From 44d0dc0249260ca89b6329d7dad37ce46998d311 Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Sun, 21 Apr 2024 23:26:34 -0400 Subject: [PATCH] Use SensitiveParameter on public API In PHP 8.2 and newer, this attribute is used to mark parameters that are sensitive and should be redacted from stack traces. This has no effect on PHP 8.1 or older, but is a nice-to-have for PHP 8.2+. --- lib/php72compat.php | 490 ++++++++++++++++++++++--------- lib/php84compat.php | 38 ++- lib/ristretto255.php | 90 ++++-- lib/sodium_compat.php | 352 +++++++++++++++++------ lib/stream-xchacha20.php | 27 +- src/Compat.php | 605 +++++++++++++++++++++++++++++---------- src/File.php | 74 +++-- 7 files changed, 1240 insertions(+), 436 deletions(-) diff --git a/lib/php72compat.php b/lib/php72compat.php index f813e563..b9da5e03 100644 --- a/lib/php72compat.php +++ b/lib/php72compat.php @@ -115,8 +115,12 @@ * @return void * @throws SodiumException */ - function sodium_add(&$string1, $string2) - { + function sodium_add( + #[\SensitiveParameter] + &$string1, + #[\SensitiveParameter] + $string2 + ) { ParagonIE_Sodium_Compat::add($string1, $string2); } } @@ -130,8 +134,12 @@ function sodium_add(&$string1, $string2) * @throws SodiumException * @throws TypeError */ - function sodium_base642bin($string, $variant, $ignore ='') - { + function sodium_base642bin( + #[\SensitiveParameter] + $string, + $variant, + $ignore ='' + ) { return ParagonIE_Sodium_Compat::base642bin($string, $variant, $ignore); } } @@ -144,8 +152,11 @@ function sodium_base642bin($string, $variant, $ignore ='') * @throws SodiumException * @throws TypeError */ - function sodium_bin2base64($string, $variant) - { + function sodium_bin2base64( + #[\SensitiveParameter] + $string, + $variant + ) { return ParagonIE_Sodium_Compat::bin2base64($string, $variant); } } @@ -157,8 +168,10 @@ function sodium_bin2base64($string, $variant) * @throws SodiumException * @throws TypeError */ - function sodium_bin2hex($string) - { + function sodium_bin2hex( + #[\SensitiveParameter] + $string + ) { return ParagonIE_Sodium_Compat::bin2hex($string); } } @@ -171,8 +184,12 @@ function sodium_bin2hex($string) * @throws SodiumException * @throws TypeError */ - function sodium_compare($string1, $string2) - { + function sodium_compare( + #[\SensitiveParameter] + $string1, + #[\SensitiveParameter] + $string2 + ) { return ParagonIE_Sodium_Compat::compare($string1, $string2); } } @@ -185,8 +202,13 @@ function sodium_compare($string1, $string2) * @param string $key * @return string|bool */ - function sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aes256gcm_decrypt( + $ciphertext, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt( $ciphertext, @@ -215,8 +237,14 @@ function sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $additional_data, $no * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_aes256gcm_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aes256gcm_encrypt( + #[\SensitiveParameter] + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_encrypt($message, $additional_data, $nonce, $key); } } @@ -239,8 +267,13 @@ function sodium_crypto_aead_aes256gcm_is_available() * @param string $key * @return string|bool */ - function sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_decrypt( + $ciphertext, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_decrypt( $ciphertext, @@ -266,8 +299,14 @@ function sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $additional_da * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_chacha20poly1305_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_encrypt( + #[\SensitiveParameter] + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_encrypt( $message, $additional_data, @@ -296,8 +335,13 @@ function sodium_crypto_aead_chacha20poly1305_keygen() * @param string $key * @return string|bool */ - function sodium_crypto_aead_chacha20poly1305_ietf_decrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_ietf_decrypt( + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_decrypt( $message, @@ -323,8 +367,14 @@ function sodium_crypto_aead_chacha20poly1305_ietf_decrypt($message, $additional_ * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_chacha20poly1305_ietf_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_encrypt( $message, $additional_data, @@ -353,8 +403,13 @@ function sodium_crypto_aead_chacha20poly1305_ietf_keygen() * @param string $key * @return string|bool */ - function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt( + $ciphertext, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_decrypt( $ciphertext, @@ -382,9 +437,11 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, $additio * @throws TypeError */ function sodium_crypto_aead_xchacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] $message, $additional_data, $nonce, + #[\SensitiveParameter] $key ) { return ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_encrypt( @@ -416,8 +473,11 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_auth($message, $key) - { + function sodium_crypto_auth( + $message, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_auth($message, $key); } } @@ -442,8 +502,12 @@ function sodium_crypto_auth_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_auth_verify($mac, $message, $key) - { + function sodium_crypto_auth_verify( + $mac, + $message, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_auth_verify($mac, $message, $key); } } @@ -457,8 +521,13 @@ function sodium_crypto_auth_verify($mac, $message, $key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box($message, $nonce, $key_pair) - { + function sodium_crypto_box( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_box($message, $nonce, $key_pair); } } @@ -483,8 +552,11 @@ function sodium_crypto_box_keypair() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_keypair_from_secretkey_and_publickey($secret_key, $public_key) - { + function sodium_crypto_box_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + $secret_key, + $public_key + ) { return ParagonIE_Sodium_Compat::crypto_box_keypair_from_secretkey_and_publickey($secret_key, $public_key); } } @@ -496,8 +568,12 @@ function sodium_crypto_box_keypair_from_secretkey_and_publickey($secret_key, $pu * @param string $key_pair * @return string|bool */ - function sodium_crypto_box_open($ciphertext, $nonce, $key_pair) - { + function sodium_crypto_box_open( + $ciphertext, + $nonce, + #[\SensitiveParameter] + $key_pair + ) { try { return ParagonIE_Sodium_Compat::crypto_box_open($ciphertext, $nonce, $key_pair); } catch (Error $ex) { @@ -515,8 +591,10 @@ function sodium_crypto_box_open($ciphertext, $nonce, $key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_publickey($key_pair) - { + function sodium_crypto_box_publickey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_box_publickey($key_pair); } } @@ -528,8 +606,10 @@ function sodium_crypto_box_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_publickey_from_secretkey($secret_key) - { + function sodium_crypto_box_publickey_from_secretkey( + #[\SensitiveParameter] + $secret_key + ) { return ParagonIE_Sodium_Compat::crypto_box_publickey_from_secretkey($secret_key); } } @@ -542,8 +622,11 @@ function sodium_crypto_box_publickey_from_secretkey($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_seal($message, $public_key) - { + function sodium_crypto_box_seal( + #[\SensitiveParameter] + $message, + $public_key + ) { return ParagonIE_Sodium_Compat::crypto_box_seal($message, $public_key); } } @@ -555,8 +638,11 @@ function sodium_crypto_box_seal($message, $public_key) * @return string|bool * @throws SodiumException */ - function sodium_crypto_box_seal_open($message, $key_pair) - { + function sodium_crypto_box_seal_open( + $message, + #[\SensitiveParameter] + $key_pair + ) { try { return ParagonIE_Sodium_Compat::crypto_box_seal_open($message, $key_pair); } catch (SodiumException $ex) { @@ -575,8 +661,10 @@ function sodium_crypto_box_seal_open($message, $key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_secretkey($key_pair) - { + function sodium_crypto_box_secretkey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_box_secretkey($key_pair); } } @@ -588,8 +676,10 @@ function sodium_crypto_box_secretkey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_seed_keypair($seed) - { + function sodium_crypto_box_seed_keypair( + #[\SensitiveParameter] + $seed + ) { return ParagonIE_Sodium_Compat::crypto_box_seed_keypair($seed); } } @@ -603,8 +693,12 @@ function sodium_crypto_box_seed_keypair($seed) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash($message, $key = null, $length = 32) - { + function sodium_crypto_generichash( + $message, + #[\SensitiveParameter] + $key = null, + $length = 32 + ) { return ParagonIE_Sodium_Compat::crypto_generichash($message, $key, $length); } } @@ -631,8 +725,11 @@ function sodium_crypto_generichash_final(&$state, $outputLength = 32) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash_init($key = null, $length = 32) - { + function sodium_crypto_generichash_init( + #[\SensitiveParameter] + $key = null, + $length = 32 + ) { return ParagonIE_Sodium_Compat::crypto_generichash_init($key, $length); } } @@ -656,8 +753,11 @@ function sodium_crypto_generichash_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash_update(&$state, $message = '') - { + function sodium_crypto_generichash_update( + #[\SensitiveParameter] + &$state, + $message = '' + ) { ParagonIE_Sodium_Compat::crypto_generichash_update($state, $message); } } @@ -682,8 +782,13 @@ function sodium_crypto_kdf_keygen() * @return string * @throws Exception */ - function sodium_crypto_kdf_derive_from_key($subkey_length, $subkey_id, $context, $key) - { + function sodium_crypto_kdf_derive_from_key( + $subkey_length, + $subkey_id, + $context, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_kdf_derive_from_key( $subkey_length, $subkey_id, @@ -703,8 +808,13 @@ function sodium_crypto_kdf_derive_from_key($subkey_length, $subkey_id, $context, * @throws SodiumException * @throws TypeError */ - function sodium_crypto_kx($my_secret, $their_public, $client_public, $server_public) - { + function sodium_crypto_kx( + #[\SensitiveParameter] + $my_secret, + $their_public, + $client_public, + $server_public + ) { return ParagonIE_Sodium_Compat::crypto_kx( $my_secret, $their_public, @@ -719,8 +829,10 @@ function sodium_crypto_kx($my_secret, $their_public, $client_public, $server_pub * @return string * @throws Exception */ - function sodium_crypto_kx_seed_keypair($seed) - { + function sodium_crypto_kx_seed_keypair( + #[\SensitiveParameter] + $seed + ) { return ParagonIE_Sodium_Compat::crypto_kx_seed_keypair($seed); } } @@ -741,8 +853,11 @@ function sodium_crypto_kx_keypair() * @return array{0: string, 1: string} * @throws SodiumException */ - function sodium_crypto_kx_client_session_keys($client_key_pair, $server_key) - { + function sodium_crypto_kx_client_session_keys( + #[\SensitiveParameter] + $client_key_pair, + $server_key + ) { return ParagonIE_Sodium_Compat::crypto_kx_client_session_keys($client_key_pair, $server_key); } } @@ -753,8 +868,11 @@ function sodium_crypto_kx_client_session_keys($client_key_pair, $server_key) * @return array{0: string, 1: string} * @throws SodiumException */ - function sodium_crypto_kx_server_session_keys($server_key_pair, $client_key) - { + function sodium_crypto_kx_server_session_keys( + #[\SensitiveParameter] + $server_key_pair, + $client_key + ) { return ParagonIE_Sodium_Compat::crypto_kx_server_session_keys($server_key_pair, $client_key); } } @@ -764,8 +882,10 @@ function sodium_crypto_kx_server_session_keys($server_key_pair, $client_key) * @return string * @throws Exception */ - function sodium_crypto_kx_secretkey($key_pair) - { + function sodium_crypto_kx_secretkey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_kx_secretkey($key_pair); } } @@ -775,8 +895,10 @@ function sodium_crypto_kx_secretkey($key_pair) * @return string * @throws Exception */ - function sodium_crypto_kx_publickey($key_pair) - { + function sodium_crypto_kx_publickey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_kx_publickey($key_pair); } } @@ -793,8 +915,15 @@ function sodium_crypto_kx_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $algo = null) - { + function sodium_crypto_pwhash( + $length, + #[\SensitiveParameter] + $passwd, + $salt, + $opslimit, + $memlimit, + $algo = null + ) { return ParagonIE_Sodium_Compat::crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $algo); } } @@ -808,8 +937,12 @@ function sodium_crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $al * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_str($passwd, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_str($passwd, $opslimit, $memlimit); } } @@ -823,8 +956,12 @@ function sodium_crypto_pwhash_str($passwd, $opslimit, $memlimit) * * @throws SodiumException */ - function sodium_crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_str_needs_rehash( + #[\SensitiveParameter] + $hash, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit); } } @@ -837,8 +974,12 @@ function sodium_crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_str_verify($passwd, $hash) - { + function sodium_crypto_pwhash_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_str_verify($passwd, $hash); } } @@ -854,8 +995,14 @@ function sodium_crypto_pwhash_str_verify($passwd, $hash) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256($length, $passwd, $salt, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_scryptsalsa208sha256( + $length, + #[\SensitiveParameter] + $passwd, + $salt, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256( $length, $passwd, @@ -875,8 +1022,12 @@ function sodium_crypto_pwhash_scryptsalsa208sha256($length, $passwd, $salt, $ops * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_scryptsalsa208sha256_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit); } } @@ -889,8 +1040,12 @@ function sodium_crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $meml * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) - { + function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash); } } @@ -903,8 +1058,11 @@ function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult($n, $p) - { + function sodium_crypto_scalarmult( + #[\SensitiveParameter] + $n, + $p + ) { return ParagonIE_Sodium_Compat::crypto_scalarmult($n, $p); } } @@ -916,8 +1074,10 @@ function sodium_crypto_scalarmult($n, $p) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult_base($n) - { + function sodium_crypto_scalarmult_base( + #[\SensitiveParameter] + $n + ) { return ParagonIE_Sodium_Compat::crypto_scalarmult_base($n); } } @@ -931,8 +1091,13 @@ function sodium_crypto_scalarmult_base($n) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_secretbox($message, $nonce, $key) - { + function sodium_crypto_secretbox( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_secretbox($message, $nonce, $key); } } @@ -955,8 +1120,12 @@ function sodium_crypto_secretbox_keygen() * @param string $key * @return string|bool */ - function sodium_crypto_secretbox_open($ciphertext, $nonce, $key) - { + function sodium_crypto_secretbox_open( + $ciphertext, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_secretbox_open($ciphertext, $nonce, $key); } catch (Error $ex) { @@ -972,8 +1141,10 @@ function sodium_crypto_secretbox_open($ciphertext, $nonce, $key) * @return array * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_init_push($key) - { + function sodium_crypto_secretstream_xchacha20poly1305_init_push( + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_push($key); } } @@ -987,7 +1158,9 @@ function sodium_crypto_secretstream_xchacha20poly1305_init_push($key) * @throws SodiumException */ function sodium_crypto_secretstream_xchacha20poly1305_push( + #[\SensitiveParameter] &$state, + #[\SensitiveParameter] $message, $additional_data = '', $tag = 0 @@ -1007,8 +1180,11 @@ function sodium_crypto_secretstream_xchacha20poly1305_push( * @return string * @throws Exception */ - function sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key) - { + function sodium_crypto_secretstream_xchacha20poly1305_init_pull( + $header, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_pull($header, $key); } } @@ -1020,8 +1196,12 @@ function sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key) * @return bool|array{0: string, 1: int} * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_pull(&$state, $ciphertext, $additional_data = '') - { + function sodium_crypto_secretstream_xchacha20poly1305_pull( + #[\SensitiveParameter] + &$state, + $ciphertext, + $additional_data = '' + ) { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_pull( $state, $ciphertext, @@ -1035,8 +1215,10 @@ function sodium_crypto_secretstream_xchacha20poly1305_pull(&$state, $ciphertext, * @return void * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_rekey(&$state) - { + function sodium_crypto_secretstream_xchacha20poly1305_rekey( + #[\SensitiveParameter] + &$state + ) { ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_rekey($state); } } @@ -1059,8 +1241,11 @@ function sodium_crypto_secretstream_xchacha20poly1305_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_shorthash($message, $key = '') - { + function sodium_crypto_shorthash( + $message, + #[\SensitiveParameter] + $key = '' + ) { return ParagonIE_Sodium_Compat::crypto_shorthash($message, $key); } } @@ -1084,8 +1269,11 @@ function sodium_crypto_shorthash_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign($message, $secret_key) - { + function sodium_crypto_sign( + $message, + #[\SensitiveParameter] + $secret_key + ) { return ParagonIE_Sodium_Compat::crypto_sign($message, $secret_key); } } @@ -1098,8 +1286,11 @@ function sodium_crypto_sign($message, $secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_detached($message, $secret_key) - { + function sodium_crypto_sign_detached( + $message, + #[\SensitiveParameter] + $secret_key + ) { return ParagonIE_Sodium_Compat::crypto_sign_detached($message, $secret_key); } } @@ -1112,8 +1303,11 @@ function sodium_crypto_sign_detached($message, $secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_keypair_from_secretkey_and_publickey($secret_key, $public_key) - { + function sodium_crypto_sign_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + $secret_key, + $public_key + ) { return ParagonIE_Sodium_Compat::crypto_sign_keypair_from_secretkey_and_publickey($secret_key, $public_key); } } @@ -1155,8 +1349,10 @@ function sodium_crypto_sign_open($signedMessage, $public_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_publickey($key_pair) - { + function sodium_crypto_sign_publickey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_sign_publickey($key_pair); } } @@ -1168,8 +1364,10 @@ function sodium_crypto_sign_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_publickey_from_secretkey($secret_key) - { + function sodium_crypto_sign_publickey_from_secretkey( + #[\SensitiveParameter] + $secret_key + ) { return ParagonIE_Sodium_Compat::crypto_sign_publickey_from_secretkey($secret_key); } } @@ -1181,8 +1379,10 @@ function sodium_crypto_sign_publickey_from_secretkey($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_secretkey($key_pair) - { + function sodium_crypto_sign_secretkey( + #[\SensitiveParameter] + $key_pair + ) { return ParagonIE_Sodium_Compat::crypto_sign_secretkey($key_pair); } } @@ -1194,8 +1394,10 @@ function sodium_crypto_sign_secretkey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_seed_keypair($seed) - { + function sodium_crypto_sign_seed_keypair( + #[\SensitiveParameter] + $seed + ) { return ParagonIE_Sodium_Compat::crypto_sign_seed_keypair($seed); } } @@ -1235,8 +1437,10 @@ function sodium_crypto_sign_ed25519_pk_to_curve25519($public_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_ed25519_sk_to_curve25519($secret_key) - { + function sodium_crypto_sign_ed25519_sk_to_curve25519( + #[\SensitiveParameter] + $secret_key + ) { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_sk_to_curve25519($secret_key); } } @@ -1250,8 +1454,12 @@ function sodium_crypto_sign_ed25519_sk_to_curve25519($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream($length, $nonce, $key) - { + function sodium_crypto_stream( + $length, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream($length, $nonce, $key); } } @@ -1276,8 +1484,13 @@ function sodium_crypto_stream_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream_xor($message, $nonce, $key) - { + function sodium_crypto_stream_xor( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream_xor($message, $nonce, $key); } } @@ -1291,8 +1504,11 @@ function sodium_crypto_stream_xor($message, $nonce, $key) * @throws SodiumException * @throws TypeError */ - function sodium_hex2bin($string, $ignore = '') - { + function sodium_hex2bin( + #[\SensitiveParameter] + $string, + $ignore = '' + ) { return ParagonIE_Sodium_Compat::hex2bin($string, $ignore); } } @@ -1304,8 +1520,10 @@ function sodium_hex2bin($string, $ignore = '') * @throws SodiumException * @throws TypeError */ - function sodium_increment(&$string) - { + function sodium_increment( + #[\SensitiveParameter] + &$string + ) { ParagonIE_Sodium_Compat::increment($string); } } @@ -1348,8 +1566,12 @@ function sodium_version_string() * @throws SodiumException * @throws TypeError */ - function sodium_memcmp($string1, $string2) - { + function sodium_memcmp( + #[\SensitiveParameter] + $string1, + #[\SensitiveParameter] + $string2 + ) { return ParagonIE_Sodium_Compat::memcmp($string1, $string2); } } @@ -1363,8 +1585,10 @@ function sodium_memcmp($string1, $string2) * * @psalm-suppress ReferenceConstraintViolation */ - function sodium_memzero(&$string) - { + function sodium_memzero( + #[\SensitiveParameter] + &$string + ) { ParagonIE_Sodium_Compat::memzero($string); } } @@ -1377,8 +1601,11 @@ function sodium_memzero(&$string) * @throws SodiumException * @throws TypeError */ - function sodium_pad($unpadded, $block_size) - { + function sodium_pad( + #[\SensitiveParameter] + $unpadded, + $block_size + ) { return ParagonIE_Sodium_Compat::pad($unpadded, $block_size, true); } } @@ -1391,8 +1618,11 @@ function sodium_pad($unpadded, $block_size) * @throws SodiumException * @throws TypeError */ - function sodium_unpad($padded, $block_size) - { + function sodium_unpad( + #[\SensitiveParameter] + $padded, + $block_size + ) { return ParagonIE_Sodium_Compat::unpad($padded, $block_size, true); } } diff --git a/lib/php84compat.php b/lib/php84compat.php index d7a317ce..ee172a08 100644 --- a/lib/php84compat.php +++ b/lib/php84compat.php @@ -34,8 +34,13 @@ * @return string * @throws SodiumException */ - function sodium_crypto_aead_aegis128l_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aegis128l_decrypt( + $ciphertext, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aegis128l_decrypt( $ciphertext, $additional_data, @@ -55,8 +60,14 @@ function sodium_crypto_aead_aegis128l_decrypt($ciphertext, $additional_data, $no * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_aegis128l_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aegis128l_encrypt( + #[\SensitiveParameter] + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aegis128l_encrypt( $message, $additional_data, @@ -75,8 +86,13 @@ function sodium_crypto_aead_aegis128l_encrypt($message, $additional_data, $nonce * @return string * @throws SodiumException */ - function sodium_crypto_aead_aegis256_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aegis256_decrypt( + $ciphertext, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aegis256_decrypt( $ciphertext, $additional_data, @@ -96,8 +112,14 @@ function sodium_crypto_aead_aegis256_decrypt($ciphertext, $additional_data, $non * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_aegis256_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aegis256_encrypt( + #[\SensitiveParameter] + $message, + $additional_data, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aegis256_encrypt( $message, $additional_data, diff --git a/lib/ristretto255.php b/lib/ristretto255.php index 5a0c6dc6..587b4f69 100644 --- a/lib/ristretto255.php +++ b/lib/ristretto255.php @@ -47,8 +47,12 @@ * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_add($p, $q) - { + function sodium_crypto_core_ristretto255_add( + #[\SensitiveParameter] + $p, + #[\SensitiveParameter] + $q + ) { return ParagonIE_Sodium_Compat::ristretto255_add($p, $q, true); } } @@ -60,8 +64,10 @@ function sodium_crypto_core_ristretto255_add($p, $q) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_from_hash($s) - { + function sodium_crypto_core_ristretto255_from_hash( + #[\SensitiveParameter] + $s + ) { return ParagonIE_Sodium_Compat::ristretto255_from_hash($s, true); } } @@ -73,8 +79,10 @@ function sodium_crypto_core_ristretto255_from_hash($s) * @return bool * @throws SodiumException */ - function sodium_crypto_core_ristretto255_is_valid_point($s) - { + function sodium_crypto_core_ristretto255_is_valid_point( + #[\SensitiveParameter] + $s + ) { return ParagonIE_Sodium_Compat::ristretto255_is_valid_point($s, true); } } @@ -99,8 +107,12 @@ function sodium_crypto_core_ristretto255_random() * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_add($x, $y) - { + function sodium_crypto_core_ristretto255_scalar_add( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_add($x, $y, true); } } @@ -112,8 +124,10 @@ function sodium_crypto_core_ristretto255_scalar_add($x, $y) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_complement($s) - { + function sodium_crypto_core_ristretto255_scalar_complement( + #[\SensitiveParameter] + $s + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_complement($s, true); } } @@ -125,8 +139,10 @@ function sodium_crypto_core_ristretto255_scalar_complement($s) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_invert($p) - { + function sodium_crypto_core_ristretto255_scalar_invert( + #[\SensitiveParameter] + $p + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_invert($p, true); } } @@ -139,8 +155,12 @@ function sodium_crypto_core_ristretto255_scalar_invert($p) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_mul($x, $y) - { + function sodium_crypto_core_ristretto255_scalar_mul( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_mul($x, $y, true); } } @@ -152,8 +172,10 @@ function sodium_crypto_core_ristretto255_scalar_mul($x, $y) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_negate($s) - { + function sodium_crypto_core_ristretto255_scalar_negate( + #[\SensitiveParameter] + $s + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_negate($s, true); } } @@ -177,8 +199,10 @@ function sodium_crypto_core_ristretto255_scalar_random() * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_reduce($s) - { + function sodium_crypto_core_ristretto255_scalar_reduce( + #[\SensitiveParameter] + $s + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_reduce($s, true); } } @@ -191,8 +215,12 @@ function sodium_crypto_core_ristretto255_scalar_reduce($s) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_scalar_sub($x, $y) - { + function sodium_crypto_core_ristretto255_scalar_sub( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y + ) { return ParagonIE_Sodium_Compat::ristretto255_scalar_sub($x, $y, true); } } @@ -205,8 +233,12 @@ function sodium_crypto_core_ristretto255_scalar_sub($x, $y) * @return string * @throws SodiumException */ - function sodium_crypto_core_ristretto255_sub($p, $q) - { + function sodium_crypto_core_ristretto255_sub( + #[\SensitiveParameter] + $p, + #[\SensitiveParameter] + $q + ) { return ParagonIE_Sodium_Compat::ristretto255_sub($p, $q, true); } } @@ -219,8 +251,12 @@ function sodium_crypto_core_ristretto255_sub($p, $q) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult_ristretto255($n, $p) - { + function sodium_crypto_scalarmult_ristretto255( + #[\SensitiveParameter] + $n, + #[\SensitiveParameter] + $p + ) { return ParagonIE_Sodium_Compat::scalarmult_ristretto255($n, $p, true); } } @@ -232,8 +268,10 @@ function sodium_crypto_scalarmult_ristretto255($n, $p) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult_ristretto255_base($n) - { + function sodium_crypto_scalarmult_ristretto255_base( + #[\SensitiveParameter] + $n + ) { return ParagonIE_Sodium_Compat::scalarmult_ristretto255_base($n, true); } } \ No newline at end of file diff --git a/lib/sodium_compat.php b/lib/sodium_compat.php index 04f4bc7a..72a561da 100644 --- a/lib/sodium_compat.php +++ b/lib/sodium_compat.php @@ -20,8 +20,10 @@ * @throws \SodiumException * @throws \TypeError */ - function bin2hex($string) - { + function bin2hex( + #[\SensitiveParameter] + $string + ) { return ParagonIE_Sodium_Compat::bin2hex($string); } } @@ -34,8 +36,12 @@ function bin2hex($string) * @throws \SodiumException * @throws \TypeError */ - function compare($a, $b) - { + function compare( + #[\SensitiveParameter] + $a, + #[\SensitiveParameter] + $b + ) { return ParagonIE_Sodium_Compat::compare($a, $b); } } @@ -48,8 +54,13 @@ function compare($a, $b) * @param string $key * @return string|bool */ - function crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_aes256gcm_decrypt( + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key); } catch (\TypeError $ex) { @@ -70,8 +81,14 @@ function crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_aead_aes256gcm_encrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_aes256gcm_encrypt( + #[\SensitiveParameter] + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_encrypt($message, $assocData, $nonce, $key); } } @@ -94,8 +111,13 @@ function