octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-06-14 22:32:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

CS adjustments

Browse Source
This commit is contained in:
terrafrost 2022-08-21 11:31:35 -05:00
parent 71fa541c9a
commit a4dba26ec5
7 changed files with 54 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
phpseclib/Common/Functions/Strings.php
View File

@ -394,11 +394,8 @@ abstract class Strings
*
* ParagoneIE\ConstantTime doesn't use libsodium if it's available so we'll do so
* ourselves. see https://github.com/paragonie/constant_time_encoding/issues/39
*
* @param string $data
* @return string
*/
public static function base64_decode($data)
public static function base64_decode(string $data): string
{
return function_exists('sodium_base642bin') ?
sodium_base642bin($data, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, '=') :
@ -407,11 +404,8 @@ abstract class Strings
/**
* Constant Time Base64-decoding (URL safe)
*
* @param string $data
* @return string
*/
public static function base64url_decode($data)
public static function base64url_decode(string $data): string
{
// return self::base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
@ -422,11 +416,8 @@ abstract class Strings
/**
* Constant Time Base64-encoding
*
* @param string $data
* @return string
*/
public static function base64_encode($data)
public static function base64_encode(string $data): string
{
return function_exists('sodium_bin2base64') ?
sodium_bin2base64($data, SODIUM_BASE64_VARIANT_ORIGINAL) :
@ -435,11 +426,8 @@ abstract class Strings
/**
* Constant Time Base64-encoding (URL safe)
*
* @param string $data
* @return string
*/
public static function base64url_encode($data)
public static function base64url_encode(string $data): string
{
// return str_replace(['+', '/'], ['-', '_'], self::base64_encode($data));
@ -450,11 +438,8 @@ abstract class Strings
/**
* Constant Time Hex Decoder
*
* @param string $data
* @return string
*/
public static function hex2bin($data)
public static function hex2bin(string $data): string
{
return function_exists('sodium_hex2bin') ?
sodium_hex2bin($data) :
@ -463,11 +448,8 @@ abstract class Strings
/**
* Constant Time Hex Encoder
*
* @param string $data
* @return string
*/
public static function bin2hex($data)
public static function bin2hex(string $data): string
{
return function_exists('sodium_bin2hex') ?
sodium_bin2hex($data) :

23
phpseclib/Crypt/Common/Formats/Keys/JWK.php
View File

@ -11,6 +11,8 @@
* @link http://phpseclib.sourceforge.net
*/
declare(strict_types=1);
namespace phpseclib3\Crypt\Common\Formats\Keys;
use phpseclib3\Common\Functions\Strings;
@ -25,11 +27,9 @@ abstract class JWK
/**
* Break a public or private key down into its constituent components
*
* @param string $key
* @param string $password
* @return array
* @param string|array $key
*/
public static function load($key, $password = '')
protected static function loadHelper($key): \stdClass
{
if (!Strings::is_stringable($key)) {
throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
@ -37,20 +37,13 @@ abstract class JWK
$key = preg_replace('#\s#', '', $key); // remove whitespace
if (PHP_VERSION_ID >= 73000) {
$key = json_decode($key, null, 512, JSON_THROW_ON_ERROR);
} else {
$key = json_decode($key);
if (!$key) {
throw new \RuntimeException('Unable to decode JSON');
}
}
$key = json_decode($key, null, 512, JSON_THROW_ON_ERROR);
if (isset($key->kty)) {
return $key;
}
if (count($key->keys) != 1) {
if (count($key->keys) != 1) {
throw new \RuntimeException('Although the JWK key format supports multiple keys phpseclib does not');
}
@ -59,10 +52,8 @@ abstract class JWK
/**
* Wrap a key appropriately
*
* @return string
*/
protected static function wrapKey(array $key, array $options)
protected static function wrapKey(array $key, array $options): string
{
return json_encode(['keys' => [$key + $options]]);
}

2
phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php
View File

@ -29,11 +29,11 @@ declare(strict_types=1);
namespace phpseclib3\Crypt\DSA\Formats\Keys;
use phpseclib3\Common\Functions\Strings;
use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor;
use phpseclib3\File\ASN1;
use phpseclib3\File\ASN1\Maps;
use phpseclib3\Math\BigInteger;
use phpseclib3\Common\Functions\Strings;
/**
* PKCS#1 Formatted DSA Key Handler

