AesCbcHmacEncryption - Code Metrics - tmilos/jose-jwt - Measure and Improve Code Quality continuously with Scrutinizer

AesCbcHmacEncryption A
last analyzed 2018-09-04 10:39 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	119
Duplicated Lines	5.04 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes

Metric	Value
dl	6
loc	119
c	0
b	0
f	0
wmc	10
lcom	1
cbo	5
rs	10

5 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	6	1
A	getKeySize()	0	4	1
A	encrypt()	3	22	3
A	decrypt()	3	23	4
A	computeAuthTag()	0	16	1

How to fix Duplicated Code

<?php

/*
 * This file is part of the tmilos/jose-jwt package.
 *
 * (c) Milos Tomic <[email protected]>
 *
 * This source file is subject to the MIT license that is bundled
 * with this source code in the file LICENSE.
 */

namespace Tmilos\JoseJwt\Jwe;

use Tmilos\JoseJwt\Error\IntegrityException;
use Tmilos\JoseJwt\Error\JoseJwtException;
use Tmilos\JoseJwt\Jws\JwsAlgorithm;
use Tmilos\JoseJwt\Random\RandomGenerator;
use Tmilos\JoseJwt\Util\StringUtils;

class AesCbcHmacEncryption implements JweEncryption
{
    /** @var JwsAlgorithm */
    private $hashAlgorithm;

    /** @var int */
    private $keySize;

    /** @var RandomGenerator */
    private $randomGenerator;

    /**
     * @param int             $keySize
     * @param JwsAlgorithm    $hashAlgorithm
     * @param RandomGenerator $randomGenerator
     */
    public function __construct($keySize, JwsAlgorithm $hashAlgorithm, RandomGenerator $randomGenerator)
    {
        $this->keySize = $keySize;
        $this->hashAlgorithm = $hashAlgorithm;
        $this->randomGenerator = $randomGenerator;
    }

    /**
     * @return int
     */
    public function getKeySize()
    {
        return $this->keySize;
    }

    /**
     * @param string          $aad
     * @param string          $plainText
     * @param string|resource $cek
     *
     * @return array [iv, cipherText, authTag]
     */
    public function encrypt($aad, $plainText, $cek)
    {
        $cekLen = StringUtils::length($cek);

        if ($cekLen * 8 != $this->keySize) {

            throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8));
        }
        if ($cekLen % 2 != 0) {
            throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size');
        }

        $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2);

        $aesKey = StringUtils::substring($cek, $cekLen / 2, $cekLen / 2);


        $method = sprintf('AES-%d-CBC', $this->keySize / 2);
        $ivLen = openssl_cipher_iv_length($method);
        $iv = $this->randomGenerator->get($ivLen);
        $cipherText = openssl_encrypt($plainText, $method, $aesKey, true, $iv);

        $authTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey);

        return [$iv, $cipherText, $authTag];
    }

    /**
     * @param string          $aad
     * @param string|resource $cek
     * @param string          $iv
     * @param string          $cipherText
     * @param string          $authTag
     *
     * @return string
     */
    public function decrypt($aad, $cek, $iv, $cipherText, $authTag)
    {
        $cekLen = StringUtils::length($cek);

        if ($cekLen * 8 != $this->keySize) {

            throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8));
        }
        if ($cekLen % 2 != 0) {
            throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size');
        }

        $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2);

        $aesKey = StringUtils::substring($cek, $cekLen / 2);


        $expectedAuthTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey);
        if (false === StringUtils::equals($expectedAuthTag, $authTag)) {
            throw new IntegrityException('Authentication tag does not match');
        }

        $method = sprintf('AES-%d-CBC', $this->keySize / 2);
        $plainText = openssl_decrypt($cipherText, $method, $aesKey, true, $iv);

        return $plainText;
    }

    /**
     * @param $aad
     * @param $iv
     * @param $cipherText
     * @param $hmacKey
     *
     * @return string
     */
    private function computeAuthTag($aad, $iv, $cipherText, $hmacKey)
    {
        $aadLen = StringUtils::length($aad);
        $max32bit = 2147483647;
        $hmacInput = implode('', [
            $aad,
            $iv,
            $cipherText,
            pack('N2', ($aadLen / $max32bit) * 8, ($aadLen % $max32bit) * 8),
        ]);
        $authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey);
        $authTagLen = StringUtils::length($authTag);
        $authTag = StringUtils::substring($authTag, 0, $authTagLen / 2);

