Skip to content

Commit

Permalink
Merge pull request #155 from paragonie/v2.x-boyscouting
Browse files Browse the repository at this point in the history
Boyscouting
  • Loading branch information
paragonie-security authored Apr 30, 2022
2 parents cd48535 + aa0be9b commit 2c8c4be
Show file tree
Hide file tree
Showing 10 changed files with 40 additions and 22 deletions.
19 changes: 10 additions & 9 deletions src/Keys/AsymmetricPublicKey.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@
Util
};
use FG\ASN1\Exception\ParserException;
use Mdanter\Ecc\EccFactory;
use ParagonIE\EasyECC\EasyECC;
use ParagonIE\EasyECC\ECDSA\ConstantTimeMath;
use ParagonIE\EasyECC\ECDSA\PublicKey;
use ParagonIE\Paseto\Protocol\{
Version1,
Expand Down Expand Up @@ -148,7 +145,7 @@ public static function v4(string $keyMaterial): self
* @return string
*
* @throws TypeError
* @throws ParserException
* @throws PasetoException
*/
public function encode(): string
{
Expand All @@ -158,11 +155,15 @@ public function encode(): string
} elseif (Binary::safeStrlen($this->key) === 98) {
Base64UrlSafe::encodeUnpadded(Hex::decode($this->key));
}
return Base64UrlSafe::encodeUnpadded(
Hex::decode(
Version3::getPublicKeyCompressed($this->key)
)
);
try {
return Base64UrlSafe::encodeUnpadded(
Hex::decode(
Version3::getPublicKeyCompressed($this->key)
)
);
} catch (ParserException $ex) {
throw new PasetoException("ASN.1 Parser Exception", 0, $ex);
}
}
return Base64UrlSafe::encodeUnpadded($this->key);
}
Expand Down
6 changes: 4 additions & 2 deletions src/Parser.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@
SymmetricKey
};
use ParagonIE\ConstantTime\Binary;
use ParagonIE\Paseto\Parsing\NonExpiringSupport;
use ParagonIE\Paseto\Parsing\PasetoMessage;
use ParagonIE\Paseto\Parsing\{
NonExpiringSupport,
PasetoMessage
};
use ParagonIE\Paseto\Rules\NotExpired;
use ParagonIE\Paseto\Traits\RegisteredClaims;
use function get_class,
Expand Down
6 changes: 6 additions & 0 deletions src/Protocol/Version1.php
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,7 @@ public static function aeadEncrypt(
OPENSSL_RAW_DATA,
Binary::safeSubstr($nonce, 16, 16)
);
Util::wipe($encKey);
if (!is_string($ciphertext)) {
throw new PasetoException(
'Encryption failed.',
Expand All @@ -434,6 +435,7 @@ public static function aeadEncrypt(
$authKey,
true
);
Util::wipe($authKey);

// PASETO Version 1 - Encrypt - Step 9:
return (new PasetoMessage(
Expand Down Expand Up @@ -511,8 +513,11 @@ public static function aeadDecrypt(
$authKey,
true
);
Util::wipe($authKey);

// PASETO Version 1 - Decrypt - Step 8:
if (!hash_equals($calc, $mac)) {
Util::wipe($encKey);
throw new SecurityException(
'Invalid MAC for given ciphertext.',
ExceptionCode::INVALID_MAC
Expand All @@ -528,6 +533,7 @@ public static function aeadDecrypt(
OPENSSL_RAW_DATA,
Binary::safeSubstr($nonce, 16, 16)
);
Util::wipe($encKey);
if (!is_string($plaintext)) {
throw new PasetoException(
'Encryption failed.',
Expand Down
1 change: 1 addition & 0 deletions src/Protocol/Version3.php
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,7 @@ public static function aeadDecrypt(

// PASETO Version 3 - Decrypt - Step 8:
if (!hash_equals($calc, $mac)) {
Util::wipe($encKey);
throw new SecurityException(
'Invalid MAC for given ciphertext.',
ExceptionCode::INVALID_MAC
Expand Down
4 changes: 3 additions & 1 deletion src/Protocol/Version4.php
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,7 @@ public static function aeadEncrypt(
$nonce2,
$encKey
);
Util::wipe($encKey);
if (!is_string($ciphertext)) {
throw new PasetoException(
'Encryption failed.',
Expand All @@ -416,7 +417,6 @@ public static function aeadEncrypt(
Util::preAuthEncode($header, $nonce, $ciphertext, $footer, $implicit),
$authKey
);
Util::wipe($encKey);
Util::wipe($authKey);

// PASETO Version 4 - Encrypt - Step 8:
Expand Down Expand Up @@ -496,6 +496,7 @@ public static function aeadDecrypt(
Util::preAuthEncode($header, $nonce, $ciphertext, $footer, $implicit),
$authKey
);
Util::wipe($authKey);
// PASETO Version 4 - Decrypt - Step 8:
if (!hash_equals($calc, $mac)) {
throw new SecurityException(
Expand All @@ -511,6 +512,7 @@ public static function aeadDecrypt(
$nonce2,
$encKey
);
Util::wipe($encKey);
if (!is_string($plaintext)) {
throw new PasetoException(
'Encryption failed.',
Expand Down
4 changes: 2 additions & 2 deletions src/Purpose.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,15 +106,15 @@ final class Purpose
*
* @var array<string, string>
*/
private static $sendingKeyToPurpose;
private static $sendingKeyToPurpose = [];

/**
* Inverse of EXPECTED_RECEIVING_KEYS, evaluated and statically cached at
* runtime.
*
* @var array<string, string>
*/
private static $receivingKeyToPurpose;
private static $receivingKeyToPurpose = [];

/**
* @var string
Expand Down
6 changes: 4 additions & 2 deletions src/ReceivingKeyRing.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@
declare(strict_types=1);
namespace ParagonIE\Paseto;

use ParagonIE\Paseto\Exception\InvalidKeyException;
use ParagonIE\Paseto\Exception\PasetoException;
use ParagonIE\Paseto\Exception\{
InvalidKeyException,
PasetoException
};
use ParagonIE\Paseto\Traits\MultiKeyTrait;

class ReceivingKeyRing implements KeyRingInterface, ReceivingKey
Expand Down
2 changes: 1 addition & 1 deletion src/Rules/ForAudience.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class ForAudience implements ValidationRuleInterface
/** @var string $failure */
protected $failure = 'OK';

/** @var string $issuer */
/** @var string $audience */
protected $audience;

/**
Expand Down
12 changes: 8 additions & 4 deletions src/SendingKeyRing.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@
namespace ParagonIE\Paseto;

use Exception;
use ParagonIE\Paseto\Exception\InvalidKeyException;
use ParagonIE\Paseto\Exception\PasetoException;
use ParagonIE\Paseto\Keys\AsymmetricSecretKey;
use ParagonIE\Paseto\Keys\SymmetricKey;
use ParagonIE\Paseto\Exception\{
InvalidKeyException,
PasetoException
};
use ParagonIE\Paseto\Keys\{
AsymmetricSecretKey,
SymmetricKey
};
use ParagonIE\Paseto\Traits\MultiKeyTrait;

class SendingKeyRing implements KeyRingInterface, SendingKey
Expand Down
2 changes: 1 addition & 1 deletion src/Util.php
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ public static function HKDF(
}

$digest_length = Binary::safeStrlen(
hash_hmac($hash, '', '', true)
hash($hash, '', true)
);

// Sanity-check the desired output length.
Expand Down

0 comments on commit 2c8c4be

Please sign in to comment.