Merge branch '3.0'

[PHP 8.4] Fixes for implicit nullability deprecation

.github/workflows/ci.yml

@@ -16,13 +16,16 @@ jobs:
                 uses: shivammathur/setup-php@v2
                 with:
                     php-version: ${{ matrix.php-version }}
-                    tools: php-parallel-lint/php-parallel-lint:1
+                env:
+                    update: true
+            -   name: Composer Install
+                run: composer install --classmap-authoritative --no-interaction --no-cache
             -   name: Lint
-                run: parallel-lint --show-deprecated build phpseclib tests
+                run: vendor/bin/parallel-lint --show-deprecated build phpseclib tests
         strategy:
             fail-fast: false
             matrix:
-                php-version: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
+                php-version: ['8.1', '8.2', '8.3']
     quality_tools:
         name: Quality Tools
         timeout-minutes: 5
@@ -34,20 +37,21 @@ jobs:
                 uses: shivammathur/setup-php@v2
                 with:
                     php-version: '8.1'
-                    tools: squizlabs/php_codesniffer:3, friendsofphp/php-cs-fixer:3, vimeo/psalm:4
+                env:
+                    update: true
             -   name: Composer Install
                 run: composer install --classmap-authoritative --no-interaction --no-cache
             -   name: PHP_CodeSniffer
-                run: phpcs --standard=build/php_codesniffer.xml
+                run: vendor/bin/phpcs --standard=build/php_codesniffer.xml
             -   name: PHP CS Fixer
-                run: php-cs-fixer fix --config=build/php-cs-fixer.php --diff --dry-run --using-cache=no
+                run: vendor/bin/php-cs-fixer fix --config=build/php-cs-fixer.php --diff --dry-run --using-cache=no
             -   name: Psalm
-                run: psalm --config=build/psalm.xml --no-cache --long-progress --report-show-info=false
+                run: vendor/bin/psalm --config=build/psalm.xml --no-cache --long-progress --report-show-info=false
+        strategy:
+            fail-fast: false
     tests:
         name: Tests
         timeout-minutes: 10
-        # Sometimes there is a segfault on PHP 5.6.
-        continue-on-error: ${{ matrix.php-version == '5.6' }}
         runs-on: ${{ matrix.os }}
         steps:
             -   name: Checkout
@@ -56,14 +60,10 @@ jobs:
                 uses: shivammathur/setup-php@v2
                 with:
                     php-version: ${{ matrix.php-version }}
+                env:
+                    update: true
             -   name: Composer Install
-                run: composer install --classmap-authoritative --no-interaction --no-cache
-            -   name: Make Tests Compatiable With PHPUnit 7+
-                if: matrix.php-version != '5.6' && matrix.php-version != '7.0'
-                run: php tests/make_compatible_with_phpunit7.php
-            -   name: Make Tests Compatiable With PHPUnit 9+
-                if: matrix.php-version != '5.6' && matrix.php-version != '7.0' && matrix.php-version != '7.1' && matrix.php-version != '7.2'
-                run: php tests/make_compatible_with_phpunit9.php
+                run: composer install --classmap-authoritative --no-interaction --no-cache --ignore-platform-req=php
             -   name: Setup Secure Shell Functional Tests
                 if: matrix.os == 'ubuntu-latest'
                 run: |
@@ -87,9 +87,9 @@ jobs:
                     echo "PHPSECLIB_SSH_HOME=/home/phpseclib" >> $GITHUB_ENV
                     echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
             -   name: PHPUnit
-                run: vendor/bin/phpunit --configuration tests/phpunit.xml
+                run: vendor/bin/paratest --verbose --configuration=tests/phpunit.xml --runner=WrapperRunner
         strategy:
             fail-fast: false
             matrix:
                 os: [ubuntu-latest, windows-latest, macos-latest]
-                php-version: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
+                php-version: ['8.1', '8.2', '8.3']

.gitignore

@@ -2,5 +2,6 @@
 /build/php-cs-fixer.cache
 /composer.lock
 /composer.phar
+/tests/.phpunit.result.cache
 /vendor/
 .gitignore

AUTHORS

@@ -4,4 +4,4 @@ phpseclib Developers:      monnerat (Patrick Monnerat)
                            bantu (Andreas Fischer)
                            petrich (Hans-Jürgen Petrich)
                            GrahamCampbell (Graham Campbell)
-                           hc-jworman
+                           jack-worman (Jack Worman)

BACKERS.md

@@ -13,4 +13,5 @@ phpseclib ongoing development is made possible by [Tidelift](https://tidelift.co
 - [Rachel Fish](https://github.com/itsrachelfish)
 - Tharyrok
 - [cjhaas](https://github.com/cjhaas)
-- [istiak-tridip](https://github.com/istiak-tridip)
+- [istiak-tridip](https://github.com/istiak-tridip)
+- [Anna Filina](https://github.com/afilina)

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## 3.0.37 - 2024-03-02
+
+- SSH2: don't set stream timeout if timeout is 0 (#1986)
+
+## 3.0.36 - 2024-02-25
+
+- BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)
+- ASN1: limit OID length (CVE-2024-27355)
+- EC: when using openssl to do signing use unencrypted key (#1979)
+- SSH2: add different options to isConnected() (#1983)
+
+## 3.0.35 - 2023-12-18
+
+- SSH2: implement terrapin attack countermeasures (#1972)
+- SSH2: only capture login info once (#1970)
+- Crypt/AsymmetricKey: loading hidden custom key plugins didn't work (#1971)
+
 ## 3.0.34 - 2023-11-27
 
 - SSH2: add support for RFC8308 (#1960)
@@ -231,6 +248,21 @@
   - Salsa20 / ChaCha20
 - namespace changed from `phpseclib\` to `\phpseclib3` to facilitate phpseclib 2 shim (phpseclib2_compat)
 
+## 2.0.47 - 2024-02-25
+
+- BigInteger: add getLength() and getLengthInBytes() methods
+- BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)
+- ASN1: limit OID length (CVE-2024-27355)
+
+## 2.0.46 - 2023-12-28
+
+- SSH2: implement terrapin attack countermeasures (#1972)
+- SSH2: only capture login info once (#1970)
+- SSH2: add support for RFC8308 (#1960)
+- Rijndael: fix for PHP 8.3+ compatability (#1944)
+- Crypt/Base: improve ARM detection code (#1949)
+- X509: fix for weird characters in subjaltname (#1943)
+
 ## 2.0.45 - 2023-09-15
 
 - SFTP: make it so SFTP::RESUME also sets offset of local file (#1921)
@@ -588,12 +620,30 @@
 - Classes were renamed and namespaced ([#243](https://github.com/phpseclib/phpseclib/issues/243))
 - The use of an autoloader is now required (e.g. Composer)
 
+## 1.0.23 - 2024-02-25
+
+- BigInteger: add getLength() and getLengthInBytes() methods
+- BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)
+- ASN1: limit OID length (CVE-2024-27355)
+
+## 1.0.22 - 2023-12-28
+
+- SFTP: fix issue with get() downloading to files / streams (#1934)
+- SFTP: fix SFTPv2 errors when logging errors (#1933)
+- SSH2: implement terrapin attack countermeasures (#1972)
+- SSH2: only capture login info once (#1970)
+- SSH2: add support for RFC8308 (#1960)
+- Rijndael: fix for PHP 8.3+ compatability (#1944)
+- Crypt/Base: improve ARM detection code (#1949)
+- X509: fix for weird characters in subjaltname (#1943)
+- ASN1: fix string conversion code for 32-bit PHP installs (#1931)
+
 ## 1.0.21 - 2023-07-09
 
 - fix deprecation errors in newer PHP versions
 - OpenSSL 3.0.1+ deprecated some algorithms
-- RSA: add support for loading OpenSSH encrypted keys
-- RSA: add support for loading PuTTY v3 keys (#1737, #1733, #1531, #1490)
+- RSA: add support for loading OpenSSH encrypted keys (#1737, #1733, #1531, #1490)
+- RSA: add support for loading PuTTY v3 keys
 - SSH2: if logging in with rsa-sha2-256/512 fails, try ssh-rsa (#1865)
 - SSH2: add EOF test isConnected() (#1926)
 - SFTP: try without path canonicalization if initial realpath() fails (#1796)

README.md

@@ -1,6 +1,6 @@
 # phpseclib - PHP Secure Communications Library
 
-[![CI Status](https://github.com/phpseclib/phpseclib/actions/workflows/ci.yml/badge.svg?branch=3.0&event=push "CI Status")](https://github.com/phpseclib/phpseclib)
+[![CI Status](https://github.com/phpseclib/phpseclib/actions/workflows/ci.yml/badge.svg?branch=master&event=push "CI Status")](https://github.com/phpseclib/phpseclib/actions/workflows/ci.yml?query=branch%3Amaster)
 
 ## Supporting phpseclib
 
@@ -19,7 +19,7 @@ SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 /
 ## Documentation
 
 * [Documentation / Manual](https://phpseclib.com/)
-* [API Documentation](https://api.phpseclib.com/3.0/) (generated by Doctum)
+* [API Documentation](https://api.phpseclib.com/master/) (generated by Doctum)
 
 ## Branches
 
@@ -51,7 +51,7 @@ SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 /
 * PHP4 compatible
 * Composer compatible (PSR-0 autoloading)
 * Install using Composer: `composer require phpseclib/phpseclib:~1.0`
-* [Download 1.0.21 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.21.zip/download)
+* [Download 1.0.23 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.23.zip/download)
 
 ## Security contact information
 
@@ -87,11 +87,7 @@ Special Thanks to our $50+ sponsors!:
 
 5. Run continuous integration checks:
    ```sh
-   composer global require php:^8.1 squizlabs/php_codesniffer friendsofphp/php-cs-fixer vimeo/psalm
-   phpcs --standard=build/php_codesniffer.xml
-   php-cs-fixer fix --config=build/php-cs-fixer.php --diff --dry-run --using-cache=no
-   psalm --config=build/psalm.xml --no-cache --long-progress --report-show-info=false --output-format=text
-   vendor/bin/phpunit --verbose --configuration tests/phpunit.xml
+   composer run-script all-quality-tools
    ```
    
 6. Send us a Pull Request

build/php-cs-fixer.php

@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 return (new PhpCsFixer\Config())
     ->setFinder(PhpCsFixer\Finder::create()->in(__DIR__ . '/..'))
     ->setCacheFile(__DIR__ . '/php-cs-fixer.cache')
@@ -19,5 +21,12 @@ return (new PhpCsFixer\Config())
             'ordered_imports' => ['sort_algorithm' => 'alpha', 'imports_order' => ['class', 'const', 'function']],
             'single_import_per_statement' => true,
             'single_line_after_imports' => true,
+            // PHPDoc
+            'no_superfluous_phpdoc_tags' => true,
+            'phpdoc_trim_consecutive_blank_line_separation' => true,
+            'phpdoc_trim' => true,
+
+            '@PHP81Migration' => true,
+            '@PHP80Migration:risky' => true,
         ]
     );

build/php_codesniffer.xml

@@ -6,7 +6,7 @@
 
     <arg name="extensions" value="php"/>
     <arg name="basepath" value=".."/>
-    <arg name="report" value="emacs"/>
+    <arg name="report" value="diff"/>
     <arg value="s"/>
     <arg value="n"/>
     <arg value="p"/>
@@ -15,5 +15,6 @@
         <exclude name="Squiz.Classes.ValidClassName.NotCamelCaps"/>
         <exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps"/>
         <exclude name="PSR2.Methods.MethodDeclaration.Underscore"/>
+        <exclude name="PSR12.Files.FileHeader.IncorrectOrder"/>
     </rule>
 </ruleset>

build/psalm.xml

@@ -1,20 +1,19 @@
 <?xml version="1.0"?>
 <psalm
-    errorLevel="6"
-    resolveFromConfigFile="true"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="https://getpsalm.org/schema/config"
-    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+    errorLevel="1"
+    errorBaseline="psalm_baseline.xml"
+    findUnusedCode="true"
     findUnusedPsalmSuppress="true"
     sealAllMethods="true"
-    errorBaseline="psalm_baseline.xml"
+    ensureArrayStringOffsetsExist="true"
+    ensureArrayIntOffsetsExist="true"
+    ignoreInternalFunctionNullReturn="false"
+    ignoreInternalFunctionFalseReturn="false"
 >
     <projectFiles>
         <directory name="../phpseclib"/>
-        <ignoreFiles>
-            <directory name="../phpseclib/Crypt"/>
-            <directory name="../tests"/>
-        </ignoreFiles>
+        <directory name="../tests"/>
     </projectFiles>
     <issueHandlers>
         <Trace>
@@ -22,10 +21,5 @@
                 <directory name=".."/>
             </errorLevel>
         </Trace>
-        <UndefinedConstant>
-            <errorLevel type="suppress">
-                <directory name="../phpseclib/Net"/>
-            </errorLevel>
-        </UndefinedConstant>
     </issueHandlers>
-</psalm>
+</psalm>

composer.json

@@ -20,8 +20,8 @@
         "asn1",
         "asn.1",
         "BigInteger"
-        ],
-    "homepage": "http://phpseclib.sourceforge.net",
+    ],
+    "homepage": "https://phpseclib.com/",
     "license": "MIT",
     "authors": [
         {
@@ -48,20 +48,29 @@
             "name": "Graham Campbell",
             "email": "graham@alt-three.com",
             "role": "Developer"
+        },
+        {
+            "name": "Jack Worman",
+            "email": "jack.worman@gmail.com",
+            "role": "Developer",
+            "homepage": "https://jackworman.com"
         }
     ],
     "require": {
-        "php": ">=5.6.1",
-        "paragonie/constant_time_encoding": "^1|^2",
-        "paragonie/random_compat": "^1.4|^2.0|^9.99.99"
+        "php": ">=8.1",
+        "paragonie/constant_time_encoding": "^2|^3"
     },
     "require-dev": {
-        "phpunit/phpunit": "*"
+        "ext-xml": "*",
+        "brianium/paratest": "^6.6",
+        "friendsofphp/php-cs-fixer": "^3.12",
+        "php-parallel-lint/php-parallel-lint": "^1.3",
+        "squizlabs/php_codesniffer": "^3.7",
+        "vimeo/psalm": "^4.29"
     },
     "suggest": {
         "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.",
         "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.",
-        "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
         "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.",
         "ext-dom": "Install the DOM extension to load XML formatted public keys."
     },
@@ -80,5 +89,22 @@
     },
     "config": {
         "sort-packages": true
+    },
+    "scripts": {
+        "lint": "vendor/bin/parallel-lint --show-deprecated build phpseclib tests",
+        "php_codesniffer": "vendor/bin/phpcs --standard=build/php_codesniffer.xml",
+        "php_codesniffer-fix": "vendor/bin/phpcbf --standard=build/php_codesniffer.xml",
+        "php-cs-fixer": "vendor/bin/php-cs-fixer fix --config=build/php-cs-fixer.php --diff --using-cache=no --dry-run",
+        "php-cs-fixer-fix": "vendor/bin/php-cs-fixer fix --config=build/php-cs-fixer.php --diff --using-cache=no",
+        "psalm": "vendor/bin/psalm --config=build/psalm.xml --no-cache --long-progress --threads=4",
+        "psalm-set-baseline": "vendor/bin/psalm --config=build/psalm.xml --no-cache --long-progress --set-baseline=psalm_baseline.xml --threads=4",
+        "test": "vendor/bin/paratest --verbose --configuration=tests/phpunit.xml --runner=WrapperRunner",
+        "all-quality-tools": [
+            "@lint",
+            "@phpcs",
+            "@php-cs-fixer",
+            "@psalm",
+            "@test"
+        ]
     }
 }

phpseclib/Common/ConstantUtilityTrait.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace phpseclib3\Common;
+
+use phpseclib3\Exception\InvalidArgumentException;
+
+/**
+ * @internal
+ */
+trait ConstantUtilityTrait
+{
+    /** @var string[]|null */
+    private static $valueToConstantNameMap = null;
+
+    /**
+     * @param string|int $value
+     */
+    public static function findConstantNameByValue($value): ?string
+    {
+        if (!self::$valueToConstantNameMap) {
+            $reflectionClass = new \ReflectionClass(static::class);
+            $constantNameToValueMap = $reflectionClass->getConstants();
+            self::$valueToConstantNameMap = array_flip($constantNameToValueMap);
+        }
+        if (isset(self::$valueToConstantNameMap[$value])) {
+            return self::$valueToConstantNameMap[$value];
+        }
+        return null;
+    }
+
+    /**
+     * @param string|int $value
+     */
+    public static function getConstantNameByValue($value): string
+    {
+        $constantName = static::findConstantNameByValue($value);
+        if ($constantName === null) {
+            throw new InvalidArgumentException(sprintf('"%s" does not have constant with value "%s".', static::class, $value));
+        }
+        return $constantName;
+    }
+}

phpseclib/Common/Functions/Strings.php

@@ -11,11 +11,16 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Common\Functions;
 
 use ParagonIE\ConstantTime\Base64;
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use ParagonIE\ConstantTime\Hex;
+use phpseclib3\Exception\InvalidArgumentException;
+use phpseclib3\Exception\LengthException;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Math\BigInteger;
 use phpseclib3\Math\Common\FiniteField;
 
@@ -30,12 +35,8 @@ abstract class Strings
      * String Shift
      *
      * Inspired by array_shift
-     *
-     * @param string $string
-     * @param int $index
-     * @return string
      */
-    public static function shift(&$string, $index = 1)
+    public static function shift(string &$string, int $index = 1): string
     {
         $substr = substr($string, 0, $index);
         $string = substr($string, $index);
@@ -46,12 +47,8 @@ abstract class Strings
      * String Pop
      *
      * Inspired by array_pop
-     *
-     * @param string $string
-     * @param int $index
-     * @return string
      */
-    public static function pop(&$string, $index = 1)
+    public static function pop(string &$string, int $index = 1): string
     {
         $substr = substr($string, -$index);
         $string = substr($string, 0, -$index);
@@ -74,12 +71,8 @@ abstract class Strings
      * L = name-list
      *
      * uint64 is not supported.
-     *
-     * @param string $format
-     * @param string $data
-     * @return mixed
      */
-    public static function unpackSSH2($format, &$data)
+    public static function unpackSSH2(string $format, string &$data): array
     {
         $format = self::formatPack($format);
         $result = [];
@@ -88,7 +81,7 @@ abstract class Strings
                 case 'C':
                 case 'b':
                     if (!strlen($data)) {
-                        throw new \LengthException('At least one byte needs to be present for successful C / b decodes');
+                        throw new LengthException('At least one byte needs to be present for successful C / b decodes');
                     }
                     break;
                 case 'N':
@@ -96,17 +89,17 @@ abstract class Strings
                 case 's':
                 case 'L':
                     if (strlen($data) < 4) {
-                        throw new \LengthException('At least four byte needs to be present for successful N / i / s / L decodes');
+                        throw new LengthException('At least four byte needs to be present for successful N / i / s / L decodes');
                     }
                     break;
                 case 'Q':
                     if (strlen($data) < 8) {
-                        throw new \LengthException('At least eight byte needs to be present for successful N / i / s / L decodes');
+                        throw new LengthException('At least eight byte needs to be present for successful N / i / s / L decodes');
                     }
                     break;
 
                 default:
-                    throw new \InvalidArgumentException('$format contains an invalid character');
+                    throw new InvalidArgumentException('$format contains an invalid character');
             }
             switch ($format[$i]) {
                 case 'C':
@@ -116,7 +109,7 @@ abstract class Strings
                     $result[] = ord(self::shift($data)) != 0;
                     continue 2;
                 case 'N':
-                    list(, $temp) = unpack('N', self::shift($data, 4));
+                    [, $temp] = unpack('N', self::shift($data, 4));
                     $result[] = $temp;
                     continue 2;
                 case 'Q':
@@ -133,9 +126,9 @@ abstract class Strings
                     $result[] = $temp;
                     continue 2;
             }
-            list(, $length) = unpack('N', self::shift($data, 4));
+            [, $length] = unpack('N', self::shift($data, 4));
             if (strlen($data) < $length) {
-                throw new \LengthException("$length bytes needed; " . strlen($data) . ' bytes available');
+                throw new LengthException("$length bytes needed; " . strlen($data) . ' bytes available');
             }
             $temp = self::shift($data, $length);
             switch ($format[$i]) {
@@ -156,15 +149,13 @@ abstract class Strings
     /**
      * Create SSH2-style string
      *
-     * @param string $format
      * @param string|int|float|array|bool ...$elements
-     * @return string
      */
-    public static function packSSH2($format, ...$elements)
+    public static function packSSH2(string $format, ...$elements): string
     {
         $format = self::formatPack($format);
         if (strlen($format) != count($elements)) {
-            throw new \InvalidArgumentException('There must be as many arguments as there are characters in the $format string');
+            throw new InvalidArgumentException('There must be as many arguments as there are characters in the $format string');
         }
         $result = '';
         for ($i = 0; $i < strlen($format); $i++) {
@@ -172,19 +163,19 @@ abstract class Strings
             switch ($format[$i]) {
                 case 'C':
                     if (!is_int($element)) {
-                        throw new \InvalidArgumentException('Bytes must be represented as an integer between 0 and 255, inclusive.');
+                        throw new InvalidArgumentException('Bytes must be represented as an integer between 0 and 255, inclusive.');
                     }
                     $result .= pack('C', $element);
                     break;
                 case 'b':
                     if (!is_bool($element)) {
-                        throw new \InvalidArgumentException('A boolean parameter was expected.');
+                        throw new InvalidArgumentException('A boolean parameter was expected.');
                     }
                     $result .= $element ? "\1" : "\0";
                     break;
                 case 'Q':
                     if (!is_int($element) && !is_float($element)) {
-                        throw new \InvalidArgumentException('An integer was expected.');
+                        throw new InvalidArgumentException('An integer was expected.');
                     }
                     // 4294967296 == 1 << 32
                     $result .= pack('NN', $element / 4294967296, $element);
@@ -194,32 +185,32 @@ abstract class Strings
                         $element = (int) $element;
                     }
                     if (!is_int($element)) {
-                        throw new \InvalidArgumentException('An integer was expected.');
+                        throw new InvalidArgumentException('An integer was expected.');
                     }
                     $result .= pack('N', $element);
                     break;
                 case 's':
                     if (!self::is_stringable($element)) {
-                        throw new \InvalidArgumentException('A string was expected.');
+                        throw new InvalidArgumentException('A string was expected.');
                     }
                     $result .= pack('Na*', strlen($element), $element);
                     break;
                 case 'i':
                     if (!$element instanceof BigInteger && !$element instanceof FiniteField\Integer) {
-                        throw new \InvalidArgumentException('A phpseclib3\Math\BigInteger or phpseclib3\Math\Common\FiniteField\Integer object was expected.');
+                        throw new InvalidArgumentException('A phpseclib3\Math\BigInteger or phpseclib3\Math\Common\FiniteField\Integer object was expected.');
                     }
                     $element = $element->toBytes(true);
                     $result .= pack('Na*', strlen($element), $element);
                     break;
                 case 'L':
                     if (!is_array($element)) {
-                        throw new \InvalidArgumentException('An array was expected.');
+                        throw new InvalidArgumentException('An array was expected.');
                     }
                     $element = implode(',', $element);
                     $result .= pack('Na*', strlen($element), $element);
                     break;
                 default:
-                    throw new \InvalidArgumentException('$format contains an invalid character');
+                    throw new InvalidArgumentException('$format contains an invalid character');
             }
         }
         return $result;
@@ -229,16 +220,13 @@ abstract class Strings
      * Expand a pack string
      *
      * Converts C5 to CCCCC, for example.
-     *
-     * @param string $format
-     * @return string
      */
-    private static function formatPack($format)
+    private static function formatPack(string $format): string
     {
         $parts = preg_split('#(\d+)#', $format, -1, PREG_SPLIT_DELIM_CAPTURE);
         $format = '';
         for ($i = 1; $i < count($parts); $i += 2) {
-            $format .= substr($parts[$i - 1], 0, -1) . str_repeat(substr($parts[$i - 1], -1), $parts[$i]);
+            $format .= substr($parts[$i - 1], 0, -1) . str_repeat($parts[$i - 1][-1], (int) $parts[$i]);
         }
         $format .= $parts[$i - 1];
 
@@ -252,11 +240,8 @@ abstract class Strings
      * decbin / bindec refer to base-2 encoded data as binary. For the purposes
      * of this function, bin refers to base-256 encoded data whilst bits refers
      * to base-2 encoded data
-     *
-     * @param string $x
-     * @return string
      */
-    public static function bits2bin($x)
+    public static function bits2bin(string $x): string
     {
         /*
         // the pure-PHP approach is faster than the GMP approach
@@ -266,7 +251,7 @@ abstract class Strings
         */
 
         if (preg_match('#[^01]#', $x)) {
-            throw new \RuntimeException('The only valid characters are 0 and 1');
+            throw new RuntimeException('The only valid characters are 0 and 1');
         }
 
         if (!defined('PHP_INT_MIN')) {
@@ -298,11 +283,8 @@ abstract class Strings
 
     /**
      * Convert bits to binary data
-     *
-     * @param string $x
-     * @return string
      */
-    public static function bin2bits($x, $trim = true)
+    public static function bin2bits(string $x, bool $trim = true): string
     {
         /*
         // the pure-PHP approach is slower than the GMP approach BUT
@@ -336,11 +318,8 @@ abstract class Strings
 
     /**
      * Switch Endianness Bit Order
-     *
-     * @param string $x
-     * @return string
      */
-    public static function switchEndianness($x)
+    public static function switchEndianness(string $x): string
     {
         $r = '';
         for ($i = strlen($x) - 1; $i >= 0; $i--) {
@@ -364,11 +343,8 @@ abstract class Strings
 
     /**
      * Increment the current string
-     *
-     * @param string $var
-     * @return string
      */
-    public static function increment_str(&$var)
+    public static function increment_str(string &$var): string
     {
         if (function_exists('sodium_increment')) {
             $var = strrev($var);
@@ -409,11 +385,9 @@ abstract class Strings
     /**
      * Find whether the type of a variable is string (or could be converted to one)
      *
-     * @param mixed $var
-     * @return bool
      * @psalm-assert-if-true string|\Stringable $var
      */
-    public static function is_stringable($var)
+    public static function is_stringable($var): bool
     {
         return is_string($var) || (is_object($var) && method_exists($var, '__toString'));
     }
@@ -423,11 +397,8 @@ abstract class Strings
      *
      * ParagoneIE\ConstantTime doesn't use libsodium if it's available so we'll do so
      * ourselves. see https://github.com/paragonie/constant_time_encoding/issues/39
-     *
-     * @param string $data
-     * @return string
      */
-    public static function base64_decode($data)
+    public static function base64_decode(string $data): string
     {
         return function_exists('sodium_base642bin') ?
             sodium_base642bin($data, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, '=') :
@@ -436,11 +407,8 @@ abstract class Strings
 
     /**
      * Constant Time Base64-decoding (URL safe)
-     *
-     * @param string $data
-     * @return string
      */
-    public static function base64url_decode($data)
+    public static function base64url_decode(string $data): string
     {
         // return self::base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
 
@@ -451,11 +419,8 @@ abstract class Strings
 
     /**
      * Constant Time Base64-encoding
-     *
-     * @param string $data
-     * @return string
      */
-    public static function base64_encode($data)
+    public static function base64_encode(string $data): string
     {
         return function_exists('sodium_bin2base64') ?
             sodium_bin2base64($data, SODIUM_BASE64_VARIANT_ORIGINAL) :
@@ -464,11 +429,8 @@ abstract class Strings
 
     /**
      * Constant Time Base64-encoding (URL safe)
-     *
-     * @param string $data
-     * @return string
      */
-    public static function base64url_encode($data)
+    public static function base64url_encode(string $data): string
     {
         // return str_replace(['+', '/'], ['-', '_'], self::base64_encode($data));
 
@@ -479,11 +441,8 @@ abstract class Strings
 
     /**
      * Constant Time Hex Decoder
-     *
-     * @param string $data
-     * @return string
      */
-    public static function hex2bin($data)
+    public static function hex2bin(string $data): string
     {
         return function_exists('sodium_hex2bin') ?
             sodium_hex2bin($data) :
@@ -492,11 +451,8 @@ abstract class Strings
 
