PBES2Algorithm - Code Metrics - Inspection of "Change requirements to PHP 7.2" - sop/jwx - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — php72 (880eb0)

by Joni

created 2019-05-13 10:47 UTC

PBES2Algorithm A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	200
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	9

Test Coverage

Coverage

100%

Importance

Changes

Metric	Value
wmc	14
lcom	1
cbo	9
dl	0
loc	200
ccs	43
cts	43
cp	1
rs	10
c	0
b	0
f	0

10 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	fromJWK()	17	4
A	salt()	4	1
A	headerParameters()	6	1
A	fromPassword()	5	1
A	saltInput()	3	1
A	iterationCount()	3	1
A	_encryptKey()	3	1
A	_derivedKey()	8	2
A	_decryptKey()	3	1

<?php

declare(strict_types = 1);

namespace Sop\JWX\JWE\KeyAlgorithm;

use Sop\AESKW\AESKeyWrapAlgorithm;
use Sop\JWX\JWA\JWA;
use Sop\JWX\JWE\KeyAlgorithm\Feature\RandomCEK;
use Sop\JWX\JWE\KeyManagementAlgorithm;
use Sop\JWX\JWK\JWK;
use Sop\JWX\JWK\Symmetric\SymmetricKeyJWK;
use Sop\JWX\JWT\Header\Header;
use Sop\JWX\JWT\Parameter\AlgorithmParameter;
use Sop\JWX\JWT\Parameter\PBES2CountParameter;
use Sop\JWX\JWT\Parameter\PBES2SaltInputParameter;

/**
 * Base class for algorithms implementing PBES2 key encryption.
 *
 * @see https://tools.ietf.org/html/rfc7518#section-4.8
 */
abstract class PBES2Algorithm extends KeyManagementAlgorithm
{
    use RandomCEK;

    /**
     * Mapping from algorithm name to class name.
     *
     * @internal
     *
     * @var array
     */
    const MAP_ALGO_TO_CLASS = [
        JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
        JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
        JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
    ];

    /**
     * Password.
     *
     * @var string
     */
    protected $_password;

    /**
     * Salt input.
     *
     * @var string
     */
    protected $_saltInput;

    /**
     * Iteration count.
     *
     * @var int
     */
    protected $_count;

    /**
     * Derived key.
     *
     * @var string
     */
    private $_derivedKey;

    /**
     * Constructor.
     *
     * @param string $password   Password
     * @param string $salt_input Salt input
     * @param int    $count      Iteration count
     */
    public function __construct(string $password, string $salt_input, int $count)
    {
        $this->_password = $password;
        $this->_saltInput = $salt_input;
        $this->_count = $count;
    }

    /**
     * Initialize from JWK.
     *
     * @param JWK    $jwk
     * @param Header $header
     *
     * @throws \UnexpectedValueException
     *
     * @return self
     */
    public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
    {
        $jwk = SymmetricKeyJWK::fromJWK($jwk);
        if (!$header->hasPBES2SaltInput()) {
            throw new \UnexpectedValueException('No salt input.');
        }
        $salt_input = $header->PBES2SaltInput()->saltInput();
        if (!$header->hasPBES2Count()) {
            throw new \UnexpectedValueException('No iteration count.');
        }
        $count = $header->PBES2Count()->value();
        $alg = JWA::deriveAlgorithmName($header, $jwk);
        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
            throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
        }
        $cls = self::MAP_ALGO_TO_CLASS[$alg];
        return new $cls($jwk->key(), $salt_input, $count);
    }

    /**
     * Initialize from a password with random salt and default iteration count.
     *
     * @param string $password   Password
     * @param int    $count      Optional user defined iteration count
     * @param int    $salt_bytes Optional user defined salt length
     *
     * @return self
     */
    public static function fromPassword(string $password, int $count = 64000,
        int $salt_bytes = 8): self
    {
        $salt_input = openssl_random_pseudo_bytes($salt_bytes);
        return new static($password, $salt_input, $count);
    }

    /**
     * Get salt input.
     *
     * @return string
     */
    public function saltInput(): string
    {
        return $this->_saltInput;
    }

