sop / jwx

lib/JWX/JWE/EncryptionAlgorithm/EncryptionAlgorithmFactory.php

Indentation +52 added lines, -52 removed lines

@@ -13,58 +13,58 @@
  */
 abstract class EncryptionAlgorithmFactory
 {
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = [
-        JWA::ALGO_A128CBC_HS256 => A128CBCHS256Algorithm::class,
-        JWA::ALGO_A192CBC_HS384 => A192CBCHS384Algorithm::class,
-        JWA::ALGO_A256CBC_HS512 => A256CBCHS512Algorithm::class,
-        JWA::ALGO_A128GCM => A128GCMAlgorithm::class,
-        JWA::ALGO_A192GCM => A192GCMAlgorithm::class,
-        JWA::ALGO_A256GCM => A256GCMAlgorithm::class,
-    ];
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = [
+		JWA::ALGO_A128CBC_HS256 => A128CBCHS256Algorithm::class,
+		JWA::ALGO_A192CBC_HS384 => A192CBCHS384Algorithm::class,
+		JWA::ALGO_A256CBC_HS512 => A256CBCHS512Algorithm::class,
+		JWA::ALGO_A128GCM => A128GCMAlgorithm::class,
+		JWA::ALGO_A192GCM => A192GCMAlgorithm::class,
+		JWA::ALGO_A256GCM => A256GCMAlgorithm::class,
+	];
 
-    /**
-     * Get the content encryption algorithm by algorithm name.
-     *
-     * @param string $name Algorithm name
-     *
-     * @throws \UnexpectedValueException if algorithm is not supported
-     *
-     * @return ContentEncryptionAlgorithm
-     */
-    public static function algoByName(string $name): ContentEncryptionAlgorithm
-    {
-        if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException(
-                "No content encryption algorithm '{$name}'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$name];
-        return new $cls();
-    }
+	/**
+	 * Get the content encryption algorithm by algorithm name.
+	 *
+	 * @param string $name Algorithm name
+	 *
+	 * @throws \UnexpectedValueException if algorithm is not supported
+	 *
+	 * @return ContentEncryptionAlgorithm
+	 */
+	public static function algoByName(string $name): ContentEncryptionAlgorithm
+	{
+		if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException(
+				"No content encryption algorithm '{$name}'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$name];
+		return new $cls();
+	}
 
-    /**
-     * Get the content encryption algorithm as specified in the given header.
-     *
-     * @param Header $header Header
-     *
-     * @throws \UnexpectedValueException If content encryption algorithm
-     *                                   parameter is not present or algorithm
-     *                                   is not supported
-     *
-     * @return ContentEncryptionAlgorithm
-     */
-    public static function algoByHeader(Header $header): ContentEncryptionAlgorithm
-    {
-        if (!$header->hasEncryptionAlgorithm()) {
-            throw new \UnexpectedValueException(
-                'No encryption algorithm parameter.');
-        }
-        return self::algoByName($header->encryptionAlgorithm()->value());
-    }
+	/**
+	 * Get the content encryption algorithm as specified in the given header.
+	 *
+	 * @param Header $header Header
+	 *
+	 * @throws \UnexpectedValueException If content encryption algorithm
+	 *                                   parameter is not present or algorithm
+	 *                                   is not supported
+	 *
+	 * @return ContentEncryptionAlgorithm
+	 */
+	public static function algoByHeader(Header $header): ContentEncryptionAlgorithm
+	{
+		if (!$header->hasEncryptionAlgorithm()) {
+			throw new \UnexpectedValueException(
+				'No encryption algorithm parameter.');
+		}
+		return self::algoByName($header->encryptionAlgorithm()->value());
+	}
 }

