Complex classes like AESGCM often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use AESGCM, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
16 | final class AESGCM |
||
17 | { |
||
18 | /** |
||
19 | * @param string $K Key encryption key |
||
20 | * @param string $IV Initialization vector |
||
21 | * @param null|string $P Data to encrypt (null for authentication) |
||
22 | * @param null|string $A Additional Authentication Data |
||
23 | * @param int $tag_length Tag length |
||
24 | * |
||
25 | * @return array |
||
26 | */ |
||
27 | public static function encrypt($K, $IV, $P = null, $A = null, $tag_length = 128) |
||
28 | { |
||
29 | Assertion::string($K, 'The key encryption key must be a binary string.'); |
||
30 | $key_length = mb_strlen($K, '8bit') * 8; |
||
31 | Assertion::inArray($key_length, [128, 192, 256], 'Bad key encryption key length.'); |
||
32 | Assertion::string($IV, 'The Initialization Vector must be a binary string.'); |
||
33 | Assertion::nullOrString($P, 'The data to encrypt must be null or a binary string.'); |
||
34 | Assertion::nullOrString($A, 'The Additional Authentication Data must be null or a binary string.'); |
||
35 | Assertion::integer($tag_length, 'Invalid tag length. Supported values are: 128, 120, 112, 104 and 96.'); |
||
36 | Assertion::inArray($tag_length, [128, 120, 112, 104, 96], 'Invalid tag length. Supported values are: 128, 120, 112, 104 and 96.'); |
||
37 | |||
38 | if (version_compare(PHP_VERSION, '7.1.0RC5') >= 0 && null !== $P) { |
||
39 | return self::encryptWithPHP71($K, $key_length, $IV, $P, $A, $tag_length); |
||
40 | } elseif (class_exists('\Crypto\Cipher')) { |
||
41 | return self::encryptWithCryptoExtension($K, $key_length, $IV, $P, $A, $tag_length); |
||
42 | } |
||
43 | |||
44 | return self::encryptWithPHP($K, $key_length, $IV, $P, $A, $tag_length); |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * This method will append the tag at the end of the ciphertext. |
||
49 | * |
||
50 | * @param string $K Key encryption key |
||
51 | * @param string $IV Initialization vector |
||
52 | * @param null|string $P Data to encrypt (null for authentication) |
||
53 | * @param null|string $A Additional Authentication Data |
||
54 | * @param int $tag_length Tag length |
||
55 | * |
||
56 | * @return string |
||
57 | */ |
||
58 | public static function encryptAndAppendTag($K, $IV, $P = null, $A = null, $tag_length = 128) |
||
62 | |||
63 | /** |
||
64 | * @param string $K Key encryption key |
||
65 | * @param string $key_length Key length |
||
66 | * @param string $IV Initialization vector |
||
67 | * @param null|string $P Data to encrypt (null for authentication) |
||
68 | * @param null|string $A Additional Authentication Data |
||
69 | * @param int $tag_length Tag length |
||
70 | * |
||
71 | * @return array |
||
72 | */ |
||
73 | private static function encryptWithPHP71($K, $key_length, $IV, $P = null, $A = null, $tag_length = 128) |
||
82 | |||
83 | /** |
||
84 | * @param string $K Key encryption key |
||
85 | * @param string $key_length Key length |
||
86 | * @param string $IV Initialization vector |
||
87 | * @param null|string $P Data to encrypt (null for authentication) |
||
88 | * @param null|string $A Additional Authentication Data |
||
89 | * @param int $tag_length Tag length |
||
90 | * |
||
91 | * @return array |
||
92 | */ |
||
93 | private static function encryptWithPHP($K, $key_length, $IV, $P = null, $A = null, $tag_length = 128) |
||
106 | |||
107 | /** |
||
108 | * @param string $K Key encryption key |
||