    /**
     * Get computed salt.
     *
     * @return string
     */
    public function salt(): string
    {
        return PBES2SaltInputParameter::fromString($this->_saltInput)->salt(
            AlgorithmParameter::fromAlgorithm($this));
    }

    /**
     * Get iteration count.
     *
     * @return int
     */
    public function iterationCount(): int
    {
        return $this->_count;
    }

    /**
     * {@inheritdoc}
     */
    public function headerParameters(): array
    {
        return array_merge(parent::headerParameters(),
            [AlgorithmParameter::fromAlgorithm($this),
                PBES2SaltInputParameter::fromString($this->_saltInput),
                new PBES2CountParameter($this->_count), ]);
    }

    /**
     * Get hash algorithm for hash_pbkdf2.
     *
     * @return string
     */
    abstract protected function _hashAlgo(): string;

    /**
     * Get derived key length.
     *
     * @return int
     */
    abstract protected function _keyLength(): int;

    /**
     * Get key wrapping algoritym.
     *
     * @return AESKeyWrapAlgorithm
     */
    abstract protected function _kwAlgo(): AESKeyWrapAlgorithm;

    /**
     * Get derived key.
     *
     * @return string
     */
    protected function _derivedKey(): string
    {
        if (!isset($this->_derivedKey)) {
            $this->_derivedKey = hash_pbkdf2($this->_hashAlgo(),
                $this->_password, $this->salt(), $this->_count,
                $this->_keyLength(), true);
        }
        return $this->_derivedKey;
    }

    /**
     * {@inheritdoc}
     */
    protected function _encryptKey(string $key, Header &$header): string
    {
        return $this->_kwAlgo()->wrap($key, $this->_derivedKey());
    }

    /**
     * {@inheritdoc}
     */
    protected function _decryptKey(string $ciphertext, Header $header): string
    {
        return $this->_kwAlgo()->unwrap($ciphertext, $this->_derivedKey());
    }
}


