WIP

ghola · Jan 26, 2016 · 7a58b62 · 7a58b62
1 parent 7cd5dd0
commit 7a58b62
Show file tree

Hide file tree

Showing 76 changed files with 2,834 additions and 2,144 deletions.
diff --git a/composer.json b/composer.json
@@ -30,19 +30,20 @@
         "spomky-labs/base64url": "^1.0",
         "spomky-labs/pbkdf2": "^1.0",
         "spomky-labs/aes-key-wrap": "^2.0",
-        "mdanter/ecc": "0.3",
         "phpseclib/phpseclib": "^2.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^4.5|^5.0",
-        "satooshi/php-coveralls": "^1.0"
+        "satooshi/php-coveralls": "^1.0",
+        "mdanter/ecc": "0.3"
     },
    "suggest":{
-        "ext-crypto": "Required to use AES GCM based algorithms."
+        "ext-crypto": "Required to use AES GCM based algorithms.",
+        "mdanter/ecc": "Required to use ECC based algorithms (use v0.3 only)."
    },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.0.x-dev"
+            "dev-master": "2.0.x-dev"
         }
     }
 }
diff --git a/src/Algorithm/ContentEncryption/AESCBCHS.php b/src/Algorithm/ContentEncryption/AESCBCHS.php
@@ -11,17 +11,19 @@
 
 namespace Jose\Algorithm\ContentEncryption;
 
+use Jose\Algorithm\ContentEncryptionAlgorithmInterface;
+use Jose\Util\StringUtil;
 /**
  *
  */
-abstract class AESCBCHS implements ContentEncryptionInterface
+abstract class AESCBCHS implements ContentEncryptionAlgorithmInterface
 {
     /**
      * {@inheritdoc}
      */
     public function encryptContent($data, $cek, $iv, $aad, $encoded_protected_header, &$tag)
     {
-        $k = substr($cek, strlen($cek) / 2);
+        $k =  StringUtil::substr($cek,  StringUtil::strlen($cek) / 2);
 
         $cyphertext = AESOpenSSL::encrypt($data, $k, $iv);
 
@@ -47,7 +49,7 @@ public function decryptContent($data, $cek, $iv, $aad, $encoded_protected_header
             return;
         }
 
-        $k = substr($cek, strlen($cek) / 2);
+        $k =  StringUtil::substr($cek, StringUtil::strlen($cek) / 2);
 
         return AESOpenSSL::decrypt($data, $k, $iv);
     }
@@ -67,8 +69,8 @@ protected function calculateAuthenticationTag($encrypted_data, $cek, $iv, $aad,
         if (null !== $aad) {
             $calculated_aad .= '.'.$aad;
         }
-        $mac_key = substr($cek, 0, strlen($cek) / 2);
-        $auth_data_length = strlen($encoded_header);
+        $mac_key =  StringUtil::substr($cek, 0,  StringUtil::strlen($cek) / 2);
+        $auth_data_length =  StringUtil::strlen($encoded_header);
 
         $secured_input = implode('', [
             $calculated_aad,
@@ -78,7 +80,7 @@ protected function calculateAuthenticationTag($encrypted_data, $cek, $iv, $aad,
         ]);
         $hash = hash_hmac($this->getHashAlgorithm(), $secured_input, $mac_key, true);
 
-        return substr($hash, 0, strlen($hash) / 2);
+        return  StringUtil::substr($hash, 0,  StringUtil::strlen($hash) / 2);
     }
 
     /**

diff --git a/src/Algorithm/ContentEncryption/AESGCM.php b/src/Algorithm/ContentEncryption/AESGCM.php
@@ -12,11 +12,12 @@
 namespace Jose\Algorithm\ContentEncryption;
 
 use Crypto\Cipher;
+use Jose\Algorithm\ContentEncryptionAlgorithmInterface;
 
 /**
  *
  */
-abstract class AESGCM implements ContentEncryptionInterface
+abstract class AESGCM implements ContentEncryptionAlgorithmInterface
 {
     /**
      * {@inheritdoc}

diff --git a/src/Algorithm/ContentEncryption/AESOpenSSL.php b/src/Algorithm/ContentEncryption/AESOpenSSL.php
@@ -10,23 +10,43 @@
  */
 
 namespace Jose\Algorithm\ContentEncryption;
+use Jose\Util\StringUtil;
 
 /**
  */
 final class AESOpenSSL implements AESInterface
 {
+    /**
+     * @param string $data
+     * @param string $k
+     * @param string $iv
+     *
+     * @return string
+     */
     public static function encrypt($data, $k, $iv)
     {
         return openssl_encrypt($data, self::getMode($k), $k, OPENSSL_RAW_DATA, $iv);
     }
 