     /**
      * Constant Time Hex Encoder
-     *
-     * @param string $data
-     * @return string
      */
-    public static function bin2hex($data)
+    public static function bin2hex(string $data): string
     {
         return function_exists('sodium_bin2hex') ?
             sodium_bin2hex($data) :

phpseclib/Crypt/AES.php

@@ -3,7 +3,7 @@
 /**
  * Pure-PHP implementation of AES.
  *
- * Uses mcrypt, if available/possible, and an internal implementation, otherwise.
+ * Uses OpenSSL, if available/possible, and an internal implementation, otherwise
  *
  * PHP version 5
  *
@@ -45,8 +45,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
+use phpseclib3\Exception\BadMethodCallException;
+use phpseclib3\Exception\LengthException;
+
 /**
  * Pure-PHP implementation of AES.
  *
@@ -59,13 +64,12 @@ class AES extends Rijndael
      *
      * Since \phpseclib3\Crypt\AES extends \phpseclib3\Crypt\Rijndael, this function is, technically, available, but it doesn't do anything.
      *
+     * @throws BadMethodCallException anytime it's called
      * @see \phpseclib3\Crypt\Rijndael::setBlockLength()
-     * @param int $length
-     * @throws \BadMethodCallException anytime it's called
      */
-    public function setBlockLength($length)
+    public function setBlockLength(int $length): void
     {
-        throw new \BadMethodCallException('The block length cannot be set for AES.');
+        throw new BadMethodCallException('The block length cannot be set for AES.');
     }
 
     /**
@@ -73,11 +77,10 @@ class AES extends Rijndael
      *
      * Valid key lengths are 128, 192, and 256.  Set the link to bool(false) to disable a fixed key length
      *
+     * @throws LengthException if the key length isn't supported
      * @see \phpseclib3\Crypt\Rijndael:setKeyLength()
-     * @param int $length
-     * @throws \LengthException if the key length isn't supported
      */
-    public function setKeyLength($length)
+    public function setKeyLength(int $length): void
     {
         switch ($length) {
             case 128:
@@ -85,7 +88,7 @@ class AES extends Rijndael
             case 256:
                 break;
             default:
-                throw new \LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 128, 192 or 256 supported');
+                throw new LengthException('Key of size ' . $length . ' not supported by this algorithm. Only keys of sizes 128, 192 or 256 supported');
         }
         parent::setKeyLength($length);
     }
@@ -95,12 +98,11 @@ class AES extends Rijndael
      *
      * Rijndael supports five different key lengths, AES only supports three.
      *
+     * @throws LengthException if the key length isn't supported
      * @see \phpseclib3\Crypt\Rijndael:setKey()
      * @see setKeyLength()
-     * @param string $key
-     * @throws \LengthException if the key length isn't supported
      */
-    public function setKey($key)
+    public function setKey(string $key): void
     {
         switch (strlen($key)) {
             case 16:
@@ -108,7 +110,7 @@ class AES extends Rijndael
             case 32:
                 break;
             default:
-                throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported');
+                throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported');
         }
 
         parent::setKey($key);

phpseclib/Crypt/Blowfish.php

@@ -3,7 +3,7 @@
 /**
  * Pure-PHP implementation of Blowfish.
  *
- * Uses mcrypt, if available, and an internal implementation, otherwise.
+ * Uses an internal implementation.
  *
  * PHP version 5
  *
@@ -22,7 +22,7 @@
  * and password. This renders OpenSSL unusable and forces us to use a pure-PHP implementation
  * of blowfish.
  *
- * # phpseclib's four different _encryptBlock() implementations
+ * # phpseclib's three different _encryptBlock() implementations
  *
  * When using Blowfish as an encryption algorithm, _encryptBlock() is called 9 + 512 +
  * (the number of blocks in the plaintext) times.
@@ -57,10 +57,6 @@
  * _encryptBlock() then the regular Blowfish does. That said, the Blowfish _encryptBlock() is
  * basically just a thin wrapper around the bcrypt _encryptBlock(), so there's that.
  *
- * This explains 3 of the 4 _encryptBlock() implementations. the last _encryptBlock()
- * implementation can best be understood by doing Ctrl + F and searching for where
- * self::$use_reg_intval is defined.
- *
  * # phpseclib's three different _setupKey() implementations
  *
  * Every bcrypt round is the equivalent of encrypting 512KB of data. Since OpenSSH uses 16
@@ -114,9 +110,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Crypt\Common\BlockCipher;
+use phpseclib3\Exception\InvalidArgumentException;
+use phpseclib3\Exception\LengthException;
 
 /**
  * Pure-PHP implementation of Blowfish.
@@ -134,22 +134,6 @@ class Blowfish extends BlockCipher
      */
     protected $block_size = 8;
 
-    /**
-     * The mcrypt specific name of the cipher
-     *
-     * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt
-     * @var string
-     */
-    protected $cipher_name_mcrypt = 'blowfish';
-
-    /**
-     * Optimizing value while CFB-encrypting
-     *
-     * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len
-     * @var int
-     */
-    protected $cfb_init_len = 500;
-
     /**
      * The fixed subkeys boxes ($sbox0 - $sbox3) with 256 entries each
      *
@@ -189,7 +173,7 @@ class Blowfish extends BlockCipher
         0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
         0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
         0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
-        0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
+        0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
     ];
 
     /**
@@ -229,7 +213,7 @@ class Blowfish extends BlockCipher
         0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
         0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
         0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
-        0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
+        0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
     ];
 
     /**
@@ -269,7 +253,7 @@ class Blowfish extends BlockCipher
         0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
         0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
         0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
-        0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
+        0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
     ];
 
     /**
@@ -309,7 +293,7 @@ class Blowfish extends BlockCipher
         0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
         0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
         0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
-        0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
+        0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
     ];
 
     /**
@@ -320,7 +304,7 @@ class Blowfish extends BlockCipher
     private static $parray = [
         0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
         0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
-        0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b
+        0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
     ];
 
     /**
@@ -354,15 +338,14 @@ class Blowfish extends BlockCipher
     /**
      * Default Constructor.
      *
-     * @param string $mode
-     * @throws \InvalidArgumentException if an invalid / unsupported mode is provided
+     * @throws InvalidArgumentException if an invalid / unsupported mode is provided
      */
-    public function __construct($mode)
+    public function __construct(string $mode)
     {
         parent::__construct($mode);
 
         if ($this->mode == self::MODE_STREAM) {
-            throw new \InvalidArgumentException('Block ciphers cannot be ran in stream mode');
+            throw new InvalidArgumentException('Block ciphers cannot be ran in stream mode');
         }
     }
 
@@ -370,13 +353,11 @@ class Blowfish extends BlockCipher
      * Sets the key length.
      *
      * Key lengths can be between 32 and 448 bits.
-     *
-     * @param int $length
      */
-    public function setKeyLength($length)
+    public function setKeyLength(int $length): void
     {
         if ($length < 32 || $length > 448) {
-                throw new \LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes between 32 and 448 bits are supported');
+                throw new LengthException('Key size of ' . $length . ' bits is not supported by this algorithm. Only keys of sizes between 32 and 448 bits are supported');
         }
 
         $this->key_length = $length >> 3;
@@ -390,10 +371,8 @@ class Blowfish extends BlockCipher
      * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()
-     * @param int $engine
-     * @return bool
      */
-    protected function isValidEngineHelper($engine)
+    protected function isValidEngineHelper(int $engine): bool
     {
         if ($engine == self::ENGINE_OPENSSL) {
             if ($this->key_length < 16) {
@@ -417,7 +396,7 @@ class Blowfish extends BlockCipher
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupKey()
      */
-    protected function setupKey()
+    protected function setupKey(): void
     {
         if (isset($this->kl['key']) && $this->key === $this->kl['key']) {
             // already expanded
@@ -432,8 +411,8 @@ class Blowfish extends BlockCipher
                 self::$sbox0,
                 self::$sbox1,
                 self::$sbox2,
-                self::$sbox3
-            ]
+                self::$sbox3,
+            ],
         ];
 
         // unpack binary string in unsigned chars
@@ -455,13 +434,13 @@ class Blowfish extends BlockCipher
         // encrypt P3 and P4 with the new P1 and P2, do it with all P-array and subkeys
         $data = "\0\0\0\0\0\0\0\0";
         for ($i = 0; $i < 18; $i += 2) {
-            list($l, $r) = array_values(unpack('N*', $data = $this->encryptBlock($data)));
+            [$l, $r] = array_values(unpack('N*', $data = $this->encryptBlock($data)));
             $this->bctx['p'][$i    ] = $l;
             $this->bctx['p'][$i + 1] = $r;
         }
         for ($i = 0; $i < 4; ++$i) {
             for ($j = 0; $j < 256; $j += 2) {
-                list($l, $r) = array_values(unpack('N*', $data = $this->encryptBlock($data)));
+                [$l, $r] = array_values(unpack('N*', $data = $this->encryptBlock($data)));
                 $this->bctx['sb'][$i][$j    ] = $l;
                 $this->bctx['sb'][$i][$j + 1] = $r;
             }
@@ -471,7 +450,7 @@ class Blowfish extends BlockCipher
     /**
      * Initialize Static Variables
      */
-    protected static function initialize_static_variables()
+    protected static function initialize_static_variables(): void
     {
         if (is_float(self::$sbox2[0])) {
             self::$sbox0 = array_map('intval', self::$sbox0);
@@ -486,13 +465,8 @@ class Blowfish extends BlockCipher
 
     /**
      * bcrypt
-     *
-     * @param string $sha2pass
-     * @param string $sha2salt
-     * @access private
-     * @return string
      */
-    private static function bcrypt_hash($sha2pass, $sha2salt)
+    private static function bcrypt_hash(string $sha2pass, string $sha2salt): string
     {
         $p = self::$parray;
         $sbox0 = self::$sbox0;
@@ -512,7 +486,7 @@ class Blowfish extends BlockCipher
 
         for ($i = 0; $i < 64; $i++) {
             for ($j = 0; $j < 8; $j += 2) { // count($cdata) == 8
-                list($cdata[$j], $cdata[$j + 1]) = self::encryptBlockHelperFast($cdata[$j], $cdata[$j + 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+                [$cdata[$j], $cdata[$j + 1]] = self::encryptBlockHelperFast($cdata[$j], $cdata[$j + 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
             }
         }
 
@@ -521,15 +495,8 @@ class Blowfish extends BlockCipher
 
     /**
      * Performs OpenSSH-style bcrypt
-     *
-     * @param string $pass
-     * @param string $salt
-     * @param int $keylen
-     * @param int $rounds
-     * @access public
-     * @return string
      */
-    public static function bcrypt_pbkdf($pass, $salt, $keylen, $rounds)
+    public static function bcrypt_pbkdf(string $pass, string $salt, int $keylen, int $rounds): string
     {
         self::initialize_static_variables();
 
@@ -572,7 +539,7 @@ class Blowfish extends BlockCipher
      * @param int[] $p
      * @see self::_bcrypt_hash()
      */
-    private static function expand0state(array $key, array &$sbox0, array &$sbox1, array &$sbox2, array &$sbox3, array &$p)
+    private static function expand0state(array $key, array &$sbox0, array &$sbox1, array &$sbox2, array &$sbox3, array &$p): void
     {
         // expand0state is basically the same thing as this:
         //return self::expandstate(array_fill(0, 16, 0), $key);
@@ -596,39 +563,32 @@ class Blowfish extends BlockCipher
             $p[14] ^ $key[14],
             $p[15] ^ $key[15],
             $p[16] ^ $key[0],
-            $p[17] ^ $key[1]
+            $p[17] ^ $key[1],
         ];
 
-        // @codingStandardsIgnoreStart
-        list( $p[0],  $p[1]) = self::encryptBlockHelperFast(     0,      0, $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[2],  $p[3]) = self::encryptBlockHelperFast($p[ 0], $p[ 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[4],  $p[5]) = self::encryptBlockHelperFast($p[ 2], $p[ 3], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[6],  $p[7]) = self::encryptBlockHelperFast($p[ 4], $p[ 5], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[8],  $p[9]) = self::encryptBlockHelperFast($p[ 6], $p[ 7], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[10], $p[11]) = self::encryptBlockHelperFast($p[ 8], $p[ 9], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[12], $p[13]) = self::encryptBlockHelperFast($p[10], $p[11], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[14], $p[15]) = self::encryptBlockHelperFast($p[12], $p[13], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[16], $p[17]) = self::encryptBlockHelperFast($p[14], $p[15], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        // @codingStandardsIgnoreEnd
-
-        list($sbox0[0], $sbox0[1]) = self::encryptBlockHelperFast($p[16], $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        for ($i = 2; $i < 256; $i += 2) {
-            list($sbox0[$i], $sbox0[$i + 1]) = self::encryptBlockHelperFast($sbox0[$i - 2], $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$p[0], $p[1]] = self::encryptBlockHelperFast(0, 0, $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        for ($i = 2; $i < 18; $i += 2) {
+            [$p[$i], $p[$i + 1]] = self::encryptBlockHelperFast($p[$i - 2], $p[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox1[0], $sbox1[1]) = self::encryptBlockHelperFast($sbox0[254], $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox0[0], $sbox0[1]] = self::encryptBlockHelperFast($p[16], $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2; $i < 256; $i += 2) {
-            list($sbox1[$i], $sbox1[$i + 1]) = self::encryptBlockHelperFast($sbox1[$i - 2], $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox0[$i], $sbox0[$i + 1]] = self::encryptBlockHelperFast($sbox0[$i - 2], $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox2[0], $sbox2[1]) = self::encryptBlockHelperFast($sbox1[254], $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox1[0], $sbox1[1]] = self::encryptBlockHelperFast($sbox0[254], $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2; $i < 256; $i += 2) {
-            list($sbox2[$i], $sbox2[$i + 1]) = self::encryptBlockHelperFast($sbox2[$i - 2], $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox1[$i], $sbox1[$i + 1]] = self::encryptBlockHelperFast($sbox1[$i - 2], $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox3[0], $sbox3[1]) = self::encryptBlockHelperFast($sbox2[254], $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox2[0], $sbox2[1]] = self::encryptBlockHelperFast($sbox1[254], $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2; $i < 256; $i += 2) {
-            list($sbox3[$i], $sbox3[$i + 1]) = self::encryptBlockHelperFast($sbox3[$i - 2], $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox2[$i], $sbox2[$i + 1]] = self::encryptBlockHelperFast($sbox2[$i - 2], $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        }
+
+        [$sbox3[0], $sbox3[1]] = self::encryptBlockHelperFast($sbox2[254], $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        for ($i = 2; $i < 256; $i += 2) {
+            [$sbox3[$i], $sbox3[$i + 1]] = self::encryptBlockHelperFast($sbox3[$i - 2], $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
     }
 
@@ -645,7 +605,7 @@ class Blowfish extends BlockCipher
      * @param int[] $p
      * @see self::_bcrypt_hash()
      */
-    private static function expandstate(array $data, array $key, array &$sbox0, array &$sbox1, array &$sbox2, array &$sbox3, array &$p)
+    private static function expandstate(array $data, array $key, array &$sbox0, array &$sbox1, array &$sbox2, array &$sbox3, array &$p): void
     {
         $p = [
             $p[0] ^ $key[0],
@@ -665,49 +625,39 @@ class Blowfish extends BlockCipher
             $p[14] ^ $key[14],
             $p[15] ^ $key[15],
             $p[16] ^ $key[0],
-            $p[17] ^ $key[1]
+            $p[17] ^ $key[1],
         ];
 
-        // @codingStandardsIgnoreStart
-        list( $p[0],  $p[1]) = self::encryptBlockHelperFast($data[ 0]         , $data[ 1]         , $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[2],  $p[3]) = self::encryptBlockHelperFast($data[ 2] ^ $p[ 0], $data[ 3] ^ $p[ 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[4],  $p[5]) = self::encryptBlockHelperFast($data[ 4] ^ $p[ 2], $data[ 5] ^ $p[ 3], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[6],  $p[7]) = self::encryptBlockHelperFast($data[ 6] ^ $p[ 4], $data[ 7] ^ $p[ 5], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list( $p[8],  $p[9]) = self::encryptBlockHelperFast($data[ 8] ^ $p[ 6], $data[ 9] ^ $p[ 7], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[10], $p[11]) = self::encryptBlockHelperFast($data[10] ^ $p[ 8], $data[11] ^ $p[ 9], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[12], $p[13]) = self::encryptBlockHelperFast($data[12] ^ $p[10], $data[13] ^ $p[11], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[14], $p[15]) = self::encryptBlockHelperFast($data[14] ^ $p[12], $data[15] ^ $p[13], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        list($p[16], $p[17]) = self::encryptBlockHelperFast($data[ 0] ^ $p[14], $data[ 1] ^ $p[15], $sbox0, $sbox1, $sbox2, $sbox3, $p);
-        // @codingStandardsIgnoreEnd
+        [$p[0], $p[1]] = self::encryptBlockHelperFast($data[0], $data[1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        for ($i = 2, $j = 2; $i < 18; $i += 2, $j = ($j + 2) % 16) {
+            [$p[$i], $p[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $p[$i - 2], $data[$j + 1] ^ $p[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        }
 
-        list($sbox0[0], $sbox0[1]) = self::encryptBlockHelperFast($data[2] ^ $p[16], $data[3] ^ $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox0[0], $sbox0[1]] = self::encryptBlockHelperFast($data[2] ^ $p[16], $data[3] ^ $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2, $j = 4; $i < 256; $i += 2, $j = ($j + 2) % 16) { // instead of 16 maybe count($data) would be better?
-            list($sbox0[$i], $sbox0[$i + 1]) = self::encryptBlockHelperFast($data[$j] ^ $sbox0[$i - 2], $data[$j + 1] ^ $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox0[$i], $sbox0[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $sbox0[$i - 2], $data[$j + 1] ^ $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox1[0], $sbox1[1]) = self::encryptBlockHelperFast($data[2] ^ $sbox0[254], $data[3] ^ $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox1[0], $sbox1[1]] = self::encryptBlockHelperFast($data[2] ^ $sbox0[254], $data[3] ^ $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2, $j = 4; $i < 256; $i += 2, $j = ($j + 2) % 16) {
-            list($sbox1[$i], $sbox1[$i + 1]) = self::encryptBlockHelperFast($data[$j] ^ $sbox1[$i - 2], $data[$j + 1] ^ $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox1[$i], $sbox1[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $sbox1[$i - 2], $data[$j + 1] ^ $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox2[0], $sbox2[1]) = self::encryptBlockHelperFast($data[2] ^ $sbox1[254], $data[3] ^ $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox2[0], $sbox2[1]] = self::encryptBlockHelperFast($data[2] ^ $sbox1[254], $data[3] ^ $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2, $j = 4; $i < 256; $i += 2, $j = ($j + 2) % 16) {
-            list($sbox2[$i], $sbox2[$i + 1]) = self::encryptBlockHelperFast($data[$j] ^ $sbox2[$i - 2], $data[$j + 1] ^ $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox2[$i], $sbox2[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $sbox2[$i - 2], $data[$j + 1] ^ $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
 
-        list($sbox3[0], $sbox3[1]) = self::encryptBlockHelperFast($data[2] ^ $sbox2[254], $data[3] ^ $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+        [$sbox3[0], $sbox3[1]] = self::encryptBlockHelperFast($data[2] ^ $sbox2[254], $data[3] ^ $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         for ($i = 2, $j = 4; $i < 256; $i += 2, $j = ($j + 2) % 16) {
-            list($sbox3[$i], $sbox3[$i + 1]) = self::encryptBlockHelperFast($data[$j] ^ $sbox3[$i - 2], $data[$j + 1] ^ $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
+            [$sbox3[$i], $sbox3[$i + 1]] = self::encryptBlockHelperFast($data[$j] ^ $sbox3[$i - 2], $data[$j + 1] ^ $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
         }
     }
 
     /**
      * Encrypts a block
-     *
-     * @param string $in
-     * @return string
      */
-    protected function encryptBlock($in)
+    protected function encryptBlock(string $in): string
     {
         $p = $this->bctx['p'];
         // extract($this->bctx['sb'], EXTR_PREFIX_ALL, 'sb'); // slower
@@ -720,7 +670,7 @@ class Blowfish extends BlockCipher
         $l = $in[1];
         $r = $in[2];
 
-        list($r, $l) = PHP_INT_SIZE == 4 ?
+        [$r, $l] = PHP_INT_SIZE == 4 ?
             self::encryptBlockHelperSlow($l, $r, $sb_0, $sb_1, $sb_2, $sb_3, $p) :
             self::encryptBlockHelperFast($l, $r, $sb_0, $sb_1, $sb_2, $sb_3, $p);
 
@@ -731,8 +681,6 @@ class Blowfish extends BlockCipher
      * Fast helper function for block encryption
      *
      * @access private
-     * @param int $x0
-     * @param int $x1
      * @param int[] $sbox0
      * @param int[] $sbox1
      * @param int[] $sbox2
@@ -740,7 +688,7 @@ class Blowfish extends BlockCipher
      * @param int[] $p
      * @return int[]
      */
-    private static function encryptBlockHelperFast($x0, $x1, array $sbox0, array $sbox1, array $sbox2, array $sbox3, array $p)
+    private static function encryptBlockHelperFast(int $x0, int $x1, array $sbox0, array $sbox1, array $sbox2, array $sbox3, array $p): array
     {
         $x0 ^= $p[0];
         $x1 ^= ((($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[1];
@@ -767,8 +715,6 @@ class Blowfish extends BlockCipher
      * Slow helper function for block encryption
      *
      * @access private
-     * @param int $x0
-     * @param int $x1
      * @param int[] $sbox0
      * @param int[] $sbox1
      * @param int[] $sbox2
@@ -776,37 +722,34 @@ class Blowfish extends BlockCipher
      * @param int[] $p
      * @return int[]
      */
-    private static function encryptBlockHelperSlow($x0, $x1, array $sbox0, array $sbox1, array $sbox2, array $sbox3, array $p)
+    private static function encryptBlockHelperSlow(int $x0, int $x1, array $sbox0, array $sbox1, array $sbox2, array $sbox3, array $p): array
     {
         // -16777216 == intval(0xFF000000) on 32-bit PHP installs
         $x0 ^= $p[0];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[1];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[2];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[3];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[4];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[5];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[6];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[7];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[8];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[9];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[10];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[11];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[12];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[13];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[14];
-        $x1 ^= self::safe_intval((self::safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[15];
-        $x0 ^= self::safe_intval((self::safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[16];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[1];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[2];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[3];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[4];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[5];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[6];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[7];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[8];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[9];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[10];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[11];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[12];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[13];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[14];
+        $x1 ^= intval((intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[15];
+        $x0 ^= intval((intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[16];
 
         return [$x1 ^ $p[17], $x0];
     }
 
     /**
      * Decrypts a block
-     *
-     * @param string $in
-     * @return string
      */
-    protected function decryptBlock($in)
+    protected function decryptBlock(string $in): string
     {
         $p = $this->bctx['p'];
         $sb_0 = $this->bctx['sb'][0];
@@ -820,12 +763,12 @@ class Blowfish extends BlockCipher
 
         for ($i = 17; $i > 2; $i -= 2) {
             $l ^= $p[$i];
-            $r ^= self::safe_intval((self::safe_intval($sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]) ^
+            $r ^= intval((intval($sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]) ^
                   $sb_2[$l >>  8 & 0xff]) +
                   $sb_3[$l       & 0xff]);
 
             $r ^= $p[$i - 1];
-            $l ^= self::safe_intval((self::safe_intval($sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff]) ^
+            $l ^= intval((intval($sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff]) ^
                   $sb_2[$r >>  8 & 0xff]) +
                   $sb_3[$r       & 0xff]);
         }
@@ -837,7 +780,7 @@ class Blowfish extends BlockCipher
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::_setupInlineCrypt()
      */
-    protected function setupInlineCrypt()
+    protected function setupInlineCrypt(): void
     {
         $p = $this->bctx['p'];
         $init_crypt = '
@@ -850,8 +793,6 @@ class Blowfish extends BlockCipher
             }
         ';
 
-        $safeint = self::safe_intval_inline();
-
         // Generating encrypt code:
         $encrypt_block = '
             $in = unpack("N*", $in);
@@ -861,14 +802,14 @@ class Blowfish extends BlockCipher
         for ($i = 0; $i < 16; $i += 2) {
             $encrypt_block .= '
                 $l^= ' . $p[$i] . ';
-                $r^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]') . ' ^
+                $r^= intval((intval($sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]) ^
                       $sb_2[$l >>  8 & 0xff]) +
-                      $sb_3[$l       & 0xff]') . ';
+                      $sb_3[$l       & 0xff]);
 
                 $r^= ' . $p[$i + 1] . ';
-                $l^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff]') . '  ^
+                $l^= intval((intval($sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff])  ^
                       $sb_2[$r >>  8 & 0xff]) +
-                      $sb_3[$r       & 0xff]') . ';
+                      $sb_3[$r       & 0xff]);
             ';
         }
         $encrypt_block .= '
@@ -877,6 +818,7 @@ class Blowfish extends BlockCipher
                 $l ^ ' . $p[16] . '
             );
         ';
+
          // Generating decrypt code:
         $decrypt_block = '
             $in = unpack("N*", $in);
@@ -887,14 +829,14 @@ class Blowfish extends BlockCipher
         for ($i = 17; $i > 2; $i -= 2) {
             $decrypt_block .= '
                 $l^= ' . $p[$i] . ';
-                $r^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]') . ' ^
+                $r^= intval((intval($sb_0[$l >> 24 & 0xff] + $sb_1[$l >> 16 & 0xff]) ^
                       $sb_2[$l >>  8 & 0xff]) +
-                      $sb_3[$l       & 0xff]') . ';
+                      $sb_3[$l       & 0xff]);
 
                 $r^= ' . $p[$i - 1] . ';
-                $l^= ' . sprintf($safeint, '(' . sprintf($safeint, '$sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff]') . ' ^
+                $l^= intval((intval($sb_0[$r >> 24 & 0xff] + $sb_1[$r >> 16 & 0xff]) ^
                       $sb_2[$r >>  8 & 0xff]) +
-                      $sb_3[$r       & 0xff]') . ';
+                      $sb_3[$r       & 0xff]);
             ';
         }
 
@@ -911,7 +853,7 @@ class Blowfish extends BlockCipher
                'init_encrypt'  => '',
                'init_decrypt'  => '',
                'encrypt_block' => $encrypt_block,
-               'decrypt_block' => $decrypt_block
+               'decrypt_block' => $decrypt_block,
             ]
         );
     }

phpseclib/Crypt/ChaCha20.php

@@ -11,10 +11,14 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Exception\BadDecryptionException;
 use phpseclib3\Exception\InsufficientSetupException;
+use phpseclib3\Exception\LengthException;
+use phpseclib3\Exception\UnexpectedValueException;
 
 /**
  * Pure-PHP implementation of ChaCha20.
@@ -36,10 +40,8 @@ class ChaCha20 extends Salsa20
      * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct()
-     * @param int $engine
-     * @return bool
      */
-    protected function isValidEngineHelper($engine)
+    protected function isValidEngineHelper(int $engine): bool
     {
         switch ($engine) {
             case self::ENGINE_LIBSODIUM:
@@ -73,12 +75,11 @@ class ChaCha20 extends Salsa20
     /**
      * Encrypts a message.
      *
+     * @return string $ciphertext
      * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt()
      * @see self::crypt()
-     * @param string $plaintext
-     * @return string $ciphertext
      */
-    public function encrypt($plaintext)
+    public function encrypt(string $plaintext): string
     {
         $this->setup();
 
@@ -95,12 +96,11 @@ class ChaCha20 extends Salsa20
      * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)).
      * At least if the continuous buffer is disabled.
      *
+     * @return string $plaintext
      * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt()
      * @see self::crypt()
-     * @param string $ciphertext
-     * @return string $plaintext
      */
-    public function decrypt($ciphertext)
+    public function decrypt(string $ciphertext): string
     {
         $this->setup();
 
@@ -114,11 +114,10 @@ class ChaCha20 extends Salsa20
     /**
      * Encrypts a message with libsodium
      *
-     * @see self::encrypt()
-     * @param string $plaintext
      * @return string $text
+     * @see self::encrypt()
      */
-    private function encrypt_with_libsodium($plaintext)
+    private function encrypt_with_libsodium(string $plaintext): string
     {
         $params = [$plaintext, $this->aad, $this->nonce, $this->key];
         $ciphertext = strlen($this->nonce) == 8 ?
@@ -140,11 +139,10 @@ class ChaCha20 extends Salsa20
     /**
      * Decrypts a message with libsodium
      *
-     * @see self::decrypt()
-     * @param string $ciphertext
      * @return string $text
+     * @see self::decrypt()
      */
-    private function decrypt_with_libsodium($ciphertext)
+    private function decrypt_with_libsodium(string $ciphertext): string
     {
         $params = [$ciphertext, $this->aad, $this->nonce, $this->key];
 