crypto_aead_aes256gcm_is_available() * @param string $key * @return string|bool */ - function crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_chacha20poly1305_decrypt( + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key); } catch (\TypeError $ex) { @@ -116,8 +138,14 @@ function crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key * @throws \SodiumException * @throws \TypeError */ - function crypto_aead_chacha20poly1305_encrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_chacha20poly1305_encrypt( + #[\SensitiveParameter] + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_encrypt($message, $assocData, $nonce, $key); } } @@ -130,8 +158,13 @@ function crypto_aead_chacha20poly1305_encrypt($message, $assocData, $nonce, $key * @param string $key * @return string|bool */ - function crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_chacha20poly1305_ietf_decrypt( + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key); } catch (\TypeError $ex) { @@ -152,8 +185,14 @@ function crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, * @throws \SodiumException * @throws \TypeError */ - function crypto_aead_chacha20poly1305_ietf_encrypt($message, $assocData, $nonce, $key) - { + function crypto_aead_chacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] + $message, + $assocData, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_encrypt($message, $assocData, $nonce, $key); } } @@ -166,8 +205,11 @@ function crypto_aead_chacha20poly1305_ietf_encrypt($message, $assocData, $nonce, * @throws \SodiumException * @throws \TypeError */ - function crypto_auth($message, $key) - { + function crypto_auth( + $message, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_auth($message, $key); } } @@ -181,8 +223,12 @@ function crypto_auth($message, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_auth_verify($mac, $message, $key) - { + function crypto_auth_verify( + $mac, + $message, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_auth_verify($mac, $message, $key); } } @@ -196,8 +242,13 @@ function crypto_auth_verify($mac, $message, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_box($message, $nonce, $kp) - { + function crypto_box( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $kp + ) { return ParagonIE_Sodium_Compat::crypto_box($message, $nonce, $kp); } } @@ -222,8 +273,11 @@ function crypto_box_keypair() * @throws \SodiumException * @throws \TypeError */ - function crypto_box_keypair_from_secretkey_and_publickey($sk, $pk) - { + function crypto_box_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + $sk, + $pk + ) { return ParagonIE_Sodium_Compat::crypto_box_keypair_from_secretkey_and_publickey($sk, $pk); } } @@ -235,8 +289,13 @@ function crypto_box_keypair_from_secretkey_and_publickey($sk, $pk) * @param string $kp * @return string|bool */ - function crypto_box_open($message, $nonce, $kp) - { + function crypto_box_open( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $kp + ) { try { return ParagonIE_Sodium_Compat::crypto_box_open($message, $nonce, $kp); } catch (\TypeError $ex) { @@ -254,8 +313,10 @@ function crypto_box_open($message, $nonce, $kp) * @throws \SodiumException * @throws \TypeError */ - function crypto_box_publickey($keypair) - { + function crypto_box_publickey( + #[\SensitiveParameter] + $keypair + ) { return ParagonIE_Sodium_Compat::crypto_box_publickey($keypair); } } @@ -267,8 +328,10 @@ function crypto_box_publickey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_box_publickey_from_secretkey($sk) - { + function crypto_box_publickey_from_secretkey( + #[\SensitiveParameter] + $sk + ) { return ParagonIE_Sodium_Compat::crypto_box_publickey_from_secretkey($sk); } } @@ -281,8 +344,11 @@ function crypto_box_publickey_from_secretkey($sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_box_seal($message, $publicKey) - { + function crypto_box_seal( + #[\SensitiveParameter] + $message, + $publicKey + ) { return ParagonIE_Sodium_Compat::crypto_box_seal($message, $publicKey); } } @@ -293,8 +359,11 @@ function crypto_box_seal($message, $publicKey) * @param string $kp * @return string|bool */ - function crypto_box_seal_open($message, $kp) - { + function crypto_box_seal_open( + $message, + #[\SensitiveParameter] + $kp + ) { try { return ParagonIE_Sodium_Compat::crypto_box_seal_open($message, $kp); } catch (\TypeError $ex) { @@ -312,8 +381,10 @@ function crypto_box_seal_open($message, $kp) * @throws \SodiumException * @throws \TypeError */ - function crypto_box_secretkey($keypair) - { + function crypto_box_secretkey( + #[\SensitiveParameter] + $keypair + ) { return ParagonIE_Sodium_Compat::crypto_box_secretkey($keypair); } } @@ -327,8 +398,12 @@ function crypto_box_secretkey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash($message, $key = null, $outLen = 32) - { + function crypto_generichash( + $message, + #[\SensitiveParameter] + $key = null, + $outLen = 32 + ) { return ParagonIE_Sodium_Compat::crypto_generichash($message, $key, $outLen); } } @@ -341,8 +416,11 @@ function crypto_generichash($message, $key = null, $outLen = 32) * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_final(&$ctx, $outputLength = 32) - { + function crypto_generichash_final( + #[\SensitiveParameter] + &$ctx, + $outputLength = 32 + ) { return ParagonIE_Sodium_Compat::crypto_generichash_final($ctx, $outputLength); } } @@ -355,8 +433,11 @@ function crypto_generichash_final(&$ctx, $outputLength = 32) * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_init($key = null, $outLen = 32) - { + function crypto_generichash_init( + #[\SensitiveParameter] + $key = null, + $outLen = 32 + ) { return ParagonIE_Sodium_Compat::crypto_generichash_init($key, $outLen); } } @@ -369,8 +450,11 @@ function crypto_generichash_init($key = null, $outLen = 32) * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_update(&$ctx, $message = '') - { + function crypto_generichash_update( + #[\SensitiveParameter] + &$ctx, + $message = '' + ) { ParagonIE_Sodium_Compat::crypto_generichash_update($ctx, $message); } } @@ -385,8 +469,13 @@ function crypto_generichash_update(&$ctx, $message = '') * @throws \SodiumException * @throws \TypeError */ - function crypto_kx($my_secret, $their_public, $client_public, $server_public) - { + function crypto_kx( + #[\SensitiveParameter] + $my_secret, + $their_public, + $client_public, + $server_public + ) { return ParagonIE_Sodium_Compat::crypto_kx( $my_secret, $their_public, @@ -408,8 +497,14 @@ function crypto_kx($my_secret, $their_public, $client_public, $server_public) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit) - { + function crypto_pwhash( + $outlen, + #[\SensitiveParameter] + $passwd, + $salt, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit); } } @@ -423,8 +518,12 @@ function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_str($passwd, $opslimit, $memlimit) - { + function crypto_pwhash_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_str($passwd, $opslimit, $memlimit); } } @@ -437,8 +536,12 @@ function crypto_pwhash_str($passwd, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_str_verify($passwd, $hash) - { + function crypto_pwhash_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_str_verify($passwd, $hash); } } @@ -454,8 +557,15 @@ function crypto_pwhash_str_verify($passwd, $hash) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit) - { + function crypto_pwhash_scryptsalsa208sha256( + $outlen, + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $salt, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit); } } @@ -469,8 +579,12 @@ function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) - { + function crypto_pwhash_scryptsalsa208sha256_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit); } } @@ -483,8 +597,12 @@ function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) - { + function crypto_pwhash_scryptsalsa208sha256_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash); } } @@ -497,8 +615,11 @@ function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) * @throws \SodiumException * @throws \TypeError */ - function crypto_scalarmult($n, $p) - { + function crypto_scalarmult( + #[\SensitiveParameter] + $n, + $p + ) { return ParagonIE_Sodium_Compat::crypto_scalarmult($n, $p); } } @@ -510,8 +631,10 @@ function crypto_scalarmult($n, $p) * @throws \SodiumException * @throws \TypeError */ - function crypto_scalarmult_base($n) - { + function crypto_scalarmult_base( + #[\SensitiveParameter] + $n + ) { return ParagonIE_Sodium_Compat::crypto_scalarmult_base($n); } } @@ -525,8 +648,13 @@ function crypto_scalarmult_base($n) * @throws \SodiumException * @throws \TypeError */ - function crypto_secretbox($message, $nonce, $key) - { + function crypto_secretbox( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_secretbox($message, $nonce, $key); } } @@ -538,8 +666,12 @@ function crypto_secretbox($message, $nonce, $key) * @param string $key * @return string|bool */ - function crypto_secretbox_open($message, $nonce, $key) - { + function crypto_secretbox_open( + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { try { return ParagonIE_Sodium_Compat::crypto_secretbox_open($message, $nonce, $key); } catch (\TypeError $ex) { @@ -558,8 +690,11 @@ function crypto_secretbox_open($message, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_shorthash($message, $key = '') - { + function crypto_shorthash( + $message, + #[\SensitiveParameter] + $key = '' + ) { return ParagonIE_Sodium_Compat::crypto_shorthash($message, $key); } } @@ -572,8 +707,11 @@ function crypto_shorthash($message, $key = '') * @throws \SodiumException * @throws \TypeError */ - function crypto_sign($message, $sk) - { + function crypto_sign( + $message, + #[\SensitiveParameter] + $sk + ) { return ParagonIE_Sodium_Compat::crypto_sign($message, $sk); } } @@ -586,8 +724,11 @@ function