tmilos /
jose-jwt
@@ -41,7 +41,7 @@ |
||
| 41 | 41 | */ |
| 42 | 42 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 43 | 43 | { |
| 44 | - $cek = $this->randomGenerator->get($cekSizeBits / 8); |
|
| 44 | + $cek = $this->randomGenerator->get($cekSizeBits/8); |
|
| 45 | 45 | if (false == openssl_public_encrypt($cek, $cekEncrypted, $kek, $this->padding)) { |
| 46 | 46 | throw new JoseJwtException('Unable to encrypt CEK'); |
| 47 | 47 | } |
@@ -58,14 +58,14 @@ discard block |
||
| 58 | 58 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 59 | 59 | { |
| 60 | 60 | $kekLen = StringUtils::length($kek); |
| 61 | - if ($kekLen * 8 != $this->kekLengthBits) { |
|
| 62 | - throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8)); |
|
| 61 | + if ($kekLen*8 != $this->kekLengthBits) { |
|
| 62 | + throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen*8)); |
|
| 63 | 63 | } |
| 64 | - if ($cekSizeBits % 8 != 0) { |
|
| 64 | + if ($cekSizeBits%8 != 0) { |
|
| 65 | 65 | throw new JoseJwtException('CekSizeBits must be divisible by 8'); |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | - $cek = $this->randomGenerator->get($cekSizeBits / 8); |
|
| 68 | + $cek = $this->randomGenerator->get($cekSizeBits/8); |
|
| 69 | 69 | |
| 70 | 70 | $encryptedCek = $this->aesWrap($kek, $cek); |
| 71 | 71 | |
@@ -83,8 +83,8 @@ discard block |
||
| 83 | 83 | public function unwrap($encryptedCek, $kek, $cekSizeBits, array $header) |
| 84 | 84 | { |
| 85 | 85 | $kekLen = StringUtils::length($kek); |
| 86 | - if ($kekLen * 8 != $this->kekLengthBits) { |
|
| 87 | - throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8)); |
|
| 86 | + if ($kekLen*8 != $this->kekLengthBits) { |
|
| 87 | + throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen*8)); |
|
| 88 | 88 | } |
| 89 | 89 | |
| 90 | 90 | return $this->aesUnwrap($kek, $encryptedCek); |
@@ -58,17 +58,17 @@ discard block |
||
| 58 | 58 | public function encrypt($aad, $plainText, $cek) |
| 59 | 59 | { |
| 60 | 60 | $cekLen = StringUtils::length($cek); |
| 61 | - if ($cekLen * 8 != $this->keySize) { |
|
| 62 | - throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8)); |
|
| 61 | + if ($cekLen*8 != $this->keySize) { |
|
| 62 | + throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen*8)); |
|
| 63 | 63 | } |
| 64 | - if ($cekLen % 2 != 0) { |
|
| 64 | + if ($cekLen%2 != 0) { |
|
| 65 | 65 | throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size'); |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | - $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2); |
|
| 69 | - $aesKey = StringUtils::substring($cek, $cekLen / 2, $cekLen / 2); |
|
| 68 | + $hmacKey = StringUtils::substring($cek, 0, $cekLen/2); |
|
| 69 | + $aesKey = StringUtils::substring($cek, $cekLen/2, $cekLen/2); |
|
| 70 | 70 | |
| 71 | - $method = sprintf('AES-%d-CBC', $this->keySize / 2); |
|
| 71 | + $method = sprintf('AES-%d-CBC', $this->keySize/2); |
|
| 72 | 72 | $ivLen = openssl_cipher_iv_length($method); |
| 73 | 73 | $iv = $this->randomGenerator->get($ivLen); |
| 74 | 74 | $cipherText = openssl_encrypt($plainText, $method, $aesKey, true, $iv); |
@@ -90,22 +90,22 @@ discard block |
||
| 90 | 90 | public function decrypt($aad, $cek, $iv, $cipherText, $authTag) |
| 91 | 91 | { |
| 92 | 92 | $cekLen = StringUtils::length($cek); |
| 93 | - if ($cekLen * 8 != $this->keySize) { |
|
| 94 | - throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8)); |
|
| 93 | + if ($cekLen*8 != $this->keySize) { |
|
| 94 | + throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen*8)); |
|
| 95 | 95 | } |
| 96 | - if ($cekLen % 2 != 0) { |
|
| 96 | + if ($cekLen%2 != 0) { |
|
| 97 | 97 | throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size'); |
| 98 | 98 | } |
| 99 | 99 | |
| 100 | - $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2); |
|
| 101 | - $aesKey = StringUtils::substring($cek, $cekLen / 2); |
|
| 100 | + $hmacKey = StringUtils::substring($cek, 0, $cekLen/2); |
|
| 101 | + $aesKey = StringUtils::substring($cek, $cekLen/2); |
|
| 102 | 102 | |
| 103 | 103 | $expectedAuthTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey); |
| 104 | 104 | if (false === StringUtils::equals($expectedAuthTag, $authTag)) { |
| 105 | 105 | throw new IntegrityException('Authentication tag does not match'); |
| 106 | 106 | } |
| 107 | 107 | |
| 108 | - $method = sprintf('AES-%d-CBC', $this->keySize / 2); |
|
| 108 | + $method = sprintf('AES-%d-CBC', $this->keySize/2); |
|
| 109 | 109 | $plainText = openssl_decrypt($cipherText, $method, $aesKey, true, $iv); |
| 110 | 110 | |
| 111 | 111 | return $plainText; |
@@ -127,11 +127,11 @@ discard block |
||
| 127 | 127 | $aad, |
| 128 | 128 | $iv, |
| 129 | 129 | $cipherText, |
| 130 | - pack('N2', ($aadLen / $max32bit) * 8, ($aadLen % $max32bit) * 8), |
|
| 130 | + pack('N2', ($aadLen/$max32bit)*8, ($aadLen%$max32bit)*8), |
|
| 131 | 131 | ]); |
| 132 | 132 | $authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey); |
| 133 | 133 | $authTagLen = StringUtils::length($authTag); |
| 134 | - $authTag = StringUtils::substring($authTag, 0, $authTagLen / 2); |
|
| 134 | + $authTag = StringUtils::substring($authTag, 0, $authTagLen/2); |
|
| 135 | 135 | |
| 136 | 136 | return $authTag; |
| 137 | 137 | } |