@@ -177,13 +175,11 @@ class ChaCha20 extends Salsa20
 
     /**
      * Sets the nonce.
-     *
-     * @param string $nonce
      */
-    public function setNonce($nonce)
+    public function setNonce(string $nonce): void
     {
         if (!is_string($nonce)) {
-            throw new \UnexpectedValueException('The nonce should be a string');
+            throw new UnexpectedValueException('The nonce should be a string');
         }
 
         /*
@@ -198,7 +194,7 @@ class ChaCha20 extends Salsa20
             case 12: // 96 bits
                 break;
             default:
-                throw new \LengthException('Nonce of size ' . strlen($nonce) . ' not supported by this algorithm. Only 64-bit nonces or 96-bit nonces are supported');
+                throw new LengthException('Nonce of size ' . strlen($nonce) . ' not supported by this algorithm. Only 64-bit nonces or 96-bit nonces are supported');
         }
 
         $this->nonce = $nonce;
@@ -224,7 +220,7 @@ class ChaCha20 extends Salsa20
      * @see self::setNonce()
      * @see self::disableContinuousBuffer()
      */
-    protected function setup()
+    protected function setup(): void
     {
         if (!$this->changed) {
             return;
@@ -267,13 +263,8 @@ class ChaCha20 extends Salsa20
 
     /**
      * The quarterround function
-     *
-     * @param int $a
-     * @param int $b
-     * @param int $c
-     * @param int $d
      */
-    protected static function quarterRound(&$a, &$b, &$c, &$d)
+    protected static function quarterRound(int &$a, int &$b, int &$c, int &$d): void
     {
         // in https://datatracker.ietf.org/doc/html/rfc7539#section-2.1 the addition,
         // xor'ing and rotation are all on the same line so i'm keeping it on the same
@@ -306,7 +297,7 @@ class ChaCha20 extends Salsa20
      * @param int $x14 (by reference)
      * @param int $x15 (by reference)
      */
-    protected static function doubleRound(&$x0, &$x1, &$x2, &$x3, &$x4, &$x5, &$x6, &$x7, &$x8, &$x9, &$x10, &$x11, &$x12, &$x13, &$x14, &$x15)
+    protected static function doubleRound(int &$x0, int &$x1, int &$x2, int &$x3, int &$x4, int &$x5, int &$x6, int &$x7, int &$x8, int &$x9, int &$x10, int &$x11, int &$x12, int &$x13, int &$x14, int &$x15): void
     {
         // columnRound
         static::quarterRound($x0, $x4, $x8, $x12);
@@ -332,12 +323,10 @@ class ChaCha20 extends Salsa20
      * For comparison purposes, RC4 takes 0.16s and AES in CTR mode with the Eval engine takes 0.48s.
      * AES in CTR mode with the PHP engine takes 1.19s. Salsa20 / ChaCha20 do not benefit as much from the Eval
      * approach due to the fact that there are a lot less variables to de-reference, fewer loops to unroll, etc
-     *
-     * @param string $x
      */
-    protected static function salsa20($x)
+    protected static function salsa20(string $x)
     {
-        list(, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15) = unpack('V*', $x);
+        [, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15] = unpack('V*', $x);
         $z0 = $x0;
         $z1 = $x1;
         $z2 = $x2;

phpseclib/Crypt/Common/AsymmetricKey.php

@@ -11,11 +11,11 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common;
 
-use phpseclib3\Crypt\DSA;
 use phpseclib3\Crypt\Hash;
-use phpseclib3\Crypt\RSA;
 use phpseclib3\Exception\NoKeyLoadedException;
 use phpseclib3\Exception\UnsupportedFormatException;
 use phpseclib3\Math\BigInteger;
@@ -30,14 +30,14 @@ abstract class AsymmetricKey
     /**
      * Precomputed Zero
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected static $zero;
 
     /**
      * Precomputed One
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected static $one;
 
@@ -51,14 +51,14 @@ abstract class AsymmetricKey
     /**
      * Hash function
      *
-     * @var \phpseclib3\Crypt\Hash
+     * @var Hash
      */
     protected $hash;
 
     /**
      * HMAC function
      *
-     * @var \phpseclib3\Crypt\Hash
+     * @var Hash
      */
     private $hmac;
 
@@ -92,11 +92,7 @@ abstract class AsymmetricKey
      */
     private $comment;
 
-    /**
-     * @param string $type
-     * @return string
-     */
-    abstract public function toString($type, array $options = []);
+    abstract public function toString(string $type, array $options = []): array|string;
 
     /**
      * The constructor
@@ -112,7 +108,7 @@ abstract class AsymmetricKey
     /**
      * Initialize static variables
      */
-    protected static function initialize_static_variables()
+    protected static function initialize_static_variables(): void
     {
         if (!isset(self::$zero)) {
             self::$zero = new BigInteger(0);
@@ -128,11 +124,10 @@ abstract class AsymmetricKey
     /**
      * Load the key
      *
-     * @param string $key
-     * @param string $password optional
+     * @param string|array $key
      * @return \phpseclib3\Crypt\Common\PublicKey|\phpseclib3\Crypt\Common\PrivateKey
      */
-    public static function load($key, $password = false)
+    public static function load($key, ?string $password = null): AsymmetricKey
     {
         self::initialize_static_variables();
 
@@ -161,8 +156,8 @@ abstract class AsymmetricKey
         }
 
         $components['format'] = $format;
-        $components['secret'] = isset($components['secret']) ? $components['secret'] : '';
-        $comment = isset($components['comment']) ? $components['comment'] : null;
+        $components['secret'] ??= '';
+        $comment = $components['comment'] ?? null;
         $new = static::onLoad($components);
         $new->format = $format;
         $new->comment = $comment;
@@ -174,11 +169,10 @@ abstract class AsymmetricKey
     /**
      * Loads a private key
      *
-     * @return PrivateKey
      * @param string|array $key
      * @param string $password optional
      */
-    public static function loadPrivateKey($key, $password = '')
+    public static function loadPrivateKey($key, string $password = ''): PrivateKey
     {
         $key = self::load($key, $password);
         if (!$key instanceof PrivateKey) {
@@ -190,10 +184,9 @@ abstract class AsymmetricKey
     /**
      * Loads a public key
      *
-     * @return PublicKey
      * @param string|array $key
      */
-    public static function loadPublicKey($key)
+    public static function loadPublicKey($key): PublicKey
     {
         $key = self::load($key);
         if (!$key instanceof PublicKey) {
@@ -205,10 +198,9 @@ abstract class AsymmetricKey
     /**
      * Loads parameters
      *
-     * @return AsymmetricKey
      * @param string|array $key
      */
-    public static function loadParameters($key)
+    public static function loadParameters($key): AsymmetricKey
     {
         $key = self::load($key);
         if (!$key instanceof PrivateKey && !$key instanceof PublicKey) {
@@ -220,12 +212,9 @@ abstract class AsymmetricKey
     /**
      * Load the key, assuming a specific format
      *
-     * @param string $type
-     * @param string $key
-     * @param string $password optional
      * @return static
      */
-    public static function loadFormat($type, $key, $password = false)
+    public static function loadFormat(string $type, string $key, ?string $password = null): AsymmetricKey
     {
         self::initialize_static_variables();
 
@@ -241,7 +230,7 @@ abstract class AsymmetricKey
         }
 
         $components['format'] = $format;
-        $components['secret'] = isset($components['secret']) ? $components['secret'] : '';
+        $components['secret'] ??= '';
 
         $new = static::onLoad($components);
         $new->format = $format;
@@ -252,13 +241,8 @@ abstract class AsymmetricKey
 
     /**
      * Loads a private key
-     *
-     * @return PrivateKey
-     * @param string $type
-     * @param string $key
-     * @param string $password optional
      */
-    public static function loadPrivateKeyFormat($type, $key, $password = false)
+    public static function loadPrivateKeyFormat(string $type, string $key, ?string $password = null): PrivateKey
     {
         $key = self::loadFormat($type, $key, $password);
         if (!$key instanceof PrivateKey) {
@@ -269,12 +253,8 @@ abstract class AsymmetricKey
 
     /**
      * Loads a public key
-     *
-     * @return PublicKey
-     * @param string $type
-     * @param string $key
      */
-    public static function loadPublicKeyFormat($type, $key)
+    public static function loadPublicKeyFormat(string $type, string $key): PublicKey
     {
         $key = self::loadFormat($type, $key);
         if (!$key instanceof PublicKey) {
@@ -286,11 +266,9 @@ abstract class AsymmetricKey
     /**
      * Loads parameters
      *
-     * @return AsymmetricKey
-     * @param string $type
      * @param string|array $key
      */
-    public static function loadParametersFormat($type, $key)
+    public static function loadParametersFormat(string $type, $key): AsymmetricKey
     {
         $key = self::loadFormat($type, $key);
         if (!$key instanceof PrivateKey && !$key instanceof PublicKey) {
@@ -302,12 +280,9 @@ abstract class AsymmetricKey
     /**
      * Validate Plugin
      *
-     * @param string $format
-     * @param string $type
-     * @param string $method optional
-     * @return mixed
+     * @param string|null $method optional
      */
-    protected static function validatePlugin($format, $type, $method = null)
+    protected static function validatePlugin(string $format, string $type, ?string $method = null)
     {
         $type = strtolower($type);
         if (!isset(self::$plugins[static::ALGORITHM][$format][$type])) {
@@ -323,10 +298,8 @@ abstract class AsymmetricKey
 
     /**
      * Load Plugins
-     *
-     * @param string $format
      */
-    private static function loadPlugins($format)
+    private static function loadPlugins(string $format): void
     {
         if (!isset(self::$plugins[static::ALGORITHM][$format])) {
             self::$plugins[static::ALGORITHM][$format] = [];
@@ -353,10 +326,8 @@ abstract class AsymmetricKey
 
     /**
      * Returns a list of supported formats.
-     *
-     * @return array
      */
-    public static function getSupportedKeyFormats()
+    public static function getSupportedKeyFormats(): array
     {
         self::initialize_static_variables();
 
@@ -370,10 +341,8 @@ abstract class AsymmetricKey
      * Loading a plugin whose shortname overwrite an existing shortname will overwrite the old plugin.
      *
      * @see self::load()
-     * @param string $fullname
-     * @return bool
      */
-    public static function addFileFormat($fullname)
+    public static function addFileFormat(string $fullname): void
     {
         self::initialize_static_variables();
 
@@ -382,7 +351,7 @@ abstract class AsymmetricKey
             $shortname = $meta->getShortName();
             self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname;
             if ($meta->hasConstant('IS_INVISIBLE')) {
-                self::$invisiblePlugins[static::ALGORITHM] = strtolower($name);
+                self::$invisiblePlugins[static::ALGORITHM][] = strtolower($shortname);
             }
         }
     }
@@ -394,9 +363,8 @@ abstract class AsymmetricKey
      * with RSA::createKey() then this will throw an exception.
      *
      * @see self::load()
-     * @return mixed
      */
-    public function getLoadedFormat()
+    public function getLoadedFormat(): string
     {
         if (empty($this->format)) {
             throw new NoKeyLoadedException('This key was created with createKey - it was not loaded with load. Therefore there is no "loaded format"');
@@ -410,19 +378,16 @@ abstract class AsymmetricKey
      * Returns the key's comment
      *
      * Not all key formats support comments. If you want to set a comment use toString()
-     *
-     * @return null|string
      */
-    public function getComment()
+    public function getComment(): ?string
     {
         return $this->comment;
     }
 
     /**
      * Tests engine validity
-     *
      */
-    public static function useBestEngine()
+    public static function useBestEngine(): array
     {
         static::$engines = [
             'PHP' => true,
@@ -430,7 +395,7 @@ abstract class AsymmetricKey
             // this test can be satisfied by either of the following:
             // http://php.net/manual/en/book.sodium.php
             // https://github.com/paragonie/sodium_compat
-            'libsodium' => function_exists('sodium_crypto_sign_keypair')
+            'libsodium' => function_exists('sodium_crypto_sign_keypair'),
         ];
 
         return static::$engines;
@@ -438,14 +403,13 @@ abstract class AsymmetricKey
 
     /**
      * Flag to use internal engine only (useful for unit testing)
-     *
      */
-    public static function useInternalEngine()
+    public static function useInternalEngine(): void
     {
         static::$engines = [
             'PHP' => true,
             'OpenSSL' => false,
-            'libsodium' => false
+            'libsodium' => false,
         ];
     }
 
@@ -461,10 +425,8 @@ abstract class AsymmetricKey
 
     /**
      * Determines which hashing function should be used
-     *
-     * @param string $hash
      */
-    public function withHash($hash)
+    public function withHash(string $hash): AsymmetricKey
     {
         $new = clone $this;
 
@@ -476,9 +438,8 @@ abstract class AsymmetricKey
 
     /**
      * Returns the hash algorithm currently being used
-     *
      */
-    public function getHash()
+    public function getHash(): Hash
     {
         return clone $this->hash;
     }
@@ -487,10 +448,9 @@ abstract class AsymmetricKey
      * Compute the pseudorandom k for signature generation,
      * using the process specified for deterministic DSA.
      *
-     * @param string $h1
      * @return string
      */
-    protected function computek($h1)
+    protected function computek(string $h1)
     {
         $v = str_repeat("\1", strlen($h1));
 
@@ -530,11 +490,8 @@ abstract class AsymmetricKey
 
     /**
      * Integer to Octet String
-     *
-     * @param \phpseclib3\Math\BigInteger $v
-     * @return string
      */
-    private function int2octets($v)
+    private function int2octets(BigInteger $v): string
     {
         $out = $v->toBytes();
         $rolen = $this->q->getLengthInBytes();
@@ -549,11 +506,8 @@ abstract class AsymmetricKey
 
     /**
      * Bit String to Integer
-     *
-     * @param string $in
-     * @return \phpseclib3\Math\BigInteger
      */
-    protected function bits2int($in)
+    protected function bits2int(string $in): BigInteger
     {
         $v = new BigInteger($in, 256);
         $vlen = strlen($in) << 3;
@@ -566,11 +520,8 @@ abstract class AsymmetricKey
 
     /**
      * Bit String to Octet String
-     *
-     * @param string $in
-     * @return string
      */
-    private function bits2octets($in)
+    private function bits2octets(string $in): string
     {
         $z1 = $this->bits2int($in);
         $z2 = $z1->subtract($this->q);

phpseclib/Crypt/Common/BlockCipher.php

@@ -12,6 +12,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common;
 
 /**

phpseclib/Crypt/Common/Formats/Keys/JWK.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
@@ -25,11 +27,9 @@ abstract class JWK
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    protected static function loadHelper($key): \stdClass
     {
         if (!Strings::is_stringable($key)) {
             throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
@@ -37,14 +37,7 @@ abstract class JWK
 
         $key = preg_replace('#\s#', '', $key); // remove whitespace
 
-        if (PHP_VERSION_ID >= 73000) {
-            $key = json_decode($key, null, 512, JSON_THROW_ON_ERROR);
-        } else {
-            $key = json_decode($key);
-            if (!$key) {
-                throw new \RuntimeException('Unable to decode JSON');
-            }
-        }
+        $key = json_decode($key, null, 512, JSON_THROW_ON_ERROR);
 
         if (isset($key->kty)) {
             return $key;
@@ -59,10 +52,8 @@ abstract class JWK
 
     /**
      * Wrap a key appropriately
-     *
-     * @return string
      */
-    protected static function wrapKey(array $key, array $options)
+    protected static function wrapKey(array $key, array $options): string
     {
         return json_encode(['keys' => [$key + $options]]);
     }

phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php

@@ -13,11 +13,16 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\AES;
 use phpseclib3\Crypt\Random;
+use phpseclib3\Exception\BadDecryptionException;
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 
 /**
  * OpenSSH Formatted RSA Key Handler
@@ -42,10 +47,8 @@ abstract class OpenSSH
 
     /**
      * Sets the default comment
-     *
-     * @param string $comment
      */
-    public static function setComment($comment)
+    public static function setComment(string $comment): void
     {
         self::$comment = str_replace(["\r", "\n"], '', $comment);
     }
@@ -55,59 +58,61 @@ abstract class OpenSSH
      *
      * $type can be either ssh-dss or ssh-rsa
      *
-     * @param string $key
-     * @param string $password
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
         // key format is described here:
         // https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
 
-        if (strpos($key, 'BEGIN OPENSSH PRIVATE KEY') !== false) {
+        if (str_contains($key, 'BEGIN OPENSSH PRIVATE KEY')) {
             $key = preg_replace('#(?:^-.*?-[\r\n]*$)|\s#ms', '', $key);
             $key = Strings::base64_decode($key);
             $magic = Strings::shift($key, 15);
             if ($magic != "openssh-key-v1\0") {
-                throw new \RuntimeException('Expected openssh-key-v1');
+                throw new RuntimeException('Expected openssh-key-v1');
             }
-            list($ciphername, $kdfname, $kdfoptions, $numKeys) = Strings::unpackSSH2('sssN', $key);
+            [$ciphername, $kdfname, $kdfoptions, $numKeys] = Strings::unpackSSH2('sssN', $key);
             if ($numKeys != 1) {
                 // if we wanted to support multiple keys we could update PublicKeyLoader to preview what the # of keys
                 // would be; it'd then call Common\Keys\OpenSSH.php::load() and get the paddedKey. it'd then pass
                 // that to the appropriate key loading parser $numKey times or something
-                throw new \RuntimeException('Although the OpenSSH private key format supports multiple keys phpseclib does not');
+                throw new RuntimeException('Although the OpenSSH private key format supports multiple keys phpseclib does not');
             }
+
             switch ($ciphername) {
                 case 'none':
                     break;
                 case 'aes256-ctr':
                     if ($kdfname != 'bcrypt') {
-                        throw new \RuntimeException('Only the bcrypt kdf is supported (' . $kdfname . ' encountered)');
+                        throw new RuntimeException('Only the bcrypt kdf is supported (' . $kdfname . ' encountered)');
                     }
-                    list($salt, $rounds) = Strings::unpackSSH2('sN', $kdfoptions);
+                    [$salt, $rounds] = Strings::unpackSSH2('sN', $kdfoptions);
                     $crypto = new AES('ctr');
                     //$crypto->setKeyLength(256);
                     //$crypto->disablePadding();
                     $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32);
                     break;
                 default:
-                    throw new \RuntimeException('The only supported cipherse are: none, aes256-ctr (' . $ciphername . ' is being used)');
+                    throw new RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)');
             }
 
-            list($publicKey, $paddedKey) = Strings::unpackSSH2('ss', $key);
-            list($type) = Strings::unpackSSH2('s', $publicKey);
+            [$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key);
+            [$type] = Strings::unpackSSH2('s', $publicKey);
             if (isset($crypto)) {
                 $paddedKey = $crypto->decrypt($paddedKey);
             }
-            list($checkint1, $checkint2) = Strings::unpackSSH2('NN', $paddedKey);
+            [$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey);
             // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc.
             if ($checkint1 != $checkint2) {
-                throw new \RuntimeException('The two checkints do not match');
+                if (isset($crypto)) {
+                    throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using');
+                }
+                throw new RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)");
             }
             self::checkType($type);
 
@@ -123,19 +128,19 @@ abstract class OpenSSH
             $asciiType = $parts[0];
             self::checkType($parts[0]);
             $key = base64_decode($parts[1]);
-            $comment = isset($parts[2]) ? $parts[2] : false;
+            $comment = $parts[2] ?? false;
         }
         if ($key === false) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
-        list($type) = Strings::unpackSSH2('s', $key);
+        [$type] = Strings::unpackSSH2('s', $key);
         self::checkType($type);
         if (isset($asciiType) && $asciiType != $type) {
-            throw new \RuntimeException('Two different types of keys are claimed: ' . $asciiType . ' and ' . $type);
+            throw new RuntimeException('Two different types of keys are claimed: ' . $asciiType . ' and ' . $type);
         }
         if (strlen($key) <= 4) {
-            throw new \UnexpectedValueException('Key appears to be malformed');
+            throw new UnexpectedValueException('Key appears to be malformed');
         }
 
         $publicKey = $key;
@@ -148,40 +153,32 @@ abstract class OpenSSH
      *
      * Printable keys are what are generated by default. These are the ones that go in
      * $HOME/.ssh/authorized_key.
-     *
-     * @param bool $enabled
      */
-    public static function setBinaryOutput($enabled)
+    public static function setBinaryOutput(bool $enabled): void
     {
         self::$binary = $enabled;
     }
 
     /**
      * Checks to see if the type is valid
-     *
-     * @param string $candidate
      */
-    private static function checkType($candidate)
+    private static function checkType(string $candidate): void
     {
         if (!in_array($candidate, static::$types)) {
-            throw new \RuntimeException("The key type ($candidate) is not equal to: " . implode(',', static::$types));
+            throw new RuntimeException("The key type ($candidate) is not equal to: " . implode(',', static::$types));
         }
     }
 
     /**
      * Wrap a private key appropriately
      *
-     * @param string $publicKey
-     * @param string $privateKey
-     * @param string $password
-     * @param array $options
-     * @return string
+     * @param string|false $password
      */
-    protected static function wrapPrivateKey($publicKey, $privateKey, $password, $options)
+    protected static function wrapPrivateKey(string $publicKey, string $privateKey, $password, array $options): string
     {
-        list(, $checkint) = unpack('N', Random::string(4));
+        [, $checkint] = unpack('N', Random::string(4));
 
-        $comment = isset($options['comment']) ? $options['comment'] : self::$comment;
+        $comment = $options['comment'] ?? self::$comment;
         $paddedKey = Strings::packSSH2('NN', $checkint, $checkint) .
                      $privateKey .
                      Strings::packSSH2('s', $comment);
@@ -203,7 +200,7 @@ abstract class OpenSSH
         if (!$usesEncryption) {
             $key = Strings::packSSH2('sssNss', 'none', 'none', '', 1, $publicKey, $paddedKey);
         } else {
-            $rounds = isset($options['rounds']) ? $options['rounds'] : 16;
+            $rounds = $options['rounds'] ?? 16;
             $salt = Random::string(16);
             $kdfoptions = Strings::packSSH2('sN', $salt, $rounds);
             $crypto = new AES('ctr');

phpseclib/Crypt/Common/Formats/Keys/PKCS.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 /**
@@ -23,15 +25,15 @@ abstract class PKCS
     /**
      * Auto-detect the format
      */
-    const MODE_ANY = 0;
+    public const MODE_ANY = 0;
     /**
      * Require base64-encoded PEM's be supplied
      */
-    const MODE_PEM = 1;
+    public const MODE_PEM = 1;
     /**
      * Require raw DER's be supplied
      */
-    const MODE_DER = 2;
+    public const MODE_DER = 2;
     /**#@-*/
 
     /**
@@ -43,18 +45,16 @@ abstract class PKCS
 
     /**
      * Require base64-encoded PEM's be supplied
-     *
      */
-    public static function requirePEM()
+    public static function requirePEM(): void
     {
         self::$format = self::MODE_PEM;
     }
 
     /**
      * Require raw DER's be supplied
-     *
      */
-    public static function requireDER()
+    public static function requireDER(): void
     {
         self::$format = self::MODE_DER;
     }
@@ -63,9 +63,8 @@ abstract class PKCS
      * Accept any format and auto detect the format
      *
      * This is the default setting
-     *
      */
-    public static function requireAny()
+    public static function requireAny(): void
     {
         self::$format = self::MODE_ANY;
     }

phpseclib/Crypt/Common/Formats/Keys/PKCS1.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
@@ -18,6 +20,7 @@ use phpseclib3\Crypt\AES;
 use phpseclib3\Crypt\DES;
 use phpseclib3\Crypt\Random;
 use phpseclib3\Crypt\TripleDES;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Exception\UnsupportedAlgorithmException;
 use phpseclib3\File\ASN1;
 
@@ -37,10 +40,8 @@ abstract class PKCS1 extends PKCS
 
     /**
      * Sets the default encryption algorithm
-     *
-     * @param string $algo
      */
-    public static function setEncryptionAlgorithm($algo)
+    public static function setEncryptionAlgorithm(string $algo): void
     {
         self::$defaultEncryptionAlgorithm = $algo;
     }
@@ -48,11 +49,10 @@ abstract class PKCS1 extends PKCS
     /**
      * Returns the mode constant corresponding to the mode string
      *
-     * @param string $mode
      * @return int
-     * @throws \UnexpectedValueException if the block cipher mode is unsupported
+     * @throws UnexpectedValueException if the block cipher mode is unsupported
      */
-    private static function getEncryptionMode($mode)
+    private static function getEncryptionMode(string $mode)
     {
         switch ($mode) {
             case 'CBC':
@@ -62,23 +62,22 @@ abstract class PKCS1 extends PKCS
             case 'CTR':
                 return $mode;
         }
-        throw new \UnexpectedValueException('Unsupported block cipher mode of operation');
+        throw new UnexpectedValueException('Unsupported block cipher mode of operation');
     }
 
     /**
      * Returns a cipher object corresponding to a string
      *
-     * @param string $algo
-     * @return string
-     * @throws \UnexpectedValueException if the encryption algorithm is unsupported
+     * @return AES|DES|TripleDES
+     * @throws UnexpectedValueException if the encryption algorithm is unsupported
      */
-    private static function getEncryptionObject($algo)
+    private static function getEncryptionObject(string $algo)
     {
         $modes = '(CBC|ECB|CFB|OFB|CTR)';
         switch (true) {
             case preg_match("#^AES-(128|192|256)-$modes$#", $algo, $matches):
                 $cipher = new AES(self::getEncryptionMode($matches[2]));
-                $cipher->setKeyLength($matches[1]);
+                $cipher->setKeyLength((int) $matches[1]);
                 return $cipher;
             case preg_match("#^DES-EDE3-$modes$#", $algo, $matches):
                 return new TripleDES(self::getEncryptionMode($matches[1]));
@@ -91,13 +90,8 @@ abstract class PKCS1 extends PKCS
 
     /**
      * Generate a symmetric key for PKCS#1 keys
-     *
-     * @param string $password
-     * @param string $iv
-     * @param int $length
-     * @return string
      */
-    private static function generateSymmetricKey($password, $iv, $length)
+    private static function generateSymmetricKey(string $password, string $iv, int $length): string
     {
         $symkey = '';
         $iv = substr($iv, 0, 8);
@@ -110,14 +104,13 @@ abstract class PKCS1 extends PKCS
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
+     * @return array|string
      */
-    protected static function load($key, $password)
+    protected static function load($key, ?string $password = null)
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
         /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is
@@ -153,7 +146,7 @@ abstract class PKCS1 extends PKCS
                 if ($decoded !== false) {
                     $key = $decoded;
                 } elseif (self::$format == self::MODE_PEM) {
-                    throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text');
+                    throw new UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text');
                 }
             }
         }
@@ -164,13 +157,10 @@ abstract class PKCS1 extends PKCS
     /**
      * Wrap a private key appropriately
      *
-     * @param string $key
-     * @param string $type
-     * @param string $password
+     * @param string|false $password
      * @param array $options optional
-     * @return string
      */
-    protected static function wrapPrivateKey($key, $type, $password, array $options = [])
+    protected static function wrapPrivateKey(string $key, string $type, $password, array $options = []): string
     {
         if (empty($password) || !is_string($password)) {
             return "-----BEGIN $type PRIVATE KEY-----\r\n" .
@@ -178,7 +168,7 @@ abstract class PKCS1 extends PKCS
                    "-----END $type PRIVATE KEY-----";
         }
 
-        $encryptionAlgorithm = isset($options['encryptionAlgorithm']) ? $options['encryptionAlgorithm'] : self::$defaultEncryptionAlgorithm;
+        $encryptionAlgorithm = $options['encryptionAlgorithm'] ?? self::$defaultEncryptionAlgorithm;
 
         $cipher = self::getEncryptionObject($encryptionAlgorithm);
         $iv = Random::string($cipher->getBlockLength() >> 3);
@@ -195,12 +185,8 @@ abstract class PKCS1 extends PKCS
 
     /**
      * Wrap a public key appropriately
-     *
-     * @param string $key
-     * @param string $type
-     * @return string
      */
-    protected static function wrapPublicKey($key, $type)
+    protected static function wrapPublicKey(string $key, string $type): string
     {
         return "-----BEGIN $type PUBLIC KEY-----\r\n" .
                chunk_split(Strings::base64_encode($key), 64) .