+    /**
+     * @param string $data
+     * @param string $k
+     * @param string $iv
+     *
+     * @return string
+     */
     public static function decrypt($data, $k, $iv)
     {
         return openssl_decrypt($data, self::getMode($k), $k, OPENSSL_RAW_DATA, $iv);
     }
 
+    /**
+     * @param string $k
+     *
+     * @return string
+     */
     private static function getMode($k)
     {
-        return 'aes-'.(8 * strlen($k)).'-cbc';
+        return 'aes-'.(8 *  StringUtil::strlen($k)).'-cbc';
     }
 }
diff --git a/...Encryption/ContentEncryptionInterface.php → ...m/ContentEncryptionAlgorithmInterface.php b/...Encryption/ContentEncryptionInterface.php → ...m/ContentEncryptionAlgorithmInterface.php
@@ -9,11 +9,9 @@
  * of the MIT license.  See the LICENSE file for details.
  */
 
-namespace Jose\Algorithm\ContentEncryption;
+namespace Jose\Algorithm;
 
-use Jose\Algorithm\EncryptionInterface;
-
-interface ContentEncryptionInterface extends EncryptionInterface
+interface ContentEncryptionAlgorithmInterface extends JWAInterface
 {
     /**
      * Encrypt data.

diff --git a/src/Algorithm/EncryptionInterface.php b/src/Algorithm/EncryptionInterface.php
diff --git a/src/Algorithm/KeyEncryption/AESGCMKW.php b/src/Algorithm/KeyEncryption/AESGCMKW.php
@@ -68,7 +68,7 @@ public function decryptKey(JWKInterface $key, $encryted_cek, array $header)
      */
     protected function checkKey(JWKInterface $key)
     {
-        if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) {
+        if ('oct' !== $key->get('kty') || !$key->has('k')) {
             throw new \InvalidArgumentException('The key is not valid');
         }
     }

diff --git a/src/Algorithm/KeyEncryption/AESKW.php b/src/Algorithm/KeyEncryption/AESKW.php
@@ -13,11 +13,12 @@
 
 use Base64Url\Base64Url;
 use Jose\Object\JWKInterface;
+use Jose\Util\StringUtil;
 
 /**
  * Class AESKW.
  */
-abstract class AESKW implements KeyEncryptionInterface
+abstract class AESKW implements KeyWrappingInterface
 {
     /**
      * @param \Jose\Object\JWKInterface $key
@@ -26,7 +27,7 @@ abstract class AESKW implements KeyEncryptionInterface
      *
      * @return mixed
      */
-    public function encryptKey(JWKInterface $key, $cek, array &$header)
+    public function wrapKey(JWKInterface $key, $cek, array &$header)
     {
         $this->checkKey($key);
         $wrapper = $this->getWrapper();
@@ -41,23 +42,31 @@ public function encryptKey(JWKInterface $key, $cek, array &$header)
      *
      * @return mixed
      */
-    public function decryptKey(JWKInterface $key, $encryted_cek, array $header)
+    public function unwrapKey(JWKInterface $key, $encryted_cek, array $header)
     {
         $this->checkKey($key);
         $wrapper = $this->getWrapper();
 
         return $wrapper->unwrap(Base64Url::decode($key->get('k')), $encryted_cek);
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function getKeyManagementMode()
+    {
+        return self::MODE_WRAP;
+    }
+
     /**
      * @param \Jose\Object\JWKInterface $key
      */
     protected function checkKey(JWKInterface $key)
     {
-        if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) {
+        if ('oct' !== $key->get('kty') || !$key->has('k')) {
             throw new \InvalidArgumentException('The key is not valid');
         }
-        if ($this->getKeySize() !== strlen(Base64Url::decode($key->get('k')))) {
+        if ($this->getKeySize() !==  StringUtil::strlen(Base64Url::decode($key->get('k')))) {
             throw new \InvalidArgumentException('The key size is not valid');
         }
     }

diff --git a/src/Algorithm/KeyEncryption/Dir.php b/src/Algorithm/KeyEncryption/Dir.php
@@ -19,9 +19,9 @@ final class Dir implements DirectEncryptionInterface
     /**
      * {@inheritdoc}
      */
-    public function getCEK(JWKInterface $key, array $header)
+    public function getCEK(JWKInterface $key)
     {
-        if (!$key->has('kty') || 'dir' !== $key->get('kty') || !$key->has('dir')) {
+        if ('dir' !== $key->get('kty') || !$key->has('dir')) {
             throw new \InvalidArgumentException('The key is not valid');
         }
 