lib/JWX/JWE/EncryptionAlgorithm/AESCBCAlgorithm.php

Indentation +210 added lines, -210 removed lines

@@ -15,214 +15,214 @@
  */
 abstract class AESCBCAlgorithm implements ContentEncryptionAlgorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function encrypt(string $plaintext, string $key, string $iv,
-        string $aad): array
-    {
-        $this->_validateKey($key);
-        $this->_validateIV($iv);
-        $ciphertext = openssl_encrypt($plaintext, $this->_getCipherMethod(),
-            $this->_encKey($key), OPENSSL_RAW_DATA, $iv);
-        if (false === $ciphertext) {
-            throw new \RuntimeException(
-                'openssl_encrypt() failed: ' . $this->_getLastOpenSSLError());
-        }
-        $auth_data = $aad . $iv . $ciphertext . $this->_aadLen($aad);
-        $auth_tag = $this->_computeAuthTag($auth_data, $key);
-        return [$ciphertext, $auth_tag];
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function decrypt(string $ciphertext, string $key, string $iv,
-        string $aad, string $auth_tag): string
-    {
-        $this->_validateKey($key);
-        $this->_validateIV($iv);
-        $auth_data = $aad . $iv . $ciphertext . $this->_aadLen($aad);
-        if ($this->_computeAuthTag($auth_data, $key) !== $auth_tag) {
-            throw new AuthenticationException('Message authentication failed.');
-        }
-        $plaintext = openssl_decrypt($ciphertext, $this->_getCipherMethod(),
-            $this->_encKey($key), OPENSSL_RAW_DATA, $iv);
-        if (false === $plaintext) {
-            throw new \RuntimeException(
-                'openssl_decrypt() failed: ' . $this->_getLastOpenSSLError());
-        }
-        return $plaintext;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function ivSize(): int
-    {
-        return 16;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        return [EncryptionAlgorithmParameter::fromAlgorithm($this)];
-    }
-
-    /**
-     * Get cipher method name that is recognized by OpenSSL.
-     *
-     * @return string
-     */
-    abstract protected function _cipherMethod(): string;
-
-    /**
-     * Get algorithm name that is recognized by the Hash extension.
-     *
-     * @return string
-     */
-    abstract protected function _hashAlgo(): string;
-
-    /**
-     * Get length of the encryption key.
-     *
-     * @return int
-     */
-    abstract protected function _encKeyLen(): int;
-
-    /**
-     * Get length of the MAC key.
-     *
-     * @return int
-     */
-    abstract protected function _macKeyLen(): int;
-
-    /**
-     * Get length of the authentication tag.
-     *
-     * @return int
-     */
-    abstract protected function _tagLen(): int;
-
-    /**
-     * Get cipher method and verify that it's supported.
-     *
-     * @throws \RuntimeException
-     *
-     * @return string
-     */
-    final protected function _getCipherMethod(): string
-    {
-        static $supported_ciphers;
-        if (!isset($supported_ciphers)) {
-            $supported_ciphers = array_flip(
-                array_map('strtolower', openssl_get_cipher_methods(false)));
-        }
-        $method = $this->_cipherMethod();
-        if (!isset($supported_ciphers[$method])) {
-            throw new \RuntimeException(
-                "Cipher method {$method} is not" .
-                     ' supported by this version of OpenSSL.');
-        }
-        return $method;
-    }
-
-    /**
-     * Check that key is valid.
-     *
-     * @param string $key
-     *
-     * @throws \RuntimeException
-     */
-    final protected function _validateKey(string $key): void
-    {
-        if (strlen($key) !== $this->keySize()) {
-            throw new \RuntimeException('Invalid key size.');
-        }
-    }
-
-    /**
-     * Check that IV is valid.
-     *
-     * @param string $iv
-     *
-     * @throws \RuntimeException
-     */
-    final protected function _validateIV(string $iv): void
-    {
-        $len = openssl_cipher_iv_length($this->_getCipherMethod());
-        if ($len !== strlen($iv)) {
-            throw new \RuntimeException('Invalid IV length.');
-        }
-    }
-
-    /**
-     * Get MAC key from CEK.
-     *
-     * @param string $key
-     *
-     * @return string
-     */
-    final protected function _macKey(string $key): string
-    {
-        return substr($key, 0, $this->_macKeyLen());
-    }
-
-    /**
-     * Get encryption key from CEK.
-     *
-     * @param string $key
-     *
-     * @return string
-     */
-    final protected function _encKey(string $key): string
-    {
-        return substr($key, -$this->_encKeyLen());
-    }
-
-    /**
-     * Compute AL value.
-     *
-     * @param string $aad
-     *
-     * @return string 64 bits
-     */
-    final protected function _aadLen(string $aad): string
-    {
-        // truncate on 32 bit hosts
-        if (PHP_INT_SIZE < 8) {
-            return "\0\0\0\0" . pack('N', strlen($aad) * 8);
-        }
-        return pack('J', strlen($aad) * 8);
-    }
-
-    /**
-     * Compute authentication tag.
-     *
-     * @param string $data
-     * @param string $key  CEK
-     *
-     * @return string
-     */
-    final protected function _computeAuthTag(string $data, string $key): string
