Skip to content

Commit

Permalink
Fix consistency issues found via code inspection
Browse files Browse the repository at this point in the history
  • Loading branch information
@paragonie-security
paragonie-security committed Jul 13, 2016
1 parent 003bcda commit 8cf1557
Show file tree
Hide file tree
Showing 14 changed files with 72 additions and 46 deletions.
32 changes: 15 additions & 17 deletions src/Asymmetric/Crypto.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,9 @@ public static function encrypt(
$encoding = Halite::ENCODE_BASE64URLSAFE
): HiddenString {
$sharedSecretKey = new EncryptionKey(
new HiddenString(
self::getSharedSecret(
$ourPrivateKey,
$theirPublicKey
)
self::getSharedSecret(
$ourPrivateKey,
$theirPublicKey
)
);
$ciphertext = SymmetricCrypto::encrypt(
Expand Down Expand Up @@ -71,11 +69,9 @@ public static function decrypt(
$encoding = Halite::ENCODE_BASE64URLSAFE
): HiddenString {
$sharedSecretKey = new EncryptionKey(
new HiddenString(
self::getSharedSecret(
$ourPrivateKey,
$theirPublicKey
)
self::getSharedSecret(
$ourPrivateKey,
$theirPublicKey
)
);
$plaintext = SymmetricCrypto::decrypt($ciphertext, $sharedSecretKey, $encoding);
Expand Down Expand Up @@ -109,9 +105,11 @@ public static function getSharedSecret(
)
);
}
return \Sodium\crypto_scalarmult(
$privateKey->getRawKeyMaterial(),
$publicKey->getRawKeyMaterial()
return new HiddenString(
\Sodium\crypto_scalarmult(
$privateKey->getRawKeyMaterial(),
$publicKey->getRawKeyMaterial()
)
);
}

Expand Down Expand Up @@ -155,10 +153,10 @@ public static function seal(
/**
* Sign a message with our private key
*
* @param string $message Message to sign
* @param HiddenString $message Message to sign
* @param SignatureSecretKey $privateKey
* @param mixed $encoding Which encoding scheme to use?
* @return string Signature (detached)
* @return HiddenString Signature (detached)
*/
public static function sign(
HiddenString $message,
Expand All @@ -179,10 +177,10 @@ public static function sign(
/**
* Decrypt a sealed message with our private key
*
* @param string $ciphertext Encrypted message
* @param HiddenString $ciphertext Encrypted message
* @param EncryptionSecretKey $privateKey
* @param mixed $encoding Which encoding scheme to use?
* @return string
* @return HiddenString
* @throws CryptoException\InvalidKey
* @throws CryptoException\InvalidMessage
*/
Expand Down
4 changes: 2 additions & 2 deletions src/Asymmetric/EncryptionSecretKey.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
final class EncryptionSecretKey extends SecretKey
{
/**
* @param string $keyMaterial - The actual key data
* @param HiddenString $keyMaterial - The actual key data
* @throws InvalidKey
*/
public function __construct(HiddenString $keyMaterial)
Expand All @@ -29,7 +29,7 @@ public function __construct(HiddenString $keyMaterial)
/**
* See the appropriate derived class.
*
* @return SignaturePublicKey
* @return EncryptionPublicKey
*/
public function derivePublicKey()
{
Expand Down
1 change: 0 additions & 1 deletion src/Asymmetric/PublicKey.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
declare(strict_types=1);
namespace ParagonIE\Halite\Asymmetric;

use ParagonIE\Halite\Contract;
use ParagonIE\Halite\HiddenString;
use ParagonIE\Halite\Key;

Expand Down
1 change: 0 additions & 1 deletion src/Asymmetric/SecretKey.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
<?php
namespace ParagonIE\Halite\Asymmetric;

