tmilos /
jose-jwt
@@ -1,8 +1,8 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | // if library is in dev environement with its own vendor, include its autoload |
| 4 | -if(file_exists(__DIR__ . '/vendor')) |
|
| 5 | - require_once __DIR__ . '/vendor/autoload.php'; |
|
| 4 | +if (file_exists(__DIR__.'/vendor')) |
|
| 5 | + require_once __DIR__.'/vendor/autoload.php'; |
|
| 6 | 6 | // if library is in vendor of another project, include the global autolaod |
| 7 | 7 | else |
| 8 | - require_once __DIR__ . '/../../autoload.php'; |
|
| 8 | + require_once __DIR__.'/../../autoload.php'; |
|
@@ -1,8 +1,10 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | // if library is in dev environement with its own vendor, include its autoload |
| 4 | -if(file_exists(__DIR__ . '/vendor')) |
|
| 4 | +if(file_exists(__DIR__ . '/vendor')) { |
|
| 5 | 5 | require_once __DIR__ . '/vendor/autoload.php'; |
| 6 | +} |
|
| 6 | 7 | // if library is in vendor of another project, include the global autolaod |
| 7 | -else |
|
| 8 | +else { |
|
| 8 | 9 | require_once __DIR__ . '/../../autoload.php'; |
| 10 | +} |
|
@@ -44,7 +44,7 @@ discard block |
||
| 44 | 44 | * @param string $plainText |
| 45 | 45 | * @param string|resource $cek |
| 46 | 46 | * |
| 47 | - * @return array [iv, cipherText, authTag] |
|
| 47 | + * @return string[] [iv, cipherText, authTag] |
|
| 48 | 48 | */ |
| 49 | 49 | public function encrypt($aad, $plainText, $cek) |
| 50 | 50 | { |
@@ -103,10 +103,10 @@ discard block |
||
| 103 | 103 | } |
| 104 | 104 | |
| 105 | 105 | /** |
| 106 | - * @param $aad |
|
| 107 | - * @param $iv |
|
| 108 | - * @param $cipherText |
|
| 109 | - * @param $hmacKey |
|
| 106 | + * @param string $aad |
|
| 107 | + * @param string $iv |
|
| 108 | + * @param string $cipherText |
|
| 109 | + * @param string $hmacKey |
|
| 110 | 110 | * |
| 111 | 111 | * @return string |
| 112 | 112 | */ |
@@ -58,17 +58,17 @@ discard block |
||
| 58 | 58 | public function encrypt($aad, $plainText, $cek) |
| 59 | 59 | { |
| 60 | 60 | $cekLen = StringUtils::length($cek); |
| 61 | - if ($cekLen * 8 != $this->keySize) { |
|
| 62 | - throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8)); |
|
| 61 | + if ($cekLen*8 != $this->keySize) { |
|
| 62 | + throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen*8)); |
|
| 63 | 63 | } |
| 64 | - if ($cekLen % 2 != 0) { |
|
| 64 | + if ($cekLen%2 != 0) { |
|
| 65 | 65 | throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size'); |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | - $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2); |
|
| 69 | - $aesKey = StringUtils::substring($cek, $cekLen / 2, $cekLen / 2); |
|
| 68 | + $hmacKey = StringUtils::substring($cek, 0, $cekLen/2); |
|
| 69 | + $aesKey = StringUtils::substring($cek, $cekLen/2, $cekLen/2); |
|
| 70 | 70 | |
| 71 | - $method = sprintf('AES-%d-CBC', $this->keySize / 2); |
|
| 71 | + $method = sprintf('AES-%d-CBC', $this->keySize/2); |
|
| 72 | 72 | $ivLen = openssl_cipher_iv_length($method); |
| 73 | 73 | $iv = $this->randomGenerator->get($ivLen); |
| 74 | 74 | $cipherText = openssl_encrypt($plainText, $method, $aesKey, true, $iv); |
@@ -90,22 +90,22 @@ discard block |
||
| 90 | 90 | public function decrypt($aad, $cek, $iv, $cipherText, $authTag) |
| 91 | 91 | { |
| 92 | 92 | $cekLen = StringUtils::length($cek); |
| 93 | - if ($cekLen * 8 != $this->keySize) { |
|
| 94 | - throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen * 8)); |
|
| 93 | + if ($cekLen*8 != $this->keySize) { |
|
| 94 | + throw new JoseJwtException(sprintf('AES-CBC with HMAC algorithm expected key of size %s bits, but was given %s bits', $this->keySize, $cekLen*8)); |
|
| 95 | 95 | } |
| 96 | - if ($cekLen % 2 != 0) { |
|
| 96 | + if ($cekLen%2 != 0) { |
|
| 97 | 97 | throw new JoseJwtException('AES-CBC with HMAC encryption expected key of even number size'); |
| 98 | 98 | } |
| 99 | 99 | |
| 100 | - $hmacKey = StringUtils::substring($cek, 0, $cekLen / 2); |
|
| 101 | - $aesKey = StringUtils::substring($cek, $cekLen / 2); |
|
| 100 | + $hmacKey = StringUtils::substring($cek, 0, $cekLen/2); |