-    {
-        $tag = hash_hmac($this->_hashAlgo(), $data, $this->_macKey($key), true);
-        return substr($tag, 0, $this->_tagLen());
-    }
-
-    /**
-     * Get last OpenSSL error message.
-     *
-     * @return null|string
-     */
-    protected function _getLastOpenSSLError(): ?string
-    {
-        $msg = null;
-        while (false !== ($err = openssl_error_string())) {
-            $msg = $err;
-        }
-        return $msg;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function encrypt(string $plaintext, string $key, string $iv,
+		string $aad): array
+	{
+		$this->_validateKey($key);
+		$this->_validateIV($iv);
+		$ciphertext = openssl_encrypt($plaintext, $this->_getCipherMethod(),
+			$this->_encKey($key), OPENSSL_RAW_DATA, $iv);
+		if (false === $ciphertext) {
+			throw new \RuntimeException(
+				'openssl_encrypt() failed: ' . $this->_getLastOpenSSLError());
+		}
+		$auth_data = $aad . $iv . $ciphertext . $this->_aadLen($aad);
+		$auth_tag = $this->_computeAuthTag($auth_data, $key);
+		return [$ciphertext, $auth_tag];
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function decrypt(string $ciphertext, string $key, string $iv,
+		string $aad, string $auth_tag): string
+	{
+		$this->_validateKey($key);
+		$this->_validateIV($iv);
+		$auth_data = $aad . $iv . $ciphertext . $this->_aadLen($aad);
+		if ($this->_computeAuthTag($auth_data, $key) !== $auth_tag) {
+			throw new AuthenticationException('Message authentication failed.');
+		}
+		$plaintext = openssl_decrypt($ciphertext, $this->_getCipherMethod(),
+			$this->_encKey($key), OPENSSL_RAW_DATA, $iv);
+		if (false === $plaintext) {
+			throw new \RuntimeException(
+				'openssl_decrypt() failed: ' . $this->_getLastOpenSSLError());
+		}
+		return $plaintext;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function ivSize(): int
+	{
+		return 16;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		return [EncryptionAlgorithmParameter::fromAlgorithm($this)];
+	}
+
+	/**
+	 * Get cipher method name that is recognized by OpenSSL.
+	 *
+	 * @return string
+	 */
+	abstract protected function _cipherMethod(): string;
+
+	/**
+	 * Get algorithm name that is recognized by the Hash extension.
+	 *
+	 * @return string
+	 */
+	abstract protected function _hashAlgo(): string;
+
+	/**
+	 * Get length of the encryption key.
+	 *
+	 * @return int
+	 */
+	abstract protected function _encKeyLen(): int;
+
+	/**
+	 * Get length of the MAC key.
+	 *
+	 * @return int
+	 */
+	abstract protected function _macKeyLen(): int;
+
+	/**
+	 * Get length of the authentication tag.
+	 *
+	 * @return int
+	 */
+	abstract protected function _tagLen(): int;
+
+	/**
+	 * Get cipher method and verify that it's supported.
+	 *
+	 * @throws \RuntimeException
+	 *
+	 * @return string
+	 */
+	final protected function _getCipherMethod(): string
+	{
+		static $supported_ciphers;
+		if (!isset($supported_ciphers)) {
+			$supported_ciphers = array_flip(
+				array_map('strtolower', openssl_get_cipher_methods(false)));
+		}
+		$method = $this->_cipherMethod();
+		if (!isset($supported_ciphers[$method])) {
+			throw new \RuntimeException(
+				"Cipher method {$method} is not" .
+					 ' supported by this version of OpenSSL.');
+		}
+		return $method;
+	}
+
+	/**
+	 * Check that key is valid.
+	 *
+	 * @param string $key
+	 *
+	 * @throws \RuntimeException
+	 */
+	final protected function _validateKey(string $key): void
+	{
+		if (strlen($key) !== $this->keySize()) {
+			throw new \RuntimeException('Invalid key size.');
+		}
+	}
+
+	/**
+	 * Check that IV is valid.
+	 *
+	 * @param string $iv
+	 *
+	 * @throws \RuntimeException
+	 */
+	final protected function _validateIV(string $iv): void
+	{
+		$len = openssl_cipher_iv_length($this->_getCipherMethod());
+		if ($len !== strlen($iv)) {
+			throw new \RuntimeException('Invalid IV length.');
+		}
+	}
+
+	/**
+	 * Get MAC key from CEK.
+	 *
+	 * @param string $key
+	 *
+	 * @return string
+	 */
+	final protected function _macKey(string $key): string
+	{
+		return substr($key, 0, $this->_macKeyLen());
+	}
+
+	/**
+	 * Get encryption key from CEK.
+	 *
+	 * @param string $key
+	 *
+	 * @return string
+	 */
+	final protected function _encKey(string $key): string
+	{
+		return substr($key, -$this->_encKeyLen());
+	}
+
+	/**
+	 * Compute AL value.
+	 *
+	 * @param string $aad
+	 *
+	 * @return string 64 bits
+	 */
+	final protected function _aadLen(string $aad): string
+	{
+		// truncate on 32 bit hosts
+		if (PHP_INT_SIZE < 8) {
+			return "\0\0\0\0" . pack('N', strlen($aad) * 8);
+		}
+		return pack('J', strlen($aad) * 8);
+	}
+
+	/**
+	 * Compute authentication tag.
+	 *
+	 * @param string $data
+	 * @param string $key  CEK
+	 *
+	 * @return string
+	 */
+	final protected function _computeAuthTag(string $data, string $key): string
+	{
+		$tag = hash_hmac($this->_hashAlgo(), $data, $this->_macKey($key), true);
+		return substr($tag, 0, $this->_tagLen());
+	}
+
+	/**
+	 * Get last OpenSSL error message.
+	 *
+	 * @return null|string
+	 */
+	protected function _getLastOpenSSLError(): ?string
+	{
+		$msg = null;
+		while (false !== ($err = openssl_error_string())) {
+			$msg = $err;
+		}
+		return $msg;
+	}
 }