use ParagonIE\Halite\Contract;
use ParagonIE\Halite\HiddenString;
use ParagonIE\Halite\Key;
use ParagonIE\Halite\Alerts\CannotPerformOperation;
Expand Down
1 change: 1 addition & 0 deletions src/Asymmetric/SignaturePublicKey.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ final class SignaturePublicKey extends PublicKey
{
/**
* @param HiddenString $keyMaterial - The actual key data
* @throws InvalidKey
*/
public function __construct(HiddenString $keyMaterial)
{
Expand Down
1 change: 1 addition & 0 deletions src/Asymmetric/SignatureSecretKey.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ final class SignatureSecretKey extends SecretKey
{
/**
* @param HiddenString $keyMaterial - The actual key data
* @throws InvalidKey
*/
public function __construct(HiddenString $keyMaterial)
{
Expand Down
5 changes: 3 additions & 2 deletions src/Cookie.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@ public function fetch(string $name)
return null;
}
try {
$decrypted = Crypto::decrypt($_COOKIE[$name], $this->key);
$decrypted = Crypto::decrypt($_COOKIE[$name], $this->key)
->getString();
if (empty($decrypted)) {
return null;
}
Expand Down Expand Up @@ -88,7 +89,7 @@ public function store(
return \setcookie(
$name,
Crypto::encrypt(
\json_encode($value),
new HiddenString(\json_encode($value)),
$this->key
),
$expire,
Expand Down
26 changes: 21 additions & 5 deletions src/EncryptionKeyPair.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,16 @@
*/
final class EncryptionKeyPair extends KeyPair
{
/**
* @var EncryptionSecretKey
*/
protected $secret_key;

/**
* @var EncryptionPublicKey
*/
protected $public_key;

/**
* Pass it a secret key, it will automatically generate a public key
*
Expand Down Expand Up @@ -46,13 +56,17 @@ public function __construct(Key ...$keys)
$this->setupKeyPair(
$keys[1] instanceof EncryptionSecretKey
? $keys[1]
: new EncryptionSecretKey($keys[1]->getRawKeyMaterial())
: new EncryptionSecretKey(
new HiddenString($keys[1]->getRawKeyMaterial())
)
);
} elseif ($keys[1]->isPublicKey()) {
$this->setupKeyPair(
$keys[0] instanceof EncryptionSecretKey
? $keys[0]
: new EncryptionSecretKey($keys[0]->getRawKeyMaterial())
: new EncryptionSecretKey(
new HiddenString($keys[0]->getRawKeyMaterial())
)
);
} else {
throw new CryptoException\InvalidKey(
Expand All @@ -78,7 +92,9 @@ public function __construct(Key ...$keys)
$this->setupKeyPair(
$keys[0] instanceof EncryptionSecretKey
? $keys[0]
: new EncryptionSecretKey($keys[0]->getRawKeyMaterial())
: new EncryptionSecretKey(
new HiddenString($keys[0]->getRawKeyMaterial())
)
);
break;
default:
Expand Down Expand Up @@ -106,7 +122,7 @@ protected function setupKeyPair(EncryptionSecretKey $secret)
*/
public function getPublicKey()
{
return parent::getPublicKey();
return $this->public_key;
}

/**
Expand All @@ -116,6 +132,6 @@ public function getPublicKey()
*/
public function getSecretKey()
{
return parent::getSecretKey();
return $this->secret_key;
}
}
6 changes: 3 additions & 3 deletions src/File.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ public static function sign(
*
* @param string|resource $filename File name or file handle
* @param SignaturePublicKey $publicKey Other party's signature public key
* @param string $signature The signature we received
* @param HiddenString $signature The signature we received
* @param bool $raw_binary TRUE if the signature is raw binary
*
* @return bool
Expand Down Expand Up @@ -909,7 +909,7 @@ protected static function splitKeys(
* @param MutableFile $output
* @param EncryptionKey $encKey
* @param string $nonce
* @param resource $mac (hash context)
* @param string $mac (hash context for BLAKE2b)
* @param Config $config
* @return int (number of bytes)
* @throws CryptoException\FileAccessDenied
Expand Down Expand Up @@ -966,7 +966,7 @@ final private static function streamEncrypt(
* @param MutableFile $output
* @param EncryptionKey $encKey
* @param string $nonce
* @param resource $mac (hash context)
* @param string $mac (hash context for BLAKE2b)
* @param Config $config
* @param array &$chunk_macs
* @return bool
Expand Down
2 changes: 1 addition & 1 deletion src/HiddenString.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public function __construct(string $value, bool $allowInline = false)
public function __debugInfo()
{
return [
'interalStringValue' =>
'internalStringValue' =>
'*',
'attention' =>
'If you need the value of a HiddenString, ' .
Expand Down
1 change: 0 additions & 1 deletion src/Key.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
namespace ParagonIE\Halite;

use ParagonIE\Halite\Alerts as CryptoException;
use ParagonIE\Halite\Contract;

