Skip to content

Commit

Permalink
Merge cdc8b31 into 77a4f89
Browse files Browse the repository at this point in the history
  • Loading branch information
@paragonie-scott
paragonie-scott committed Jan 25, 2018
2 parents 77a4f89 + cdc8b31 commit 6918862
Show file tree
Hide file tree
Showing 30 changed files with 547 additions and 52 deletions.
1 change: 1 addition & 0 deletions src/Alerts/CannotCloneKey.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class CannotCloneKey extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/CannotPerformOperation.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class CannotPerformOperation extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/CannotSerializeKey.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class CannotSerializeKey extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/ConfigDirectiveNotFound.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class ConfigDirectiveNotFound extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/FileAccessDenied.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class FileAccessDenied extends FileError
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/FileError.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class FileError extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/FileModified.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class FileModified extends FileError
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/HaliteAlert.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class HaliteAlert extends \Exception
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidDigestLength.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidDigestLength extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidFlags.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidFlags extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidKey.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidKey extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidMessage.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidMessage extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidSalt.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidSalt extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidSignature.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidSignature extends HaliteAlert
{
Expand Down
1 change: 1 addition & 0 deletions src/Alerts/InvalidType.php
View file
Expand Up @@ -9,6 +9,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
* @codeCoverageIgnore
*/
class InvalidType extends HaliteAlert
{
Expand Down
2 changes: 2 additions & 0 deletions src/Cookie.php
View file
Expand Up @@ -35,6 +35,8 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* @codeCoverageIgnore
*/
final class Cookie
{
Expand Down
33 changes: 29 additions & 4 deletions src/File.php
View file
Expand Up @@ -48,6 +48,7 @@ final class File
* Don't allow this to be instantiated.
*
* @throws \Error
* @codeCoverageIgnore
*/
final private function __construct()
{
Expand Down Expand Up @@ -412,8 +413,10 @@ protected static function checksumData(
/** @var int $amount_to_read */
$amount_to_read = ($size - $fileStream->getPos());
} else {
// @codeCoverageIgnoreStart
/** @var int $amount_to_read */
$amount_to_read = (int) $config->BUFFER;
// @codeCoverageIgnoreEnd
}
$read = $fileStream->readBytes($amount_to_read);
\sodium_crypto_generichash_update($state, $read);
Expand All @@ -436,8 +439,6 @@ protected static function checksumData(
}

/**
* Encrypt the contents of a file.
*
* @param ReadOnlyFile $input
* @param MutableFile $output
* @param EncryptionKey $key
Expand All @@ -448,6 +449,7 @@ protected static function checksumData(
* @throws FileError
* @throws FileModified
* @throws InvalidDigestLength
* @throws InvalidKey
* @throws InvalidMessage
* @throws InvalidType
* @throws \TypeError
Expand All @@ -460,12 +462,14 @@ protected static function encryptData(
$config = self::getConfig(Halite::HALITE_VERSION_FILE, 'encrypt');

// Generate a nonce and HKDF salt
// @codeCoverageIgnoreStart
try {
$firstNonce = \random_bytes((int) $config->NONCE_BYTES);
$hkdfSalt = \random_bytes((int) $config->HKDF_SALT_LEN);
} catch (\Throwable $ex) {
throw new CannotPerformOperation($ex->getMessage());
}
// @codeCoverageIgnoreEnd

// Let's split our key
list ($encKey, $authKey) = self::splitKeys($key, $hkdfSalt, $config);
Expand Down Expand Up @@ -518,6 +522,7 @@ protected static function encryptData(
* @throws FileError
* @throws FileModified
* @throws InvalidDigestLength
* @throws InvalidKey
* @throws InvalidMessage
* @throws InvalidType
* @throws \TypeError
Expand Down Expand Up @@ -623,9 +628,11 @@ protected static function sealData(

// Calculate the shared secret key
$sharedSecretKey = AsymmetricCrypto::getSharedSecret($ephSecret, $publicKey, true);
// @codeCoverageIgnoreStart
if (!($sharedSecretKey instanceof EncryptionKey)) {
throw new \TypeError();
throw new \TypeError('Shared secret is the wrong key type.');
}
// @codeCoverageIgnoreEnd

// Destroy the secret key after we have the shared secret
unset($ephSecret);
Expand Down Expand Up @@ -757,9 +764,11 @@ protected static function unsealData(
$ephemeral,
true
);
if (!($key instanceof Key)) {
// @codeCoverageIgnoreStart
if (!($key instanceof EncryptionKey)) {
throw new \TypeError();
}
// @codeCoverageIgnoreEnd
unset($ephemeral);

/**
Expand Down Expand Up @@ -884,9 +893,11 @@ protected static function getConfig(
string $mode = 'encrypt'
): Config {
if (\ord($header[0]) !== 49 || \ord($header[1]) !== 65) {
// @codeCoverageIgnoreStart
throw new InvalidMessage(
'Invalid version tag'
);
// @codeCoverageIgnoreEnd
}
$major = \ord($header[2]);
$minor = \ord($header[3]);
Expand Down Expand Up @@ -944,9 +955,11 @@ protected static function getConfigEncrypt(int $major, int $minor): array
}
}
// If we reach here, we've got an invalid version tag:
// @codeCoverageIgnoreStart
throw new InvalidMessage(
'Invalid version tag'
);
// @codeCoverageIgnoreEnd
}