lib/JWX/JWE/EncryptionAlgorithm/A128CBCHS256Algorithm.php

Indentation +49 added lines, -49 removed lines

@@ -13,59 +13,59 @@
  */
 class A128CBCHS256Algorithm extends AESCBCAlgorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function keySize(): int
-    {
-        return 32;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function keySize(): int
+	{
+		return 32;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function encryptionAlgorithmParamValue(): string
-    {
-        return JWA::ALGO_A128CBC_HS256;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function encryptionAlgorithmParamValue(): string
+	{
+		return JWA::ALGO_A128CBC_HS256;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _cipherMethod(): string
-    {
-        return 'aes-128-cbc';
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _cipherMethod(): string
+	{
+		return 'aes-128-cbc';
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _hashAlgo(): string
-    {
-        return 'sha256';
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _hashAlgo(): string
+	{
+		return 'sha256';
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _encKeyLen(): int
-    {
-        return 16;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _encKeyLen(): int
+	{
+		return 16;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _macKeyLen(): int
-    {
-        return 16;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _macKeyLen(): int
+	{
+		return 16;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _tagLen(): int
-    {
-        return 16;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _tagLen(): int
+	{
+		return 16;
+	}
 }

lib/JWX/JWE/CompressionAlgorithm/DeflateAlgorithm.php

Indentation +62 added lines, -62 removed lines

@@ -16,71 +16,71 @@
  */
 class DeflateAlgorithm implements CompressionAlgorithm
 {
-    /**
-     * Compression level.
-     *
-     * @var int
-     */
-    protected $_compressionLevel;
+	/**
+	 * Compression level.
+	 *
+	 * @var int
+	 */
+	protected $_compressionLevel;
 
-    /**
-     * Constructor.
-     *
-     * @param int $level Compression level 0..9
-     */
-    public function __construct(int $level = -1)
-    {
-        if ($level < -1 || $level > 9) {
-            throw new \DomainException('Compression level must be -1..9.');
-        }
-        $this->_compressionLevel = $level;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param int $level Compression level 0..9
+	 */
+	public function __construct(int $level = -1)
+	{
+		if ($level < -1 || $level > 9) {
+			throw new \DomainException('Compression level must be -1..9.');
+		}
+		$this->_compressionLevel = $level;
+	}
 
-    /**
-     * {@inheritdoc}
-     *
-     * @throws \RuntimeException
-     */
-    public function compress(string $data): string
-    {
-        $ret = @gzdeflate($data, $this->_compressionLevel);
-        if (false === $ret) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? 'gzdeflate() failed.');
-        }
-        return $ret;
-    }
+	/**
+	 * {@inheritdoc}
+	 *
+	 * @throws \RuntimeException
+	 */
+	public function compress(string $data): string
+	{
+		$ret = @gzdeflate($data, $this->_compressionLevel);
+		if (false === $ret) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? 'gzdeflate() failed.');
+		}
+		return $ret;
+	}
 
-    /**
-     * {@inheritdoc}
-     *
-     * @throws \RuntimeException
-     */
-    public function decompress(string $data): string
-    {
-        $ret = @gzinflate($data);
-        if (false === $ret) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? 'gzinflate() failed.');
-        }
-        return $ret;
-    }
+	/**
+	 * {@inheritdoc}
+	 *
+	 * @throws \RuntimeException
+	 */
+	public function decompress(string $data): string
+	{
+		$ret = @gzinflate($data);
+		if (false === $ret) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? 'gzinflate() failed.');
+		}
+		return $ret;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function compressionParamValue(): string
-    {
-        return JWA::ALGO_DEFLATE;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function compressionParamValue(): string
+	{
+		return JWA::ALGO_DEFLATE;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        return [CompressionAlgorithmParameter::fromAlgorithm($this)];
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		return [CompressionAlgorithmParameter::fromAlgorithm($this)];
+	}
 }

lib/JWX/JWE/CompressionAlgorithm/CompressionFactory.php

Indentation +46 added lines, -46 removed lines

@@ -13,52 +13,52 @@
  */
 abstract class CompressionFactory
 {
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = [
-        JWA::ALGO_DEFLATE => DeflateAlgorithm::class,
-    ];
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = [
+		JWA::ALGO_DEFLATE => DeflateAlgorithm::class,
+	];
 
-    /**
-     * Get the compression algorithm by name.
-     *
-     * @param string $name
-     *
-     * @throws \UnexpectedValueException If algorithm is not supported
-     *
-     * @return CompressionAlgorithm
-     */
-    public static function algoByName(string $name): CompressionAlgorithm
-    {
-        if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException(
-                "No compression algorithm '{$name}'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$name];
-        return new $cls();
-    }
+	/**
+	 * Get the compression algorithm by name.
+	 *
+	 * @param string $name
+	 *
+	 * @throws \UnexpectedValueException If algorithm is not supported
+	 *
+	 * @return CompressionAlgorithm
+	 */
+	public static function algoByName(string $name): CompressionAlgorithm
+	{
+		if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException(
+				"No compression algorithm '{$name}'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$name];
+		return new $cls();
+	}
 