54
phpseclib/Crypt/EC/Formats/Keys/JWK.php
View File

@ -11,17 +11,19 @@
* @link http://phpseclib.sourceforge.net
*/
declare(strict_types=1);
namespace phpseclib3\Crypt\EC\Formats\Keys;
use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve;
use phpseclib3\Common\Functions\Strings;
use phpseclib3\Crypt\Common\Formats\Keys\JWK as Progenitor;
use phpseclib3\Crypt\EC\BaseCurves\Base as BaseCurve;
use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve;
use phpseclib3\Crypt\EC\Curves\Ed25519;
use phpseclib3\Crypt\EC\Curves\secp256k1;
use phpseclib3\Crypt\EC\Curves\secp256r1;
use phpseclib3\Crypt\EC\Curves\secp384r1;
use phpseclib3\Crypt\EC\Curves\secp521r1;
use phpseclib3\Crypt\EC\Curves\secp256k1;
use phpseclib3\Exception\UnsupportedCurveException;
use phpseclib3\Math\BigInteger;
@ -37,13 +39,11 @@ abstract class JWK extends Progenitor
/**
* Break a public or private key down into its constituent components
*
* @param string $key
* @param string $password optional
* @return array
* @param string|array $key
*/
public static function load($key, $password = '')
public static function load($key, ?string $password = null): array
{
$key = parent::load($key, $password);
$key = parent::loadHelper($key);
switch ($key->kty) {
case 'EC':
@ -71,20 +71,20 @@ abstract class JWK extends Progenitor
}
$curve = '\phpseclib3\Crypt\EC\Curves\\' . str_replace('P-', 'nistp', $key->crv);
$curve = new $curve;
$curve = new $curve();
if ($curve instanceof TwistedEdwardsCurve) {
$QA = self::extractPoint(Strings::base64url_decode($key->x), $curve);
if (!isset($key->d)) {
return compact('curve', 'QA');
}
$dA = $curve->extractSecret(Strings::base64url_decode($key->d));
return compact('curve', 'dA', 'QA');
$arr = $curve->extractSecret(Strings::base64url_decode($key->d));
return compact('curve', 'QA') + $arr;
}
$QA = [
$curve->convertInteger(new BigInteger(Strings::base64url_decode($key->x), 256)),
$curve->convertInteger(new BigInteger(Strings::base64url_decode($key->y), 256))
$curve->convertInteger(new BigInteger(Strings::base64url_decode($key->y), 256)),
];
if (!$curve->verifyPoint($QA)) {
@ -130,17 +130,15 @@ abstract class JWK extends Progenitor
/**
* Return the array superstructure for an EC public key
*
* @param \phpseclib3\Crypt\EC\BaseCurves\Base $curve
* @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey
* @return array
*/
private static function savePublicKeyHelper(BaseCurve $curve, array $publicKey)
private static function savePublicKeyHelper(BaseCurve $curve, array $publicKey): array
{
if ($curve instanceof TwistedEdwardsCurve) {
return [
'kty' => 'OKP',
'crv' => $curve instanceof Ed25519 ? 'Ed25519' : 'Ed448',
'x' => Strings::base64url_encode($curve->encodePoint($publicKey))
'x' => Strings::base64url_encode($curve->encodePoint($publicKey)),
];
}
@ -148,19 +146,16 @@ abstract class JWK extends Progenitor
'kty' => 'EC',
'crv' => self::getAlias($curve),
'x' => Strings::base64url_encode($publicKey[0]->toBytes()),
'y' => Strings::base64url_encode($publicKey[1]->toBytes())
'y' => Strings::base64url_encode($publicKey[1]->toBytes()),
];
}
/**
* Convert an EC public key to the appropriate format
*
* @param \phpseclib3\Crypt\EC\BaseCurves\Base $curve
* @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey
* @param array $options optional
* @return string
*/
public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = [])
public static function savePublicKey(BaseCurve $curve, array $publicKey, array $options = []): string
{
$key = self::savePublicKeyHelper($curve, $publicKey);
@ -170,19 +165,18 @@ abstract class JWK extends Progenitor
/**
* Convert a private key to the appropriate format.
*
* @param \phpseclib3\Math\BigInteger $privateKey
* @param \phpseclib3\Crypt\EC\Curves\Ed25519 $curve
* @param \phpseclib3\Math\Common\FiniteField\Integer[] $publicKey
* @param string $password optional
* @param array $options optional
* @return string
*/
public static function savePrivateKey(BigInteger $privateKey, BaseCurve $curve, array $publicKey, $password = '', array $options = [])
{
public static function savePrivateKey(
BigInteger $privateKey,
BaseCurve $curve,
array $publicKey,
?string $secret = null,
?string $password = null,
array $options = []
): string {
$key = self::savePublicKeyHelper($curve, $publicKey);
$key['d'] = $curve instanceof TwistedEdwardsCurve ?
$privateKey->secret :
$privateKey->toBytes();
$key['d'] = $curve instanceof TwistedEdwardsCurve ? $secret : $privateKey->toBytes();
$key['d'] = Strings::base64url_encode($key['d']);
return self::wrapKey($key, $options);