phpseclib/Crypt/Common/Formats/Keys/PKCS8.php

@@ -23,16 +23,21 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\AES;
+use phpseclib3\Crypt\Common\SymmetricKey;
 use phpseclib3\Crypt\DES;
 use phpseclib3\Crypt\Random;
 use phpseclib3\Crypt\RC2;
 use phpseclib3\Crypt\RC4;
 use phpseclib3\Crypt\TripleDES;
 use phpseclib3\Exception\InsufficientSetupException;
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Exception\UnsupportedAlgorithmException;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\ASN1\Maps;
@@ -85,40 +90,32 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Sets the default encryption algorithm
-     *
-     * @param string $algo
      */
-    public static function setEncryptionAlgorithm($algo)
+    public static function setEncryptionAlgorithm(string $algo): void
     {
         self::$defaultEncryptionAlgorithm = $algo;
     }
 
     /**
      * Sets the default encryption algorithm for PBES2
-     *
-     * @param string $algo
      */
-    public static function setEncryptionScheme($algo)
+    public static function setEncryptionScheme(string $algo): void
     {
         self::$defaultEncryptionScheme = $algo;
     }
 
     /**
      * Sets the iteration count
-     *
-     * @param int $count
      */
-    public static function setIterationCount($count)
+    public static function setIterationCount(int $count): void
     {
         self::$defaultIterationCount = $count;
     }
 
     /**
      * Sets the PRF for PBES2
-     *
-     * @param string $algo
      */
-    public static function setPRF($algo)
+    public static function setPRF(string $algo): void
     {
         self::$defaultPRF = $algo;
     }
@@ -126,10 +123,9 @@ abstract class PKCS8 extends PKCS
     /**
      * Returns a SymmetricKey object based on a PBES1 $algo
      *
-     * @return \phpseclib3\Crypt\Common\SymmetricKey
-     * @param string $algo
+     * @return SymmetricKey
      */
-    private static function getPBES1EncryptionObject($algo)
+    private static function getPBES1EncryptionObject(string $algo)
     {
         $algo = preg_match('#^pbeWith(?:MD2|MD5|SHA1|SHA)And(.*?)-CBC$#', $algo, $matches) ?
             $matches[1] :
@@ -175,11 +171,8 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Returns a hash based on a PBES1 $algo
-     *
-     * @return string
-     * @param string $algo
      */
-    private static function getPBES1Hash($algo)
+    private static function getPBES1Hash(string $algo): string
     {
         if (preg_match('#^pbeWith(MD2|MD5|SHA1|SHA)And.*?-CBC$#', $algo, $matches)) {
             return $matches[1] == 'SHA' ? 'sha1' : $matches[1];
@@ -190,11 +183,8 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Returns a KDF baesd on a PBES1 $algo
-     *
-     * @return string
-     * @param string $algo
      */
-    private static function getPBES1KDF($algo)
+    private static function getPBES1KDF(string $algo): string
     {
         switch ($algo) {
             case 'pbeWithMD2AndDES-CBC':
@@ -211,11 +201,8 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Returns a SymmetricKey object baesd on a PBES2 $algo
-     *
-     * @return SymmetricKey
-     * @param string $algo
      */
-    private static function getPBES2EncryptionObject($algo)
+    private static function getPBES2EncryptionObject(string $algo): SymmetricKey
     {
         switch ($algo) {
             case 'desCBC':
@@ -235,7 +222,7 @@ abstract class PKCS8 extends PKCS
             case 'aes192-CBC-PAD':
             case 'aes256-CBC-PAD':
                 $cipher = new AES('cbc');
-                $cipher->setKeyLength(substr($algo, 3, 3));
+                $cipher->setKeyLength((int) substr($algo, 3, 3));
                 break;
             default:
                 throw new UnsupportedAlgorithmException("$algo is not supported");
@@ -246,9 +233,8 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Initialize static variables
-     *
      */
-    private static function initialize_static_variables()
+    private static function initialize_static_variables(): void
     {
         if (!isset(static::$childOIDsLoaded)) {
             throw new InsufficientSetupException('This class should not be called directly');
@@ -301,7 +287,7 @@ abstract class PKCS8 extends PKCS
 
                'aes128-CBC-PAD' => '2.16.840.1.101.3.4.1.2',
                'aes192-CBC-PAD' => '2.16.840.1.101.3.4.1.22',
-               'aes256-CBC-PAD' => '2.16.840.1.101.3.4.1.42'
+               'aes256-CBC-PAD' => '2.16.840.1.101.3.4.1.42',
             ]);
             self::$oidsLoaded = true;
         }
@@ -310,25 +296,23 @@ abstract class PKCS8 extends PKCS
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    protected static function load($key, $password = '')
+    protected static function load($key, ?string $password = null): array
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
-        $isPublic = strpos($key, 'PUBLIC') !== false;
-        $isPrivate = strpos($key, 'PRIVATE') !== false;
+        $isPublic = str_contains($key, 'PUBLIC');
+        $isPrivate = str_contains($key, 'PRIVATE');
 
         $decoded = self::preParse($key);
 
         $meta = [];
 
         $decrypted = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP);
-        if (strlen($password) && is_array($decrypted)) {
+        if ($password !== null && strlen($password) && is_array($decrypted)) {
             $algorithm = $decrypted['encryptionAlgorithm']['algorithm'];
             switch ($algorithm) {
                 // PBES1
@@ -352,7 +336,7 @@ abstract class PKCS8 extends PKCS
 
                     $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
                     if (!$temp) {
-                        throw new \RuntimeException('Unable to decode BER');
+                        throw new RuntimeException('Unable to decode BER');
                     }
                     extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP));
                     $iterationCount = (int) $iterationCount->toString();
@@ -360,7 +344,7 @@ abstract class PKCS8 extends PKCS
                     $key = $cipher->decrypt($decrypted['encryptedData']);
                     $decoded = ASN1::decodeBER($key);
                     if (!$decoded) {
-                        throw new \RuntimeException('Unable to decode BER 2');
+                        throw new RuntimeException('Unable to decode BER 2');
                     }
 
                     break;
@@ -369,7 +353,7 @@ abstract class PKCS8 extends PKCS
 
                     $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
                     if (!$temp) {
-                        throw new \RuntimeException('Unable to decode BER');
+                        throw new RuntimeException('Unable to decode BER');
                     }
                     $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
                     extract($temp);
@@ -379,7 +363,7 @@ abstract class PKCS8 extends PKCS
 
                     $temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
                     if (!$temp) {
-                        throw new \RuntimeException('Unable to decode BER');
+                        throw new RuntimeException('Unable to decode BER');
                     }
                     $temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
                     extract($temp);
@@ -389,7 +373,7 @@ abstract class PKCS8 extends PKCS
                     } else {
                         $temp = ASN1::decodeBER($encryptionScheme['parameters']);
                         if (!$temp) {
-                            throw new \RuntimeException('Unable to decode BER');
+                            throw new RuntimeException('Unable to decode BER');
                         }
                         extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP));
                         $effectiveKeyLength = (int) $rc2ParametersVersion->toString();
@@ -414,7 +398,7 @@ abstract class PKCS8 extends PKCS
                         case 'id-PBKDF2':
                             $temp = ASN1::decodeBER($keyDerivationFunc['parameters']);
                             if (!$temp) {
-                                throw new \RuntimeException('Unable to decode BER');
+                                throw new RuntimeException('Unable to decode BER');
                             }
                             $prf = ['algorithm' => 'id-hmacWithSHA1'];
                             $params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP);
@@ -426,7 +410,7 @@ abstract class PKCS8 extends PKCS
                                 'pbkdf2',
                                 $hash,
                                 $salt,
-                                (int) $iterationCount->toString()
+                                (int) $iterationCount->toString(),
                             ];
                             if (isset($keyLength)) {
                                 $params[] = (int) $keyLength->toString();
@@ -435,7 +419,7 @@ abstract class PKCS8 extends PKCS
                             $key = $cipher->decrypt($decrypted['encryptedData']);
                             $decoded = ASN1::decodeBER($key);
                             if (!$decoded) {
-                                throw new \RuntimeException('Unable to decode BER 3');
+                                throw new RuntimeException('Unable to decode BER 3');
                             }
                             break;
                         default:
@@ -454,7 +438,7 @@ abstract class PKCS8 extends PKCS
         $private = ASN1::asn1map($decoded[0], Maps\OneAsymmetricKey::MAP);
         if (is_array($private)) {
             if ($isPublic) {
-                throw new \UnexpectedValueException('Human readable string claims public key but DER encoded string claims private key');
+                throw new UnexpectedValueException('Human readable string claims public key but DER encoded string claims private key');
             }
 
             if (isset($private['privateKeyAlgorithm']['parameters']) && !$private['privateKeyAlgorithm']['parameters'] instanceof ASN1\Element && isset($decoded[0]['content'][1]['content'][1])) {
@@ -472,7 +456,7 @@ abstract class PKCS8 extends PKCS
             }
             if (isset($private['publicKey'])) {
                 if ($private['publicKey'][0] != "\0") {
-                    throw new \UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($private['publicKey'][0]));
+                    throw new UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($private['publicKey'][0]));
                 }
                 $private['publicKey'] = substr($private['publicKey'], 1);
             }
@@ -487,11 +471,11 @@ abstract class PKCS8 extends PKCS
 
         if (is_array($public)) {
             if ($isPrivate) {
-                throw new \UnexpectedValueException('Human readable string claims private key but DER encoded string claims public key');
+                throw new UnexpectedValueException('Human readable string claims private key but DER encoded string claims public key');
             }
 
             if ($public['publicKey'][0] != "\0") {
-                throw new \UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($public['publicKey'][0]));
+                throw new UnexpectedValueException('The first byte of the public key should be null - not ' . bin2hex($public['publicKey'][0]));
             }
             if (is_array(static::OID_NAME)) {
                 if (!in_array($public['publicKeyAlgorithm']['algorithm'], static::OID_NAME)) {
@@ -510,31 +494,28 @@ abstract class PKCS8 extends PKCS
             return $public;
         }
 
-        throw new \RuntimeException('Unable to parse using either OneAsymmetricKey or PublicKeyInfo ASN1 maps');
+        throw new RuntimeException('Unable to parse using either OneAsymmetricKey or PublicKeyInfo ASN1 maps');
     }
 
     /**
      * Wrap a private key appropriately
      *
-     * @param string $key
-     * @param string $attr
-     * @param mixed $params
-     * @param string $password
-     * @param string $oid optional
+     * @param array|string $attr
+     * @param string|false $password
+     * @param string|null $oid optional
      * @param string $publicKey optional
      * @param array $options optional
-     * @return string
      */
-    protected static function wrapPrivateKey($key, $attr, $params, $password, $oid = null, $publicKey = '', array $options = [])
+    protected static function wrapPrivateKey(string $key, $attr, $params, $password, ?string $oid = null, string $publicKey = '', array $options = []): string
     {
         self::initialize_static_variables();
 
         $key = [
             'version' => 'v1',
             'privateKeyAlgorithm' => [
-                'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid
+                'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid,
              ],
-            'privateKey' => $key
+            'privateKey' => $key,
         ];
         if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') {
             $key['privateKeyAlgorithm']['parameters'] = $params;
@@ -550,10 +531,10 @@ abstract class PKCS8 extends PKCS
         if (!empty($password) && is_string($password)) {
             $salt = Random::string(8);
 
-            $iterationCount = isset($options['iterationCount']) ? $options['iterationCount'] : self::$defaultIterationCount;
-            $encryptionAlgorithm = isset($options['encryptionAlgorithm']) ? $options['encryptionAlgorithm'] : self::$defaultEncryptionAlgorithm;
-            $encryptionScheme = isset($options['encryptionScheme']) ? $options['encryptionScheme'] : self::$defaultEncryptionScheme;
-            $prf = isset($options['PRF']) ? $options['PRF'] : self::$defaultPRF;
+            $iterationCount = $options['iterationCount'] ?? self::$defaultIterationCount;
+            $encryptionAlgorithm = $options['encryptionAlgorithm'] ?? self::$defaultEncryptionAlgorithm;
+            $encryptionScheme = $options['encryptionScheme'] ?? self::$defaultEncryptionScheme;
+            $prf = $options['PRF'] ?? self::$defaultPRF;
 
             if ($encryptionAlgorithm == 'id-PBES2') {
                 $crypto = self::getPBES2EncryptionObject($encryptionScheme);
@@ -564,7 +545,7 @@ abstract class PKCS8 extends PKCS
                 $PBKDF2params = [
                     'salt' => $salt,
                     'iterationCount' => $iterationCount,
-                    'prf' => ['algorithm' => $prf, 'parameters' => null]
+                    'prf' => ['algorithm' => $prf, 'parameters' => null],
                 ];
                 $PBKDF2params = ASN1::encodeDER($PBKDF2params, Maps\PBKDF2params::MAP);
 
@@ -573,7 +554,7 @@ abstract class PKCS8 extends PKCS
                 } else {
                     $params = [
                         'rc2ParametersVersion' => 58,
-                        'iv' => $iv
+                        'iv' => $iv,
                     ];
                     $params = ASN1::encodeDER($params, Maps\RC2CBCParameter::MAP);
                     $params = new ASN1\Element($params);
@@ -582,12 +563,12 @@ abstract class PKCS8 extends PKCS
                 $params = [
                     'keyDerivationFunc' => [
                         'algorithm' => 'id-PBKDF2',
-                        'parameters' => new ASN1\Element($PBKDF2params)
+                        'parameters' => new ASN1\Element($PBKDF2params),
                     ],
                     'encryptionScheme' => [
                         'algorithm' => $encryptionScheme,
-                        'parameters' => $params
-                    ]
+                        'parameters' => $params,
+                    ],
                 ];
                 $params = ASN1::encodeDER($params, Maps\PBES2params::MAP);
 
@@ -599,7 +580,7 @@ abstract class PKCS8 extends PKCS
 
                 $params = [
                     'salt' => $salt,
-                    'iterationCount' => $iterationCount
+                    'iterationCount' => $iterationCount,
                 ];
                 $params = ASN1::encodeDER($params, Maps\PBEParameter::MAP);
             }
@@ -609,9 +590,9 @@ abstract class PKCS8 extends PKCS
             $key = [
                 'encryptionAlgorithm' => [
                     'algorithm' => $encryptionAlgorithm,
-                    'parameters' => new ASN1\Element($params)
+                    'parameters' => new ASN1\Element($params),
                 ],
-                'encryptedData' => $key
+                'encryptedData' => $key,
             ];
 
             $key = ASN1::encodeDER($key, Maps\EncryptedPrivateKeyInfo::MAP);
@@ -628,21 +609,16 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Wrap a public key appropriately
-     *
-     * @param string $key
-     * @param mixed $params
-     * @param string $oid
-     * @return string
      */
-    protected static function wrapPublicKey($key, $params, $oid = null)
+    protected static function wrapPublicKey(string $key, $params, ?string $oid = null): string
     {
         self::initialize_static_variables();
 
         $key = [
             'publicKeyAlgorithm' => [
-                'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid
+                'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid,
             ],
-            'publicKey' => "\0" . $key
+            'publicKey' => "\0" . $key,
         ];
 
         if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') {
@@ -659,10 +635,9 @@ abstract class PKCS8 extends PKCS
     /**
      * Perform some preliminary parsing of the key
      *
-     * @param string $key
-     * @return array
+     * @param string|array $key
      */
-    private static function preParse(&$key)
+    private static function preParse(&$key): array
     {
         self::initialize_static_variables();
 
@@ -671,13 +646,13 @@ abstract class PKCS8 extends PKCS
             if ($decoded !== false) {
                 $key = $decoded;
             } elseif (self::$format == self::MODE_PEM) {
-                throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text');
+                throw new UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text');
             }
         }
 
         $decoded = ASN1::decodeBER($key);
         if (!$decoded) {
-            throw new \RuntimeException('Unable to decode BER');
+            throw new RuntimeException('Unable to decode BER');
         }
 
         return $decoded;
@@ -685,27 +660,24 @@ abstract class PKCS8 extends PKCS
 
     /**
      * Returns the encryption parameters used by the key
-     *
-     * @param string $key
-     * @return array
      */
-    public static function extractEncryptionAlgorithm($key)
+    public static function extractEncryptionAlgorithm(string $key): array
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
         $decoded = self::preParse($key);
 
         $r = ASN1::asn1map($decoded[0], ASN1\Maps\EncryptedPrivateKeyInfo::MAP);
         if (!is_array($r)) {
-            throw new \RuntimeException('Unable to parse using EncryptedPrivateKeyInfo map');
+            throw new RuntimeException('Unable to parse using EncryptedPrivateKeyInfo map');
         }
 
         if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') {
             $decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element);
             if (!$decoded) {
-                throw new \RuntimeException('Unable to decode BER');
+                throw new RuntimeException('Unable to decode BER');
             }
             $r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], ASN1\Maps\PBES2params::MAP);
 
@@ -714,7 +686,7 @@ abstract class PKCS8 extends PKCS
                 case 'id-PBKDF2':
                     $decoded = ASN1::decodeBER($kdf['parameters']->element);
                     if (!$decoded) {
-                        throw new \RuntimeException('Unable to decode BER');
+                        throw new RuntimeException('Unable to decode BER');
                     }
                     $kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP);
             }

phpseclib/Crypt/Common/Formats/Keys/PuTTY.php

@@ -13,12 +13,16 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\AES;
 use phpseclib3\Crypt\Hash;
 use phpseclib3\Crypt\Random;
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Exception\UnsupportedAlgorithmException;
 
 /**
@@ -44,35 +48,27 @@ abstract class PuTTY
 
     /**
      * Sets the default comment
-     *
-     * @param string $comment
      */
-    public static function setComment($comment)
+    public static function setComment(string $comment): void
     {
         self::$comment = str_replace(["\r", "\n"], '', $comment);
     }
 
     /**
      * Sets the default version
-     *
-     * @param int $version
      */
-    public static function setVersion($version)
+    public static function setVersion(int $version): void
     {
         if ($version != 2 && $version != 3) {
-            throw new \RuntimeException('Only supported versions are 2 and 3');
+            throw new RuntimeException('Only supported versions are 2 and 3');
         }
         self::$version = $version;
     }
 
     /**
      * Generate a symmetric key for PuTTY v2 keys
-     *
-     * @param string $password
-     * @param int $length
-     * @return string
      */
-    private static function generateV2Key($password, $length)
+    private static function generateV2Key(string $password, int $length): string
     {
         $symkey = '';
         $sequence = 0;
@@ -85,18 +81,11 @@ abstract class PuTTY
 
     /**
      * Generate a symmetric key for PuTTY v3 keys
-     *
-     * @param string $password
-     * @param string $flavour
-     * @param int $memory
-     * @param int $passes
-     * @param string $salt
-     * @return array
      */
-    private static function generateV3Key($password, $flavour, $memory, $passes, $salt)
+    private static function generateV3Key(string $password, string $flavour, int $memory, int $passes, string $salt): array
     {
         if (!function_exists('sodium_crypto_pwhash')) {
-            throw new \RuntimeException('sodium_crypto_pwhash needs to exist for Argon2 password hasing');
+            throw new RuntimeException('sodium_crypto_pwhash needs to exist for Argon2 password hasing');
         }
 
         switch ($flavour) {
@@ -123,40 +112,38 @@ abstract class PuTTY
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password
-     * @return array
+     * @param array|string $key
+     * @param string|false $password
+     * @return array|false
      */
     public static function load($key, $password)
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
-        if (strpos($key, 'BEGIN SSH2 PUBLIC KEY') !== false) {
+        if (str_contains($key, 'BEGIN SSH2 PUBLIC KEY')) {
             $lines = preg_split('#[\r\n]+#', $key);
             switch (true) {
                 case $lines[0] != '---- BEGIN SSH2 PUBLIC KEY ----':
-                    throw new \UnexpectedValueException('Key doesn\'t start with ---- BEGIN SSH2 PUBLIC KEY ----');
+                    throw new UnexpectedValueException('Key doesn\'t start with ---- BEGIN SSH2 PUBLIC KEY ----');
                 case $lines[count($lines) - 1] != '---- END SSH2 PUBLIC KEY ----':
-                    throw new \UnexpectedValueException('Key doesn\'t end with ---- END SSH2 PUBLIC KEY ----');
+                    throw new UnexpectedValueException('Key doesn\'t end with ---- END SSH2 PUBLIC KEY ----');
             }
             $lines = array_splice($lines, 1, -1);
-            $lines = array_map(function ($line) {
-                return rtrim($line, "\r\n");
-            }, $lines);
+            $lines = array_map(fn ($line) => rtrim($line, "\r\n"), $lines);
             $data = $current = '';
             $values = [];
             $in_value = false;
             foreach ($lines as $line) {
                 switch (true) {
                     case preg_match('#^(.*?): (.*)#', $line, $match):
-                        $in_value = $line[strlen($line) - 1] == '\\';
+                        $in_value = $line[-1] == '\\';
                         $current = strtolower($match[1]);
                         $values[$current] = $in_value ? substr($match[2], 0, -1) : $match[2];
                         break;
                     case $in_value:
-                        $in_value = $line[strlen($line) - 1] == '\\';
+                        $in_value = $line[-1] == '\\';
                         $values[$current] .= $in_value ? substr($line, 0, -1) : $line;
                         break;
                     default:
@@ -166,7 +153,7 @@ abstract class PuTTY
 
             $components = call_user_func([static::PUBLIC_HANDLER, 'load'], $data);
             if ($components === false) {
-                throw new \UnexpectedValueException('Unable to decode public key');
+                throw new UnexpectedValueException('Unable to decode public key');
             }
             $components += $values;
             $components['comment'] = str_replace(['\\\\', '\"'], ['\\', '"'], $values['comment']);
@@ -182,7 +169,7 @@ abstract class PuTTY
         }
         $version = (int) Strings::shift($key[0], 3); // should be either "2: " or "3: 0" prior to int casting
         if ($version != 2 && $version != 3) {
-            throw new \RuntimeException('Only v2 and v3 PuTTY private keys are supported');
+            throw new RuntimeException('Only v2 and v3 PuTTY private keys are supported');
         }
         $components['type'] = $type = rtrim($key[0]);
         if (!in_array($type, static::$types)) {
@@ -194,7 +181,7 @@ abstract class PuTTY
         $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
         $components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2]));
 
-        $publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
+        $publicLength = (int) trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
         $public = Strings::base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
 
         $source = Strings::packSSH2('ssss', $type, $encryption, $components['comment'], $public);
@@ -202,7 +189,7 @@ abstract class PuTTY
         extract(unpack('Nlength', Strings::shift($public, 4)));
         $newtype = Strings::shift($public, $length);
         if ($newtype != $type) {
-            throw new \RuntimeException('The binary type does not match the human readable type field');
+            throw new RuntimeException('The binary type does not match the human readable type field');
         }
 
         $components['public'] = $public;
@@ -227,7 +214,7 @@ abstract class PuTTY
                         $parallelism = trim(preg_replace('#Argon2-Parallelism: (\d+)#', '$1', $key[$offset++]));
                         $salt = Strings::hex2bin(trim(preg_replace('#Argon2-Salt: ([0-9a-f]+)#', '$1', $key[$offset++])));
 
-                        extract(self::generateV3Key($password, $flavour, $memory, $passes, $salt));
+                        extract(self::generateV3Key($password, $flavour, (int)$memory, (int)$passes, $salt));
 
                         break;
                     case 2:
@@ -247,7 +234,7 @@ abstract class PuTTY
                 $hash->setKey(sha1($hashkey, true));
         }
 
-        $privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$offset++]));
+        $privateLength = (int) trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$offset++]));
         $private = Strings::base64_decode(implode('', array_map('trim', array_slice($key, $offset, $privateLength))));
 
         if ($encryption != 'none') {
@@ -263,7 +250,7 @@ abstract class PuTTY
         $hmac = Strings::hex2bin($hmac);
 
         if (!hash_equals($hash->hash($source), $hmac)) {
-            throw new \UnexpectedValueException('MAC validation error');
+            throw new UnexpectedValueException('MAC validation error');
         }
 
         $components['private'] = $private;
@@ -274,18 +261,14 @@ abstract class PuTTY
     /**
      * Wrap a private key appropriately
      *
-     * @param string $public
-     * @param string $private
-     * @param string $type
-     * @param string $password
+     * @param string|false $password
      * @param array $options optional
-     * @return string
      */
-    protected static function wrapPrivateKey($public, $private, $type, $password, array $options = [])
+    protected static function wrapPrivateKey(string $public, string $private, string $type, $password, array $options = []): string
     {
         $encryption = (!empty($password) || is_string($password)) ? 'aes256-cbc' : 'none';
-        $comment = isset($options['comment']) ? $options['comment'] : self::$comment;
-        $version = isset($options['version']) ? $options['version'] : self::$version;
+        $comment = $options['comment'] ?? self::$comment;
+        $version = $options['version'] ?? self::$version;
 
         $key = "PuTTY-User-Key-File-$version: $type\r\n";
         $key .= "Encryption: $encryption\r\n";
@@ -357,12 +340,8 @@ abstract class PuTTY
      * Wrap a public key appropriately
      *
      * This is basically the format described in RFC 4716 (https://tools.ietf.org/html/rfc4716)
-     *
-     * @param string $key
-     * @param string $type
-     * @return string
      */
-    protected static function wrapPublicKey($key, $type)
+    protected static function wrapPublicKey(string $key, string $type): string
     {
         $key = pack('Na*a*', strlen($type), $type, $key);
         $key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" .

phpseclib/Crypt/Common/Formats/Signature/Raw.php

@@ -13,6 +13,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Formats\Signature;
 
 use phpseclib3\Math\BigInteger;
@@ -27,10 +29,9 @@ abstract class Raw
     /**
      * Loads a signature
      *
-     * @param array $sig
      * @return array|bool
      */
-    public static function load($sig)
+    public static function load(array $sig)
     {
         switch (true) {
             case !is_array($sig):
@@ -42,18 +43,14 @@ abstract class Raw
 
         return [
             'r' => $sig['r'],
-            's' => $sig['s']
+            's' => $sig['s'],
         ];
     }
 
     /**
      * Returns a signature in the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $r
-     * @param \phpseclib3\Math\BigInteger $s
-     * @return string
      */
-    public static function save(BigInteger $r, BigInteger $s)
+    public static function save(BigInteger $r, BigInteger $s): string
     {
         return compact('r', 's');
     }

phpseclib/Crypt/Common/PrivateKey.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common;
 
 /**
@@ -21,11 +23,10 @@ interface PrivateKey
     public function sign($message);
     //public function decrypt($ciphertext);
     public function getPublicKey();
-    public function toString($type, array $options = []);
+    public function toString(string $type, array $options = []): string;
 
     /**
-     * @param string|false $password
-     * @return mixed
+     * @return static
      */
-    public function withPassword($password = false);
+    public function withPassword(?string $password = null): PrivateKey;
 }

phpseclib/Crypt/Common/PublicKey.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common;
 
 /**
@@ -20,6 +22,6 @@ interface PublicKey
 {
     public function verify($message, $signature);
     //public function encrypt($plaintext);
-    public function toString($type, array $options = []);
+    public function toString(string $type, array $options = []): string;
     public function getFingerprint($algorithm);
 }

phpseclib/Crypt/Common/StreamCipher.php

@@ -12,6 +12,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common;
 
 /**
@@ -35,7 +37,7 @@ abstract class StreamCipher extends SymmetricKey
      * Default Constructor.
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::__construct()
-     * @return \phpseclib3\Crypt\Common\StreamCipher
+     * @return StreamCipher
      */
     public function __construct()
     {
@@ -44,10 +46,8 @@ abstract class StreamCipher extends SymmetricKey
 
     /**
      * Stream ciphers not use an IV
-     *
-     * @return bool
      */
-    public function usesIV()
+    public function usesIV(): bool
     {
         return false;
     }

phpseclib/Crypt/Common/Traits/Fingerprint.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Traits;
 
 use phpseclib3\Crypt\Hash;
@@ -31,7 +33,6 @@ trait Fingerprint
      *
      * @param string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned
      * for invalid values.
-     * @return mixed
      */
     public function getFingerprint($algorithm = 'md5')
     {

phpseclib/Crypt/Common/Traits/PasswordProtected.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\Common\Traits;
 
 /**
@@ -21,11 +23,9 @@ namespace phpseclib3\Crypt\Common\Traits;
 trait PasswordProtected
 {
     /**
-     * Password
-     *
-     * @var string|bool
+     * @var string|null
      */
-    private $password = false;
+    private $password = null;
 
     /**
      * Sets the password
@@ -35,9 +35,10 @@ trait PasswordProtected
      *
      * @see self::createKey()
      * @see self::load()
-     * @param string|bool $password
+     *
+     * @return static
      */
-    public function withPassword($password = false)
+    public function withPassword(?string $password = null): self
     {
         $new = clone $this;
         $new->password = $password;

phpseclib/Crypt/DES.php

@@ -3,7 +3,7 @@
 /**
  * Pure-PHP implementation of DES.
  *
- * Uses mcrypt, if available, and an internal implementation, otherwise.
+ * Uses OpenSSL, if available/possible, and an internal implementation, otherwise
  *
  * PHP version 5
  *
@@ -38,10 +38,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Crypt\Common\BlockCipher;
 use phpseclib3\Exception\BadModeException;
+use phpseclib3\Exception\LengthException;
 