109 | * @param string $key_length Key length |
||
110 | * @param string $IV Initialization vector |
||
111 | * @param null|string $P Data to encrypt (null for authentication) |
||
112 | * @param null|string $A Additional Authentication Data |
||
113 | * @param int $tag_length Tag length |
||
114 | * |
||
115 | * @return array |
||
116 | */ |
||
117 | private static function encryptWithCryptoExtension($K, $key_length, $IV, $P = null, $A = null, $tag_length = 128) |
||
127 | |||
128 | /** |
||
129 | * @param string $K Key encryption key |
||
130 | * @param string $IV Initialization vector |
||
131 | * @param string|null $C Data to encrypt (null for authentication) |
||
132 | * @param string|null $A Additional Authentication Data |
||
133 | * @param string $T Tag |
||
134 | * |
||
135 | * @return string |
||
136 | */ |
||
137 | public static function decrypt($K, $IV, $C, $A, $T) |
||
138 | { |
||
139 | Assertion::string($K, 'The key encryption key must be a binary string.'); |
||
140 | $key_length = mb_strlen($K, '8bit') * 8; |
||
141 | Assertion::inArray($key_length, [128, 192, 256], 'Bad key encryption key length.'); |
||
142 | Assertion::string($IV, 'The Initialization Vector must be a binary string.'); |
||
143 | Assertion::nullOrString($C, 'The data to encrypt must be null or a binary string.'); |
||
144 | Assertion::nullOrString($A, 'The Additional Authentication Data must be null or a binary string.'); |
||
145 | |||
146 | $tag_length = self::getLength($T); |
||
147 | Assertion::integer($tag_length, 'Invalid tag length. Supported values are: 128, 120, 112, 104 and 96.'); |
||
148 | Assertion::inArray($tag_length, [128, 120, 112, 104, 96], 'Invalid tag length. Supported values are: 128, 120, 112, 104 and 96.'); |
||
149 | |||
150 | if (version_compare(PHP_VERSION, '7.1.0RC5') >= 0 && null !== $C) { |
||
151 | return self::decryptWithPHP71($K, $key_length, $IV, $C, $A, $T); |
||
152 | } elseif (class_exists('\Crypto\Cipher')) { |
||
153 | return self::decryptWithCryptoExtension($K, $key_length, $IV, $C, $A, $T, $tag_length); |
||
154 | } |
||
155 | |||
156 | return self::decryptWithPHP($K, $key_length, $IV, $C, $A, $T, $tag_length); |
||
157 | } |
||
158 | |||
159 | /** |
||
160 | * This method should be used if the tag is appended at the end of the ciphertext. |
||
161 | * It is used by some AES GCM implementations such as the Java one. |
||
162 | * |
||
163 | * @param string $K Key encryption key |
||
164 | * @param string $IV Initialization vector |
||
165 | * @param string|null $Ciphertext Data to encrypt (null for authentication) |
||
166 | * @param string|null $A Additional Authentication Data |
||
167 | * @param int $tag_length Tag length |
||
168 | * |
||
169 | * @return string |
||
170 | * |
||
171 | * @see self::encryptAndAppendTag |
||
172 | */ |
||
173 | public static function decryptWithAppendedTag($K, $IV, $Ciphertext = null, $A = null, $tag_length = 128) |
||
181 | |||
182 | /** |
||
183 | * @param string $K Key encryption key |
||
184 | * @param string $key_length Key length |
||
185 | * @param string $IV Initialization vector |
||
186 | * @param string|null $C Data to encrypt (null for authentication) |
||
187 | * @param string|null $A Additional Authentication Data |
||
188 | * @param string $T Tag |
||
189 | * |
||
190 | * @return string |
||
191 | */ |
||
192 | private static function decryptWithPHP71($K, $key_length, $IV, $C, $A, $T) |
||
200 | |||
201 | /** |
||
202 | * @param string $K Key encryption key |
||
203 | * @param string $key_length Key length |