/**
* Class Key
Expand Down
8 changes: 4 additions & 4 deletions src/Password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public static function hash(
/**
* Is this password hash stale?
*
* @param string $stored Encrypted password hash
* @param HiddenString $stored Encrypted password hash
* @param EncryptionKey $secret_key The master key for all passwords
* @param string $level The security level for this password
* @return bool Do we need to regenerate the hash or
Expand All @@ -63,17 +63,17 @@ public static function needsRehash(
string $level = KeyFactory::INTERACTIVE
): bool {
$config = self::getConfig($stored);
$v = \Sodium\hex2bin(Util::safeSubstr($stored, 0, 8));
$v = \Sodium\hex2bin(Util::safeSubstr($stored->getString(), 0, 8));
if (!\hash_equals(Halite::HALITE_VERSION, $v)) {
// Outdated version of the library; Always rehash without decrypting
return true;
}
if (Util::safeStrlen($stored) < ($config->SHORTEST_CIPHERTEXT_LENGTH * 2)) {
if (Util::safeStrlen($stored->getString()) < ($config->SHORTEST_CIPHERTEXT_LENGTH * 4 / 3)) {
throw new InvalidMessage('Encrypted password hash is too short.');
}

// First let's decrypt the hash
$hash_str = Crypto::decrypt($stored, $secret_key);
$hash_str = Crypto::decrypt($stored, $secret_key)->getString();

// Upon successful decryption, verify that we're using Argon2i
if (!\hash_equals(
Expand Down
26 changes: 21 additions & 5 deletions src/SignatureKeyPair.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,16 @@
*/
final class SignatureKeyPair extends KeyPair
{
/**
* @var SignatureSecretKey
*/
protected $secret_key;

/**
* @var SignaturePublicKey
*/
protected $public_key;

/**
*
* Pass it a secret key, it will automatically generate a public key
Expand Down Expand Up @@ -47,13 +57,17 @@ public function __construct(Key ...$keys)
$this->setupKeyPair(
$keys[1] instanceof SignatureSecretKey
? $keys[1]
: new SignatureSecretKey($keys[1]->getRawKeyMaterial())
: new SignatureSecretKey(
new HiddenString($keys[1]->getRawKeyMaterial())
)
);
} elseif ($keys[1]->isPublicKey()) {
$this->setupKeyPair(
$keys[0] instanceof SignatureSecretKey
? $keys[0]
: new SignatureSecretKey($keys[0]->getRawKeyMaterial())
: new SignatureSecretKey(
new HiddenString($keys[0]->getRawKeyMaterial())
)
);
} else {
throw new CryptoException\InvalidKey(
Expand All @@ -79,7 +93,9 @@ public function __construct(Key ...$keys)
$this->setupKeyPair(
$keys[0] instanceof SignatureSecretKey
? $keys[0]
: new SignatureSecretKey($keys[0]->getRawKeyMaterial())
: new SignatureSecretKey(
new HiddenString($keys[0]->getRawKeyMaterial())
)
);
break;
default:
Expand Down Expand Up @@ -107,7 +123,7 @@ protected function setupKeyPair(SignatureSecretKey $secret)
*/
public function getPublicKey()
{
return parent::getPublicKey();
return $this->public_key;
}
/**
* Get a Key object for the public key
Expand All @@ -116,6 +132,6 @@ public function getPublicKey()
*/
public function getSecretKey()
{
return parent::getSecretKey();
return $this->secret_key;
}
}
4 changes: 0 additions & 4 deletions src/Symmetric/Crypto.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,12 +117,8 @@ public static function decrypt(
/**
* Encrypt a message using the Halite encryption protocol
*
* Version 2:
* (Encrypt then MAC -- xsalsa20 then keyed-Blake2b)
*
* Version 1:
* (Encrypt then MAC -- xsalsa20 then HMAC-SHA-512/256)
*
* @param HiddenString $plaintext
* @param EncryptionKey $secretKey
* @param mixed $encoding
Expand Down

0 comments on commit 8cf1557

Please sign in to comment.