-    /**
-     * Get the compression algorithm as specified in the given header.
-     *
-     * @param Header $header Header
-     *
-     * @throws \UnexpectedValueException If compression algorithm parameter is
-     *                                   not present or algorithm is not supported
-     *
-     * @return CompressionAlgorithm
-     */
-    public static function algoByHeader(Header $header): CompressionAlgorithm
-    {
-        if (!$header->hasCompressionAlgorithm()) {
-            throw new \UnexpectedValueException(
-                'No compression algorithm parameter.');
-        }
-        return self::algoByName($header->compressionAlgorithm()->value());
-    }
+	/**
+	 * Get the compression algorithm as specified in the given header.
+	 *
+	 * @param Header $header Header
+	 *
+	 * @throws \UnexpectedValueException If compression algorithm parameter is
+	 *                                   not present or algorithm is not supported
+	 *
+	 * @return CompressionAlgorithm
+	 */
+	public static function algoByHeader(Header $header): CompressionAlgorithm
+	{
+		if (!$header->hasCompressionAlgorithm()) {
+			throw new \UnexpectedValueException(
+				'No compression algorithm parameter.');
+		}
+		return self::algoByName($header->compressionAlgorithm()->value());
+	}
 }

lib/JWX/JWE/KeyManagementAlgorithm.php

Indentation +115 added lines, -115 removed lines

@@ -17,127 +17,127 @@
  */
 abstract class KeyManagementAlgorithm implements AlgorithmParameterValue, HeaderParameters
 {
-    /**
-     * ID of the key used by the algorithm.
-     *
-     * If set, KeyID parameter shall be automatically inserted into JWE's
-     * header.
-     *
-     * @var null|string
-     */
-    protected $_keyID;
+	/**
+	 * ID of the key used by the algorithm.
+	 *
+	 * If set, KeyID parameter shall be automatically inserted into JWE's
+	 * header.
+	 *
+	 * @var null|string
+	 */
+	protected $_keyID;
 
-    /**
-     * Encrypt a key to be inserted into JWE header.
-     *
-     * @param string      $cek    Content encryption key
-     * @param null|Header $header Optional reference to the Header variable,
-     *                            which may be updated to contain parameters
-     *                            specific to this encrypt invocation.
-     *                            If the variable is referenced, but is a null,
-     *                            it shall be initialized to an empty Header.
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return string Encrypted key
-     */
-    final public function encrypt(string $cek, Header &$header = null): string
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        return $this->_encryptKey($cek, $header);
-    }
+	/**
+	 * Encrypt a key to be inserted into JWE header.
+	 *
+	 * @param string      $cek    Content encryption key
+	 * @param null|Header $header Optional reference to the Header variable,
+	 *                            which may be updated to contain parameters
+	 *                            specific to this encrypt invocation.
+	 *                            If the variable is referenced, but is a null,
+	 *                            it shall be initialized to an empty Header.
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return string Encrypted key
+	 */
+	final public function encrypt(string $cek, Header &$header = null): string
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		return $this->_encryptKey($cek, $header);
+	}
 
-    /**
-     * Decrypt a CEK from the encrypted data.
-     *
-     * @param string      $data   Encrypted key
-     * @param null|Header $header Optional header containing parameters
-     *                            required to decrypt the key
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return string Content encryption key
-     */
-    final public function decrypt(string $data, ?Header $header = null): string
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        return $this->_decryptKey($data, $header);
-    }
+	/**
+	 * Decrypt a CEK from the encrypted data.
+	 *
+	 * @param string      $data   Encrypted key
+	 * @param null|Header $header Optional header containing parameters
+	 *                            required to decrypt the key
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return string Content encryption key
+	 */
+	final public function decrypt(string $data, ?Header $header = null): string
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		return $this->_decryptKey($data, $header);
+	}
 
-    /**
-     * Get content encryption key for the encryption.
-     *
-     * Returned key may be random depending on the key management algorithm.
-     *
-     * @param int $length Required key size in bytes
-     *
-     * @return string
-     */
-    abstract public function cekForEncryption(int $length): string;
+	/**
+	 * Get content encryption key for the encryption.
+	 *
+	 * Returned key may be random depending on the key management algorithm.
+	 *
+	 * @param int $length Required key size in bytes
+	 *
+	 * @return string
+	 */
+	abstract public function cekForEncryption(int $length): string;
 