1		<?php
2
3		declare(strict_types = 1);
4
5		namespace Sop\JWX\JWE\KeyAlgorithm;
6
7		use Sop\AESKW\AESKeyWrapAlgorithm;
8		use Sop\JWX\JWA\JWA;
9		use Sop\JWX\JWE\KeyAlgorithm\Feature\RandomCEK;
10		use Sop\JWX\JWE\KeyManagementAlgorithm;
11		use Sop\JWX\JWK\JWK;
12		use Sop\JWX\JWK\Symmetric\SymmetricKeyJWK;
13		use Sop\JWX\JWT\Header\Header;
14		use Sop\JWX\JWT\Parameter\AlgorithmParameter;
15		use Sop\JWX\JWT\Parameter\PBES2CountParameter;
16		use Sop\JWX\JWT\Parameter\PBES2SaltInputParameter;
17
18		/**
19		* Base class for algorithms implementing PBES2 key encryption.
20		*
21		* @see https://tools.ietf.org/html/rfc7518#section-4.8
22		*/
23		abstract class PBES2Algorithm extends KeyManagementAlgorithm
24		{
25		use RandomCEK;
26
27		/**
28		* Mapping from algorithm name to class name.
29		*
30		* @internal
31		*
32		* @var array
33		*/
34		const MAP_ALGO_TO_CLASS = [
35		JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
36		JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
37		JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
38		];
39
40		/**
41		* Password.
42		*
43		* @var string
44		*/
45		protected $_password;
46
47		/**
48		* Salt input.
49		*
50		* @var string
51		*/
52		protected $_saltInput;
53
54		/**
55		* Iteration count.
56		*
57		* @var int
58		*/
59		protected $_count;
60
61		/**
62		* Derived key.
63		*
64		* @var string
65		*/
66		private $_derivedKey;
67
68		/**
69		* Constructor.
70		*
71		* @param string $password Password
72		* @param string $salt_input Salt input
73		* @param int $count Iteration count
74		*/
75	10	public function __construct(string $password, string $salt_input, int $count)
76		{
77	10	$this->_password = $password;
78	10	$this->_saltInput = $salt_input;
79	10	$this->_count = $count;
80	10	}
81
82		/**
83		* Initialize from JWK.
84		*
85		* @param JWK $jwk
86		* @param Header $header
87		*
88		* @throws \UnexpectedValueException
89		*
90		* @return self
91		*/
92	7	public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
93		{
94	7	$jwk = SymmetricKeyJWK::fromJWK($jwk);
95	7	if (!$header->hasPBES2SaltInput()) {
96	1	throw new \UnexpectedValueException('No salt input.');
97		}
98	6	$salt_input = $header->PBES2SaltInput()->saltInput();
99	6	if (!$header->hasPBES2Count()) {
100	1	throw new \UnexpectedValueException('No iteration count.');
101		}
102	5	$count = $header->PBES2Count()->value();
103	5	$alg = JWA::deriveAlgorithmName($header, $jwk);
104	5	if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
105	1	throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
106		}
107	4	$cls = self::MAP_ALGO_TO_CLASS[$alg];
108	4	return new $cls($jwk->key(), $salt_input, $count);
109		}
110
111		/**
112		* Initialize from a password with random salt and default iteration count.
113		*
114		* @param string $password Password
115		* @param int $count Optional user defined iteration count
116		* @param int $salt_bytes Optional user defined salt length
117		*
118		* @return self
119		*/
120	1	public static function fromPassword(string $password, int $count = 64000,
121		int $salt_bytes = 8): self
122		{
123	1	$salt_input = openssl_random_pseudo_bytes($salt_bytes);
124	1	return new static($password, $salt_input, $count);
125		}
126
127		/**
128		* Get salt input.
129		*
130		* @return string
131		*/
132	1	public function saltInput(): string
133		{
134	1	return $this->_saltInput;
135		}
136
137		/**
138		* Get computed salt.
139		*
140		* @return string
141		*/
142	9	public function salt(): string
143		{
144	9	return PBES2SaltInputParameter::fromString($this->_saltInput)->salt(
145	9	AlgorithmParameter::fromAlgorithm($this));
146		}
147
148		/**
149		* Get iteration count.
150		*
151		* @return int
152		*/
153	1	public function iterationCount(): int
154		{
155	1	return $this->_count;
156		}
157
158		/**
159		* {@inheritdoc}
160		*/
161	3	public function headerParameters(): array
162		{
163	3	return array_merge(parent::headerParameters(),
164	3	[AlgorithmParameter::fromAlgorithm($this),
165	3	PBES2SaltInputParameter::fromString($this->_saltInput),
166	3	new PBES2CountParameter($this->_count), ]);
167		}
168
169		/**
170		* Get hash algorithm for hash_pbkdf2.
171		*
172		* @return string
173		*/
174		abstract protected function _hashAlgo(): string;
175
176		/**
177		* Get derived key length.
178		*
179		* @return int
180		*/
181		abstract protected function _keyLength(): int;
182
183		/**
184		* Get key wrapping algoritym.
185		*
186		* @return AESKeyWrapAlgorithm
187		*/
188		abstract protected function _kwAlgo(): AESKeyWrapAlgorithm;
189
190		/**
191		* Get derived key.
192		*
193		* @return string
194		*/
195	11	protected function _derivedKey(): string
196		{
197	11	if (!isset($this->_derivedKey)) {
198	8	$this->_derivedKey = hash_pbkdf2($this->_hashAlgo(),
199	8	$this->_password, $this->salt(), $this->_count,
200	8	$this->_keyLength(), true);
201		}
202	11	return $this->_derivedKey;
203		}
204
205		/**
206		* {@inheritdoc}
207		*/
208	7	protected function _encryptKey(string $key, Header &$header): string
209		{
210	7	return $this->_kwAlgo()->wrap($key, $this->_derivedKey());
211		}
212
213		/**
214		* {@inheritdoc}
215		*/
216	4	protected function _decryptKey(string $ciphertext, Header $header): string
217		{
218	4	return $this->_kwAlgo()->unwrap($ciphertext, $this->_derivedKey());
219		}
220		}
221

sop / jwx

GitHub Access Token became invalid

Branch — php72 (880eb0)

PBES2Algorithm A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

10 Methods

Duplication Side-by-Side

Filter issues like