diff --git a/autoload.php b/autoload.php index 2816214..9e4ba41 100644 --- a/autoload.php +++ b/autoload.php @@ -35,3 +35,5 @@ require $file; } }); + +require_once __DIR__ . '/vendor/autoload.php'; diff --git a/composer.json b/composer.json index d587853..de126c8 100644 --- a/composer.json +++ b/composer.json @@ -29,8 +29,8 @@ }, "require": { "defuse/php-encryption": "^2.0", - "paragonie/random_compat": "^1.2", - "paragonie/constant_time_encoding": "^0.3" + "paragonie/random_compat": "^1|^2", + "paragonie/constant_time_encoding": "^1|^2" }, "require-dev": { "defuse/php-encryption": "^2.0" diff --git a/src/PasswordLock.php b/src/PasswordLock.php index 7e5fdb2..d1d9f61 100644 --- a/src/PasswordLock.php +++ b/src/PasswordLock.php @@ -4,6 +4,7 @@ use \Defuse\Crypto\Crypto; use \Defuse\Crypto\Key; use \ParagonIE\ConstantTime\Base64; +use \ParagonIE\ConstantTime\Binary; class PasswordLock { @@ -14,6 +15,7 @@ class PasswordLock * @param string $password * @param Key $aesKey * @return string + * @throws \Exception */ public static function hashAndEncrypt($password, Key $aesKey) { @@ -40,7 +42,9 @@ public static function hashAndEncrypt($password, Key $aesKey) * @param string $password * @param string $ciphertext * @param string $aesKey - must be exactly 16 bytes - * @return boolean + * @return bool + * @throws \Exception + * @throws \InvalidArgumentException */ public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey) { @@ -49,7 +53,7 @@ public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey) 'Password must be a string.' ); } - if (self::safeStrlen($aesKey) !== 16) { + if (Binary::safeStrlen($aesKey) !== 16) { throw new \Exception("Encryption keys must be 16 bytes long"); } $hash = Crypto::legacyDecrypt( @@ -71,7 +75,9 @@ public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey) * @param string $password * @param string $ciphertext * @param Key $aesKey - * @return boolean + * @return bool + * @throws \Exception + * @throws \InvalidArgumentException */ public static function decryptAndVerify($password, $ciphertext, Key $aesKey) { @@ -85,9 +91,6 @@ public static function decryptAndVerify($password, $ciphertext, Key $aesKey) 'Ciphertext must be a string.' ); } - if (self::safeStrlen($aesKey) !== 32) { - throw new \Exception("Encryption keys must be 32 bytes long"); - } $hash = Crypto::decrypt( $ciphertext, $aesKey @@ -119,9 +122,10 @@ public static function rotateKey($ciphertext, Key $oldKey, Key $newKey) * * @param string $password * @param string $ciphertext - * @param sring $oldKey + * @param string $oldKey * @param Key $newKey * @return string + * @throws \Exception */ public static function upgradeFromVersion1( $password, @@ -135,24 +139,6 @@ public static function upgradeFromVersion1( ); } $plaintext = Crypto::legacyDecrypt($ciphertext, $oldKey); - return self::hashAndEncrypt($password, $newKey); - } - - /** - * Don't count characters, count the number of bytes - * - * @param string - * @return int - */ - protected static function safeStrlen($str) - { - static $exists = null; - if ($exists === null) { - $exists = \function_exists('\\mb_strlen'); - } - if ($exists) { - return \mb_strlen($str, '8bit'); - } - return \strlen($str); + return self::hashAndEncrypt($plaintext, $newKey); } } diff --git a/tests/PasswordLockTest.php b/tests/PasswordLockTest.php index 32fa135..b03fdea 100644 --- a/tests/PasswordLockTest.php +++ b/tests/PasswordLockTest.php @@ -8,9 +8,8 @@ class PasswordLockTest extends PHPUnit_Framework_TestCase { public function testHash() { - $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString( - \hex2bin('0102030405060708090a0b0c0d0e0f10') - ); + $key = \Defuse\Crypto\Key::createNewRandomKey(); + $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key); $this->assertTrue( @@ -23,13 +22,11 @@ public function testHash() } /** - * @expectedException \Defuse\Crypto\Exception\InvalidCiphertext + * @expectedException \Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException */ public function testBitflip() { - $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString( - \hex2bin('0102030405060708090a0b0c0d0e0f10') - ); + $key = \Defuse\Crypto\Key::createNewRandomKey(); $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key); $password[0] = (\ord($password[0]) === 0 ? 255 : 0);