30
phpseclib/Crypt/RSA/Formats/Keys/JWK.php
View File

@ -11,6 +11,8 @@
* @link http://phpseclib.sourceforge.net
*/
declare(strict_types=1);
namespace phpseclib3\Crypt\RSA\Formats\Keys;
use phpseclib3\Common\Functions\Strings;
@ -27,13 +29,11 @@ abstract class JWK extends Progenitor
/**
* Break a public or private key down into its constituent components
*
* @param string $key
* @param string $password optional
* @return array
* @param string|array $key
*/
public static function load($key, $password = '')
public static function load($key, ?string $password = null): array
{
$key = parent::load($key, $password);
$key = parent::loadHelper($key);
if ($key->kty != 'RSA') {
throw new \RuntimeException('Only RSA JWK keys are supported');
@ -90,17 +90,10 @@ abstract class JWK extends Progenitor
/**
* Convert a private key to the appropriate format.
*
* @param \phpseclib3\Math\BigInteger $n
* @param \phpseclib3\Math\BigInteger $e
* @param \phpseclib3\Math\BigInteger $d
* @param array $primes
* @param array $exponents
* @param array $coefficients
* @param string $password optional
* @param array $options optional
* @return string
*/
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, $password = '', array $options = [])
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, array $primes, array $exponents, array $coefficients, ?string $password = null, array $options = []): string
{
if (count($primes) != 2) {
throw new \InvalidArgumentException('JWK does not support multi-prime RSA keys');
@ -115,7 +108,7 @@ abstract class JWK extends Progenitor
'q' => Strings::base64url_encode($primes[2]->toBytes()),
'dp' => Strings::base64url_encode($exponents[1]->toBytes()),
'dq' => Strings::base64url_encode($exponents[2]->toBytes()),
'qi' => Strings::base64url_encode($coefficients[2]->toBytes())
'qi' => Strings::base64url_encode($coefficients[2]->toBytes()),
];
return self::wrapKey($key, $options);
@ -123,18 +116,13 @@ abstract class JWK extends Progenitor
/**
* Convert a public key to the appropriate format
*
* @param \phpseclib3\Math\BigInteger $n
* @param \phpseclib3\Math\BigInteger $e
* @param array $options optional
* @return string
*/
public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = [])
public static function savePublicKey(BigInteger $n, BigInteger $e, array $options = []): string
{
$key = [
'kty' => 'RSA',
'n' => Strings::base64url_encode($n->toBytes()),
'e' => Strings::base64url_encode($e->toBytes())
'e' => Strings::base64url_encode($e->toBytes()),
];
return self::wrapKey($key, $options);

8
tests/Unit/Crypt/EC/KeyTest.php
View File

@ -577,7 +577,7 @@ MIIEDwIBADATBgcqhkjOPQIBBggqhkjOPQMBBwSCA/MwggPvAgEBBIID6P//////
$this->assertInstanceOf(PrivateKey::class, $key);
}
public function testECasJWK()
public function testECasJWK(): void
{
// keys are from https://datatracker.ietf.org/doc/html/rfc7517#appendix-A
@ -601,7 +601,7 @@ MIIEDwIBADATBgcqhkjOPQIBBggqhkjOPQMBBwSCA/MwggPvAgEBBIID6P//////
$phpseclibKey = str_replace('=', '', $key->toString('JWK', [
'use' => 'enc',
'kid' => '1'
'kid' => '1',
]));
$this->assertSame($keyWithoutWS, $phpseclibKey);
@ -625,7 +625,7 @@ MIIEDwIBADATBgcqhkjOPQIBBggqhkjOPQMBBwSCA/MwggPvAgEBBIID6P//////
$phpseclibKey = str_replace('=', '', $key->toString('JWK', [
'use' => 'enc',
'kid' => '1'
'kid' => '1',
]));
$this->assertSame($keyWithoutWS, $phpseclibKey);
@ -633,7 +633,7 @@ MIIEDwIBADATBgcqhkjOPQIBBggqhkjOPQMBBwSCA/MwggPvAgEBBIID6P//////
$this->assertTrue($key->verify($plaintext, $sig));
}
public function testEd25519asJWK()
public function testEd25519asJWK(): void
{
// keys are from https://www.rfc-editor.org/rfc/rfc8037.html#appendix-A

7
tests/Unit/Crypt/RSA/LoadKeyTest.php
View File

@ -1280,7 +1280,7 @@ LrIZULwMa4nI4Y+RkFftEponSYw=
$this->assertInstanceOf(PrivateKey::class, $key);
}
public function testJWK()
public function testJWK(): void
{
// keys are from https://datatracker.ietf.org/doc/html/rfc7517#appendix-A
@ -1328,7 +1328,7 @@ LrIZULwMa4nI4Y+RkFftEponSYw=
$phpseclibKey = str_replace('=', '', $key->toString('JWK', [
'alg' => 'RS256',
'kid' => '2011-04-29'
'kid' => '2011-04-29',
]));
$this->assertSame($keyWithoutWS, $phpseclibKey);
@ -1344,7 +1344,6 @@ LrIZULwMa4nI4Y+RkFftEponSYw=
w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"alg":"RS256",
"kid":"2011-04-29"}';
$keyWithoutWS = preg_replace('#\s#', '', $key);
@ -1354,7 +1353,7 @@ LrIZULwMa4nI4Y+RkFftEponSYw=
$phpseclibKey = str_replace('=', '', $key->toString('JWK', [
'alg' => 'RS256',
'kid' => '2011-04-29'
'kid' => '2011-04-29',
]));
$this->assertSame($keyWithoutWS, $phpseclibKey);