 /**
  * Pure-PHP implementation of DES.
@@ -56,14 +59,14 @@ class DES extends BlockCipher
      * @see \phpseclib3\Crypt\DES::setupKey()
      * @see \phpseclib3\Crypt\DES::processBlock()
      */
-    const ENCRYPT = 0;
+    public const ENCRYPT = 0;
     /**
      * Contains $keys[self::DECRYPT]
      *
      * @see \phpseclib3\Crypt\DES::setupKey()
      * @see \phpseclib3\Crypt\DES::processBlock()
      */
-    const DECRYPT = 1;
+    public const DECRYPT = 1;
 
     /**
      * Block Length of the cipher
@@ -81,14 +84,6 @@ class DES extends BlockCipher
      */
     protected $key_length = 8;
 
-    /**
-     * The mcrypt specific name of the cipher
-     *
-     * @see \phpseclib3\Crypt\Common\SymmetricKey::cipher_name_mcrypt
-     * @var string
-     */
-    protected $cipher_name_mcrypt = 'des';
-
     /**
      * The OpenSSL names of the cipher / modes
      *
@@ -99,18 +94,10 @@ class DES extends BlockCipher
         self::MODE_ECB => 'des-ecb',
         self::MODE_CBC => 'des-cbc',
         self::MODE_CFB => 'des-cfb',
-        self::MODE_OFB => 'des-ofb'
+        self::MODE_OFB => 'des-ofb',
         // self::MODE_CTR is undefined for DES
     ];
 
-    /**
-     * Optimizing value while CFB-encrypting
-     *
-     * @see \phpseclib3\Crypt\Common\SymmetricKey::cfb_init_len
-     * @var int
-     */
-    protected $cfb_init_len = 500;
-
     /**
      * Switch for DES/3DES encryption
      *
@@ -285,7 +272,7 @@ class DES extends BlockCipher
         "\xFF\xFF\xFF\xFF\xFF\x00\x00\x00", "\xFF\xFF\xFF\xFF\xFF\x00\x00\xFF",
         "\xFF\xFF\xFF\xFF\xFF\x00\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\x00\xFF\xFF",
         "\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\x00\xFF",
-        "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
+        "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00", "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
     ];
 
     /**
@@ -327,7 +314,7 @@ class DES extends BlockCipher
         0x8C, 0x9C, 0x8D, 0x9D, 0xAC, 0xBC, 0xAD, 0xBD,
         0x8E, 0x9E, 0x8F, 0x9F, 0xAE, 0xBE, 0xAF, 0xBF,
         0xCC, 0xDC, 0xCD, 0xDD, 0xEC, 0xFC, 0xED, 0xFD,
-        0xCE, 0xDE, 0xCF, 0xDF, 0xEE, 0xFE, 0xEF, 0xFF
+        0xCE, 0xDE, 0xCF, 0xDF, 0xEE, 0xFE, 0xEF, 0xFF,
     ];
 
     /**
@@ -368,7 +355,7 @@ class DES extends BlockCipher
         0x07, 0x87, 0x47, 0xC7, 0x27, 0xA7, 0x67, 0xE7,
         0x17, 0x97, 0x57, 0xD7, 0x37, 0xB7, 0x77, 0xF7,
         0x0F, 0x8F, 0x4F, 0xCF, 0x2F, 0xAF, 0x6F, 0xEF,
-        0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF
+        0x1F, 0x9F, 0x5F, 0xDF, 0x3F, 0xBF, 0x7F, 0xFF,
     ];
 
     /**
@@ -395,7 +382,7 @@ class DES extends BlockCipher
         0x00808202, 0x00008002, 0x00808000, 0x00800202,
         0x00800002, 0x00000202, 0x00008202, 0x00808200,
         0x00000202, 0x00800200, 0x00800200, 0x00000000,
-        0x00008002, 0x00008200, 0x00000000, 0x00808002
+        0x00008002, 0x00008200, 0x00000000, 0x00808002,
     ];
 
     /**
@@ -419,7 +406,7 @@ class DES extends BlockCipher
         0x00004010, 0x40084000, 0x00080000, 0x40000010,
         0x00080010, 0x40004010, 0x40000010, 0x00080010,
         0x00084000, 0x00000000, 0x40004000, 0x00004010,
-        0x40000000, 0x40080010, 0x40084010, 0x00084000
+        0x40000000, 0x40080010, 0x40084010, 0x00084000,
     ];
 
     /**
@@ -443,7 +430,7 @@ class DES extends BlockCipher
         0x04000104, 0x00010000, 0x04000000, 0x04010104,
         0x00000004, 0x00010104, 0x00010100, 0x04000004,
         0x04010000, 0x04000104, 0x00000104, 0x04010000,
-        0x00010104, 0x00000004, 0x04010004, 0x00010100
+        0x00010104, 0x00000004, 0x04010004, 0x00010100,
     ];
 
     /**
@@ -467,7 +454,7 @@ class DES extends BlockCipher
         0x80401040, 0x80000040, 0x80000000, 0x00001000,
         0x80400000, 0x80001000, 0x00401040, 0x80400040,
         0x80001000, 0x00001040, 0x00400000, 0x80401000,
-        0x00000040, 0x00400000, 0x00001000, 0x00401040
+        0x00000040, 0x00400000, 0x00001000, 0x00401040,
     ];
 
     /**
@@ -491,7 +478,7 @@ class DES extends BlockCipher
         0x21040080, 0x00040080, 0x21000000, 0x21040080,
         0x01040000, 0x00000000, 0x20040000, 0x21000000,
         0x00040080, 0x01000080, 0x20000080, 0x00040000,
-        0x00000000, 0x20040000, 0x01040080, 0x20000080
+        0x00000000, 0x20040000, 0x01040080, 0x20000080,
     ];
 
     /**
@@ -515,7 +502,7 @@ class DES extends BlockCipher
         0x00202008, 0x10202000, 0x00000000, 0x10200008,
         0x00000008, 0x00002000, 0x10200000, 0x00202008,
         0x00002000, 0x00200008, 0x10002008, 0x00000000,
-        0x10202000, 0x10000000, 0x00200008, 0x10002008
+        0x10202000, 0x10000000, 0x00200008, 0x10002008,
     ];
 
     /**
@@ -539,7 +526,7 @@ class DES extends BlockCipher
         0x00000401, 0x02000001, 0x02100401, 0x02100000,
         0x00100400, 0x00000000, 0x00000001, 0x02100401,
         0x00000000, 0x00100401, 0x02100000, 0x00000400,
-        0x02000001, 0x02000400, 0x00000400, 0x00100001
+        0x02000001, 0x02000400, 0x00000400, 0x00100001,
     ];
 
     /**
@@ -563,16 +550,15 @@ class DES extends BlockCipher
         0x00000000, 0x08020820, 0x00020020, 0x08000020,
         0x08020000, 0x08000800, 0x08000820, 0x00000000,
         0x08020820, 0x00020800, 0x00020800, 0x00000820,
-        0x00000820, 0x00020020, 0x08000000, 0x08020800
+        0x00000820, 0x00020020, 0x08000000, 0x08020800,
     ];
 
     /**
      * Default Constructor.
      *
-     * @param string $mode
      * @throws BadModeException if an invalid / unsupported mode is provided
      */
-    public function __construct($mode)
+    public function __construct(string $mode)
     {
         parent::__construct($mode);
 
@@ -587,10 +573,8 @@ class DES extends BlockCipher
      * This is mainly just a wrapper to set things up for \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::isValidEngine()
-     * @param int $engine
-     * @return bool
      */
-    protected function isValidEngineHelper($engine)
+    protected function isValidEngineHelper(int $engine): bool
     {
         if ($this->key_length_max == 8) {
             if ($engine == self::ENGINE_OPENSSL) {
@@ -616,12 +600,11 @@ class DES extends BlockCipher
      * DES also requires that every eighth bit be a parity bit, however, we'll ignore that.
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::setKey()
-     * @param string $key
      */
-    public function setKey($key)
+    public function setKey(string $key): void
     {
         if (!($this instanceof TripleDES) && strlen($key) != 8) {
-            throw new \LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of size 8 are supported');
+            throw new LengthException('Key of size ' . strlen($key) . ' not supported by this algorithm. Only keys of size 8 are supported');
         }
 
         // Sets the key
@@ -631,13 +614,11 @@ class DES extends BlockCipher
     /**
      * Encrypts a block
      *
+     * @see self::encrypt()
      * @see \phpseclib3\Crypt\Common\SymmetricKey::encryptBlock()
      * @see \phpseclib3\Crypt\Common\SymmetricKey::encrypt()
-     * @see self::encrypt()
-     * @param string $in
-     * @return string
      */
-    protected function encryptBlock($in)
+    protected function encryptBlock(string $in): string
     {
         return $this->processBlock($in, self::ENCRYPT);
     }
@@ -645,13 +626,11 @@ class DES extends BlockCipher
     /**
      * Decrypts a block
      *
+     * @see self::decrypt()
      * @see \phpseclib3\Crypt\Common\SymmetricKey::decryptBlock()
      * @see \phpseclib3\Crypt\Common\SymmetricKey::decrypt()
-     * @see self::decrypt()
-     * @param string $in
-     * @return string
      */
-    protected function decryptBlock($in)
+    protected function decryptBlock(string $in): string
     {
         return $this->processBlock($in, self::DECRYPT);
     }
@@ -663,13 +642,11 @@ class DES extends BlockCipher
      * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general
      * idea of what this function does.
      *
-     * @see self::encryptBlock()
-     * @see self::decryptBlock()
-     * @param string $block
-     * @param int $mode
      * @return string
+     * @see self::decryptBlock()
+     * @see self::encryptBlock()
      */
-    private function processBlock($block, $mode)
+    private function processBlock(string $block, int $mode)
     {
         static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip;
         if (!$sbox1) {
@@ -693,7 +670,7 @@ class DES extends BlockCipher
 
         // Do the initial IP permutation.
         $t = unpack('Nl/Nr', $block);
-        list($l, $r) = [$t['l'], $t['r']];
+        [$l, $r] = [$t['l'], $t['r']];
         $block = ($shuffleip[ $r        & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
                  ($shuffleip[($r >>  8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
                  ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
@@ -705,7 +682,7 @@ class DES extends BlockCipher
 
         // Extract L0 and R0.
         $t = unpack('Nl/Nr', $block);
-        list($l, $r) = [$t['l'], $t['r']];
+        [$l, $r] = [$t['l'], $t['r']];
 
         for ($des_round = 0; $des_round < $this->des_rounds; ++$des_round) {
             // Perform the 16 steps.
@@ -749,7 +726,7 @@ class DES extends BlockCipher
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::setupKey()
      */
-    protected function setupKey()
+    protected function setupKey(): void
     {
         if (isset($this->kl['key']) && $this->key === $this->kl['key'] && $this->des_rounds === $this->kl['des_rounds']) {
             // already expanded
@@ -758,7 +735,7 @@ class DES extends BlockCipher
         $this->kl = ['key' => $this->key, 'des_rounds' => $this->des_rounds];
 
         static $shifts = [ // number of key bits shifted per round
-            1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+            1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
         ];
 
         static $pc1map = [
@@ -793,7 +770,7 @@ class DES extends BlockCipher
             0xE0, 0xE0, 0xE8, 0xE8, 0xE4, 0xE4, 0xEC, 0xEC,
             0xE2, 0xE2, 0xEA, 0xEA, 0xE6, 0xE6, 0xEE, 0xEE,
             0xF0, 0xF0, 0xF8, 0xF8, 0xF4, 0xF4, 0xFC, 0xFC,
-            0xF2, 0xF2, 0xFA, 0xFA, 0xF6, 0xF6, 0xFE, 0xFE
+            0xF2, 0xF2, 0xFA, 0xFA, 0xF6, 0xF6, 0xFE, 0xFE,
         ];
 
         // Mapping tables for the PC-2 transformation.
@@ -801,7 +778,7 @@ class DES extends BlockCipher
             0x00000000, 0x00000400, 0x00200000, 0x00200400,
             0x00000001, 0x00000401, 0x00200001, 0x00200401,
             0x02000000, 0x02000400, 0x02200000, 0x02200400,
-            0x02000001, 0x02000401, 0x02200001, 0x02200401
+            0x02000001, 0x02000401, 0x02200001, 0x02200401,
         ];
         static $pc2mapc2 = [
             0x00000000, 0x00000800, 0x08000000, 0x08000800,
@@ -867,7 +844,7 @@ class DES extends BlockCipher
             0x01040110, 0x01040910, 0x09040110, 0x09040910,
             0x01050110, 0x01050910, 0x09050110, 0x09050910,
             0x01040110, 0x01040910, 0x09040110, 0x09040910,
-            0x01050110, 0x01050910, 0x09050110, 0x09050910
+            0x01050110, 0x01050910, 0x09050110, 0x09050910,
         ];
         static $pc2mapc3 = [
             0x00000000, 0x00000004, 0x00001000, 0x00001004,
@@ -933,7 +910,7 @@ class DES extends BlockCipher
             0x20080022, 0x20080026, 0x20081022, 0x20081026,
             0x20080022, 0x20080026, 0x20081022, 0x20081026,
             0x30080022, 0x30080026, 0x30081022, 0x30081026,
-            0x30080022, 0x30080026, 0x30081022, 0x30081026
+            0x30080022, 0x30080026, 0x30081022, 0x30081026,
         ];
         static $pc2mapc4 = [
             0x00000000, 0x00100000, 0x00000008, 0x00100008,
@@ -999,13 +976,13 @@ class DES extends BlockCipher
             0x04022000, 0x04122000, 0x04022008, 0x04122008,
             0x04022200, 0x04122200, 0x04022208, 0x04122208,
             0x04022000, 0x04122000, 0x04022008, 0x04122008,
-            0x04022200, 0x04122200, 0x04022208, 0x04122208
+            0x04022200, 0x04122200, 0x04022208, 0x04122208,
         ];
         static $pc2mapd1 = [
             0x00000000, 0x00000001, 0x08000000, 0x08000001,
             0x00200000, 0x00200001, 0x08200000, 0x08200001,
             0x00000002, 0x00000003, 0x08000002, 0x08000003,
-            0x00200002, 0x00200003, 0x08200002, 0x08200003
+            0x00200002, 0x00200003, 0x08200002, 0x08200003,
         ];
         static $pc2mapd2 = [
             0x00000000, 0x00100000, 0x00000800, 0x00100800,
@@ -1071,7 +1048,7 @@ class DES extends BlockCipher
             0x00020204, 0x00120204, 0x00020A04, 0x00120A04,
             0x00020204, 0x00120204, 0x00020A04, 0x00120A04,
             0x04020204, 0x04120204, 0x04020A04, 0x04120A04,
-            0x04020204, 0x04120204, 0x04020A04, 0x04120A04
+            0x04020204, 0x04120204, 0x04020A04, 0x04120A04,
         ];
         static $pc2mapd3 = [
             0x00000000, 0x00010000, 0x02000000, 0x02010000,
@@ -1137,7 +1114,7 @@ class DES extends BlockCipher
             0x20002010, 0x20012010, 0x22002010, 0x22012010,
             0x20002030, 0x20012030, 0x22002030, 0x22012030,
             0x20042010, 0x20052010, 0x22042010, 0x22052010,
-            0x20042030, 0x20052030, 0x22042030, 0x22052030
+            0x20042030, 0x20052030, 0x22042030, 0x22052030,
         ];
         static $pc2mapd4 = [
             0x00000000, 0x00000400, 0x01000000, 0x01000400,
@@ -1203,7 +1180,7 @@ class DES extends BlockCipher
             0x10081008, 0x10081408, 0x11081008, 0x11081408,
             0x10081008, 0x10081408, 0x11081008, 0x11081408,
             0x10081108, 0x10081508, 0x11081108, 0x11081508,
-            0x10081108, 0x10081508, 0x11081108, 0x11081508
+            0x10081108, 0x10081508, 0x11081108, 0x11081508,
         ];
 
         $keys = [];
@@ -1213,7 +1190,7 @@ class DES extends BlockCipher
 
             // Perform the PC/1 transformation and compute C and D.
             $t = unpack('Nl/Nr', $key);
-            list($l, $r) = [$t['l'], $t['r']];
+            [$l, $r] = [$t['l'], $t['r']];
             $key = (self::$shuffle[$pc1map[ $r        & 0xFF]] & "\x80\x80\x80\x80\x80\x80\x80\x00") |
                    (self::$shuffle[$pc1map[($r >>  8) & 0xFF]] & "\x40\x40\x40\x40\x40\x40\x40\x00") |
                    (self::$shuffle[$pc1map[($r >> 16) & 0xFF]] & "\x20\x20\x20\x20\x20\x20\x20\x00") |
@@ -1228,7 +1205,7 @@ class DES extends BlockCipher
 
             $keys[$des_round] = [
                 self::ENCRYPT => [],
-                self::DECRYPT => array_fill(0, 32, 0)
+                self::DECRYPT => array_fill(0, 32, 0),
             ];
             for ($i = 0, $ki = 31; $i < 16; ++$i, $ki -= 2) {
                 $c <<= $shifts[$i];
@@ -1266,14 +1243,14 @@ class DES extends BlockCipher
                         $keys[2][self::DECRYPT],
                         $keys[1][self::ENCRYPT],
                         $keys[0][self::DECRYPT]
-                    )
+                    ),
                 ];
                 break;
             // case 1: // DES keys
             default:
                 $this->keys = [
                     self::ENCRYPT => $keys[0][self::ENCRYPT],
-                    self::DECRYPT => $keys[0][self::DECRYPT]
+                    self::DECRYPT => $keys[0][self::DECRYPT],
                 ];
         }
     }
@@ -1283,7 +1260,7 @@ class DES extends BlockCipher
      *
      * @see \phpseclib3\Crypt\Common\SymmetricKey::setupInlineCrypt()
      */
-    protected function setupInlineCrypt()
+    protected function setupInlineCrypt(): void
     {
         // Engine configuration for:
         // -  DES ($des_rounds == 1) or
@@ -1310,7 +1287,7 @@ class DES extends BlockCipher
 
         $k = [
             self::ENCRYPT => $this->keys[self::ENCRYPT],
-            self::DECRYPT => $this->keys[self::DECRYPT]
+            self::DECRYPT => $this->keys[self::DECRYPT],
         ];
         $init_encrypt = '';
         $init_decrypt = '';
@@ -1360,9 +1337,9 @@ class DES extends BlockCipher
                     // end of "the Feistel (F) function"
 
                     // swap L & R
-                    list($l, $r) = [$r, $l];
+                    [$l, $r] = [$r, $l];
                 }
-                list($l, $r) = [$r, $l];
+                [$l, $r] = [$r, $l];
             }
 
             // Perform the inverse IP permutation.
@@ -1385,7 +1362,7 @@ class DES extends BlockCipher
                'init_encrypt'  => $init_encrypt,
                'init_decrypt'  => $init_decrypt,
                'encrypt_block' => $crypt_block[self::ENCRYPT],
-               'decrypt_block' => $crypt_block[self::DECRYPT]
+               'decrypt_block' => $crypt_block[self::DECRYPT],
             ]
         );
     }

phpseclib/Crypt/DH.php

@@ -22,12 +22,15 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Crypt\Common\AsymmetricKey;
 use phpseclib3\Crypt\DH\Parameters;
 use phpseclib3\Crypt\DH\PrivateKey;
 use phpseclib3\Crypt\DH\PublicKey;
+use phpseclib3\Exception\InvalidArgumentException;
 use phpseclib3\Exception\NoKeyLoadedException;
 use phpseclib3\Exception\UnsupportedOperationException;
 use phpseclib3\Math\BigInteger;
@@ -44,12 +47,12 @@ abstract class DH extends AsymmetricKey
      *
      * @var string
      */
-    const ALGORITHM = 'DH';
+    public const ALGORITHM = 'DH';
 
     /**
      * DH prime
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $prime;
 
@@ -58,14 +61,14 @@ abstract class DH extends AsymmetricKey
      *
      * Prime divisor of p-1
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $base;
 
     /**
      * Public Key
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $publicKey;
 
@@ -76,10 +79,8 @@ abstract class DH extends AsymmetricKey
      *  - two BigInteger's (prime and base)
      *  - an integer representing the size of the prime in bits (the base is assumed to be 2)
      *  - a string (eg. diffie-hellman-group14-sha1)
-     *
-     * @return Parameters
      */
-    public static function createParameters(...$args)
+    public static function createParameters(...$args): Parameters
     {
         $class = new \ReflectionClass(static::class);
         if ($class->isFinal()) {
@@ -89,7 +90,7 @@ abstract class DH extends AsymmetricKey
         $params = new Parameters();
         if (count($args) == 2 && $args[0] instanceof BigInteger && $args[1] instanceof BigInteger) {
             //if (!$args[0]->isPrime()) {
-            //    throw new \InvalidArgumentException('The first parameter should be a prime number');
+            //    throw new \phpseclib3\Exception\InvalidArgumentException('The first parameter should be a prime number');
             //}
             $params->prime = $args[0];
             $params->base = $args[1];
@@ -99,7 +100,7 @@ abstract class DH extends AsymmetricKey
             $params->base = new BigInteger(2);
             return $params;
         } elseif (count($args) != 1 || !is_string($args[0])) {
-            throw new \InvalidArgumentException('Valid parameters are either: two BigInteger\'s (prime and base), a single integer (the length of the prime; base is assumed to be 2) or a string');
+            throw new InvalidArgumentException('Valid parameters are either: two BigInteger\'s (prime and base), a single integer (the length of the prime; base is assumed to be 2) or a string');
         }
         switch ($args[0]) {
             // see http://tools.ietf.org/html/rfc2409#section-6.2 and
@@ -219,7 +220,7 @@ abstract class DH extends AsymmetricKey
                          '9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF';
                 break;
             default:
-                throw new \InvalidArgumentException('Invalid named prime provided');
+                throw new InvalidArgumentException('Invalid named prime provided');
         }
 
         $params->prime = new BigInteger($prime, 16);
@@ -241,11 +242,9 @@ abstract class DH extends AsymmetricKey
      *
      * $length is in bits
      *
-     * @param Parameters $params
      * @param int $length optional
-     * @return DH\PrivateKey
      */
-    public static function createKey(Parameters $params, $length = 0)
+    public static function createKey(Parameters $params, int $length = 0): PrivateKey
     {
         $class = new \ReflectionClass(static::class);
         if ($class->isFinal()) {
@@ -273,7 +272,6 @@ abstract class DH extends AsymmetricKey
      *
      * @param PrivateKey|EC $private
      * @param PublicKey|BigInteger|string $public
-     * @return mixed
      */
     public static function computeSecret($private, $public)
     {
@@ -281,7 +279,7 @@ abstract class DH extends AsymmetricKey
             switch (true) {
                 case $public instanceof PublicKey:
                     if (!$private->prime->equals($public->prime) || !$private->base->equals($public->base)) {
-                        throw new \InvalidArgumentException('The public and private key do not share the same prime and / or base numbers');
+                        throw new InvalidArgumentException('The public and private key do not share the same prime and / or base numbers');
                     }
                     return $public->publicKey->powMod($private->privateKey, $private->prime)->toBytes(true);
                 case is_string($public):
@@ -290,7 +288,7 @@ abstract class DH extends AsymmetricKey
                 case $public instanceof BigInteger:
                     return $public->powMod($private->privateKey, $private->prime)->toBytes(true);
                 default:
-                    throw new \InvalidArgumentException('$public needs to be an instance of DH\PublicKey, a BigInteger or a string');
+                    throw new InvalidArgumentException('$public needs to be an instance of DH\PublicKey, a BigInteger or a string');
             }
         }
 
@@ -317,7 +315,7 @@ abstract class DH extends AsymmetricKey
                     */
                     return $secret;
                 default:
-                    throw new \InvalidArgumentException('$public needs to be an instance of EC\PublicKey or a string (an encoded coordinate)');
+                    throw new InvalidArgumentException('$public needs to be an instance of EC\PublicKey or a string (an encoded coordinate)');
             }
         }
     }
@@ -325,11 +323,9 @@ abstract class DH extends AsymmetricKey
     /**
      * Load the key
      *
-     * @param string $key
-     * @param string $password optional
-     * @return AsymmetricKey
+     * @param string|array $key
      */
-    public static function load($key, $password = false)
+    public static function load($key, ?string $password = null): AsymmetricKey
     {
         try {
             return EC::load($key, $password);
@@ -342,7 +338,7 @@ abstract class DH extends AsymmetricKey
     /**
      * OnLoad Handler
      *
-     * @return bool
+     * @return Parameters|PrivateKey|PublicKey
      */
     protected static function onLoad(array $components)
     {
@@ -369,19 +365,16 @@ abstract class DH extends AsymmetricKey
 
     /**
      * Determines which hashing function should be used
-     *
-     * @param string $hash
      */
-    public function withHash($hash)
+    public function withHash(string $hash): AsymmetricKey
     {
         throw new UnsupportedOperationException('DH does not use a hash algorithm');
     }
 
     /**
      * Returns the hash algorithm currently being used
-     *
      */
-    public function getHash()
+    public function getHash(): Hash
     {
         throw new UnsupportedOperationException('DH does not use a hash algorithm');
     }
@@ -393,9 +386,8 @@ abstract class DH extends AsymmetricKey
      * value.
      *
      * @see self::getPublicKey()
-     * @return mixed
      */
-    public function getParameters()
+    public function getParameters(): AsymmetricKey
     {
         $type = DH::validatePlugin('Keys', 'PKCS1', 'saveParameters');
 

phpseclib/Crypt/DH/Formats/Keys/PKCS1.php

@@ -19,9 +19,12 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DH\Formats\Keys;
 
 use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\ASN1\Maps;
 use phpseclib3\Math\BigInteger;
@@ -36,22 +39,20 @@ abstract class PKCS1 extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         $key = parent::load($key, $password);
 
         $decoded = ASN1::decodeBER($key);
         if (!$decoded) {
-            throw new \RuntimeException('Unable to decode BER');
+            throw new RuntimeException('Unable to decode BER');
         }
 
         $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP);
         if (!is_array($components)) {
-            throw new \RuntimeException('Unable to perform ASN1 mapping on parameters');
+            throw new RuntimeException('Unable to perform ASN1 mapping on parameters');
         }
 
         return $components;
@@ -59,14 +60,12 @@ abstract class PKCS1 extends Progenitor
 
     /**
      * Convert EC parameters to the appropriate format
-     *
-     * @return string
      */
-    public static function saveParameters(BigInteger $prime, BigInteger $base, array $options = [])
+    public static function saveParameters(BigInteger $prime, BigInteger $base, array $options = []): string
     {
         $params = [
             'prime' => $prime,
-            'base' => $base
+            'base' => $base,
         ];
         $params = ASN1::encodeDER($params, Maps\DHParameter::MAP);
 

phpseclib/Crypt/DH/Formats/Keys/PKCS8.php

@@ -17,9 +17,12 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DH\Formats\Keys;
 
 use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\ASN1\Maps;
 use phpseclib3\Math\BigInteger;
@@ -36,14 +39,14 @@ abstract class PKCS8 extends Progenitor
      *
      * @var string
      */
-    const OID_NAME = 'dhKeyAgreement';
+    public const OID_NAME = 'dhKeyAgreement';
 
     /**
      * OID Value
      *
      * @var string
      */
-    const OID_VALUE = '1.2.840.113549.1.3.1';
+    public const OID_VALUE = '1.2.840.113549.1.3.1';
 
     /**
      * Child OIDs loaded
@@ -55,11 +58,9 @@ abstract class PKCS8 extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         $key = parent::load($key, $password);
 
@@ -67,11 +68,11 @@ abstract class PKCS8 extends Progenitor
 
         $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
         if (empty($decoded)) {
-            throw new \RuntimeException('Unable to decode BER of parameters');
+            throw new RuntimeException('Unable to decode BER of parameters');
         }
         $components = ASN1::asn1map($decoded[0], Maps\DHParameter::MAP);
         if (!is_array($components)) {
-            throw new \RuntimeException('Unable to perform ASN1 mapping on parameters');
+            throw new RuntimeException('Unable to perform ASN1 mapping on parameters');
         }
 
