v2.0.remove-unnecessary-inheritance.0

.travis.yml

@@ -9,7 +9,5 @@ sudo: false
 
 matrix:
     fast_finish: true
-    allow_failures:
-      - php: "7.0"
 
 script: ./test.sh

README.md

@@ -8,9 +8,8 @@ This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or new
 Implementation
 --------------
 
-Messages are encrypted with AES-128 in CBC mode and are authenticated with
-HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
-a multiple of the block size. HKDF is used to split the user-provided key into
+Messages are encrypted with AES-128 in CTR mode and are authenticated with
+HMAC-SHA256 (Encrypt-then-Mac). HKDF is used to split the user-provided key into
 two keys: one for encryption, and the other for authentication. It is
 implemented using the `openssl_` and `hash_hmac` functions.
 

autoload.php

@@ -34,5 +34,3 @@
         require $file;
     }
 });
-
-$crypto_exception_handler_object_dont_touch_me = new \Defuse\Crypto\ExceptionHandler;

doc/02-Crypto.php.md

@@ -3,8 +3,8 @@ Symmetric Key Encryption
 
 At a glance:
 
-* **Cipher and Mode**: `AES-128-CBC`
-* **Padding**: `PKCS#7`
+* **Cipher and Mode**: `AES-256-CTR`
+* **Padding**: None (CTR mode doesn't pad)
 * **Authentication**: `HMAC-SHA-256`
 * **Construction**: `Encrypt then MAC`
 * **Algorithm Backend**: `ext/openssl`
@@ -37,9 +37,9 @@ try {
     //     \Defuse\Crypto\Crypto\binToHex()
     //     \Defuse\Crypto\Crypto\hexToBin()
     //
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely create a key');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely create a key');
 }
 ```
@@ -51,9 +51,9 @@ Encrypting a Message
 $message = 'ATTACK AT DAWN';
 try {
     $ciphertext = \Defuse\Crypto\Crypto::Encrypt($message, $key);
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform encryption');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform encryption');
 }
 ```
@@ -64,16 +64,16 @@ Decrypting a Message
 ```php
 try {
     $decrypted = self::Decrypt($ciphertext, $key);
-} catch (\Defuse\Crypto\Exception\InvalidCiphertext $ex) { // VERY IMPORTANT
+} catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) { // VERY IMPORTANT
     // Either:
     //   1. The ciphertext was modified by the attacker,
     //   2. The key is wrong, or
     //   3. $ciphertext is not a valid ciphertext or was corrupted.
     // Assume the worst.
     die('DANGER! DANGER! The ciphertext has been tampered with!');
-} catch (CryptoTestFailedException $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform decryption');
-} catch (CannotPerformOperationException $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform decryption');
 }
 ```
@@ -86,16 +86,16 @@ Decrypting a Message Encrypted with version 1 of this Library
 ```php
 try {
     $decrypted = self::legacyDecrypt($ciphertext, $key);
-} catch (\Defuse\Crypto\Exception\InvalidCiphertext $ex) { // VERY IMPORTANT
+} catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) { // VERY IMPORTANT
     // Either:
     //   1. The ciphertext was modified by the attacker,
     //   2. The key is wrong, or
     //   3. $ciphertext is not a valid ciphertext or was corrupted.
     // Assume the worst.
     die('DANGER! DANGER! The ciphertext has been tampered with!');
-} catch (CryptoTestFailedException $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform decryption');
-} catch (CannotPerformOperationException $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform decryption');
 }
-```
+```

doc/03-File.php.md

@@ -3,7 +3,7 @@ Symmetric Key File Encryption
 
 At a glance:
 
-* **Cipher and Mode**: `AES-128-CTR`
+* **Cipher and Mode**: `AES-256-CTR`
 * **Padding**: None (CTR mode doesn't pad)
 * **Authentication**: `HMAC-SHA-256`
 * **Construction**: `Encrypt then MAC`
@@ -37,9 +37,9 @@ try {
     //     \Defuse\Crypto\File\binToHex()
     //     \Defuse\Crypto\File\hexToBin()
     //
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely create a key');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely create a key');
 }
 ```
@@ -62,9 +62,9 @@ try {
         $outputFilename,
         $key
     );
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform encryption');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform encryption');
 }
 ```
@@ -87,9 +87,9 @@ try {
         $outputFilename,
         $key
     );
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform decryption');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform decryption');
 }
 ```
@@ -108,9 +108,9 @@ $oFile = \fopen('image2.enc.jpg', 'wb');
 