crypto_sign($message, $sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_detached($message, $sk) - { + function crypto_sign_detached( + $message, + #[\SensitiveParameter] + $sk + ) { return ParagonIE_Sodium_Compat::crypto_sign_detached($message, $sk); } } @@ -629,8 +770,10 @@ function crypto_sign_open($signedMessage, $pk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_publickey($keypair) - { + function crypto_sign_publickey( + #[\SensitiveParameter] + $keypair + ) { return ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair); } } @@ -642,8 +785,10 @@ function crypto_sign_publickey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_publickey_from_secretkey($sk) - { + function crypto_sign_publickey_from_secretkey( + #[\SensitiveParameter] + $sk + ) { return ParagonIE_Sodium_Compat::crypto_sign_publickey_from_secretkey($sk); } } @@ -655,8 +800,10 @@ function crypto_sign_publickey_from_secretkey($sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_secretkey($keypair) - { + function crypto_sign_secretkey( + #[\SensitiveParameter] + $keypair + ) { return ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair); } } @@ -668,8 +815,10 @@ function crypto_sign_secretkey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_seed_keypair($seed) - { + function crypto_sign_seed_keypair( + #[\SensitiveParameter] + $seed + ) { return ParagonIE_Sodium_Compat::crypto_sign_seed_keypair($seed); } } @@ -709,8 +858,10 @@ function crypto_sign_ed25519_pk_to_curve25519($pk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_ed25519_sk_to_curve25519($sk) - { + function crypto_sign_ed25519_sk_to_curve25519( + #[\SensitiveParameter] + $sk + ) { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_sk_to_curve25519($sk); } } @@ -724,8 +875,12 @@ function crypto_sign_ed25519_sk_to_curve25519($sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_stream($len, $nonce, $key) - { + function crypto_stream( + $len, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream($len, $nonce, $key); } } @@ -739,8 +894,13 @@ function crypto_stream($len, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_stream_xor($message, $nonce, $key) - { + function crypto_stream_xor( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream_xor($message, $nonce, $key); } } @@ -752,8 +912,10 @@ function crypto_stream_xor($message, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function hex2bin($string) - { + function hex2bin( + #[\SensitiveParameter] + $string + ) { return ParagonIE_Sodium_Compat::hex2bin($string); } } @@ -766,8 +928,12 @@ function hex2bin($string) * @throws \SodiumException * @throws \TypeError */ - function memcmp($a, $b) - { + function memcmp( + #[\SensitiveParameter] + $a, + #[\SensitiveParameter] + $b + ) { return ParagonIE_Sodium_Compat::memcmp($a, $b); } } @@ -783,8 +949,10 @@ function memcmp($a, $b) * @psalm-suppress MissingReturnType * @psalm-suppress ReferenceConstraintViolation */ - function memzero(&$str) - { + function memzero( + #[\SensitiveParameter] + &$str + ) { ParagonIE_Sodium_Compat::memzero($str); } } diff --git a/lib/stream-xchacha20.php b/lib/stream-xchacha20.php index ffeae33f..f1c551f9 100644 --- a/lib/stream-xchacha20.php +++ b/lib/stream-xchacha20.php @@ -10,8 +10,12 @@ * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream_xchacha20($len, $nonce, $key) - { + function sodium_crypto_stream_xchacha20( + $len, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream_xchacha20($len, $nonce, $key, true); } } @@ -36,8 +40,13 @@ function sodium_crypto_stream_xchacha20_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream_xchacha20_xor($message, $nonce, $key) - { + function sodium_crypto_stream_xchacha20_xor( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor($message, $nonce, $key, true); } } @@ -52,8 +61,14 @@ function sodium_crypto_stream_xchacha20_xor($message, $nonce, $key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key) - { + function sodium_crypto_stream_xchacha20_xor_ic( + #[\SensitiveParameter] + $message, + $nonce, + $counter, + #[\SensitiveParameter] + $key + ) { return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, true); } } diff --git a/src/Compat.php b/src/Compat.php index a675aa57..7c4cd703 100644 --- a/src/Compat.php +++ b/src/Compat.php @@ -163,8 +163,12 @@ class ParagonIE_Sodium_Compat * @return void * @throws SodiumException */ - public static function add(&$val, $addv) - { + public static function add( + #[\SensitiveParameter] + &$val, + #[\SensitiveParameter] + $addv + ) { $val_len = ParagonIE_Sodium_Core_Util::strlen($val); $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv); if ($val_len !== $addv_len) { @@ -189,8 +193,12 @@ public static function add(&$val, $addv) * @return string * @throws SodiumException */ - public static function base642bin($encoded, $variant, $ignore = '') - { + public static function base642bin( + #[\SensitiveParameter] + $encoded, + $variant, + $ignore = '' + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($encoded, 'string', 1); @@ -232,8 +240,11 @@ public static function base642bin($encoded, $variant, $ignore = '') * @return string * @throws SodiumException */ - public static function bin2base64($decoded, $variant) - { + public static function bin2base64( + #[\SensitiveParameter] + $decoded, + $variant + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($decoded, 'string', 1); /** @var string $decoded */ @@ -265,8 +276,10 @@ public static function bin2base64($decoded, $variant) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function bin2hex($string) - { + public static function bin2hex( + #[\SensitiveParameter] + $string + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1); @@ -292,8 +305,12 @@ public static function bin2hex($string) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function compare($left, $right) - { + public static function compare( + #[\SensitiveParameter] + $left, + #[\SensitiveParameter] + $right + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2); @@ -329,6 +346,7 @@ public static function crypto_aead_aegis128l_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); @@ -378,9 +396,11 @@ public static function crypto_aead_aegis128l_decrypt( * @psalm-suppress MixedArgument */ public static function crypto_aead_aegis128l_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); @@ -435,6 +455,7 @@ public static function crypto_aead_aegis256_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); @@ -484,9 +505,11 @@ public static function crypto_aead_aegis256_decrypt( * @psalm-suppress MixedArgument */ public static function crypto_aead_aegis256_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); @@ -571,6 +594,7 @@ public static function crypto_aead_aes256gcm_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { if (!self::crypto_aead_aes256gcm_is_available()) { @@ -628,9 +652,11 @@ public static function crypto_aead_aes256gcm_decrypt( * @psalm-suppress MixedArgument */ public static function crypto_aead_aes256gcm_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { if (!self::crypto_aead_aes256gcm_is_available()) { @@ -704,6 +730,7 @@ public static function crypto_aead_chacha20poly1305_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { /* Type checks: */ @@ -781,9 +808,11 @@ public static function crypto_aead_chacha20poly1305_decrypt( * @psalm-suppress MixedArgument */ public static function crypto_aead_chacha20poly1305_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { /* Type checks: */ @@ -858,6 +887,7 @@ public static function crypto_aead_chacha20poly1305_ietf_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { /* Type checks: */ @@ -948,9 +978,11 @@ public static function crypto_aead_chacha20poly1305_keygen() * @psalm-suppress MixedArgument */ public static function crypto_aead_chacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '' ) { /* Type checks: */ @@ -1039,6 +1071,7 @@ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( $ciphertext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '', $dontFallback = false ) { @@ -1111,9 +1144,11 @@ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( * @psalm-suppress MixedArgument */ public static function crypto_aead_xchacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] $plaintext = '', $assocData = '', $nonce = '', + #[\SensitiveParameter] $key = '', $dontFallback = false ) { @@ -1191,8 +1226,11 @@ public static function crypto_aead_xchacha20poly1305_ietf_keygen() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_auth($message, $key) - { + public static function crypto_auth( + $message, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2); @@ -1236,8 +1274,12 @@ public static function crypto_auth_keygen() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_auth_verify($mac, $message, $key) - { + public static function crypto_auth_verify( + $mac, + $message, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($mac, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2); @@ -1280,8 +1322,12 @@ public static function crypto_auth_verify($mac, $message, $key) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box($plaintext, $nonce, $keypair) - { + public static function crypto_box( + $plaintext, + $nonce, + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -1324,8 +1370,11 @@ public static function crypto_box($plaintext, $nonce, $keypair) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box_seal($plaintext, $publicKey) - { + public static function crypto_box_seal( + #[\SensitiveParameter] + $plaintext, + $publicKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2); @@ -1362,8 +1411,11 @@ public static function crypto_box_seal($plaintext, $publicKey) * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_box_seal_open($ciphertext, $keypair) - { + public static function crypto_box_seal_open( + $ciphertext, + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 