/**
Expand Down Expand Up @@ -986,9 +999,11 @@ protected static function getConfigSeal(int $major, int $minor): array
];
}
}
// @codeCoverageIgnoreStart
throw new InvalidMessage(
'Invalid version tag'
);
// @codeCoverageIgnoreEnd
}

/**
Expand All @@ -1011,9 +1026,11 @@ protected static function getConfigChecksum(int $major, int $minor): array
];
}
}
// @codeCoverageIgnoreStart
throw new InvalidMessage(
'Invalid version tag'
);
// @codeCoverageIgnoreEnd
}

/**
Expand Down Expand Up @@ -1100,9 +1117,11 @@ final private static function streamEncrypt(

// Check that our input file was not modified before we MAC it
if (!\hash_equals($input->getHash(), $initHash)) {
// @codeCoverageIgnoreStart
throw new FileModified(
'Read-only file has been modified since it was opened for reading'
);
// @codeCoverageIgnoreEnd
}
$written += $output->writeBytes(
\sodium_crypto_generichash_final($mac, (int) $config->MAC_SIZE),
Expand Down Expand Up @@ -1165,18 +1184,22 @@ final private static function streamDecrypt(
$calc = \sodium_crypto_generichash_final($calcMAC, (int) $config->MAC_SIZE);

if (empty($chunk_macs)) {
// @codeCoverageIgnoreStart
// Someone attempted to add a chunk at the end.
throw new InvalidMessage(
'Invalid message authentication code'
);
// @codeCoverageIgnoreEnd
} else {
/** @var string $chunkMAC */
$chunkMAC = \array_shift($chunk_macs);
if (!\hash_equals($chunkMAC, $calc)) {
// This chunk was altered after the original MAC was verified
// @codeCoverageIgnoreStart
throw new InvalidMessage(
'Invalid message authentication code'
);
// @codeCoverageIgnoreEnd
}
}

Expand Down Expand Up @@ -1234,7 +1257,9 @@ final private static function streamVerify(
$break = true;
$read = $input->readBytes($cipher_end - $input->getPos());
} else {
// @codeCoverageIgnoreStart
$read = $input->readBytes((int) $config->BUFFER);
// @codeCoverageIgnoreEnd
}

/**
Expand Down
5 changes: 5 additions & 0 deletions src/Key.php
View file
Expand Up @@ -51,6 +51,7 @@ class Key
* Don't let this ever succeed
*
* @throws CannotCloneKey
* @codeCoverageIgnore
*/
public function __clone()
{
Expand All @@ -72,6 +73,7 @@ public function __construct(HiddenString $keyMaterial)
* Hide this from var_dump(), etc.
*
* @return array
* @codeCoverageIgnore
*/
public function __debugInfo()
{
Expand All @@ -97,6 +99,7 @@ public function __destruct()
/**
* Don't allow this object to ever be serialized
* @throws CannotSerializeKey
* @codeCoverageIgnore
*/
public function __sleep()
{
Expand All @@ -106,6 +109,7 @@ public function __sleep()
/**
* Don't allow this object to ever be unserialized
* @throws CannotSerializeKey
* @codeCoverageIgnore
*/
public function __wakeup()
{
Expand All @@ -116,6 +120,7 @@ public function __wakeup()
* Get public keys
*
* @return string
* @codeCoverageIgnore
*/
public function __toString()
{
Expand Down
3 changes: 3 additions & 0 deletions src/KeyPair.php
View file
Expand Up @@ -39,6 +39,7 @@ class KeyPair
* Hide this from var_dump(), etc.
*
* @return array
* @codeCoverageIgnore
*/
public function __debugInfo()
{
Expand All @@ -52,6 +53,7 @@ public function __debugInfo()
* Get a Key object for the public key
*
* @return PublicKey
* @codeCoverageIgnore
*/
public function getPublicKey()
{
Expand All @@ -62,6 +64,7 @@ public function getPublicKey()
* Get a Key object for the secret key
*
* @return SecretKey
* @codeCoverageIgnore
*/
public function getSecretKey()
{
Expand Down
8 changes: 3 additions & 5 deletions src/SignatureKeyPair.php
View file
Expand Up @@ -42,12 +42,11 @@ final class SignatureKeyPair extends KeyPair

/**
* Pass it a secret key, it will automatically generate a public key
*
*
* @param array<int, Key> $keys
*
* @throws CannotPerformOperation
* @throws InvalidKey
* @throws InvalidType
* @throws \TypeError
*/
public function __construct(Key ...$keys)
{
Expand Down Expand Up @@ -125,8 +124,7 @@ public function __construct(Key ...$keys)
* @param SignatureSecretKey $secret
* @return void
*
* @throws CannotPerformOperation
* @throws InvalidType
* @throws \TypeError
*/
protected function setupKeyPair(SignatureSecretKey $secret): void
{
Expand Down

0 comments on commit 6918862

Please sign in to comment.