@@ -35,4 +35,12 @@ public function getAlgorithmName()
     {
         return 'dir';
     }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getKeyManagementMode()
+    {
+        return self::MODE_DIRECT;
+    }
 }
diff --git a/src/Algorithm/KeyEncryption/DirectEncryptionInterface.php b/src/Algorithm/KeyEncryption/DirectEncryptionInterface.php
@@ -11,21 +11,20 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use Jose\Algorithm\EncryptionInterface;
+use Jose\Algorithm\KeyEncryptionAlgorithmInterface;
 use Jose\Object\JWKInterface;
 
 /**
  *
  */
-interface DirectEncryptionInterface extends EncryptionInterface
+interface DirectEncryptionInterface extends KeyEncryptionAlgorithmInterface
 {
     /**
      * @param \Jose\Object\JWKInterface $key    The key used to get the CEK
-     * @param array                     $header The complete header of the JWT
      *
      * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation
      *
      * @return string The CEK
      */
-    public function getCEK(JWKInterface $key, array $header);
+    public function getCEK(JWKInterface $key);
 }
diff --git a/src/Algorithm/KeyEncryption/ECDHES.php b/src/Algorithm/KeyEncryption/ECDHES.php
@@ -101,6 +101,14 @@ public function getAlgorithmName()
         return 'ECDH-ES';
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function getKeyManagementMode()
+    {
+        return self::MODE_AGREEMENT;
+    }
+
     /**
      * @param array $complete_header
      *
@@ -126,7 +134,7 @@ private function getPublicKey(array $complete_header)
      */
     private function checkKey(JWKInterface $key, $is_private)
     {
-        if (!$key->has('kty') || 'EC' !== $key->get('kty')) {
+        if ('EC' !== $key->get('kty')) {
             throw new \InvalidArgumentException('The key type must be "EC"');
         }
         if (!$key->has('x') || !$key->has('y') || !$key->has('crv')) {

diff --git a/src/Algorithm/KeyEncryption/ECDHESAESKW.php b/src/Algorithm/KeyEncryption/ECDHESAESKW.php
@@ -44,6 +44,14 @@ public function unwrapAgreementKey(JWKInterface $receiver_key, $encrypted_cek, $
         return $wrapper->unwrap($agreement_key, $encrypted_cek);
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function getKeyManagementMode()
+    {
+        return self::MODE_WRAP;
+    }
+
     /**
      * @return \AESKW\A128KW|\AESKW\A192KW|\AESKW\A256KW
      */

diff --git a/src/Algorithm/KeyEncryption/KeyAgreementInterface.php b/src/Algorithm/KeyEncryption/KeyAgreementInterface.php
@@ -11,13 +11,13 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use Jose\Algorithm\EncryptionInterface;
+use Jose\Algorithm\KeyEncryptionAlgorithmInterface;
 use Jose\Object\JWKInterface;
 
 /**
  *
  */
-interface KeyAgreementInterface extends EncryptionInterface
+interface KeyAgreementInterface extends KeyEncryptionAlgorithmInterface
 {
     /**
      * @param int                       $encryption_key_length    Size of the key expected for the algorithm used for data encryption

diff --git a/src/Algorithm/KeyEncryption/KeyAgreementWrappingInterface.php b/src/Algorithm/KeyEncryption/KeyAgreementWrappingInterface.php
@@ -11,13 +11,13 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use Jose\Algorithm\EncryptionInterface;
+use Jose\Algorithm\KeyEncryptionAlgorithmInterface;
 use Jose\Object\JWKInterface;
 
 /**
  *
  */
-interface KeyAgreementWrappingInterface extends EncryptionInterface
+interface KeyAgreementWrappingInterface extends KeyEncryptionAlgorithmInterface
 {
     /**
      * Wrap the agreement key.

diff --git a/src/Algorithm/KeyEncryption/KeyEncryptionInterface.php b/src/Algorithm/KeyEncryption/KeyEncryptionInterface.php
@@ -11,13 +11,13 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use Jose\Algorithm\EncryptionInterface;
+use Jose\Algorithm\KeyEncryptionAlgorithmInterface;
 use Jose\Object\JWKInterface;
 
 /**
  *
  */
-interface KeyEncryptionInterface extends EncryptionInterface
+interface KeyEncryptionInterface extends KeyEncryptionAlgorithmInterface
 {
     /**
      * Encrypt the CEK.