-    /**
-     * Initialize key management algorithm from a JWK and a header.
-     *
-     * @param JWK    $jwk
-     * @param Header $header
-     *
-     * @return KeyManagementAlgorithm
-     */
-    public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
-    {
-        $factory = new KeyAlgorithmFactory($header);
-        return $factory->algoByKey($jwk);
-    }
+	/**
+	 * Initialize key management algorithm from a JWK and a header.
+	 *
+	 * @param JWK    $jwk
+	 * @param Header $header
+	 *
+	 * @return KeyManagementAlgorithm
+	 */
+	public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
+	{
+		$factory = new KeyAlgorithmFactory($header);
+		return $factory->algoByKey($jwk);
+	}
 
-    /**
-     * Get self with key ID.
-     *
-     * @param null|string $id Key ID or null to remove
-     *
-     * @return self
-     */
-    public function withKeyID(?string $id): self
-    {
-        $obj = clone $this;
-        $obj->_keyID = $id;
-        return $obj;
-    }
+	/**
+	 * Get self with key ID.
+	 *
+	 * @param null|string $id Key ID or null to remove
+	 *
+	 * @return self
+	 */
+	public function withKeyID(?string $id): self
+	{
+		$obj = clone $this;
+		$obj->_keyID = $id;
+		return $obj;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        $params = [];
-        if (isset($this->_keyID)) {
-            $params[] = new KeyIDParameter($this->_keyID);
-        }
-        return $params;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		$params = [];
+		if (isset($this->_keyID)) {
+			$params[] = new KeyIDParameter($this->_keyID);
+		}
+		return $params;
+	}
 
-    /**
-     * Encrypt a key.
-     *
-     * @param string $key    Key to be encrypted
-     * @param Header $header Reference to the Header variable, that shall
-     *                       be updated to contain parameters specific to the encryption
-     *
-     * @return string Ciphertext
-     */
-    abstract protected function _encryptKey(string $key, Header &$header): string;
+	/**
+	 * Encrypt a key.
+	 *
+	 * @param string $key    Key to be encrypted
+	 * @param Header $header Reference to the Header variable, that shall
+	 *                       be updated to contain parameters specific to the encryption
+	 *
+	 * @return string Ciphertext
+	 */
+	abstract protected function _encryptKey(string $key, Header &$header): string;
 
-    /**
-     * Decrypt a key.
-     *
-     * @param string $ciphertext Ciphertext of the encrypted key
-     * @param Header $header     Header possibly containing encoding specific
-     *                           parameters
-     *
-     * @return string Plaintext key
-     */
-    abstract protected function _decryptKey(string $ciphertext, Header $header): string;
+	/**
+	 * Decrypt a key.
+	 *
+	 * @param string $ciphertext Ciphertext of the encrypted key
+	 * @param Header $header     Header possibly containing encoding specific
+	 *                           parameters
+	 *
+	 * @return string Plaintext key
+	 */
+	abstract protected function _decryptKey(string $ciphertext, Header $header): string;
 }

lib/JWX/JWE/ContentEncryptionAlgorithm.php

Indentation +37 added lines, -37 removed lines

@@ -12,44 +12,44 @@
  */
 interface ContentEncryptionAlgorithm extends EncryptionAlgorithmParameterValue, HeaderParameters
 {
-    /**
-     * Encrypt plaintext.
-     *
-     * @param string $plaintext Data to encrypt
-     * @param string $key       Encryption key
-     * @param string $iv        Initialization vector
-     * @param string $aad       Additional authenticated data
-     *
-     * @return array Tuple of ciphertext and authentication tag
-     */
-    public function encrypt(string $plaintext, string $key, string $iv,
-        string $aad): array;
+	/**
+	 * Encrypt plaintext.
+	 *
+	 * @param string $plaintext Data to encrypt
+	 * @param string $key       Encryption key
+	 * @param string $iv        Initialization vector
+	 * @param string $aad       Additional authenticated data
+	 *
+	 * @return array Tuple of ciphertext and authentication tag
+	 */
+	public function encrypt(string $plaintext, string $key, string $iv,
+		string $aad): array;
 
-    /**
-     * Decrypt ciphertext.
-     *
-     * @param string $ciphertext Data to decrypt
-     * @param string $key        Encryption key
-     * @param string $iv         Initialization vector
-     * @param string $aad        Additional authenticated data
-     * @param string $auth_tag   Authentication tag to compare
-     *
-     * @return string Plaintext
-     */
-    public function decrypt(string $ciphertext, string $key, string $iv,
-        string $aad, string $auth_tag): string;
+	/**
+	 * Decrypt ciphertext.
+	 *
+	 * @param string $ciphertext Data to decrypt
+	 * @param string $key        Encryption key
+	 * @param string $iv         Initialization vector
+	 * @param string $aad        Additional authenticated data
+	 * @param string $auth_tag   Authentication tag to compare
+	 *
+	 * @return string Plaintext
+	 */
+	public function decrypt(string $ciphertext, string $key, string $iv,
+		string $aad, string $auth_tag): string;
 
-    /**
-     * Get the required key size in bytes.
-     *
-     * @return int
-     */
-    public function keySize(): int;
+	/**
+	 * Get the required key size in bytes.
+	 *
+	 * @return int
+	 */
+	public function keySize(): int;
 