|
| 101 | + $aesKey = StringUtils::substring($cek, $cekLen/2); |
|
| 102 | 102 | |
| 103 | 103 | $expectedAuthTag = $this->computeAuthTag($aad, $iv, $cipherText, $hmacKey); |
| 104 | 104 | if (false === StringUtils::equals($expectedAuthTag, $authTag)) { |
| 105 | 105 | throw new IntegrityException('Authentication tag does not match'); |
| 106 | 106 | } |
| 107 | 107 | |
| 108 | - $method = sprintf('AES-%d-CBC', $this->keySize / 2); |
|
| 108 | + $method = sprintf('AES-%d-CBC', $this->keySize/2); |
|
| 109 | 109 | $plainText = openssl_decrypt($cipherText, $method, $aesKey, true, $iv); |
| 110 | 110 | |
| 111 | 111 | return $plainText; |
@@ -127,11 +127,11 @@ discard block |
||
| 127 | 127 | $aad, |
| 128 | 128 | $iv, |
| 129 | 129 | $cipherText, |
| 130 | - pack('N2', ($aadLen / $max32bit) * 8, ($aadLen % $max32bit) * 8), |
|
| 130 | + pack('N2', ($aadLen/$max32bit)*8, ($aadLen%$max32bit)*8), |
|
| 131 | 131 | ]); |
| 132 | 132 | $authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey); |
| 133 | 133 | $authTagLen = StringUtils::length($authTag); |
| 134 | - $authTag = StringUtils::substring($authTag, 0, $authTagLen / 2); |
|
| 134 | + $authTag = StringUtils::substring($authTag, 0, $authTagLen/2); |
|
| 135 | 135 | |
| 136 | 136 | return $authTag; |
| 137 | 137 | } |
@@ -28,7 +28,7 @@ |
||
| 28 | 28 | * @param string|resource $kek |
| 29 | 29 | * @param array $header |
| 30 | 30 | * |
| 31 | - * @return array [cek, encryptedCek] |
|
| 31 | + * @return string[] [cek, encryptedCek] |
|
| 32 | 32 | */ |
| 33 | 33 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 34 | 34 | { |
@@ -58,14 +58,14 @@ discard block |
||
| 58 | 58 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 59 | 59 | { |
| 60 | 60 | $kekLen = StringUtils::length($kek); |
| 61 | - if ($kekLen * 8 != $this->kekLengthBits) { |
|
| 62 | - throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8)); |
|
| 61 | + if ($kekLen*8 != $this->kekLengthBits) { |
|
| 62 | + throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen*8)); |
|
| 63 | 63 | } |
| 64 | - if ($cekSizeBits % 8 != 0) { |
|
| 64 | + if ($cekSizeBits%8 != 0) { |
|
| 65 | 65 | throw new JoseJwtException('CekSizeBits must be divisible by 8'); |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | - $cek = $this->randomGenerator->get($cekSizeBits / 8); |
|
| 68 | + $cek = $this->randomGenerator->get($cekSizeBits/8); |
|
| 69 | 69 | |
| 70 | 70 | $encryptedCek = $this->aesWrap($kek, $cek); |
| 71 | 71 | |
@@ -83,8 +83,8 @@ discard block |
||
| 83 | 83 | public function unwrap($encryptedCek, $kek, $cekSizeBits, array $header) |
| 84 | 84 | { |
| 85 | 85 | $kekLen = StringUtils::length($kek); |
| 86 | - if ($kekLen * 8 != $this->kekLengthBits) { |
|
| 87 | - throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8)); |
|
| 86 | + if ($kekLen*8 != $this->kekLengthBits) { |
|
| 87 | + throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen*8)); |
|
| 88 | 88 | } |
| 89 | 89 | |
| 90 | 90 | return $this->aesUnwrap($kek, $encryptedCek); |
@@ -28,7 +28,7 @@ |
||
| 28 | 28 | * @param string|resource $kek |
| 29 | 29 | * @param array $header |
| 30 | 30 | * |
| 31 | - * @return array [cek, encryptedCek] |
|
| 31 | + * @return string[] [cek, encryptedCek] |
|
| 32 | 32 | */ |
| 33 | 33 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 34 | 34 | { |
@@ -41,7 +41,7 @@ |
||
| 41 | 41 | */ |
| 42 | 42 | public function wrapNewKey($cekSizeBits, $kek, array $header) |
| 43 | 43 | { |
| 44 | - $cek = $this->randomGenerator->get($cekSizeBits / 8); |
|
| 44 | + $cek = $this->randomGenerator->get($cekSizeBits/8); |
|
| 45 | 45 | if (false == openssl_public_encrypt($cek, $cekEncrypted, $kek, $this->padding)) { |
| 46 | 46 | throw new JoseJwtException('Unable to encrypt CEK'); |
| 47 | 47 | } |
@@ -37,7 +37,7 @@ |
||
| 37 | 37 | * @param string $securedInput |
| 38 | 38 | * @param string $key |
| 39 | 39 | * |
| 40 | - * @return bool |
|
| 40 | + * @return integer |
|
| 41 | 41 | */ |
| 42 | 42 | public function verify($signature, $securedInput, $key) |
| 43 | 43 | { |
