down Expand Up @@ -134,7 +134,7 @@ public static function checksumFile(
/**
* Calculate a BLAHE2b checksum of a file
*
* @param string $fileHandle The file you'd like to checksum
* @param resource $fileHandle The file you'd like to checksum
* @param SymmetricKey $key An optional BLAKE2b key
* @param bool $raw Set to true if you don't want hex
*
Expand Down
14 changes: 14 additions & 0 deletions src/Contract/KeyInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,18 @@ public function isSecretKey();
* @return bool
*/
public function isSigningKey();

/**
* We rename this in version 2. Keep this for now.
*
* @return string
*/
public function get();

/**
* Get the actual key material
*
* @return string
*/
public function getRawKeyMaterial();
}
25 changes: 23 additions & 2 deletions src/Contract/StreamInterface.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
<?php
namespace ParagonIE\Halite\Contract;

use ParagonIE\Halite\Alerts\FileAccessDenied;

/**
*
*/
Expand All @@ -11,7 +13,7 @@ interface StreamInterface
*
* @param int $num
* @return string
* @throws FileAlert\AccessDenied
* @throws FileAccessDenied
*/
public function readBytes($num);

Expand All @@ -20,7 +22,26 @@ public function readBytes($num);
*
* @param string $buf
* @param int $num (number of bytes)
* @throws FileAlert\AccessDenied
* @throws FileAccessDenied
*/
public function writeBytes($buf, $num = null);

/**
* @return int
*/
public function remainingBytes();

/**
* Where are we in the buffer?
*
* @return int
*/
public function getPos();

/**
* How big is this buffer?
*
* @return int
*/
public function getSize();
}
14 changes: 8 additions & 6 deletions src/Cookie.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

final class Cookie
{
/** @var KeyInterface|EncryptionKey */
protected $key;

public function __construct(KeyInterface $key)
Expand Down Expand Up @@ -50,13 +51,14 @@ public function fetch($name)
return null;
}
try {
$decrypted = Crypto::decrypt($_COOKIE[$name], $this->key);
/** @var string $decrypted */
$decrypted = Crypto::decrypt((string) $_COOKIE[$name], $this->key);
if (empty($decrypted)) {
return null;
}
return \json_decode($decrypted, true);
return (string) \json_decode($decrypted, true);
} catch (InvalidMessage $e) {
return;
return null;
}
}

Expand All @@ -67,7 +69,7 @@ public function fetch($name)
* @param mixed $value
* @param int $expire (defaults to 0)
* @param string $path (defaults to '/')
* @param string $domain (defaults to NULL)
* @param string $domain (defaults to '')
* @param bool $secure (defaults to TRUE)
* @param bool $httponly (defaults to TRUE)
* @return bool
Expand All @@ -78,7 +80,7 @@ public function store(
$value,
$expire = 0,
$path = '/',
$domain = null,
$domain = '',
$secure = true,
$httponly = true
) {
Expand All @@ -90,7 +92,7 @@ public function store(
return \setcookie(
$name,
Crypto::encrypt(
\json_encode($value),
(string) \json_encode($value),
$this->key
),
$expire,
Expand Down
Loading

0 comments on commit 666506b

Please sign in to comment.