2); @@ -1425,8 +1477,11 @@ public static function crypto_box_keypair() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box_keypair_from_secretkey_and_publickey($secretKey, $publicKey) - { + public static function crypto_box_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + $secretKey, + $publicKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2); @@ -1464,8 +1519,12 @@ public static function crypto_box_keypair_from_secretkey_and_publickey($secretKe * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_box_open($ciphertext, $nonce, $keypair) - { + public static function crypto_box_open( + $ciphertext, + $nonce, + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -1507,8 +1566,10 @@ public static function crypto_box_open($ciphertext, $nonce, $keypair) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box_publickey($keypair) - { + public static function crypto_box_publickey( + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); @@ -1538,8 +1599,10 @@ public static function crypto_box_publickey($keypair) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box_publickey_from_secretkey($secretKey) - { + public static function crypto_box_publickey_from_secretkey( + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1); @@ -1569,8 +1632,10 @@ public static function crypto_box_publickey_from_secretkey($secretKey) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_box_secretkey($keypair) - { + public static function crypto_box_secretkey( + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); @@ -1601,8 +1666,10 @@ public static function crypto_box_secretkey($keypair) * @psalm-suppress MixedArgument * @psalm-suppress UndefinedFunction */ - public static function crypto_box_seed_keypair($seed) - { + public static function crypto_box_seed_keypair( + #[\SensitiveParameter] + $seed + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1); @@ -1631,8 +1698,12 @@ public static function crypto_box_seed_keypair($seed) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_generichash($message, $key = '', $length = self::CRYPTO_GENERICHASH_BYTES) - { + public static function crypto_generichash( + $message, + #[\SensitiveParameter] + $key = '', + $length = self::CRYPTO_GENERICHASH_BYTES + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); if (is_null($key)) { @@ -1675,8 +1746,11 @@ public static function crypto_generichash($message, $key = '', $length = self::C * @psalm-suppress ReferenceConstraintViolation * @psalm-suppress ConflictingReferenceConstraint */ - public static function crypto_generichash_final(&$ctx, $length = self::CRYPTO_GENERICHASH_BYTES) - { + public static function crypto_generichash_final( + #[\SensitiveParameter] + &$ctx, + $length = self::CRYPTO_GENERICHASH_BYTES + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($length, 'int', 2); @@ -1720,8 +1794,11 @@ public static function crypto_generichash_final(&$ctx, $length = self::CRYPTO_GE * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_generichash_init($key = '', $length = self::CRYPTO_GENERICHASH_BYTES) - { + public static function crypto_generichash_init( + #[\SensitiveParameter] + $key = '', + $length = self::CRYPTO_GENERICHASH_BYTES + ) { /* Type checks: */ if (is_null($key)) { $key = ''; @@ -1765,6 +1842,7 @@ public static function crypto_generichash_init($key = '', $length = self::CRYPTO * @psalm-suppress MixedArgument */ public static function crypto_generichash_init_salt_personal( + #[\SensitiveParameter] $key = '', $length = self::CRYPTO_GENERICHASH_BYTES, $salt = '', @@ -1811,8 +1889,11 @@ public static function crypto_generichash_init_salt_personal( * @psalm-suppress MixedArgument * @psalm-suppress ReferenceConstraintViolation */ - public static function crypto_generichash_update(&$ctx, $message) - { + public static function crypto_generichash_update( + #[\SensitiveParameter] + &$ctx, + $message + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ctx, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 2); @@ -1855,6 +1936,7 @@ public static function crypto_kdf_derive_from_key( $subkey_len, $subkey_id, $context, + #[\SensitiveParameter] $key ) { ParagonIE_Sodium_Core_Util::declareScalarType($subkey_len, 'int', 1); @@ -1932,8 +2014,14 @@ public static function crypto_kdf_keygen() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_kx($my_secret, $their_public, $client_public, $server_public, $dontFallback = false) - { + public static function crypto_kx( + #[\SensitiveParameter] + $my_secret, + $their_public, + $client_public, + $server_public, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($my_secret, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($their_public, 'string', 2); @@ -1994,8 +2082,10 @@ public static function crypto_kx($my_secret, $their_public, $client_public, $ser * @return string * @throws SodiumException */ - public static function crypto_kx_seed_keypair($seed) - { + public static function crypto_kx_seed_keypair( + #[\SensitiveParameter] + $seed + ) { ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1); $seed = (string) $seed; @@ -2026,8 +2116,11 @@ public static function crypto_kx_keypair() * @return array{0: string, 1: string} * @throws SodiumException */ - public static function crypto_kx_client_session_keys($keypair, $serverPublicKey) - { + public static function crypto_kx_client_session_keys( + #[\SensitiveParameter] + $keypair, + $serverPublicKey + ) { ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($serverPublicKey, 'string', 2); @@ -2068,8 +2161,11 @@ public static function crypto_kx_client_session_keys($keypair, $serverPublicKey) * @return array{0: string, 1: string} * @throws SodiumException */ - public static function crypto_kx_server_session_keys($keypair, $clientPublicKey) - { + public static function crypto_kx_server_session_keys( + #[\SensitiveParameter] + $keypair, + $clientPublicKey + ) { ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($clientPublicKey, 'string', 2); @@ -2109,8 +2205,10 @@ public static function crypto_kx_server_session_keys($keypair, $clientPublicKey) * @return string * @throws SodiumException */ - public static function crypto_kx_secretkey($kp) - { + public static function crypto_kx_secretkey( + #[\SensitiveParameter] + $kp + ) { return ParagonIE_Sodium_Core_Util::substr( $kp, 0, @@ -2144,8 +2242,15 @@ public static function crypto_kx_publickey($kp) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit, $alg = null) - { + public static function crypto_pwhash( + $outlen, + #[\SensitiveParameter] + $passwd, + $salt, + $opslimit, + $memlimit, + $alg = null + ) { ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1); ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2); ParagonIE_Sodium_Core_Util::declareScalarType($salt, 'string', 3); @@ -2196,8 +2301,12 @@ public static function crypto_pwhash_is_available() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_pwhash_str($passwd, $opslimit, $memlimit) - { + public static function crypto_pwhash_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2); ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3); @@ -2223,8 +2332,12 @@ public static function crypto_pwhash_str($passwd, $opslimit, $memlimit) * @return bool * @throws SodiumException */ - public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit) - { + public static function crypto_pwhash_str_needs_rehash( + #[\SensitiveParameter] + $hash, + $opslimit, + $memlimit + ) { ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2); ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3); @@ -2252,8 +2365,12 @@ public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimi * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_pwhash_str_verify($passwd, $hash) - { + public static function crypto_pwhash_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2); @@ -2279,8 +2396,14 @@ public static function crypto_pwhash_str_verify($passwd, $hash) * @throws SodiumException * @throws TypeError */ - public static function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit) - { + public static function crypto_pwhash_scryptsalsa208sha256( + $outlen, + #[\SensitiveParameter] + $passwd, + $salt, + $opslimit, + $memlimit + ) { ParagonIE_Sodium_Core_Util::declareScalarType($outlen, 'int', 1); ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 2); ParagonIE_Sodium_Core_Util::declareScalarType($salt, 'string', 3); @@ -2339,8 +2462,12 @@ public static function crypto_pwhash_scryptsalsa208sha256_is_available() * @throws SodiumException * @throws TypeError */ - public static function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) - { + public static function crypto_pwhash_scryptsalsa208sha256_str( + #[\SensitiveParameter] + $passwd, + $opslimit, + $memlimit + ) { ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2); ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3); @@ -2373,8 +2500,12 @@ public static function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit * @throws SodiumException * @throws TypeError */ - public static function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) - { + public static function crypto_pwhash_scryptsalsa208sha256_str_verify( + #[\SensitiveParameter] + $passwd, + #[\SensitiveParameter] + $hash + ) { ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2); @@ -2410,8 +2541,11 @@ public static function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $h * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_scalarmult($secretKey, $publicKey) - { + public static function crypto_scalarmult( + #[\SensitiveParameter] + $secretKey, + $publicKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2); @@ -2454,8 +2588,10 @@ public static function crypto_scalarmult($secretKey, $publicKey) * @psalm-suppress TooFewArguments * @psalm-suppress MixedArgument */ - public static function crypto_scalarmult_base($secretKey) - { + public static