         $decoded = ASN1::decodeBER($key[$type]);
@@ -79,7 +80,7 @@ abstract class PKCS8 extends Progenitor
             case !isset($decoded):
             case !isset($decoded[0]['content']):
             case !$decoded[0]['content'] instanceof BigInteger:
-                throw new \RuntimeException('Unable to decode BER of parameters');
+                throw new RuntimeException('Unable to decode BER of parameters');
         }
         $components[$type] = $decoded[0]['content'];
 
@@ -88,20 +89,12 @@ abstract class PKCS8 extends Progenitor
 
     /**
      * Convert a private key to the appropriate format.
-     *
-     * @param \phpseclib3\Math\BigInteger $prime
-     * @param \phpseclib3\Math\BigInteger $base
-     * @param \phpseclib3\Math\BigInteger $privateKey
-     * @param \phpseclib3\Math\BigInteger $publicKey
-     * @param string $password optional
-     * @param array $options optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $prime, BigInteger $base, BigInteger $privateKey, BigInteger $publicKey, $password = '', array $options = [])
+    public static function savePrivateKey(BigInteger $prime, BigInteger $base, BigInteger $privateKey, BigInteger $publicKey, ?string $password = null, array $options = []): string
     {
         $params = [
             'prime' => $prime,
-            'base' => $base
+            'base' => $base,
         ];
         $params = ASN1::encodeDER($params, Maps\DHParameter::MAP);
         $params = new ASN1\Element($params);
@@ -112,17 +105,13 @@ abstract class PKCS8 extends Progenitor
     /**
      * Convert a public key to the appropriate format
      *
-     * @param \phpseclib3\Math\BigInteger $prime
-     * @param \phpseclib3\Math\BigInteger $base
-     * @param \phpseclib3\Math\BigInteger $publicKey
      * @param array $options optional
-     * @return string
      */
-    public static function savePublicKey(BigInteger $prime, BigInteger $base, BigInteger $publicKey, array $options = [])
+    public static function savePublicKey(BigInteger $prime, BigInteger $base, BigInteger $publicKey, array $options = []): string
     {
         $params = [
             'prime' => $prime,
-            'base' => $base
+            'base' => $base,
         ];
         $params = ASN1::encodeDER($params, Maps\DHParameter::MAP);
         $params = new ASN1\Element($params);

phpseclib/Crypt/DH/Parameters.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DH;
 
 use phpseclib3\Crypt\DH;
@@ -23,11 +25,9 @@ final class Parameters extends DH
     /**
      * Returns the parameters
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type = 'PKCS1', array $options = [])
+    public function toString(string $type = 'PKCS1', array $options = []): string
     {
         $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters');
 

phpseclib/Crypt/DH/PrivateKey.php

@@ -9,10 +9,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DH;
 
 use phpseclib3\Crypt\Common;
 use phpseclib3\Crypt\DH;
+use phpseclib3\Math\BigInteger;
 
 /**
  * DH Private Key
@@ -26,14 +29,14 @@ final class PrivateKey extends DH
     /**
      * Private Key
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $privateKey;
 
     /**
      * Public Key
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $publicKey;
 
@@ -42,7 +45,7 @@ final class PrivateKey extends DH
      *
      * @return DH\PublicKey
      */
-    public function getPublicKey()
+    public function getPublicKey(): PublicKey
     {
         $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey');
 
@@ -58,11 +61,9 @@ final class PrivateKey extends DH
     /**
      * Returns the private key
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type, array $options = [])
+    public function toString(string $type, array $options = []): string
     {
         $type = self::validatePlugin('Keys', $type, 'savePrivateKey');
 

phpseclib/Crypt/DH/PublicKey.php

@@ -9,10 +9,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DH;
 
 use phpseclib3\Crypt\Common;
 use phpseclib3\Crypt\DH;
+use phpseclib3\Math\BigInteger;
 
 /**
  * DH Public Key
@@ -26,11 +29,9 @@ final class PublicKey extends DH
     /**
      * Returns the public key
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type, array $options = [])
+    public function toString(string $type, array $options = []): string
     {
         $type = self::validatePlugin('Keys', $type, 'savePublicKey');
 
@@ -39,10 +40,8 @@ final class PublicKey extends DH
 
     /**
      * Returns the public key as a BigInteger
-     *
-     * @return \phpseclib3\Math\BigInteger
      */
-    public function toBigInteger()
+    public function toBigInteger(): BigInteger
     {
         return $this->publicKey;
     }

phpseclib/Crypt/DSA.php

@@ -27,6 +27,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Crypt\Common\AsymmetricKey;
@@ -34,6 +36,7 @@ use phpseclib3\Crypt\DSA\Parameters;
 use phpseclib3\Crypt\DSA\PrivateKey;
 use phpseclib3\Crypt\DSA\PublicKey;
 use phpseclib3\Exception\InsufficientSetupException;
+use phpseclib3\Exception\InvalidArgumentException;
 use phpseclib3\Math\BigInteger;
 
 /**
@@ -48,12 +51,12 @@ abstract class DSA extends AsymmetricKey
      *
      * @var string
      */
-    const ALGORITHM = 'DSA';
+    public const ALGORITHM = 'DSA';
 
     /**
      * DSA Prime P
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $p;
 
@@ -62,21 +65,21 @@ abstract class DSA extends AsymmetricKey
      *
      * Prime divisor of p-1
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $q;
 
     /**
      * DSA Group Generator G
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $g;
 
     /**
      * DSA public key value y
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $y;
 
@@ -97,11 +100,9 @@ abstract class DSA extends AsymmetricKey
     /**
      * Create DSA parameters
      *
-     * @param int $L
-     * @param int $N
-     * @return \phpseclib3\Crypt\DSA|bool
+     * @return DSA|bool
      */
-    public static function createParameters($L = 2048, $N = 224)
+    public static function createParameters(int $L = 2048, int $N = 224)
     {
         self::initialize_static_variables();
 
@@ -132,7 +133,7 @@ abstract class DSA extends AsymmetricKey
             case $L == 3072 && $N == 256:
                 break;
             default:
-                throw new \InvalidArgumentException('Invalid values for N and L');
+                throw new InvalidArgumentException('Invalid values for N and L');
         }
 
         $two = new BigInteger(2);
@@ -142,12 +143,12 @@ abstract class DSA extends AsymmetricKey
 
         do {
             $x = BigInteger::random($L);
-            list(, $c) = $x->divide($divisor);
+            [, $c] = $x->divide($divisor);
             $p = $x->subtract($c->subtract(self::$one));
         } while ($p->getLength() != $L || !$p->isPrime());
 
         $p_1 = $p->subtract(self::$one);
-        list($e) = $p_1->divide($q);
+        [$e] = $p_1->divide($q);
 
         // quoting http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=50 ,
         // "h could be obtained from a random number generator or from a counter that
@@ -179,9 +180,8 @@ abstract class DSA extends AsymmetricKey
      * Returns the private key, from which the publickey can be extracted
      *
      * @param int[] ...$args
-     * @return DSA\PrivateKey
      */
-    public static function createKey(...$args)
+    public static function createKey(...$args): PrivateKey
     {
         self::initialize_static_variables();
 
@@ -223,7 +223,7 @@ abstract class DSA extends AsymmetricKey
     /**
      * OnLoad Handler
      *
-     * @return bool
+     * @return Parameters|PrivateKey|PublicKey
      */
     protected static function onLoad(array $components)
     {
@@ -268,10 +268,8 @@ abstract class DSA extends AsymmetricKey
      * Returns the key size
      *
      * More specifically, this L (the length of DSA Prime P) and N (the length of DSA Group Order q)
-     *
-     * @return array
      */
-    public function getLength()
+    public function getLength(): array
     {
         return ['L' => $this->p->getLength(), 'N' => $this->q->getLength()];
     }
@@ -281,9 +279,8 @@ abstract class DSA extends AsymmetricKey
      *
      * @see self::useInternalEngine()
      * @see self::useBestEngine()
-     * @return string
      */
-    public function getEngine()
+    public function getEngine(): string
     {
         if (!isset(self::$engines['PHP'])) {
             self::useBestEngine();
@@ -299,7 +296,6 @@ abstract class DSA extends AsymmetricKey
      * value.
      *
      * @see self::getPublicKey()
-     * @return mixed
      */
     public function getParameters()
     {
@@ -315,10 +311,8 @@ abstract class DSA extends AsymmetricKey
      * Determines the signature padding mode
      *
      * Valid values are: ASN1, SSH2, Raw
-     *
-     * @param string $format
      */
-    public function withSignatureFormat($format)
+    public function withSignatureFormat(string $format): DSA
     {
         $new = clone $this;
         $new->shortFormat = $format;
@@ -328,9 +322,8 @@ abstract class DSA extends AsymmetricKey
 
     /**
      * Returns the signature format currently being used
-     *
      */
-    public function getSignatureFormat()
+    public function getSignatureFormat(): string
     {
         return $this->shortFormat;
     }

phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php

@@ -13,10 +13,14 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\Common\Formats\Keys\OpenSSH as Progenitor;
+use phpseclib3\Exception\InvalidArgumentException;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Math\BigInteger;
 
 /**
@@ -36,26 +40,24 @@ abstract class OpenSSH extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         $parsed = parent::load($key, $password);
 
         if (isset($parsed['paddedKey'])) {
-            list($type) = Strings::unpackSSH2('s', $parsed['paddedKey']);
+            [$type] = Strings::unpackSSH2('s', $parsed['paddedKey']);
             if ($type != $parsed['type']) {
-                throw new \RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])");
+                throw new RuntimeException("The public and private keys are not of the same type ($type vs $parsed[type])");
             }
 
-            list($p, $q, $g, $y, $x, $comment) = Strings::unpackSSH2('i5s', $parsed['paddedKey']);
+            [$p, $q, $g, $y, $x, $comment] = Strings::unpackSSH2('i5s', $parsed['paddedKey']);
 
             return compact('p', 'q', 'g', 'y', 'x', 'comment');
         }
 
-        list($p, $q, $g, $y) = Strings::unpackSSH2('iiii', $parsed['publicKey']);
+        [$p, $q, $g, $y] = Strings::unpackSSH2('iiii', $parsed['publicKey']);
 
         $comment = $parsed['comment'];
 
@@ -65,17 +67,12 @@ abstract class OpenSSH extends Progenitor
     /**
      * Convert a public key to the appropriate format
      *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
      * @param array $options optional
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = [])
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []): string
     {
         if ($q->getLength() != 160) {
-            throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
+            throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
         }
 
         // from <http://tools.ietf.org/html/rfc4253#page-15>:
@@ -86,11 +83,11 @@ abstract class OpenSSH extends Progenitor
         // mpint     y
         $DSAPublicKey = Strings::packSSH2('siiii', 'ssh-dss', $p, $q, $g, $y);
 
-        if (isset($options['binary']) ? $options['binary'] : self::$binary) {
+        if ($options['binary'] ?? self::$binary) {
             return $DSAPublicKey;
         }
 
-        $comment = isset($options['comment']) ? $options['comment'] : self::$comment;
+        $comment = $options['comment'] ?? self::$comment;
         $DSAPublicKey = 'ssh-dss ' . base64_encode($DSAPublicKey) . ' ' . $comment;
 
         return $DSAPublicKey;
@@ -98,17 +95,8 @@ abstract class OpenSSH extends Progenitor
 
     /**
      * Convert a private key to the appropriate format.
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @param \phpseclib3\Math\BigInteger $x
-     * @param string $password optional
-     * @param array $options optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = [])
+    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string
     {
         $publicKey = self::savePublicKey($p, $q, $g, $y, ['binary' => true]);
         $privateKey = Strings::packSSH2('si5', 'ssh-dss', $p, $q, $g, $y, $x);

phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php

@@ -25,10 +25,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\Common\Formats\Keys\PKCS1 as Progenitor;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\ASN1\Maps;
 use phpseclib3\Math\BigInteger;
@@ -43,17 +46,15 @@ abstract class PKCS1 extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         $key = parent::load($key, $password);
 
         $decoded = ASN1::decodeBER($key);
         if (!$decoded) {
-            throw new \RuntimeException('Unable to decode BER');
+            throw new RuntimeException('Unable to decode BER');
         }
 
         $key = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
@@ -71,23 +72,18 @@ abstract class PKCS1 extends Progenitor
             return $key;
         }
 
-        throw new \RuntimeException('Unable to perform ASN1 mapping');
+        throw new RuntimeException('Unable to perform ASN1 mapping');
     }
 
     /**
      * Convert DSA parameters to the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @return string
      */
-    public static function saveParameters(BigInteger $p, BigInteger $q, BigInteger $g)
+    public static function saveParameters(BigInteger $p, BigInteger $q, BigInteger $g): string
     {
         $key = [
             'p' => $p,
             'q' => $q,
-            'g' => $g
+            'g' => $g,
         ];
 
         $key = ASN1::encodeDER($key, Maps\DSAParams::MAP);
@@ -100,16 +96,10 @@ abstract class PKCS1 extends Progenitor
     /**
      * Convert a private key to the appropriate format.
      *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @param \phpseclib3\Math\BigInteger $x
      * @param string $password optional
      * @param array $options optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = [])
+    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, string $password = '', array $options = []): string
     {
         $key = [
             'version' => 0,
@@ -117,7 +107,7 @@ abstract class PKCS1 extends Progenitor
             'q' => $q,
             'g' => $g,
             'y' => $y,
-            'x' => $x
+            'x' => $x,
         ];
 
         $key = ASN1::encodeDER($key, Maps\DSAPrivateKey::MAP);
@@ -127,14 +117,8 @@ abstract class PKCS1 extends Progenitor
 
     /**
      * Convert a public key to the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string
     {
         $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP);
 

phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php

@@ -21,9 +21,12 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
 use phpseclib3\Crypt\Common\Formats\Keys\PKCS8 as Progenitor;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\ASN1\Maps;
 use phpseclib3\Math\BigInteger;
@@ -40,14 +43,14 @@ abstract class PKCS8 extends Progenitor
      *
      * @var string
      */
-    const OID_NAME = 'id-dsa';
+    public const OID_NAME = 'id-dsa';
 
     /**
      * OID Value
      *
      * @var string
      */
-    const OID_VALUE = '1.2.840.10040.4.1';
+    public const OID_VALUE = '1.2.840.10040.4.1';
 
     /**
      * Child OIDs loaded
@@ -59,11 +62,9 @@ abstract class PKCS8 extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         $key = parent::load($key, $password);
 
@@ -71,22 +72,22 @@ abstract class PKCS8 extends Progenitor
 
         $decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
         if (!$decoded) {
-            throw new \RuntimeException('Unable to decode BER of parameters');
+            throw new RuntimeException('Unable to decode BER of parameters');
         }
         $components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
         if (!is_array($components)) {
-            throw new \RuntimeException('Unable to perform ASN1 mapping on parameters');
+            throw new RuntimeException('Unable to perform ASN1 mapping on parameters');
         }
 
         $decoded = ASN1::decodeBER($key[$type]);
         if (empty($decoded)) {
-            throw new \RuntimeException('Unable to decode BER');
+            throw new RuntimeException('Unable to decode BER');
         }
 
         $var = $type == 'privateKey' ? 'x' : 'y';
         $components[$var] = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP);
         if (!$components[$var] instanceof BigInteger) {
-            throw new \RuntimeException('Unable to perform ASN1 mapping');
+            throw new RuntimeException('Unable to perform ASN1 mapping');
         }
 
         if (isset($key['meta'])) {
@@ -98,22 +99,13 @@ abstract class PKCS8 extends Progenitor
 
     /**
      * Convert a private key to the appropriate format.
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @param \phpseclib3\Math\BigInteger $x
-     * @param string $password optional
-     * @param array $options optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '', array $options = [])
+    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string
     {
         $params = [
             'p' => $p,
             'q' => $q,
-            'g' => $g
+            'g' => $g,
         ];
         $params = ASN1::encodeDER($params, Maps\DSAParams::MAP);
         $params = new ASN1\Element($params);
@@ -124,19 +116,14 @@ abstract class PKCS8 extends Progenitor
     /**
      * Convert a public key to the appropriate format
      *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
      * @param array $options optional
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = [])
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, array $options = []): string
     {
         $params = [
             'p' => $p,
             'q' => $q,
-            'g' => $g
+            'g' => $g,
         ];
         $params = ASN1::encodeDER($params, Maps\DSAParams::MAP);
         $params = new ASN1\Element($params);

phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php

@@ -16,10 +16,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\Common\Formats\Keys\PuTTY as Progenitor;
+use phpseclib3\Exception\InvalidArgumentException;
 use phpseclib3\Math\BigInteger;
 
 /**
@@ -34,7 +37,7 @@ abstract class PuTTY extends Progenitor
      *
      * @var string
      */
-    const PUBLIC_HANDLER = 'phpseclib3\Crypt\DSA\Formats\Keys\OpenSSH';
+    public const PUBLIC_HANDLER = 'phpseclib3\Crypt\DSA\Formats\Keys\OpenSSH';
 
     /**
      * Algorithm Identifier
@@ -46,11 +49,11 @@ abstract class PuTTY extends Progenitor
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param string $key
-     * @param string $password optional
-     * @return array
+     * @param array|string $key
+     * @param string|false $password
+     * @return array|false
      */
-    public static function load($key, $password = '')
+    public static function load($key, $password)
     {
         $components = parent::load($key, $password);
         if (!isset($components['private'])) {
@@ -59,28 +62,19 @@ abstract class PuTTY extends Progenitor
         extract($components);
         unset($components['public'], $components['private']);
 
-        list($p, $q, $g, $y) = Strings::unpackSSH2('iiii', $public);
-        list($x) = Strings::unpackSSH2('i', $private);
+        [$p, $q, $g, $y] = Strings::unpackSSH2('iiii', $public);
+        [$x] = Strings::unpackSSH2('i', $private);
 
         return compact('p', 'q', 'g', 'y', 'x', 'comment');
     }
 
     /**
      * Convert a private key to the appropriate format.
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @param \phpseclib3\Math\BigInteger $x
-     * @param string $password optional
-     * @param array $options optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = false, array $options = [])
+    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, ?string $password = null, array $options = []): string
     {
         if ($q->getLength() != 160) {
-            throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
+            throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
         }
 
         $public = Strings::packSSH2('iiii', $p, $q, $g, $y);
@@ -91,17 +85,11 @@ abstract class PuTTY extends Progenitor
 
     /**
      * Convert a public key to the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string
     {
         if ($q->getLength() != 160) {
-            throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
+            throw new InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
         }
 
         return self::wrapPublicKey(Strings::packSSH2('iiii', $p, $q, $g, $y), 'ssh-dss');

phpseclib/Crypt/DSA/Formats/Keys/Raw.php

@@ -13,8 +13,11 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 
 /**
@@ -27,14 +30,12 @@ abstract class Raw
     /**
      * Break a public or private key down into its constituent components
      *
-     * @param array $key
-     * @param string $password optional
-     * @return array
+     * @param string|array $key
      */
-    public static function load($key, $password = '')
+    public static function load($key, ?string $password = null): array
     {
         if (!is_array($key)) {
-            throw new \UnexpectedValueException('Key should be a array - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a array - not a ' . gettype($key));
         }
 
         switch (true) {
@@ -45,7 +46,7 @@ abstract class Raw
             case !isset($key['x']) && !isset($key['y']):
             case isset($key['x']) && !$key['x'] instanceof BigInteger:
             case isset($key['y']) && !$key['y'] instanceof BigInteger:
-                throw new \UnexpectedValueException('Key appears to be malformed');
+                throw new UnexpectedValueException('Key appears to be malformed');
         }
 
         $options = ['p' => 1, 'q' => 1, 'g' => 1, 'x' => 1, 'y' => 1];
@@ -56,29 +57,17 @@ abstract class Raw
     /**
      * Convert a private key to the appropriate format.
      *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @param \phpseclib3\Math\BigInteger $x
      * @param string $password optional
-     * @return string
      */
-    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '')
+    public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, string $password = ''): string
     {
         return compact('p', 'q', 'g', 'y', 'x');
     }
 
     /**
      * Convert a public key to the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string
     {
         return compact('p', 'q', 'g', 'y');
     }

phpseclib/Crypt/DSA/Formats/Keys/XML.php

@@ -17,10 +17,13 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Keys;
 
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Exception\BadConfigurationException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 
 /**
@@ -32,15 +35,11 @@ abstract class XML
 {
     /**
      * Break a public or private key down into its constituent components
-     *
-     * @param string $key
-     * @param string $password optional
-     * @return array
      */
-    public static function load($key, $password = '')
+    public static function load(string $key, ?string $password = null): array
     {
         if (!Strings::is_stringable($key)) {
-            throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key));
+            throw new UnexpectedValueException('Key should be a string - not a ' . gettype($key));
         }
 
         if (!class_exists('DOMDocument')) {
@@ -55,7 +54,7 @@ abstract class XML
         }
         if (!$dom->loadXML($key)) {
             libxml_use_internal_errors($use_errors);
-            throw new \UnexpectedValueException('Key does not appear to contain XML');
+            throw new UnexpectedValueException('Key does not appear to contain XML');
         }
         $xpath = new \DOMXPath($dom);
         $keys = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgencounter'];
@@ -96,7 +95,7 @@ abstract class XML
         libxml_use_internal_errors($use_errors);
 
         if (!isset($components['y'])) {
-            throw new \UnexpectedValueException('Key is missing y component');
+            throw new UnexpectedValueException('Key is missing y component');
         }
 
         switch (true) {
@@ -113,14 +112,8 @@ abstract class XML
      * Convert a public key to the appropriate format
      *
      * See https://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue
-     *
-     * @param \phpseclib3\Math\BigInteger $p
-     * @param \phpseclib3\Math\BigInteger $q
-     * @param \phpseclib3\Math\BigInteger $g
-     * @param \phpseclib3\Math\BigInteger $y
-     * @return string
      */
-    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
+    public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y): string
     {
         return "<DSAKeyValue>\r\n" .
                '  <P>' . Strings::base64_encode($p->toBytes()) . "</P>\r\n" .

phpseclib/Crypt/DSA/Formats/Signature/ASN1.php

@@ -14,6 +14,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Signature;
 
 use phpseclib3\File\ASN1 as Encoder;
@@ -30,10 +32,9 @@ abstract class ASN1
     /**
      * Loads a signature
      *
-     * @param string $sig
      * @return array|bool
      */
-    public static function load($sig)
+    public static function load(string $sig)
     {
         if (!is_string($sig)) {
             return false;
@@ -50,12 +51,8 @@ abstract class ASN1
 
     /**
      * Returns a signature in the appropriate format
-     *
-     * @param \phpseclib3\Math\BigInteger $r
-     * @param \phpseclib3\Math\BigInteger $s
-     * @return string
      */
-    public static function save(BigInteger $r, BigInteger $s)
+    public static function save(BigInteger $r, BigInteger $s): string
     {
         return Encoder::encodeDER(compact('r', 's'), Maps\DssSigValue::MAP);
     }

phpseclib/Crypt/DSA/Formats/Signature/Raw.php

@@ -11,6 +11,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Signature;
 
 use phpseclib3\Crypt\Common\Formats\Signature\Raw as Progenitor;

phpseclib/Crypt/DSA/Formats/Signature/SSH2.php

@@ -13,6 +13,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA\Formats\Signature;
 
 use phpseclib3\Common\Functions\Strings;
@@ -27,11 +29,8 @@ abstract class SSH2
 {
     /**
      * Loads a signature
-     *
-     * @param string $sig
-     * @return mixed
      */
-    public static function load($sig)
+    public static function load(string $sig)
     {
         if (!is_string($sig)) {
             return false;
@@ -41,22 +40,20 @@ abstract class SSH2
         if ($result === false) {
             return false;
         }
-        list($type, $blob) = $result;
+        [$type, $blob] = $result;
         if ($type != 'ssh-dss' || strlen($blob) != 40) {
             return false;
         }
 
         return [
             'r' => new BigInteger(substr($blob, 0, 20), 256),
-            's' => new BigInteger(substr($blob, 20), 256)
+            's' => new BigInteger(substr($blob, 20), 256),
         ];
     }
 
     /**
      * Returns a signature in the appropriate format
      *
-     * @param \phpseclib3\Math\BigInteger $r
-     * @param \phpseclib3\Math\BigInteger $s
      * @return string
      */
     public static function save(BigInteger $r, BigInteger $s)

phpseclib/Crypt/DSA/Parameters.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA;
 
 use phpseclib3\Crypt\DSA;
@@ -23,11 +25,9 @@ final class Parameters extends DSA
     /**
      * Returns the parameters
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type = 'PKCS1', array $options = [])
+    public function toString(string $type = 'PKCS1', array $options = []): string
     {
         $type = self::validatePlugin('Keys', 'PKCS1', 'saveParameters');
 

phpseclib/Crypt/DSA/PrivateKey.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA;
 
 use phpseclib3\Crypt\Common;
@@ -28,7 +30,7 @@ final class PrivateKey extends DSA implements Common\PrivateKey
     /**
      * DSA secret exponent x
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $x;
 
@@ -51,7 +53,6 @@ final class PrivateKey extends DSA implements Common\PrivateKey
      * without the parameters and the PKCS1 DSA public key format does not include the parameters.
      *
      * @see self::getPrivateKey()
-     * @return mixed
      */
     public function getPublicKey()
     {
@@ -73,9 +74,8 @@ final class PrivateKey extends DSA implements Common\PrivateKey
      *
      * @see self::verify()
      * @param string $message
-     * @return mixed
      */
-    public function sign($message)
+    public function sign($message): string
     {
         $format = $this->sigFormat;
 
@@ -100,14 +100,14 @@ final class PrivateKey extends DSA implements Common\PrivateKey
         while (true) {
             $k = BigInteger::randomRange(self::$one, $this->q->subtract(self::$one));
             $r = $this->g->powMod($k, $this->p);
-            list(, $r) = $r->divide($this->q);
+            [, $r] = $r->divide($this->q);
             if ($r->equals(self::$zero)) {
                 continue;
             }
             $kinv = $k->modInverse($this->q);
             $temp = $h->add($this->x->multiply($r));
             $temp = $kinv->multiply($temp);
-            list(, $s) = $temp->divide($this->q);
+            [, $s] = $temp->divide($this->q);
             if (!$s->equals(self::$zero)) {
                 break;
             }
@@ -135,11 +135,9 @@ final class PrivateKey extends DSA implements Common\PrivateKey
     /**
      * Returns the private key
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type, array $options = [])
+    public function toString(string $type, array $options = []): string
     {
         $type = self::validatePlugin('Keys', $type, 'savePrivateKey');
 

phpseclib/Crypt/DSA/PublicKey.php

@@ -9,6 +9,8 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\DSA;
 
 use phpseclib3\Crypt\Common;
@@ -30,9 +32,8 @@ final class PublicKey extends DSA implements Common\PublicKey
      * @see self::verify()
      * @param string $message
      * @param string $signature
-     * @return mixed
      */
-    public function verify($message, $signature)
+    public function verify($message, $signature): bool
     {
         $format = $this->sigFormat;
 
@@ -60,12 +61,12 @@ final class PublicKey extends DSA implements Common\PublicKey
         $w = $s->modInverse($this->q);
         $h = $this->hash->hash($message);
         $h = $this->bits2int($h);
-        list(, $u1) = $h->multiply($w)->divide($this->q);
-        list(, $u2) = $r->multiply($w)->divide($this->q);
+        [, $u1] = $h->multiply($w)->divide($this->q);
+        [, $u2] = $r->multiply($w)->divide($this->q);
         $v1 = $this->g->powMod($u1, $this->p);
         $v2 = $this->y->powMod($u2, $this->p);
-        list(, $v) = $v1->multiply($v2)->divide($this->p);
-        list(, $v) = $v->divide($this->q);
+        [, $v] = $v1->multiply($v2)->divide($this->p);
+        [, $v] = $v->divide($this->q);
 
         return $v->equals($r);
     }
@@ -73,11 +74,9 @@ final class PublicKey extends DSA implements Common\PublicKey
     /**
      * Returns the public key
      *
-     * @param string $type
      * @param array $options optional
-     * @return string
      */
-    public function toString($type, array $options = [])
+    public function toString(string $type, array $options = []): string
     {
         $type = self::validatePlugin('Keys', $type, 'savePublicKey');
 

phpseclib/Crypt/EC.php

@@ -27,9 +27,12 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt;
 
 use phpseclib3\Crypt\Common\AsymmetricKey;
+use phpseclib3\Crypt\EC\BaseCurves\Base;
 use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve;
 use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards as TwistedEdwardsCurve;
 use phpseclib3\Crypt\EC\Curves\Curve25519;
@@ -39,6 +42,8 @@ use phpseclib3\Crypt\EC\Formats\Keys\PKCS1;
 use phpseclib3\Crypt\EC\Parameters;
 use phpseclib3\Crypt\EC\PrivateKey;
 use phpseclib3\Crypt\EC\PublicKey;
+use phpseclib3\Exception\InvalidArgumentException;
+use phpseclib3\Exception\LengthException;
 use phpseclib3\Exception\UnsupportedAlgorithmException;
 use phpseclib3\Exception\UnsupportedCurveException;
 use phpseclib3\Exception\UnsupportedOperationException;
@@ -58,7 +63,7 @@ abstract class EC extends AsymmetricKey
      *
      * @var string
      */
-    const ALGORITHM = 'EC';
+    public const ALGORITHM = 'EC';
 