 try {
     \Defuse\Crypto\File::encryptResource($iFile, $oFile, $key);
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform encryption');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform encryption');
 }
 ```
@@ -129,9 +129,9 @@ $oFile = \fopen('image2.dec.jpg', 'wb');
 
 try {
     \Defuse\Crypto\File::decryptResource($iFile, $oFile, $key);
-} catch (\Defuse\Crypto\Exception\CryptoTestFailed $ex) {
+} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
     die('Cannot safely perform decryption');
-} catch (\Defuse\Crypto\Exception\CannotPerformOperation $ex) {
+} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
     die('Cannot safely perform decryption');
 }
-```
+```

benchmark.php → other/benchmark.php

@@ -1,7 +1,7 @@
 <?php
 use \Defuse\Crypto\Crypto;
 
-require_once'autoload.php';
+require_once 'autoload.php';
 
 function showResults($type, $start, $end, $count)
 {

src/Config.php

@@ -0,0 +1,149 @@
+<?php
+namespace Defuse\Crypto;
+
+use \Defuse\Crypto\Exception as Ex;
+use \Defuse\Crypto\Core;
+
+class Config
+{
+    private $cipher_method;
+    private $block_byte_size;
+    private $key_byte_size;
+    private $salt_byte_size;
+    private $mac_byte_size;
+    private $hash_function_name;
+    private $encryption_info_string;
+    private $authentication_info_string;
+
+    public function __construct($config_array)
+    {
+        $expected_keys = array(
+            "cipher_method",
+            "block_byte_size",
+            "key_byte_size",
+            "salt_byte_size",
+            "mac_byte_size",
+            "hash_function_name",
+            "encryption_info_string",
+            "authentication_info_string"
+        );
+        if (sort($expected_keys) !== true) {
+            throw Ex\CannotPerformOperationException(
+                "sort() failed."
+            );
+        }
+
+        $actual_keys = array_keys($config_array);
+        if (sort($actual_keys) !== true) {
+            throw Ex\CannotPerformOperationException(
+                "sort() failed."
+            );
+        }
+
+        if ($expected_keys !== $actual_keys) {
+            throw new Ex\CannotPerformOperationException(
+                "Trying to instantiate a bad configuration."
+            );
+        }
+
+        $this->cipher_method = $config_array["cipher_method"];
+        $this->block_byte_size = $config_array["block_byte_size"];
+        $this->key_byte_size = $config_array["key_byte_size"];
+        $this->salt_byte_size = $config_array["salt_byte_size"];
+        $this->mac_byte_size = $config_array["mac_byte_size"];
+        $this->hash_function_name = $config_array["hash_function_name"];
+        $this->encryption_info_string = $config_array["encryption_info_string"];
+        $this->authentication_info_string = $config_array["authentication_info_string"];
+
+        Core::ensureFunctionExists('openssl_get_cipher_methods');
+        if (\in_array($this->cipher_method, \openssl_get_cipher_methods()) === false) {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid OpenSSL cipher method."
+            );
+        }
+
+        if (!\is_int($this->block_byte_size) || $this->block_byte_size <= 0) {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid block byte size."
+            );
+        }
+
+        if (!\is_int($this->key_byte_size) || $this->key_byte_size <= 0) {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid key byte size."
+            );
+        }
+
+        if ($this->salt_byte_size !== false) {
+            if (!is_int($this->salt_byte_size) || $this->salt_byte_size <= 0) {
+                throw new Ex\CannotPerformOperationException(
+                    "Configuration contains an invalid salt byte size."
+                );
+            }
+        }
+
+        if (!\is_int($this->mac_byte_size) || $this->mac_byte_size <= 0) {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid MAC byte size."
+            );
+        }
+
+        if (\in_array($this->hash_function_name, \hash_algos()) === false) {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid hash function name."
+            );
+        }
+
+        if (!\is_string($this->encryption_info_string) || $this->encryption_info_string === "") {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid encryption info string."
+            );
+        }
+
+        if (!\is_string($this->authentication_info_string) || $this->authentication_info_string === "") {
+            throw new Ex\CannotPerformOperationException(
+                "Configuration contains an invalid authentication info string."
+            );
+        }
+    }
+
+    public function cipherMethod()
+    {
+        return $this->cipher_method;
+    }
+
+    public function blockByteSize()
+    {
+        return $this->block_byte_size;
+    }
+
+    public function keyByteSize()
+    {
+        return $this->key_byte_size;
+    }
+
+    public function saltByteSize()
+    {
+        return $this->salt_byte_size;
+    }
+
+    public function macByteSize()
+    {
+        return $this->mac_byte_size;
+    }
+
+    public function hashFunctionName()
+    {
+        return $this->hash_function_name;
+    }
+
+    public function encryptionInfoString()
+    {
+        return $this->encryption_info_string;
+    }
+
+    public function authenticationInfoString()
+    {
+        return $this->authentication_info_string;
+    }
+}