||
204 | * @param string $IV Initialization vector |
||
205 | * @param string|null $C Data to encrypt (null for authentication) |
||
206 | * @param string|null $A Additional Authentication Data |
||
207 | * @param string $T Tag |
||
208 | * @param int $tag_length Tag length |
||
209 | * |
||
210 | * @return string |
||
211 | */ |
||
212 | private static function decryptWithPHP($K, $key_length, $IV, $C, $A, $T, $tag_length = 128) |
||
227 | |||
228 | /** |
||
229 | * @param string $K Key encryption key |
||
230 | * @param string $key_length Key length |
||
231 | * @param string $IV Initialization vector |
||
232 | * @param string|null $C Data to encrypt (null for authentication) |
||
233 | * @param string|null $A Additional Authentication Data |
||
234 | * @param string $T Tag |
||
235 | * @param int $tag_length Tag length |
||
236 | * |
||
237 | * @return string |
||
238 | */ |
||
239 | private static function decryptWithCryptoExtension($K, $key_length, $IV, $C, $A, $T, $tag_length = 128) |
||
248 | |||
249 | /** |
||
250 | * @param $K |
||
251 | * @param $key_length |
||
252 | * @param $IV |
||
253 | * @param $A |
||
254 | * |
||
255 | * @return array |
||
256 | */ |
||
257 | private static function common($K, $key_length, $IV, $A) |
||
278 | |||
279 | /** |
||
280 | * @param string $value |
||
281 | * |
||
282 | * @return int |
||
283 | */ |
||
284 | private static function calcVector($value) |
||
288 | |||
289 | /** |
||
290 | * @param string $value |
||
291 | * |
||
292 | * @return string |
||
293 | */ |
||
294 | private static function addPadding($value) |
||
298 | |||
299 | /** |
||
300 | * @param string $x |
||
301 | * |
||
302 | * @return int |
||
303 | */ |
||
304 | private static function getLength($x) |
||
308 | |||
309 | /** |
||
310 | * @param int $num_bits |
||
311 | * @param int $x |
||
312 | * |
||
313 | * @return string |
||
314 | */ |
||
315 | private static function getMSB($num_bits, $x) |
||
321 | |||
322 | /** |
||
323 | * @param int $num_bits |
||
324 | * @param int $x |
||
325 | * |
||
326 | * @return string |
||
327 | */ |
||
328 | private static function getLSB($num_bits, $x) |
||
334 | |||
335 | /** |
||
336 | * @param int $s_bits |
||
337 | * @param int $x |
||
338 | * |
||
339 | * @return string |
||
340 | */ |
||
341 | private static function getInc($s_bits, $x) |
||
349 | |||
350 | /** |
||
351 | * @param string $bin |
||
352 | * |
||
353 | * @return mixed |
||
354 | */ |
||
355 | private static function toUInt32Bits($bin) |
||
361 | |||
362 | /** |
||
363 | * @param $X |
||
364 | * @param $Y |
||
365 | * |
||
366 | * @return string |
||
367 | */ |
||
368 | private static function getProduct($X, $Y) |
||
391 | |||
392 | /** |
||
393 | * @param string $input |
||
394 | * |
||
395 | * @return string |
||
396 | */ |
||
397 | private static function shiftStringToRight($input) |
||
419 | |||
420 | /** |
||
421 | * @param string $H |
||
422 | * @param string $X |
||
423 | * |
||
424 | * @return mixed |
||
425 | */ |
||
426 | private static function getHash($H, $X) |
||
437 | |||
438 | /** |
||
439 | * @param string $K |
||
440 | * @param int $key_length |
||
441 | * @param string $ICB |
||
442 | * @param string $X |
||
443 | * |
||
444 | * @return string |
||
445 | */ |
||
446 | private static function getGCTR($K, $key_length, $ICB, $X) |
||
471 | |||
472 | /** |
||
473 | * @param string $o1 |
||
474 | * @param string $o2 |
||
475 | * |
||
476 | * @return string |
||
477 | */ |
||
478 | private static function getBitXor($o1, $o2) |
||
491 | } |
||
492 |