     /**
      * Public Key QA
@@ -70,7 +75,7 @@ abstract class EC extends AsymmetricKey
     /**
      * Curve
      *
-     * @var \phpseclib3\Crypt\EC\BaseCurves\Base
+     * @var Base
      */
     protected $curve;
 
@@ -100,7 +105,7 @@ abstract class EC extends AsymmetricKey
      *
      * Used for deterministic ECDSA
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $q;
 
@@ -112,7 +117,7 @@ abstract class EC extends AsymmetricKey
      * public key. But the x is different depending on which side of the equal sign
      * you're on. It's less ambiguous if you do dA * base point = (x, y)-coordinate.
      *
-     * @var \phpseclib3\Math\BigInteger
+     * @var BigInteger
      */
     protected $x;
 
@@ -132,11 +137,8 @@ abstract class EC extends AsymmetricKey
 
     /**
      * Create public / private key pair.
-     *
-     * @param string $curve
-     * @return \phpseclib3\Crypt\EC\PrivateKey
      */
-    public static function createKey($curve)
+    public static function createKey(string $curve): PrivateKey
     {
         self::initialize_static_variables();
 
@@ -216,7 +218,7 @@ abstract class EC extends AsymmetricKey
     /**
      * OnLoad Handler
      *
-     * @return bool
+     * @return AsymmetricKey|Parameters|PrivateKey|PublicKey
      */
     protected static function onLoad(array $components)
     {
@@ -312,10 +314,8 @@ abstract class EC extends AsymmetricKey
      *  representation of the field, commonly denoted by m.  A set of
      *  elliptic curve domain parameters defines a group of order n generated
      *  by a base point P"
-     *
-     * @return int
      */
-    public function getLength()
+    public function getLength(): int
     {
         return $this->curve->getLength();
     }
@@ -325,9 +325,8 @@ abstract class EC extends AsymmetricKey
      *
      * @see self::useInternalEngine()
      * @see self::useBestEngine()
-     * @return string
      */
-    public function getEngine()
+    public function getEngine(): string
     {
         if (!isset(self::$engines['PHP'])) {
             self::useBestEngine();
@@ -345,10 +344,8 @@ abstract class EC extends AsymmetricKey
      * Returns the public key coordinates as a string
      *
      * Used by ECDH
-     *
-     * @return string
      */
-    public function getEncodedCoordinates()
+    public function getEncodedCoordinates(): string
     {
         if ($this->curve instanceof MontgomeryCurve) {
             return strrev($this->QA[0]->toBytes(true));
@@ -362,11 +359,10 @@ abstract class EC extends AsymmetricKey
     /**
      * Returns the parameters
      *
-     * @see self::getPublicKey()
      * @param string $type optional
-     * @return mixed
+     * @see self::getPublicKey()
      */
-    public function getParameters($type = 'PKCS1')
+    public function getParameters(string $type = 'PKCS1')
     {
         $type = self::validatePlugin('Keys', $type, 'saveParameters');
 
@@ -381,10 +377,8 @@ abstract class EC extends AsymmetricKey
      * Determines the signature padding mode
      *
      * Valid values are: ASN1, SSH2, Raw
-     *
-     * @param string $format
      */
-    public function withSignatureFormat($format)
+    public function withSignatureFormat(string $format): EC
     {
         if ($this->curve instanceof MontgomeryCurve) {
             throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures');
@@ -398,9 +392,8 @@ abstract class EC extends AsymmetricKey
 
     /**
      * Returns the signature format currently being used
-     *
      */
-    public function getSignatureFormat()
+    public function getSignatureFormat(): string
     {
         return $this->shortFormat;
     }
@@ -410,11 +403,11 @@ abstract class EC extends AsymmetricKey
      *
      * Used by Ed25519 / Ed448.
      *
-     * @see self::sign()
+     * @param string|null $context optional
      * @see self::verify()
-     * @param string $context optional
+          * @see self::sign()
      */
-    public function withContext($context = null)
+    public function withContext(?string $context = null): EC
     {
         if (!$this->curve instanceof TwistedEdwardsCurve) {
             throw new UnsupportedCurveException('Only Ed25519 and Ed448 support contexts');
@@ -426,10 +419,10 @@ abstract class EC extends AsymmetricKey
             return $new;
         }
         if (!is_string($context)) {
-            throw new \InvalidArgumentException('setContext expects a string');
+            throw new InvalidArgumentException('setContext expects a string');
         }
         if (strlen($context) > 255) {
-            throw new \LengthException('The context is supposed to be, at most, 255 bytes long');
+            throw new LengthException('The context is supposed to be, at most, 255 bytes long');
         }
         $new->context = $context;
         return $new;
@@ -437,19 +430,16 @@ abstract class EC extends AsymmetricKey
 
     /**
      * Returns the signature format currently being used
-     *
      */
-    public function getContext()
+    public function getContext(): string
     {
         return $this->context;
     }
 
     /**
      * Determines which hashing function should be used
-     *
-     * @param string $hash
      */
-    public function withHash($hash)
+    public function withHash(string $hash): AsymmetricKey
     {
         if ($this->curve instanceof MontgomeryCurve) {
             throw new UnsupportedOperationException('Montgomery Curves cannot be used to create signatures');

phpseclib/Crypt/EC/BaseCurves/Base.php

@@ -11,9 +11,14 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
+use phpseclib3\Exception\RangeException;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Math\BigInteger;
+use phpseclib3\Math\FiniteField\Integer;
 
 /**
  * Base
@@ -32,7 +37,7 @@ abstract class Base
     /**
      * Finite Field Integer factory
      *
-     * @var \phpseclib3\Math\FiniteField\Integer
+     * @var Integer
      */
     protected $factory;
 
@@ -61,7 +66,7 @@ abstract class Base
      *
      * @return integer
      */
-    public function getLengthInBytes()
+    public function getLengthInBytes(): int
     {
         return $this->factory->getLengthInBytes();
     }
@@ -71,7 +76,7 @@ abstract class Base
      *
      * @return integer
      */
-    public function getLength()
+    public function getLength(): int
     {
         return $this->factory->getLength();
     }
@@ -83,10 +88,8 @@ abstract class Base
      *
      * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder
      * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772
-     *
-     * @return array
      */
-    public function multiplyPoint(array $p, BigInteger $d)
+    public function multiplyPoint(array $p, BigInteger $d): array
     {
         $alreadyInternal = isset($p[2]);
         $r = $alreadyInternal ?
@@ -105,10 +108,8 @@ abstract class Base
 
     /**
      * Creates a random scalar multiplier
-     *
-     * @return BigInteger
      */
-    public function createRandomMultiplier()
+    public function createRandomMultiplier(): BigInteger
     {
         static $one;
         if (!isset($one)) {
@@ -121,7 +122,7 @@ abstract class Base
     /**
      * Performs range check
      */
-    public function rangeCheck(BigInteger $x)
+    public function rangeCheck(BigInteger $x): void
     {
         static $zero;
         if (!isset($zero)) {
@@ -129,27 +130,25 @@ abstract class Base
         }
 
         if (!isset($this->order)) {
-            throw new \RuntimeException('setOrder needs to be called before this method');
+            throw new RuntimeException('setOrder needs to be called before this method');
         }
         if ($x->compare($this->order) > 0 || $x->compare($zero) <= 0) {
-            throw new \RangeException('x must be between 1 and the order of the curve');
+            throw new RangeException('x must be between 1 and the order of the curve');
         }
     }
 
     /**
      * Sets the Order
      */
-    public function setOrder(BigInteger $order)
+    public function setOrder(BigInteger $order): void
     {
         $this->order = $order;
     }
 
     /**
      * Returns the Order
-     *
-     * @return \phpseclib3\Math\BigInteger
      */
-    public function getOrder()
+    public function getOrder(): BigInteger
     {
         return $this->order;
     }
@@ -169,7 +168,7 @@ abstract class Base
      *
      * @return object[]
      */
-    public function convertToAffine(array $p)
+    public function convertToAffine(array $p): array
     {
         return $p;
     }
@@ -179,7 +178,7 @@ abstract class Base
      *
      * @return object[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         return $p;
     }
@@ -189,11 +188,11 @@ abstract class Base
      *
      * @return object[]
      */
-    public function negatePoint(array $p)
+    public function negatePoint(array $p): array
     {
         $temp = [
             $p[0],
-            $p[1]->negate()
+            $p[1]->negate(),
         ];
         if (isset($p[2])) {
             $temp[] = $p[2];
@@ -206,7 +205,7 @@ abstract class Base
      *
      * @return int[]
      */
-    public function multiplyAddPoints(array $points, array $scalars)
+    public function multiplyAddPoints(array $points, array $scalars): array
     {
         $p1 = $this->convertToInternal($points[0]);
         $p2 = $this->convertToInternal($points[1]);

phpseclib/Crypt/EC/BaseCurves/Binary.php

@@ -19,11 +19,16 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 use phpseclib3\Math\BinaryField;
 use phpseclib3\Math\BinaryField\Integer as BinaryInteger;
+use phpseclib3\Math\PrimeField\Integer;
 
 /**
  * Curves over y^2 + x*y = x^3 + a*x^2 + b
@@ -35,7 +40,7 @@ class Binary extends Base
     /**
      * Binary Field Integer factory
      *
-     * @var \phpseclib3\Math\BinaryField
+     * @var BinaryField
      */
     protected $factory;
 
@@ -70,7 +75,7 @@ class Binary extends Base
     /**
      * The modulo
      *
-     * @var BigInteger
+     * @var array
      */
     protected $modulo;
 
@@ -84,7 +89,7 @@ class Binary extends Base
     /**
      * Sets the modulo
      */
-    public function setModulo(...$modulo)
+    public function setModulo(int ...$modulo): void
     {
         $this->modulo = $modulo;
         $this->factory = new BinaryField(...$modulo);
@@ -94,14 +99,11 @@ class Binary extends Base
 
     /**
      * Set coefficients a and b
-     *
-     * @param string $a
-     * @param string $b
      */
-    public function setCoefficients($a, $b)
+    public function setCoefficients(string $a, string $b): void
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->a = $this->factory->newInteger(pack('H*', $a));
         $this->b = $this->factory->newInteger(pack('H*', $b));
@@ -113,20 +115,20 @@ class Binary extends Base
      * @param string|BinaryInteger $x
      * @param string|BinaryInteger $y
      */
-    public function setBasePoint($x, $y)
+    public function setBasePoint($x, $y): void
     {
         switch (true) {
             case !is_string($x) && !$x instanceof BinaryInteger:
-                throw new \UnexpectedValueException('Argument 1 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer');
+                throw new UnexpectedValueException('Argument 1 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer');
             case !is_string($y) && !$y instanceof BinaryInteger:
-                throw new \UnexpectedValueException('Argument 2 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer');
+                throw new UnexpectedValueException('Argument 2 passed to Binary::setBasePoint() must be a string or an instance of BinaryField\Integer');
         }
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->p = [
             is_string($x) ? $this->factory->newInteger(pack('H*', $x)) : $x,
-            is_string($y) ? $this->factory->newInteger(pack('H*', $y)) : $y
+            is_string($y) ? $this->factory->newInteger(pack('H*', $y)) : $y,
         ];
     }
 
@@ -138,11 +140,11 @@ class Binary extends Base
     public function getBasePoint()
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         /*
         if (!isset($this->p)) {
-            throw new \RuntimeException('setBasePoint needs to be called before this method');
+            throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method');
         }
         */
         return $this->p;
@@ -153,10 +155,10 @@ class Binary extends Base
      *
      * @return FiniteField[]
      */
-    public function addPoint(array $p, array $q)
+    public function addPoint(array $p, array $q): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p) || !count($q)) {
@@ -170,7 +172,7 @@ class Binary extends Base
         }
 
         if (!isset($p[2]) || !isset($q[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         if ($p[0]->equals($q[0])) {
@@ -179,8 +181,8 @@ class Binary extends Base
 
         // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html
 
-        list($x1, $y1, $z1) = $p;
-        list($x2, $y2, $z2) = $q;
+        [$x1, $y1, $z1] = $p;
+        [$x2, $y2, $z2] = $q;
 
         $o1 = $z1->multiply($z1);
         $b = $x2->multiply($o1);
@@ -226,10 +228,10 @@ class Binary extends Base
      *
      * @return FiniteField[]
      */
-    public function doublePoint(array $p)
+    public function doublePoint(array $p): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p)) {
@@ -237,12 +239,12 @@ class Binary extends Base
         }
 
         if (!isset($p[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         // formulas from http://hyperelliptic.org/EFD/g12o/auto-shortw-jacobian.html
 
-        list($x1, $y1, $z1) = $p;
+        [$x1, $y1, $z1] = $p;
 
         $a = $x1->multiply($x1);
         $b = $a->multiply($a);
@@ -277,12 +279,10 @@ class Binary extends Base
      * "Due to patent issues the compressed option is disabled by default for binary curves
      *  and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at
      *  compile time."
-     *
-     * @return array
      */
-    public function derivePoint($m)
+    public function derivePoint($m): array
     {
-        throw new \RuntimeException('Point compression on binary finite field elliptic curves is not supported');
+        throw new RuntimeException('Point compression on binary finite field elliptic curves is not supported');
     }
 
     /**
@@ -290,9 +290,9 @@ class Binary extends Base
      *
      * @return boolean
      */
-    public function verifyPoint(array $p)
+    public function verifyPoint(array $p): bool
     {
-        list($x, $y) = $p;
+        [$x, $y] = $p;
         $lhs = $y->multiply($y);
         $lhs = $lhs->add($x->multiply($y));
         $x2 = $x->multiply($x);
@@ -304,10 +304,8 @@ class Binary extends Base
 
     /**
      * Returns the modulo
-     *
-     * @return \phpseclib3\Math\BigInteger
      */
-    public function getModulo()
+    public function getModulo(): array
     {
         return $this->modulo;
     }
@@ -315,7 +313,7 @@ class Binary extends Base
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return Integer
      */
     public function getA()
     {
@@ -325,7 +323,7 @@ class Binary extends Base
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return Integer
      */
     public function getB()
     {
@@ -339,28 +337,28 @@ class Binary extends Base
      * To convert a Jacobian Coordinate to an Affine Point
      * you do (x / z^2, y / z^3)
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return Integer[]
      */
-    public function convertToAffine(array $p)
+    public function convertToAffine(array $p): array
     {
         if (!isset($p[2])) {
             return $p;
         }
-        list($x, $y, $z) = $p;
+        [$x, $y, $z] = $p;
         $z = $this->one->divide($z);
         $z2 = $z->multiply($z);
         return [
             $x->multiply($z2),
-            $y->multiply($z2)->multiply($z)
+            $y->multiply($z2)->multiply($z),
         ];
     }
 
     /**
      * Converts an affine point to a jacobian coordinate
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return Integer[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         if (isset($p[2])) {
             return $p;

phpseclib/Crypt/EC/BaseCurves/KoblitzPrime.php

@@ -26,6 +26,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
 use phpseclib3\Math\BigInteger;
@@ -43,14 +45,14 @@ class KoblitzPrime extends Prime
      *
      * @var list<array{a: BigInteger, b: BigInteger}>
      */
-    protected $basis;
+    public $basis;
 
     /**
      * Beta
      *
      * @var PrimeField\Integer
      */
-    protected $beta;
+    public $beta;
 
     // don't overwrite setCoefficients() with one that only accepts one parameter so that
     // one might be able to switch between KoblitzPrime and Prime more easily (for benchmarking
@@ -66,7 +68,7 @@ class KoblitzPrime extends Prime
      *
      * @return int[]
      */
-    public function multiplyAddPoints(array $points, array $scalars)
+    public function multiplyAddPoints(array $points, array $scalars): array
     {
         static $zero, $one, $two;
         if (!isset($two)) {
@@ -80,7 +82,7 @@ class KoblitzPrime extends Prime
             $s = $this->three->negate()->squareRoot()->multiply($inv);
             $betas = [
                 $inv->add($s),
-                $inv->subtract($s)
+                $inv->subtract($s),
             ];
             $this->beta = $betas[0]->compare($betas[1]) < 0 ? $betas[0] : $betas[1];
             //echo strtoupper($this->beta->toHex(true)) . "\n"; exit;
@@ -97,7 +99,7 @@ class KoblitzPrime extends Prime
 
             $lambdas = [
                 $inv->add($s),
-                $inv->subtract($s)
+                $inv->subtract($s),
             ];
 
             $lhs = $this->multiplyPoint($this->p, $lambdas[0])[0];
@@ -120,16 +122,16 @@ class KoblitzPrime extends Prime
             $k = $scalars[$i]->toBigInteger();
 
             // begin split
-            list($v1, $v2) = $this->basis;
+            [$v1, $v2] = $this->basis;
 
             $c1 = $v2['b']->multiply($k);
-            list($c1, $r) = $c1->divide($this->order);
+            [$c1, $r] = $c1->divide($this->order);
             if ($this->order->compare($r->multiply($two)) <= 0) {
                 $c1 = $c1->add($one);
             }
 
             $c2 = $v1['b']->negate()->multiply($k);
-            list($c2, $r) = $c2->divide($this->order);
+            [$c2, $r] = $c2->divide($this->order);
             if ($this->order->compare($r->multiply($two)) <= 0) {
                 $c2 = $c2->add($one);
             }
@@ -146,7 +148,7 @@ class KoblitzPrime extends Prime
             $beta = [
                 $p[0]->multiply($this->beta),
                 $p[1],
-                clone $this->one
+                clone $this->one,
             ];
 
             if (isset($p['naf'])) {
@@ -154,7 +156,7 @@ class KoblitzPrime extends Prime
                     return [
                         $p[0]->multiply($this->beta),
                         $p[1],
-                        clone $this->one
+                        clone $this->one,
                     ];
                 }, $p['naf']);
                 $beta['nafwidth'] = $p['nafwidth'];
@@ -187,7 +189,7 @@ class KoblitzPrime extends Prime
      *
      * @return FiniteField[]
      */
-    protected function doublePointHelper(array $p)
+    protected function doublePointHelper(array $p): array
     {
         $numerator = $this->three->multiply($p[0])->multiply($p[0]);
         $denominator = $this->two->multiply($p[1]);
@@ -201,9 +203,9 @@ class KoblitzPrime extends Prime
      *
      * @return FiniteField[]
      */
-    protected function jacobianDoublePoint(array $p)
+    protected function jacobianDoublePoint(array $p): array
     {
-        list($x1, $y1, $z1) = $p;
+        [$x1, $y1, $z1] = $p;
         $a = $x1->multiply($x1);
         $b = $y1->multiply($y1);
         $c = $b->multiply($b);
@@ -226,9 +228,9 @@ class KoblitzPrime extends Prime
      *
      * @return FiniteField[]
      */
-    protected function jacobianDoublePointMixed(array $p)
+    protected function jacobianDoublePointMixed(array $p): array
     {
-        list($x1, $y1) = $p;
+        [$x1, $y1] = $p;
         $xx = $x1->multiply($x1);
         $yy = $y1->multiply($y1);
         $yyyy = $yy->multiply($yy);
@@ -248,9 +250,9 @@ class KoblitzPrime extends Prime
      *
      * @return boolean
      */
-    public function verifyPoint(array $p)
+    public function verifyPoint(array $p): bool
     {
-        list($x, $y) = $p;
+        [$x, $y] = $p;
         $lhs = $y->multiply($y);
         $temp = $x->multiply($x)->multiply($x);
         $rhs = $temp->add($this->b);
@@ -262,11 +264,9 @@ class KoblitzPrime extends Prime
      * Calculates the parameters needed from the Euclidean algorithm as discussed at
      * http://diamond.boisestate.edu/~liljanab/MATH308/GuideToECC.pdf#page=148
      *
-     * @param BigInteger $u
-     * @param BigInteger $v
      * @return BigInteger[]
      */
-    protected static function extendedGCD(BigInteger $u, BigInteger $v)
+    protected static function extendedGCD(BigInteger $u, BigInteger $v): array
     {
         $one = new BigInteger(1);
         $zero = new BigInteger();
@@ -286,7 +286,7 @@ class KoblitzPrime extends Prime
         $postGreatestIndex = 0;
 
         while (!$v->equals($zero)) {
-            list($q) = $u->divide($v);
+            [$q] = $u->divide($v);
 
             $temp = $u;
             $u = $v;
@@ -329,7 +329,7 @@ class KoblitzPrime extends Prime
 
         return [
             ['a' => $a1, 'b' => $b1],
-            ['a' => $a2, 'b' => $b2]
+            ['a' => $a2, 'b' => $b2],
         ];
     }
 }

phpseclib/Crypt/EC/BaseCurves/Montgomery.php

@@ -22,9 +22,13 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
 use phpseclib3\Crypt\EC\Curves\Curve25519;
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 use phpseclib3\Math\PrimeField;
 use phpseclib3\Math\PrimeField\Integer as PrimeInteger;
@@ -39,7 +43,7 @@ class Montgomery extends Base
     /**
      * Prime Field Integer factory
      *
-     * @var \phpseclib3\Math\PrimeField
+     * @var PrimeField
      */
     protected $factory;
 
@@ -95,7 +99,7 @@ class Montgomery extends Base
     /**
      * Sets the modulo
      */
-    public function setModulo(BigInteger $modulo)
+    public function setModulo(BigInteger $modulo): void
     {
         $this->modulo = $modulo;
         $this->factory = new PrimeField($modulo);
@@ -106,10 +110,10 @@ class Montgomery extends Base
     /**
      * Set coefficients a
      */
-    public function setCoefficients(BigInteger $a)
+    public function setCoefficients(BigInteger $a): void
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->a = $this->factory->newInteger($a);
         $two = $this->factory->newInteger(new BigInteger(2));
@@ -124,20 +128,20 @@ class Montgomery extends Base
      * @param BigInteger|PrimeInteger $y
      * @return PrimeInteger[]
      */
-    public function setBasePoint($x, $y)
+    public function setBasePoint($x, $y): array
     {
         switch (true) {
             case !$x instanceof BigInteger && !$x instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
             case !$y instanceof BigInteger && !$y instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
         }
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->p = [
             $x instanceof BigInteger ? $this->factory->newInteger($x) : $x,
-            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y
+            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y,
         ];
     }
 
@@ -149,11 +153,11 @@ class Montgomery extends Base
     public function getBasePoint()
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         /*
         if (!isset($this->p)) {
-            throw new \RuntimeException('setBasePoint needs to be called before this method');
+            throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method');
         }
         */
         return $this->p;
@@ -166,10 +170,10 @@ class Montgomery extends Base
      *
      * @return FiniteField[][]
      */
-    private function doubleAndAddPoint(array $p, array $q, PrimeInteger $x1)
+    private function doubleAndAddPoint(array $p, array $q, PrimeInteger $x1): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p) || !count($q)) {
@@ -177,11 +181,11 @@ class Montgomery extends Base
         }
 
         if (!isset($p[1])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to XZ coordinates');
+            throw new RuntimeException('Affine coordinates need to be manually converted to XZ coordinates');
         }
 
-        list($x2, $z2) = $p;
-        list($x3, $z3) = $q;
+        [$x2, $z2] = $p;
+        [$x3, $z3] = $q;
 
         $a = $x2->add($z2);
         $aa = $a->multiply($a);
@@ -202,7 +206,7 @@ class Montgomery extends Base
 
         return [
             [$x4, $z4],
-            [$x5, $z5]
+            [$x5, $z5],
         ];
     }
 
@@ -213,10 +217,8 @@ class Montgomery extends Base
      *
      * https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder
      * https://github.com/phpecc/phpecc/issues/16#issuecomment-59176772
-     *
-     * @return array
      */
-    public function multiplyPoint(array $p, BigInteger $d)
+    public function multiplyPoint(array $p, BigInteger $d): array
     {
         $p1 = [$this->one, $this->zero];
         $alreadyInternal = isset($x[1]);
@@ -228,9 +230,9 @@ class Montgomery extends Base
         for ($i = 0; $i < strlen($b); $i++) {
             $b_i = (int) $b[$i];
             if ($b_i) {
-                list($p2, $p1) = $this->doubleAndAddPoint($p2, $p1, $x);
+                [$p2, $p1] = $this->doubleAndAddPoint($p2, $p1, $x);
             } else {
-                list($p1, $p2) = $this->doubleAndAddPoint($p1, $p2, $x);
+                [$p1, $p2] = $this->doubleAndAddPoint($p1, $p2, $x);
             }
         }
 
@@ -246,9 +248,9 @@ class Montgomery extends Base
      *
      *   x=X/Z
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return PrimeInteger[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         if (empty($p)) {
             return [clone $this->zero, clone $this->one];
@@ -266,14 +268,14 @@ class Montgomery extends Base
     /**
      * Returns the affine point
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return PrimeInteger[]
      */
-    public function convertToAffine(array $p)
+    public function convertToAffine(array $p): array
     {
         if (!isset($p[1])) {
             return $p;
         }
-        list($x, $z) = $p;
+        [$x, $z] = $p;
         return [$x->divide($z)];
     }
 }

phpseclib/Crypt/EC/BaseCurves/Prime.php

@@ -19,13 +19,18 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
 use phpseclib3\Common\Functions\Strings;
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 use phpseclib3\Math\Common\FiniteField\Integer;
 use phpseclib3\Math\PrimeField;
 use phpseclib3\Math\PrimeField\Integer as PrimeInteger;
+use phpseclib3\Math\PrimeFields;
 
 /**
  * Curves over y^2 = x^3 + a*x + b
@@ -37,7 +42,7 @@ class Prime extends Base
     /**
      * Prime Field Integer factory
      *
-     * @var \phpseclib3\Math\PrimeFields
+     * @var PrimeFields
      */
     protected $factory;
 
@@ -114,7 +119,7 @@ class Prime extends Base
     /**
      * Sets the modulo
      */
-    public function setModulo(BigInteger $modulo)
+    public function setModulo(BigInteger $modulo): void
     {
         $this->modulo = $modulo;
         $this->factory = new PrimeField($modulo);
@@ -129,10 +134,10 @@ class Prime extends Base
     /**
      * Set coefficients a and b
      */
-    public function setCoefficients(BigInteger $a, BigInteger $b)
+    public function setCoefficients(BigInteger $a, BigInteger $b): void
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->a = $this->factory->newInteger($a);
         $this->b = $this->factory->newInteger($b);
@@ -143,22 +148,21 @@ class Prime extends Base
      *
      * @param BigInteger|PrimeInteger $x
      * @param BigInteger|PrimeInteger $y
-     * @return PrimeInteger[]
      */
-    public function setBasePoint($x, $y)
+    public function setBasePoint($x, $y): void
     {
         switch (true) {
             case !$x instanceof BigInteger && !$x instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
             case !$y instanceof BigInteger && !$y instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
         }
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->p = [
             $x instanceof BigInteger ? $this->factory->newInteger($x) : $x,
-            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y
+            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y,
         ];
     }
 
@@ -170,11 +174,11 @@ class Prime extends Base
     public function getBasePoint()
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         /*
         if (!isset($this->p)) {
-            throw new \RuntimeException('setBasePoint needs to be called before this method');
+            throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method');
         }
         */
         return $this->p;
@@ -185,10 +189,10 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function jacobianAddPointMixedXY(array $p, array $q)
+    protected function jacobianAddPointMixedXY(array $p, array $q): array
     {
-        list($u1, $s1) = $p;
-        list($u2, $s2) = $q;
+        [$u1, $s1] = $p;
+        [$u2, $s2] = $q;
         if ($u1->equals($u2)) {
             if (!$s1->equals($s2)) {
                 return [];
@@ -217,10 +221,10 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function jacobianAddPointMixedX(array $p, array $q)
+    protected function jacobianAddPointMixedX(array $p, array $q): array
     {
-        list($u1, $s1, $z1) = $p;
-        list($x2, $y2) = $q;
+        [$u1, $s1, $z1] = $p;
+        [$x2, $y2] = $q;
 
         $z12 = $z1->multiply($z1);
 