function crypto_scalarmult_base( + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1); @@ -2492,8 +2628,13 @@ public static function crypto_scalarmult_base($secretKey) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_secretbox($plaintext, $nonce, $key) - { + public static function crypto_secretbox( + #[\SensitiveParameter] + $plaintext, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -2532,8 +2673,12 @@ public static function crypto_secretbox($plaintext, $nonce, $key) * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_secretbox_open($ciphertext, $nonce, $key) - { + public static function crypto_secretbox_open( + $ciphertext, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -2618,8 +2763,12 @@ public static function crypto_secretbox_xchacha20poly1305($plaintext, $nonce, $k * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_secretbox_xchacha20poly1305_open($ciphertext, $nonce, $key) - { + public static function crypto_secretbox_xchacha20poly1305_open( + $ciphertext, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -2645,8 +2794,10 @@ public static function crypto_secretbox_xchacha20poly1305_open($ciphertext, $non * @throws Exception * @throws SodiumException */ - public static function crypto_secretstream_xchacha20poly1305_init_push($key) - { + public static function crypto_secretstream_xchacha20poly1305_init_push( + #[\SensitiveParameter] + $key + ) { if (PHP_INT_SIZE === 4) { return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_init_push($key); } @@ -2659,8 +2810,11 @@ public static function crypto_secretstream_xchacha20poly1305_init_push($key) * @return string Returns a state. * @throws Exception */ - public static function crypto_secretstream_xchacha20poly1305_init_pull($header, $key) - { + public static function crypto_secretstream_xchacha20poly1305_init_pull( + $header, + #[\SensitiveParameter] + $key + ) { if (ParagonIE_Sodium_Core_Util::strlen($header) < self::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES) { throw new SodiumException( 'header size should be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES bytes' @@ -2680,8 +2834,14 @@ public static function crypto_secretstream_xchacha20poly1305_init_pull($header, * @return string * @throws SodiumException */ - public static function crypto_secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0) - { + public static function crypto_secretstream_xchacha20poly1305_push( + #[\SensitiveParameter] + &$state, + #[\SensitiveParameter] + $msg, + $aad = '', + $tag = 0 + ) { if (PHP_INT_SIZE === 4) { return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_push( $state, @@ -2705,8 +2865,12 @@ public static function crypto_secretstream_xchacha20poly1305_push(&$state, $msg, * @return bool|array{0: string, 1: int} * @throws SodiumException */ - public static function crypto_secretstream_xchacha20poly1305_pull(&$state, $msg, $aad = '') - { + public static function crypto_secretstream_xchacha20poly1305_pull( + #[\SensitiveParameter] + &$state, + $msg, + $aad = '' + ) { if (PHP_INT_SIZE === 4) { return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_pull( $state, @@ -2735,8 +2899,10 @@ public static function crypto_secretstream_xchacha20poly1305_keygen() * @return void * @throws SodiumException */ - public static function crypto_secretstream_xchacha20poly1305_rekey(&$state) - { + public static function crypto_secretstream_xchacha20poly1305_rekey( + #[\SensitiveParameter] + &$state + ) { if (PHP_INT_SIZE === 4) { ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_rekey($state); } else { @@ -2756,8 +2922,11 @@ public static function crypto_secretstream_xchacha20poly1305_rekey(&$state) * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_shorthash($message, $key) - { + public static function crypto_shorthash( + $message, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2); @@ -2806,8 +2975,11 @@ public static function crypto_shorthash_keygen() * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_sign($message, $secretKey) - { + public static function crypto_sign( + $message, + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2); @@ -2842,8 +3014,10 @@ public static function crypto_sign($message, $secretKey) * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */ - public static function crypto_sign_open($signedMessage, $publicKey) - { + public static function crypto_sign_open( + $signedMessage, + $publicKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($signedMessage, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2); @@ -2899,8 +3073,11 @@ public static function crypto_sign_keypair() * @return string * @throws SodiumException */ - public static function crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk) - { + public static function crypto_sign_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + $sk, + $pk + ) { ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($pk, 'string', 1); $sk = (string) $sk; @@ -2928,8 +3105,10 @@ public static function crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_seed_keypair($seed) - { + public static function crypto_sign_seed_keypair( + #[\SensitiveParameter] + $seed + ) { ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1); if (self::useNewSodiumAPI()) { @@ -2957,8 +3136,10 @@ public static function crypto_sign_seed_keypair($seed) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_publickey($keypair) - { + public static function crypto_sign_publickey( + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); @@ -2988,8 +3169,10 @@ public static function crypto_sign_publickey($keypair) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_publickey_from_secretkey($secretKey) - { + public static function crypto_sign_publickey_from_secretkey( + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 1); @@ -3019,8 +3202,10 @@ public static function crypto_sign_publickey_from_secretkey($secretKey) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_secretkey($keypair) - { + public static function crypto_sign_secretkey( + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1); @@ -3053,8 +3238,11 @@ public static function crypto_sign_secretkey($keypair) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_detached($message, $secretKey) - { + public static function crypto_sign_detached( + $message, + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($secretKey, 'string', 2); @@ -3161,8 +3349,10 @@ public static function crypto_sign_ed25519_pk_to_curve25519($pk) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_sign_ed25519_sk_to_curve25519($sk) - { + public static function crypto_sign_ed25519_sk_to_curve25519( + #[\SensitiveParameter] + $sk + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1); @@ -3203,8 +3393,12 @@ public static function crypto_sign_ed25519_sk_to_curve25519($sk) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_stream($len, $nonce, $key) - { + public static function crypto_stream( + $len, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -3250,8 +3444,13 @@ public static function crypto_stream($len, $nonce, $key) * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_stream_xor($message, $nonce, $key) - { + public static function crypto_stream_xor( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -3305,8 +3504,13 @@ public static function crypto_stream_keygen() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback = false) - { + public static function crypto_stream_xchacha20( + $len, + $nonce, + #[\SensitiveParameter] + $key, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($len, 'int', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -3350,8 +3554,14 @@ public static function crypto_stream_xchacha20($len, $nonce, $key, $dontFallback * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dontFallback = false) - { + public static function crypto_stream_xchacha20_xor( + #[\SensitiveParameter] + $message, + $nonce, + #[\SensitiveParameter] + $key, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -3396,8 +3606,15 @@ public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dont * @throws TypeError * @psalm-suppress MixedArgument */ - public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false) - { + public static function crypto_stream_xchacha20_xor_ic( + #[\SensitiveParameter] + $message, + $nonce, + $counter, + #[\SensitiveParameter] + $key, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); @@ -3446,8 +3663,11 @@ public static function crypto_stream_xchacha20_keygen() * @psalm-suppress TooFewArguments * @psalm-suppress MixedArgument */ - public static function hex2bin($string, $ignore = '') - { + public static function hex2bin( + #[\SensitiveParameter] + $string, + $ignore = '' + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($string, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($ignore, 'string', 2); @@ -3473,8 +3693,10 @@ public static function hex2bin($string, $ignore = '') * @throws TypeError * @psalm-suppress MixedArgument */ - public static function increment(&$var) - { + public static function increment( + #[\SensitiveParameter] + &$var + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1); @@ -3507,8 +3729,10 @@ public static function increment(&$var) * * @throws SodiumException */ - public static function is_zero($str) - { + public static function is_zero( + #[\SensitiveParameter] + $str + ) { $d = 0; for ($i = 0; $i < 32; ++$i) { $d |= ParagonIE_Sodium_Core_Util::chrToInt($str[$i]); @@ -3562,8 +3786,12 @@ public static function library_version_minor() * @throws TypeError * @psalm-suppress MixedArgument */ - public static function memcmp($left, $right) - { + public static function memcmp( + #[\SensitiveParameter] + $left, + #[\SensitiveParameter] + $right + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2); @@ -3591,8 +3819,10 @@ public static function memcmp($left, $right) * @throws TypeError * @psalm-suppress