-    /**
-     * Get the required IV size in bytes.
-     *
-     * @return int
-     */
-    public function ivSize(): int;
+	/**
+	 * Get the required IV size in bytes.
+	 *
+	 * @return int
+	 */
+	public function ivSize(): int;
 }

lib/JWX/JWE/KeyAlgorithm/PBES2Algorithm.php

Indentation +195 added lines, -195 removed lines

@@ -22,199 +22,199 @@
  */
 abstract class PBES2Algorithm extends KeyManagementAlgorithm
 {
-    use RandomCEK;
-
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = [
-        JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
-        JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
-        JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
-    ];
-
-    /**
-     * Password.
-     *
-     * @var string
-     */
-    protected $_password;
-
-    /**
-     * Salt input.
-     *
-     * @var string
-     */
-    protected $_saltInput;
-
-    /**
-     * Iteration count.
-     *
-     * @var int
-     */
-    protected $_count;
-
-    /**
-     * Derived key.
-     *
-     * @var string
-     */
-    private $_derivedKey;
-
-    /**
-     * Constructor.
-     *
-     * @param string $password   Password
-     * @param string $salt_input Salt input
-     * @param int    $count      Iteration count
-     */
-    public function __construct(string $password, string $salt_input, int $count)
-    {
-        $this->_password = $password;
-        $this->_saltInput = $salt_input;
-        $this->_count = $count;
-    }
-
-    /**
-     * Initialize from JWK.
-     *
-     * @param JWK    $jwk
-     * @param Header $header
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
-    {
-        $jwk = SymmetricKeyJWK::fromJWK($jwk);
-        if (!$header->hasPBES2SaltInput()) {
-            throw new \UnexpectedValueException('No salt input.');
-        }
-        $salt_input = $header->PBES2SaltInput()->saltInput();
-        if (!$header->hasPBES2Count()) {
-            throw new \UnexpectedValueException('No iteration count.');
-        }
-        $count = $header->PBES2Count()->value();
-        $alg = JWA::deriveAlgorithmName($header, $jwk);
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$alg];
-        return new $cls($jwk->key(), $salt_input, $count);
-    }
-
-    /**
-     * Initialize from a password with random salt and default iteration count.
-     *
-     * @param string $password   Password
-     * @param int    $count      Optional user defined iteration count
-     * @param int    $salt_bytes Optional user defined salt length
-     *
-     * @return self
-     */
-    public static function fromPassword(string $password, int $count = 64000,
-        int $salt_bytes = 8): self
-    {
-        $salt_input = openssl_random_pseudo_bytes($salt_bytes);
-        return new static($password, $salt_input, $count);
-    }
-
-    /**
-     * Get salt input.
-     *
-     * @return string
-     */
-    public function saltInput(): string
-    {
-        return $this->_saltInput;
-    }
-
-    /**
-     * Get computed salt.
-     *
-     * @return string
-     */
-    public function salt(): string
-    {
-        return PBES2SaltInputParameter::fromString($this->_saltInput)->salt(
-            AlgorithmParameter::fromAlgorithm($this));
-    }
-
-    /**
-     * Get iteration count.
-     *
-     * @return int
-     */
-    public function iterationCount(): int
-    {
-        return $this->_count;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        return array_merge(parent::headerParameters(),
-            [AlgorithmParameter::fromAlgorithm($this),
-                PBES2SaltInputParameter::fromString($this->_saltInput),
-                new PBES2CountParameter($this->_count), ]);
-    }
-
-    /**
-     * Get hash algorithm for hash_pbkdf2.
-     *
-     * @return string
-     */
-    abstract protected function _hashAlgo(): string;
-
-    /**
-     * Get derived key length.
-     *
-     * @return int
-     */
-    abstract protected function _keyLength(): int;
-
-    /**
-     * Get key wrapping algoritym.
-     *
-     * @return AESKeyWrapAlgorithm
-     */
-    abstract protected function _kwAlgo(): AESKeyWrapAlgorithm;
-
-    /**
-     * Get derived key.
-     *
-     * @return string
-     */
-    protected function _derivedKey(): string
-    {
-        if (!isset($this->_derivedKey)) {
-            $this->_derivedKey = hash_pbkdf2($this->_hashAlgo(),
-                $this->_password, $this->salt(), $this->_count,
-                $this->_keyLength(), true);
-        }
-        return $this->_derivedKey;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    protected function _encryptKey(string $key, Header &$header): string
-    {
-        return $this->_kwAlgo()->wrap($key, $this->_derivedKey());
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    protected function _decryptKey(string $ciphertext, Header $header): string
-    {
-        return $this->_kwAlgo()->unwrap($ciphertext, $this->_derivedKey());
-    }