        return $authTag;
    }
}


1		<?php
2
3		/*
4		* This file is part of the tmilos/jose-jwt package.
5		*
6		* (c) Milos Tomic <[email protected]>
7		*
8		* This source file is subject to the MIT license that is bundled
9		* with this source code in the file LICENSE.
10		*/
11
12		namespace Tmilos\JoseJwt\Jwe;
13
14		use Tmilos\JoseJwt\Error\IntegrityException;
15		use Tmilos\JoseJwt\Error\JoseJwtException;
16		use Tmilos\JoseJwt\Jws\JwsAlgorithm;
17		use Tmilos\JoseJwt\Random\RandomGenerator;
18		use Tmilos\JoseJwt\Util\StringUtils;
19
20		class AesCbcHmacEncryption implements JweEncryption
21		{
22		/** @var JwsAlgorithm */
23		private $hashAlgorithm;
24
25		/** @var int */
26		private $keySize;
27
28		/** @var RandomGenerator */
29		private $randomGenerator;
30
31		/**
32		* @param int $keySize
33		* @param JwsAlgorithm $hashAlgorithm
34		* @param RandomGenerator $randomGenerator
35		*/
36		public function __construct($keySize, JwsAlgorithm $hashAlgorithm, RandomGenerator $randomGenerator)
37		{
38		$this->keySize = $keySize;
39		$this->hashAlgorithm = $hashAlgorithm;
40		$this->randomGenerator = $randomGenerator;
41		}
42
43		/**
44		* @return int
45		*/
46		public function getKeySize()
47		{
48		return $this->keySize;
49		}
50
51		/**
52		* @param string $aad
53		* @param string $plainText
54		* @param string\|resource $cek
55		*
56		* @return array [iv, cipherText, authTag]
57		*/
58		public function encrypt($aad, $plainText, $cek)
59		{
60		$cekLen = StringUtils::length($cek);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 58 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::length()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
61	View Code Duplication	if ($cekLen * 8 != $this->keySize) {
		0 ignored issues – show Duplication introduced 2016-01-15 14:05 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
62		throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8));
63		}
64		if ($cekLen % 2 != 0) {
65		throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size');
66		}
67
68		$hmacKey = StringUtils::substring($cek, 0, $cekLen / 2);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 58 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::substring()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
69		$aesKey = StringUtils::substring($cek, $cekLen / 2, $cekLen / 2);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 58 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::substring()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
70
71		$method = sprintf('AES-%d-CBC', $this->keySize / 2);
72		$ivLen = openssl_cipher_iv_length($method);
73		$iv = $this->randomGenerator->get($ivLen);
74		$cipherText = openssl_encrypt($plainText, $method, $aesKey, true, $iv);
75
76		$authTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey);
77
78		return [$iv, $cipherText, $authTag];
79		}
80
81		/**
82		* @param string $aad
83		* @param string\|resource $cek
84		* @param string $iv
85		* @param string $cipherText
86		* @param string $authTag
87		*
88		* @return string
89		*/
90		public function decrypt($aad, $cek, $iv, $cipherText, $authTag)
91		{
92		$cekLen = StringUtils::length($cek);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 90 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::length()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
93	View Code Duplication	if ($cekLen * 8 != $this->keySize) {
		0 ignored issues – show Duplication introduced 2016-01-15 14:05 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
94		throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8));
95		}
96		if ($cekLen % 2 != 0) {
97		throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size');
98		}
99
100		$hmacKey = StringUtils::substring($cek, 0, $cekLen / 2);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 90 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::substring()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
101		$aesKey = StringUtils::substring($cek, $cekLen / 2);
		0 ignored issues – show Bug introduced 2017-01-26 09:43 UTC by Report Bug Copy Issue Report It seems like `$cek` defined by parameter `$cek` on line 90 can also be of type `resource`; however, `Tmilos\JoseJwt\Util\StringUtils::substring()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
102
103		$expectedAuthTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey);
104		if (false === StringUtils::equals($expectedAuthTag, $authTag)) {
105		throw new IntegrityException('Authentication tag does not match');
106		}
107
108		$method = sprintf('AES-%d-CBC', $this->keySize / 2);
109		$plainText = openssl_decrypt($cipherText, $method, $aesKey, true, $iv);
110
111		return $plainText;
112		}
113
114		/**
115		* @param $aad
116		* @param $iv
117		* @param $cipherText
118		* @param $hmacKey
119		*
120		* @return string
121		*/
122		private function computeAuthTag($aad, $iv, $cipherText, $hmacKey)
123		{
124		$aadLen = StringUtils::length($aad);
125		$max32bit = 2147483647;
126		$hmacInput = implode('', [
127		$aad,
128		$iv,
129		$cipherText,
130		pack('N2', ($aadLen / $max32bit) * 8, ($aadLen % $max32bit) * 8),
131		]);
132		$authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey);
133		$authTagLen = StringUtils::length($authTag);
134		$authTag = StringUtils::substring($authTag, 0, $authTagLen / 2);
135
136		return $authTag;
137		}
138		}
139

tmilos / jose-jwt

AesCbcHmacEncryption A last analyzed 2018-09-04 10:39 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

5 Methods

How to fix Duplicated Code

Duplicated Code

Duplication Side-by-Side

Filter issues like

AesCbcHmacEncryption A
last analyzed 2018-09-04 10:39 UTC