@@ -253,10 +257,10 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function jacobianAddPoint(array $p, array $q)
+    protected function jacobianAddPoint(array $p, array $q): array
     {
-        list($x1, $y1, $z1) = $p;
-        list($x2, $y2, $z2) = $q;
+        [$x1, $y1, $z1] = $p;
+        [$x2, $y2, $z2] = $q;
 
         $z12 = $z1->multiply($z1);
         $z22 = $z2->multiply($z2);
@@ -292,10 +296,10 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    public function addPoint(array $p, array $q)
+    public function addPoint(array $p, array $q): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p) || !count($q)) {
@@ -323,14 +327,14 @@ class Prime extends Base
         }
 
         if (isset($p[2]) || isset($q[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to Jacobi coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to Jacobi coordinates or vice versa');
         }
 
         if ($p[0]->equals($q[0])) {
             if (!$p[1]->equals($q[1])) {
                 return [];
             } else { // eg. doublePoint
-                list($numerator, $denominator) = $this->doublePointHelper($p);
+                [$numerator, $denominator] = $this->doublePointHelper($p);
             }
         } else {
             $numerator = $q[1]->subtract($p[1]);
@@ -348,7 +352,7 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function doublePointHelper(array $p)
+    protected function doublePointHelper(array $p): array
     {
         $numerator = $this->three->multiply($p[0])->multiply($p[0])->add($this->a);
         $denominator = $this->two->multiply($p[1]);
@@ -360,9 +364,9 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function jacobianDoublePoint(array $p)
+    protected function jacobianDoublePoint(array $p): array
     {
-        list($x, $y, $z) = $p;
+        [$x, $y, $z] = $p;
         $x2 = $x->multiply($x);
         $y2 = $y->multiply($y);
         $z2 = $z->multiply($z);
@@ -383,9 +387,9 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    protected function jacobianDoublePointMixed(array $p)
+    protected function jacobianDoublePointMixed(array $p): array
     {
-        list($x, $y) = $p;
+        [$x, $y] = $p;
         $x2 = $x->multiply($x);
         $y2 = $y->multiply($y);
         $s = $this->four->multiply($x)->multiply($y2);
@@ -404,10 +408,10 @@ class Prime extends Base
      *
      * @return FiniteField[]
      */
-    public function doublePoint(array $p)
+    public function doublePoint(array $p): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p)) {
@@ -422,7 +426,7 @@ class Prime extends Base
             return $this->jacobianDoublePoint($p);
         }
 
-        list($numerator, $denominator) = $this->doublePointHelper($p);
+        [$numerator, $denominator] = $this->doublePointHelper($p);
 
         $slope = $numerator->divide($denominator);
 
@@ -434,10 +438,8 @@ class Prime extends Base
 
     /**
      * Returns the X coordinate and the derived Y coordinate
-     *
-     * @return array
      */
-    public function derivePoint($m)
+    public function derivePoint($m): array
     {
         $y = ord(Strings::shift($m));
         $x = new BigInteger($m, 256);
@@ -450,14 +452,14 @@ class Prime extends Base
                 $ypn = true;
                 break;
             default:
-                throw new \RuntimeException('Coordinate not in recognized format');
+                throw new RuntimeException('Coordinate not in recognized format');
         }
         $temp = $xp->multiply($this->a);
         $temp = $xp->multiply($xp)->multiply($xp)->add($temp);
         $temp = $temp->add($this->b);
         $b = $temp->squareRoot();
         if (!$b) {
-            throw new \RuntimeException('Unable to derive Y coordinate');
+            throw new RuntimeException('Unable to derive Y coordinate');
         }
         $bn = $b->isOdd();
         $yp = $ypn == $bn ? $b : $b->negate();
@@ -469,9 +471,9 @@ class Prime extends Base
      *
      * @return boolean
      */
-    public function verifyPoint(array $p)
+    public function verifyPoint(array $p): bool
     {
-        list($x, $y) = $p;
+        [$x, $y] = $p;
         $lhs = $y->multiply($y);
         $temp = $x->multiply($this->a);
         $temp = $x->multiply($x)->multiply($x)->add($temp);
@@ -482,10 +484,8 @@ class Prime extends Base
 
     /**
      * Returns the modulo
-     *
-     * @return \phpseclib3\Math\BigInteger
      */
-    public function getModulo()
+    public function getModulo(): BigInteger
     {
         return $this->modulo;
     }
@@ -493,7 +493,7 @@ class Prime extends Base
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return PrimeInteger
      */
     public function getA()
     {
@@ -503,7 +503,7 @@ class Prime extends Base
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return PrimeInteger
      */
     public function getB()
     {
@@ -518,7 +518,7 @@ class Prime extends Base
      *
      * @return int[]
      */
-    public function multiplyAddPoints(array $points, array $scalars)
+    public function multiplyAddPoints(array $points, array $scalars): array
     {
         $length = count($points);
 
@@ -527,10 +527,10 @@ class Prime extends Base
         }
 
         $wnd = [$this->getNAFPoints($points[0], 7)];
-        $wndWidth = [isset($points[0]['nafwidth']) ? $points[0]['nafwidth'] : 7];
+        $wndWidth = [$points[0]['nafwidth'] ?? 7];
         for ($i = 1; $i < $length; $i++) {
             $wnd[] = $this->getNAFPoints($points[$i], 1);
-            $wndWidth[] = isset($points[$i]['nafwidth']) ? $points[$i]['nafwidth'] : 1;
+            $wndWidth[] = $points[$i]['nafwidth'] ?? 1;
         }
 
         $naf = [];
@@ -552,7 +552,7 @@ class Prime extends Base
                 $points[$a], // 1
                 null,        // 3
                 null,        // 5
-                $points[$b]  // 7
+                $points[$b],  // 7
             ];
 
             $comb[1] = $this->addPoint($points[$a], $points[$b]);
@@ -567,7 +567,7 @@ class Prime extends Base
                  7, /*  0  1 */
                  5, /*  1 -1 */
                  1, /*  1  0 */
-                 3  /*  1  1 */
+                 3,  /*  1  1 */
             ];
 
             $jsf = self::getJSFPoints($scalars[$a], $scalars[$b]);
@@ -582,8 +582,8 @@ class Prime extends Base
             }
 
             for ($j = 0; $j < $max; $j++) {
-                $ja = isset($jsf[0][$j]) ? $jsf[0][$j] : 0;
-                $jb = isset($jsf[1][$j]) ? $jsf[1][$j] : 0;
+                $ja = $jsf[0][$j] ?? 0;
+                $jb = $jsf[1][$j] ?? 0;
 
                 $naf[$a][$j] = $index[3 * ($ja + 1) + $jb + 1];
                 $naf[$b][$j] = 0;
@@ -598,7 +598,7 @@ class Prime extends Base
             while ($i >= 0) {
                 $zero = true;
                 for ($j = 0; $j < $length; $j++) {
-                    $temp[$j] = isset($naf[$j][$i]) ? $naf[$j][$i] : 0;
+                    $temp[$j] = $naf[$j][$i] ?? 0;
                     if ($temp[$j] != 0) {
                         $zero = false;
                     }
@@ -643,9 +643,9 @@ class Prime extends Base
      * Adapted from:
      * https://github.com/indutny/elliptic/blob/725bd91/lib/elliptic/curve/base.js#L351
      *
-     * @return int[]
+     * @return list<array>
      */
-    private function getNAFPoints(array $point, $wnd)
+    private function getNAFPoints(array $point, int $wnd): array
     {
         if (isset($point['naf'])) {
             return $point['naf'];
@@ -682,7 +682,7 @@ class Prime extends Base
      *
      * @return int[]
      */
-    private static function getJSFPoints(Integer $k1, Integer $k2)
+    private static function getJSFPoints(Integer $k1, Integer $k2): array
     {
         static $three;
         if (!isset($three)) {
@@ -751,28 +751,28 @@ class Prime extends Base
      * To convert a Jacobian Coordinate to an Affine Point
      * you do (x / z^2, y / z^3)
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return PrimeInteger[]
      */
-    public function convertToAffine(array $p)
+    public function convertToAffine(array $p): array
     {
         if (!isset($p[2])) {
             return $p;
         }
-        list($x, $y, $z) = $p;
+        [$x, $y, $z] = $p;
         $z = $this->one->divide($z);
         $z2 = $z->multiply($z);
         return [
             $x->multiply($z2),
-            $y->multiply($z2)->multiply($z)
+            $y->multiply($z2)->multiply($z),
         ];
     }
 
     /**
      * Converts an affine point to a jacobian coordinate
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return PrimeInteger[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         if (isset($p[2])) {
             return $p;

phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php

@@ -24,8 +24,12 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\BaseCurves;
 
+use phpseclib3\Exception\RuntimeException;
+use phpseclib3\Exception\UnexpectedValueException;
 use phpseclib3\Math\BigInteger;
 use phpseclib3\Math\PrimeField;
 use phpseclib3\Math\PrimeField\Integer as PrimeInteger;
@@ -89,7 +93,7 @@ class TwistedEdwards extends Base
     /**
      * Sets the modulo
      */
-    public function setModulo(BigInteger $modulo)
+    public function setModulo(BigInteger $modulo): void
     {
         $this->modulo = $modulo;
         $this->factory = new PrimeField($modulo);
@@ -101,10 +105,10 @@ class TwistedEdwards extends Base
     /**
      * Set coefficients a and b
      */
-    public function setCoefficients(BigInteger $a, BigInteger $d)
+    public function setCoefficients(BigInteger $a, BigInteger $d): void
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->a = $this->factory->newInteger($a);
         $this->d = $this->factory->newInteger($d);
@@ -113,27 +117,27 @@ class TwistedEdwards extends Base
     /**
      * Set x and y coordinates for the base point
      */
-    public function setBasePoint($x, $y)
+    public function setBasePoint($x, $y): void
     {
         switch (true) {
             case !$x instanceof BigInteger && !$x instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 1 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
             case !$y instanceof BigInteger && !$y instanceof PrimeInteger:
-                throw new \UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
+                throw new UnexpectedValueException('Argument 2 passed to Prime::setBasePoint() must be an instance of either BigInteger or PrimeField\Integer');
         }
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         $this->p = [
             $x instanceof BigInteger ? $this->factory->newInteger($x) : $x,
-            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y
+            $y instanceof BigInteger ? $this->factory->newInteger($y) : $y,
         ];
     }
 
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return PrimeInteger
      */
     public function getA()
     {
@@ -143,7 +147,7 @@ class TwistedEdwards extends Base
     /**
      * Returns the a coefficient
      *
-     * @return \phpseclib3\Math\PrimeField\Integer
+     * @return PrimeInteger
      */
     public function getD()
     {
@@ -152,17 +156,15 @@ class TwistedEdwards extends Base
 
     /**
      * Retrieve the base point as an array
-     *
-     * @return array
      */
-    public function getBasePoint()
+    public function getBasePoint(): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
         /*
         if (!isset($this->p)) {
-            throw new \RuntimeException('setBasePoint needs to be called before this method');
+            throw new \phpseclib3\Exception\RuntimeException('setBasePoint needs to be called before this method');
         }
         */
         return $this->p;
@@ -171,27 +173,25 @@ class TwistedEdwards extends Base
     /**
      * Returns the affine point
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return PrimeInteger[]
      */
-    public function convertToAffine(array $p)
+    public function convertToAffine(array $p): array
     {
         if (!isset($p[2])) {
             return $p;
         }
-        list($x, $y, $z) = $p;
+        [$x, $y, $z] = $p;
         $z = $this->one->divide($z);
         return [
             $x->multiply($z),
-            $y->multiply($z)
+            $y->multiply($z),
         ];
     }
 
     /**
      * Returns the modulo
-     *
-     * @return \phpseclib3\Math\BigInteger
      */
-    public function getModulo()
+    public function getModulo(): BigInteger
     {
         return $this->modulo;
     }
@@ -201,9 +201,9 @@ class TwistedEdwards extends Base
      *
      * @return boolean
      */
-    public function verifyPoint(array $p)
+    public function verifyPoint(array $p): bool
     {
-        list($x, $y) = $p;
+        [$x, $y] = $p;
         $x2 = $x->multiply($x);
         $y2 = $y->multiply($y);
 

phpseclib/Crypt/EC/Curves/Curve25519.php

@@ -11,9 +11,12 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Montgomery;
+use phpseclib3\Exception\RangeException;
 use phpseclib3\Math\BigInteger;
 
 class Curve25519 extends Montgomery
@@ -42,10 +45,8 @@ class Curve25519 extends Montgomery
      * Multiply a point on the curve by a scalar
      *
      * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8
-     *
-     * @return array
      */
-    public function multiplyPoint(array $p, BigInteger $d)
+    public function multiplyPoint(array $p, BigInteger $d): array
     {
         //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes())));
         //return [$this->factory->newInteger(new BigInteger($r, 256))];
@@ -61,10 +62,8 @@ class Curve25519 extends Montgomery
 
     /**
      * Creates a random scalar multiplier
-     *
-     * @return BigInteger
      */
-    public function createRandomMultiplier()
+    public function createRandomMultiplier(): BigInteger
     {
         return BigInteger::random(256);
     }
@@ -72,10 +71,10 @@ class Curve25519 extends Montgomery
     /**
      * Performs range check
      */
-    public function rangeCheck(BigInteger $x)
+    public function rangeCheck(BigInteger $x): void
     {
         if ($x->getLength() > 256 || $x->isNegative()) {
-            throw new \RangeException('x must be a positive integer less than 256 bytes in length');
+            throw new RangeException('x must be a positive integer less than 256 bytes in length');
         }
     }
 }

phpseclib/Crypt/EC/Curves/Curve448.php

@@ -11,9 +11,12 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Montgomery;
+use phpseclib3\Exception\RangeException;
 use phpseclib3\Math\BigInteger;
 
 class Curve448 extends Montgomery
@@ -53,10 +56,8 @@ class Curve448 extends Montgomery
      * Multiply a point on the curve by a scalar
      *
      * Modifies the scalar as described at https://tools.ietf.org/html/rfc7748#page-8
-     *
-     * @return array
      */
-    public function multiplyPoint(array $p, BigInteger $d)
+    public function multiplyPoint(array $p, BigInteger $d): array
     {
         //$r = strrev(sodium_crypto_scalarmult($d->toBytes(), strrev($p[0]->toBytes())));
         //return [$this->factory->newInteger(new BigInteger($r, 256))];
@@ -72,10 +73,8 @@ class Curve448 extends Montgomery
 
     /**
      * Creates a random scalar multiplier
-     *
-     * @return BigInteger
      */
-    public function createRandomMultiplier()
+    public function createRandomMultiplier(): BigInteger
     {
         return BigInteger::random(446);
     }
@@ -83,10 +82,10 @@ class Curve448 extends Montgomery
     /**
      * Performs range check
      */
-    public function rangeCheck(BigInteger $x)
+    public function rangeCheck(BigInteger $x): void
     {
         if ($x->getLength() > 448 || $x->isNegative()) {
-            throw new \RangeException('x must be a positive integer less than 446 bytes in length');
+            throw new RangeException('x must be a positive integer less than 446 bytes in length');
         }
     }
 }

phpseclib/Crypt/EC/Curves/Ed25519.php

@@ -10,16 +10,20 @@
  * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards;
 use phpseclib3\Crypt\Hash;
 use phpseclib3\Crypt\Random;
+use phpseclib3\Exception\LengthException;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Math\BigInteger;
 
 class Ed25519 extends TwistedEdwards
 {
-    const HASH = 'sha512';
+    public const HASH = 'sha512';
     /*
       Per https://tools.ietf.org/html/rfc8032#page-6 EdDSA has several parameters, one of which is b:
 
@@ -30,7 +34,7 @@ class Ed25519 extends TwistedEdwards
 
       SIZE corresponds to b
     */
-    const SIZE = 32;
+    public const SIZE = 32;
 
     public function __construct()
     {
@@ -100,11 +104,10 @@ class Ed25519 extends TwistedEdwards
      *
      * Used by EC\Keys\Common.php
      *
-     * @param BigInteger $y
      * @param boolean $sign
      * @return object[]
      */
-    public function recoverX(BigInteger $y, $sign)
+    public function recoverX(BigInteger $y, bool $sign): array
     {
         $y = $this->factory->newInteger($y);
 
@@ -114,7 +117,7 @@ class Ed25519 extends TwistedEdwards
         $x2 = $u->divide($v);
         if ($x2->equals($this->zero)) {
             if ($sign) {
-                throw new \RuntimeException('Unable to recover X coordinate (x2 = 0)');
+                throw new RuntimeException('Unable to recover X coordinate (x2 = 0)');
             }
             return clone $this->zero;
         }
@@ -138,7 +141,7 @@ class Ed25519 extends TwistedEdwards
             $temp = $this->two->pow($temp);
             $x = $x->multiply($temp);
             if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) {
-                throw new \RuntimeException('Unable to recover X coordinate');
+                throw new RuntimeException('Unable to recover X coordinate');
             }
         }
         if ($x->isOdd() != $sign) {
@@ -155,13 +158,12 @@ class Ed25519 extends TwistedEdwards
      *
      * Used by the various key handlers
      *
-     * @param string $str
      * @return array
      */
-    public function extractSecret($str)
+    public function extractSecret(string $str)
     {
         if (strlen($str) != 32) {
-            throw new \LengthException('Private Key should be 32-bytes long');
+            throw new LengthException('Private Key should be 32-bytes long');
         }
         // 1.  Hash the 32-byte private key using SHA-512, storing the digest in
         //     a 64-octet large buffer, denoted h.  Only the lower 32 bytes are
@@ -181,19 +183,16 @@ class Ed25519 extends TwistedEdwards
 
         return [
             'dA' => $dA,
-            'secret' => $str
+            'secret' => $str,
         ];
     }
 
     /**
      * Encode a point as a string
-     *
-     * @param array $point
-     * @return string
      */
-    public function encodePoint($point)
+    public function encodePoint(array $point): string
     {
-        list($x, $y) = $point;
+        [$x, $y] = $point;
         $y = $y->toBytes();
         $y[0] = $y[0] & chr(0x7F);
         if ($x->isOdd()) {
@@ -206,10 +205,8 @@ class Ed25519 extends TwistedEdwards
 
     /**
      * Creates a random scalar multiplier
-     *
-     * @return \phpseclib3\Math\PrimeField\Integer
      */
-    public function createRandomMultiplier()
+    public function createRandomMultiplier(): BigInteger
     {
         return $this->extractSecret(Random::string(32))['dA'];
     }
@@ -222,9 +219,9 @@ class Ed25519 extends TwistedEdwards
      * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T),
      * with x = X/Z, y = Y/Z, x * y = T/Z.
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return Integer[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         if (empty($p)) {
             return [clone $this->zero, clone $this->one, clone $this->one, clone $this->zero];
@@ -245,10 +242,10 @@ class Ed25519 extends TwistedEdwards
      *
      * @return FiniteField[]
      */
-    public function doublePoint(array $p)
+    public function doublePoint(array $p): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p)) {
@@ -256,12 +253,12 @@ class Ed25519 extends TwistedEdwards
         }
 
         if (!isset($p[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         // from https://tools.ietf.org/html/rfc8032#page-12
 
-        list($x1, $y1, $z1, $t1) = $p;
+        [$x1, $y1, $z1, $t1] = $p;
 
         $a = $x1->multiply($x1);
         $b = $y1->multiply($y1);
@@ -285,10 +282,10 @@ class Ed25519 extends TwistedEdwards
      *
      * @return FiniteField[]
      */
-    public function addPoint(array $p, array $q)
+    public function addPoint(array $p, array $q): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p) || !count($q)) {
@@ -302,7 +299,7 @@ class Ed25519 extends TwistedEdwards
         }
 
         if (!isset($p[2]) || !isset($q[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         if ($p[0]->equals($q[0])) {
@@ -311,8 +308,8 @@ class Ed25519 extends TwistedEdwards
 
         // from https://tools.ietf.org/html/rfc8032#page-12
 
-        list($x1, $y1, $z1, $t1) = $p;
-        list($x2, $y2, $z2, $t2) = $q;
+        [$x1, $y1, $z1, $t1] = $p;
+        [$x2, $y2, $z2, $t2] = $q;
 
         $a = $y1->subtract($x1)->multiply($y2->subtract($x2));
         $b = $y1->add($x1)->multiply($y2->add($x2));

phpseclib/Crypt/EC/Curves/Ed448.php

@@ -10,17 +10,22 @@
  * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\TwistedEdwards;
 use phpseclib3\Crypt\Hash;
 use phpseclib3\Crypt\Random;
+use phpseclib3\Exception\LengthException;
+use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Math\BigInteger;
+use phpseclib3\Math\PrimeField\Integer;
 
 class Ed448 extends TwistedEdwards
 {
-    const HASH = 'shake256-912';
-    const SIZE = 57;
+    public const HASH = 'shake256-912';
+    public const SIZE = 57;
 
     public function __construct()
     {
@@ -56,11 +61,10 @@ class Ed448 extends TwistedEdwards
      *
      * Used by EC\Keys\Common.php
      *
-     * @param BigInteger $y
      * @param boolean $sign
      * @return object[]
      */
-    public function recoverX(BigInteger $y, $sign)
+    public function recoverX(BigInteger $y, bool $sign): array
     {
         $y = $this->factory->newInteger($y);
 
@@ -70,7 +74,7 @@ class Ed448 extends TwistedEdwards
         $x2 = $u->divide($v);
         if ($x2->equals($this->zero)) {
             if ($sign) {
-                throw new \RuntimeException('Unable to recover X coordinate (x2 = 0)');
+                throw new RuntimeException('Unable to recover X coordinate (x2 = 0)');
             }
             return clone $this->zero;
         }
@@ -80,7 +84,7 @@ class Ed448 extends TwistedEdwards
         $x = $x2->pow($exp);
 
         if (!$x->multiply($x)->subtract($x2)->equals($this->zero)) {
-            throw new \RuntimeException('Unable to recover X coordinate');
+            throw new RuntimeException('Unable to recover X coordinate');
         }
         if ($x->isOdd() != $sign) {
             $x = $x->negate();
@@ -96,13 +100,12 @@ class Ed448 extends TwistedEdwards
      *
      * Used by the various key handlers
      *
-     * @param string $str
      * @return array
      */
-    public function extractSecret($str)
+    public function extractSecret(string $str)
     {
         if (strlen($str) != 57) {
-            throw new \LengthException('Private Key should be 57-bytes long');
+            throw new LengthException('Private Key should be 57-bytes long');
         }
         // 1.  Hash the 57-byte private key using SHAKE256(x, 114), storing the
         //     digest in a 114-octet large buffer, denoted h.  Only the lower 57
@@ -123,22 +126,16 @@ class Ed448 extends TwistedEdwards
 
         return [
             'dA' => $dA,
-            'secret' => $str
+            'secret' => $str,
         ];
-
-        $dA->secret = $str;
-        return $dA;
     }
 
     /**
      * Encode a point as a string
-     *
-     * @param array $point
-     * @return string
      */
-    public function encodePoint($point)
+    public function encodePoint(array $point): string
     {
-        list($x, $y) = $point;
+        [$x, $y] = $point;
         $y = "\0" . $y->toBytes();
         if ($x->isOdd()) {
             $y[0] = $y[0] | chr(0x80);
@@ -150,10 +147,8 @@ class Ed448 extends TwistedEdwards
 
     /**
      * Creates a random scalar multiplier
-     *
-     * @return \phpseclib3\Math\PrimeField\Integer
      */
-    public function createRandomMultiplier()
+    public function createRandomMultiplier(): BigInteger
     {
         return $this->extractSecret(Random::string(57))['dA'];
     }
@@ -166,9 +161,9 @@ class Ed448 extends TwistedEdwards
      * A point (x,y) is represented in extended homogeneous coordinates (X, Y, Z, T),
      * with x = X/Z, y = Y/Z, x * y = T/Z.
      *
-     * @return \phpseclib3\Math\PrimeField\Integer[]
+     * @return Integer[]
      */
-    public function convertToInternal(array $p)
+    public function convertToInternal(array $p): array
     {
         if (empty($p)) {
             return [clone $this->zero, clone $this->one, clone $this->one];
@@ -188,10 +183,10 @@ class Ed448 extends TwistedEdwards
      *
      * @return FiniteField[]
      */
-    public function doublePoint(array $p)
+    public function doublePoint(array $p): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p)) {
@@ -199,12 +194,12 @@ class Ed448 extends TwistedEdwards
         }
 
         if (!isset($p[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         // from https://tools.ietf.org/html/rfc8032#page-18
 
-        list($x1, $y1, $z1) = $p;
+        [$x1, $y1, $z1] = $p;
 
         $b = $x1->add($y1);
         $b = $b->multiply($b);
@@ -226,10 +221,10 @@ class Ed448 extends TwistedEdwards
      *
      * @return FiniteField[]
      */
-    public function addPoint(array $p, array $q)
+    public function addPoint(array $p, array $q): array
     {
         if (!isset($this->factory)) {
-            throw new \RuntimeException('setModulo needs to be called before this method');
+            throw new RuntimeException('setModulo needs to be called before this method');
         }
 
         if (!count($p) || !count($q)) {
@@ -243,7 +238,7 @@ class Ed448 extends TwistedEdwards
         }
 
         if (!isset($p[2]) || !isset($q[2])) {
-            throw new \RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
+            throw new RuntimeException('Affine coordinates need to be manually converted to "Jacobi" coordinates or vice versa');
         }
 
         if ($p[0]->equals($q[0])) {
@@ -252,8 +247,8 @@ class Ed448 extends TwistedEdwards
 
         // from https://tools.ietf.org/html/rfc8032#page-17
 
-        list($x1, $y1, $z1) = $p;
-        list($x2, $y2, $z2) = $q;
+        [$x1, $y1, $z1] = $p;
+        [$x2, $y2, $z2] = $q;
 
         $a = $z1->multiply($z2);
         $b = $a->multiply($a);

phpseclib/Crypt/EC/Curves/brainpoolP160r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP160t1.php

@@ -24,6 +24,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP192r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP192t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP224r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP224t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP256r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP256t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP320r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP320t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP384r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP384t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP512r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/brainpoolP512t1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/nistb233.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistb233 extends sect233r1

phpseclib/Crypt/EC/Curves/nistb409.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistb409 extends sect409r1

phpseclib/Crypt/EC/Curves/nistk163.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistk163 extends sect163k1

phpseclib/Crypt/EC/Curves/nistk233.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistk233 extends sect233k1

phpseclib/Crypt/EC/Curves/nistk283.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistk283 extends sect283k1

phpseclib/Crypt/EC/Curves/nistk409.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistk409 extends sect409k1

phpseclib/Crypt/EC/Curves/nistp192.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistp192 extends secp192r1

phpseclib/Crypt/EC/Curves/nistp224.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistp224 extends secp224r1

phpseclib/Crypt/EC/Curves/nistp256.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistp256 extends secp256r1

phpseclib/Crypt/EC/Curves/nistp384.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistp384 extends secp384r1

phpseclib/Crypt/EC/Curves/nistp521.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistp521 extends secp521r1

phpseclib/Crypt/EC/Curves/nistt571.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class nistt571 extends sect571k1

phpseclib/Crypt/EC/Curves/prime192v1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class prime192v1 extends secp192r1

phpseclib/Crypt/EC/Curves/prime192v2.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/prime192v3.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/prime239v1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/prime239v2.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/prime239v3.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/prime256v1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 final class prime256v1 extends secp256r1

phpseclib/Crypt/EC/Curves/secp112r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/secp112r2.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/secp128r1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/secp128r2.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\Prime;

phpseclib/Crypt/EC/Curves/secp160k1.php

@@ -11,6 +11,8 @@
  * @link      http://pear.php.net/package/Math_BigInteger
  */
 
+declare(strict_types=1);
+
 namespace phpseclib3\Crypt\EC\Curves;
 
 use phpseclib3\Crypt\EC\BaseCurves\KoblitzPrime;
@@ -35,11 +37,11 @@ class secp160k1 extends KoblitzPrime
         $this->basis = [];
         $this->basis[] = [
             'a' => new BigInteger('0096341F1138933BC2F505', -16),
-            'b' => new BigInteger('FF6E9D0418C67BB8D5F562', -16)
+            'b' => new BigInteger('FF6E9D0418C67BB8D5F562', -16),
         ];
         $this->basis[] = [
             'a' => new BigInteger('01BDCB3A09AAAABEAFF4A8', -16),
-            'b' => new BigInteger('04D12329FF0EF498EA67', -16)
+            'b' => new BigInteger('04D12329FF0EF498EA67', -16),
         ];
         $this->beta = $this->factory->newInteger(new BigInteger('645B7345A143464942CC46D7CF4D5D1E1E6CBB68', -16));
     }