+	use RandomCEK;
+
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = [
+		JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
+		JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
+		JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
+	];
+
+	/**
+	 * Password.
+	 *
+	 * @var string
+	 */
+	protected $_password;
+
+	/**
+	 * Salt input.
+	 *
+	 * @var string
+	 */
+	protected $_saltInput;
+
+	/**
+	 * Iteration count.
+	 *
+	 * @var int
+	 */
+	protected $_count;
+
+	/**
+	 * Derived key.
+	 *
+	 * @var string
+	 */
+	private $_derivedKey;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param string $password   Password
+	 * @param string $salt_input Salt input
+	 * @param int    $count      Iteration count
+	 */
+	public function __construct(string $password, string $salt_input, int $count)
+	{
+		$this->_password = $password;
+		$this->_saltInput = $salt_input;
+		$this->_count = $count;
+	}
+
+	/**
+	 * Initialize from JWK.
+	 *
+	 * @param JWK    $jwk
+	 * @param Header $header
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	public static function fromJWK(JWK $jwk, Header $header): KeyManagementAlgorithm
+	{
+		$jwk = SymmetricKeyJWK::fromJWK($jwk);
+		if (!$header->hasPBES2SaltInput()) {
+			throw new \UnexpectedValueException('No salt input.');
+		}
+		$salt_input = $header->PBES2SaltInput()->saltInput();
+		if (!$header->hasPBES2Count()) {
+			throw new \UnexpectedValueException('No iteration count.');
+		}
+		$count = $header->PBES2Count()->value();
+		$alg = JWA::deriveAlgorithmName($header, $jwk);
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$alg];
+		return new $cls($jwk->key(), $salt_input, $count);
+	}
+
+	/**
+	 * Initialize from a password with random salt and default iteration count.
+	 *
+	 * @param string $password   Password
+	 * @param int    $count      Optional user defined iteration count
+	 * @param int    $salt_bytes Optional user defined salt length
+	 *
+	 * @return self
+	 */
+	public static function fromPassword(string $password, int $count = 64000,
+		int $salt_bytes = 8): self
+	{
+		$salt_input = openssl_random_pseudo_bytes($salt_bytes);
+		return new static($password, $salt_input, $count);
+	}
+
+	/**
+	 * Get salt input.
+	 *
+	 * @return string
+	 */
+	public function saltInput(): string
+	{
+		return $this->_saltInput;
+	}
+
+	/**
+	 * Get computed salt.
+	 *
+	 * @return string
+	 */
+	public function salt(): string
+	{
+		return PBES2SaltInputParameter::fromString($this->_saltInput)->salt(
+			AlgorithmParameter::fromAlgorithm($this));
+	}
+
+	/**
+	 * Get iteration count.
+	 *
+	 * @return int
+	 */
+	public function iterationCount(): int
+	{
+		return $this->_count;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		return array_merge(parent::headerParameters(),
+			[AlgorithmParameter::fromAlgorithm($this),
+				PBES2SaltInputParameter::fromString($this->_saltInput),
+				new PBES2CountParameter($this->_count), ]);
+	}
+
+	/**
+	 * Get hash algorithm for hash_pbkdf2.
+	 *
+	 * @return string
+	 */
+	abstract protected function _hashAlgo(): string;
+
+	/**
+	 * Get derived key length.
+	 *
+	 * @return int
+	 */
+	abstract protected function _keyLength(): int;
+
+	/**
+	 * Get key wrapping algoritym.
+	 *
+	 * @return AESKeyWrapAlgorithm
+	 */
+	abstract protected function _kwAlgo(): AESKeyWrapAlgorithm;
+
+	/**
+	 * Get derived key.
+	 *
+	 * @return string
+	 */
+	protected function _derivedKey(): string
+	{
+		if (!isset($this->_derivedKey)) {
+			$this->_derivedKey = hash_pbkdf2($this->_hashAlgo(),
+				$this->_password, $this->salt(), $this->_count,
+				$this->_keyLength(), true);
+		}
+		return $this->_derivedKey;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _encryptKey(string $key, Header &$header): string
+	{
+		return $this->_kwAlgo()->wrap($key, $this->_derivedKey());
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _decryptKey(string $ciphertext, Header $header): string
+	{
+		return $this->_kwAlgo()->unwrap($ciphertext, $this->_derivedKey());
+	}
 }

lib/JWX/JWE/KeyAlgorithm/PBES2HS256A128KWAlgorithm.php

Indentation +28 added lines, -28 removed lines

@@ -15,35 +15,35 @@
  */
 class PBES2HS256A128KWAlgorithm extends PBES2Algorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_PBES2_HS256_A128KW;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_PBES2_HS256_A128KW;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _hashAlgo(): string
-    {
-        return 'sha256';
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _hashAlgo(): string
+	{
+		return 'sha256';
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _keyLength(): int
-    {
-        return 16;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _keyLength(): int
+	{
+		return 16;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _kwAlgo(): AESKeyWrapAlgorithm
-    {
-        return new AESKW128();
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _kwAlgo(): AESKeyWrapAlgorithm
+	{
+		return new AESKW128();
+	}
 }