TooFewArguments */ - public static function memzero(&$var) - { + public static function memzero( + #[\SensitiveParameter] + &$var + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1); @@ -3622,8 +3852,12 @@ public static function memzero(&$var) * @return string * @throws SodiumException */ - public static function pad($unpadded, $blockSize, $dontFallback = false) - { + public static function pad( + #[\SensitiveParameter] + $unpadded, + $blockSize, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($unpadded, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2); @@ -3708,8 +3942,12 @@ public static function pad($unpadded, $blockSize, $dontFallback = false) * @return string * @throws SodiumException */ - public static function unpad($padded, $blockSize, $dontFallback = false) - { + public static function unpad( + #[\SensitiveParameter] + $padded, + $blockSize, + $dontFallback = false + ) { /* Type checks: */ ParagonIE_Sodium_Core_Util::declareScalarType($padded, 'string', 1); ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2); @@ -3863,8 +4101,11 @@ public static function randombytes_random16() * @return bool * @throws SodiumException */ - public static function ristretto255_is_valid_point($p, $dontFallback = false) - { + public static function ristretto255_is_valid_point( + #[\SensitiveParameter] + $p, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_is_valid_point($p); } @@ -3887,8 +4128,13 @@ public static function ristretto255_is_valid_point($p, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_add($p, $q, $dontFallback = false) - { + public static function ristretto255_add( + #[\SensitiveParameter] + $p, + #[\SensitiveParameter] + $q, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_add($p, $q); } @@ -3902,8 +4148,13 @@ public static function ristretto255_add($p, $q, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_sub($p, $q, $dontFallback = false) - { + public static function ristretto255_sub( + #[\SensitiveParameter] + $p, + #[\SensitiveParameter] + $q, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_sub($p, $q); } @@ -3917,8 +4168,11 @@ public static function ristretto255_sub($p, $q, $dontFallback = false) * * @throws SodiumException */ - public static function ristretto255_from_hash($r, $dontFallback = false) - { + public static function ristretto255_from_hash( + #[\SensitiveParameter] + $r, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_from_hash($r); } @@ -3959,8 +4213,11 @@ public static function ristretto255_scalar_random($dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_invert($s, $dontFallback = false) - { + public static function ristretto255_scalar_invert( + #[\SensitiveParameter] + $s, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_invert($s); } @@ -3972,8 +4229,11 @@ public static function ristretto255_scalar_invert($s, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_negate($s, $dontFallback = false) - { + public static function ristretto255_scalar_negate( + #[\SensitiveParameter] + $s, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_negate($s); } @@ -3986,8 +4246,11 @@ public static function ristretto255_scalar_negate($s, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_complement($s, $dontFallback = false) - { + public static function ristretto255_scalar_complement( + #[\SensitiveParameter] + $s, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_complement($s); } @@ -4001,8 +4264,13 @@ public static function ristretto255_scalar_complement($s, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_add($x, $y, $dontFallback = false) - { + public static function ristretto255_scalar_add( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_add($x, $y); } @@ -4016,8 +4284,13 @@ public static function ristretto255_scalar_add($x, $y, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_sub($x, $y, $dontFallback = false) - { + public static function ristretto255_scalar_sub( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_sub($x, $y); } @@ -4031,8 +4304,13 @@ public static function ristretto255_scalar_sub($x, $y, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_mul($x, $y, $dontFallback = false) - { + public static function ristretto255_scalar_mul( + #[\SensitiveParameter] + $x, + #[\SensitiveParameter] + $y, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_mul($x, $y); } @@ -4046,8 +4324,13 @@ public static function ristretto255_scalar_mul($x, $y, $dontFallback = false) * @return string * @throws SodiumException */ - public static function scalarmult_ristretto255($n, $p, $dontFallback = false) - { + public static function scalarmult_ristretto255( + #[\SensitiveParameter] + $n, + #[\SensitiveParameter] + $p, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_scalarmult_ristretto255($n, $p); } @@ -4061,8 +4344,11 @@ public static function scalarmult_ristretto255($n, $p, $dontFallback = false) * @return string * @throws SodiumException */ - public static function scalarmult_ristretto255_base($n, $dontFallback = false) - { + public static function scalarmult_ristretto255_base( + #[\SensitiveParameter] + $n, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_scalarmult_ristretto255_base($n); } @@ -4075,8 +4361,11 @@ public static function scalarmult_ristretto255_base($n, $dontFallback = false) * @return string * @throws SodiumException */ - public static function ristretto255_scalar_reduce($s, $dontFallback = false) - { + public static function ristretto255_scalar_reduce( + #[\SensitiveParameter] + $s, + $dontFallback = false + ) { if (self::useNewSodiumAPI() && !$dontFallback) { return sodium_crypto_core_ristretto255_scalar_reduce($s); } @@ -4130,8 +4419,12 @@ public static function runtime_speed_test($iterations, $maxTimeout) * @return void * @throws SodiumException */ - public static function sub(&$val, $addv) - { + public static function sub( + #[\SensitiveParameter] + &$val, + #[\SensitiveParameter] + $addv + ) { $val_len = ParagonIE_Sodium_Core_Util::strlen($val); $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv); if ($val_len !== $addv_len) { diff --git a/src/File.php b/src/File.php index e8622c7e..1b02fc4b 100644 --- a/src/File.php +++ b/src/File.php @@ -25,8 +25,13 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util * @throws SodiumException * @throws TypeError */ - public static function box($inputFile, $outputFile, $nonce, $keyPair) - { + public static function box( + $inputFile, + $outputFile, + $nonce, + #[\SensitiveParameter] + $keyPair + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given.'); @@ -91,8 +96,13 @@ public static function box($inputFile, $outputFile, $nonce, $keyPair) * @throws SodiumException * @throws TypeError */ - public static function box_open($inputFile, $outputFile, $nonce, $keypair) - { + public static function box_open( + $inputFile, + $outputFile, + $nonce, + #[\SensitiveParameter] + $keypair + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given.'); @@ -161,8 +171,12 @@ public static function box_open($inputFile, $outputFile, $nonce, $keypair) * @throws SodiumException * @throws TypeError */ - public static function box_seal($inputFile, $outputFile, $publicKey) - { + public static function box_seal( + $inputFile, + $outputFile, + #[\SensitiveParameter] + $publicKey + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given.'); @@ -265,8 +279,12 @@ public static function box_seal($inputFile, $outputFile, $publicKey) * @throws SodiumException * @throws TypeError */ - public static function box_seal_open($inputFile, $outputFile, $ecdhKeypair) - { + public static function box_seal_open( + $inputFile, + $outputFile, + #[\SensitiveParameter] + $ecdhKeypair + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given.'); @@ -350,8 +368,12 @@ public static function box_seal_open($inputFile, $outputFile, $ecdhKeypair) * @throws TypeError * @psalm-suppress FailedTypeResolution */ - public static function generichash($filePath, $key = '', $outputLength = 32) - { + public static function generichash( + $filePath, + #[\SensitiveParameter] + $key = '', + $outputLength = 32 + ) { /* Type checks: */ if (!is_string($filePath)) { throw new TypeError('Argument 1 must be a string, ' . gettype($filePath) . ' given.'); @@ -428,8 +450,13 @@ public static function generichash($filePath, $key = '', $outputLength = 32) * @throws SodiumException * @throws TypeError */ - public static function secretbox($inputFile, $outputFile, $nonce, $key) - { + public static function secretbox( + $inputFile, + $outputFile, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given..'); @@ -493,8 +520,13 @@ public static function secretbox($inputFile, $outputFile, $nonce, $key) * @throws SodiumException * @throws TypeError */ - public static function secretbox_open($inputFile, $outputFile, $nonce, $key) - { + public static function secretbox_open( + $inputFile, + $outputFile, + $nonce, + #[\SensitiveParameter] + $key + ) { /* Type checks: */ if (!is_string($inputFile)) { throw new TypeError('Argument 1 must be a string, ' . gettype($inputFile) . ' given.'); @@ -560,8 +592,11 @@ public static function secretbox_open($inputFile, $outputFile, $nonce, $key) * @throws SodiumException * @throws TypeError */ - public static function sign($filePath, $secretKey) - { + public static function sign( + $filePath, + #[\SensitiveParameter] + $secretKey + ) { /* Type checks: */ if (!is_string($filePath)) { throw new TypeError('Argument 1 must be a string, ' . gettype($filePath) . ' given.'); @@ -656,8 +691,11 @@ public static function sign($filePath, $secretKey) * @throws TypeError * @throws Exception */ - public static function verify($sig, $filePath, $publicKey) - { + public static function verify( + $sig, + $filePath, + $publicKey + ) { /* Type checks: */ if (!is_string($sig)) { throw new TypeError('Argument 1 must be a string, ' . gettype($sig) . ' given.');