Preparation 3.0 (#323)

* Preparation 3.0
* Update with ECS and Rector
* Bugs fixed

Author: Spomky

RSA.php

@@ -2,15 +2,6 @@
 
 declare(strict_types=1);
 
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2020 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
-
 namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
 
 use function in_array;
@@ -34,13 +25,10 @@ public function encryptKey(JWK $key, string $cek, array $completeHeader, array &
         return RSACrypt::encrypt($pub, $cek, $this->getEncryptionMode(), $this->getHashAlgorithm());
     }
 
-    /**
-     * @throws InvalidArgumentException if the key is not private
-     */
     public function decryptKey(JWK $key, string $encrypted_cek, array $header): string
     {
         $this->checkKey($key);
-        if (!$key->has('d')) {
+        if (! $key->has('d')) {
             throw new InvalidArgumentException('The key is not a private key');
         }
         $priv = RSAKey::createFromJWK($key);
@@ -53,12 +41,9 @@ public function getKeyManagementMode(): string
         return self::MODE_ENCRYPT;
     }
 
-    /**
-     * @throws InvalidArgumentException if the key type is not allowed
-     */
     protected function checkKey(JWK $key): void
     {
-        if (!in_array($key->get('kty'), $this->allowedKeyTypes(), true)) {
+        if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) {
             throw new InvalidArgumentException('Wrong key type.');
         }
     }

RSA15.php

@@ -2,15 +2,6 @@
 
 declare(strict_types=1);
 
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2020 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
-
 namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
 
 use Jose\Component\Encryption\Algorithm\KeyEncryption\Util\RSACrypt;

RSAOAEP.php

@@ -2,15 +2,6 @@
 
 declare(strict_types=1);
 
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2020 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
-
 namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
 
 use Jose\Component\Encryption\Algorithm\KeyEncryption\Util\RSACrypt;

RSAOAEP256.php

@@ -2,15 +2,6 @@
 
 declare(strict_types=1);
 
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2020 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
-
 namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
 
 use Jose\Component\Encryption\Algorithm\KeyEncryption\Util\RSACrypt;

Util/RSACrypt.php

@@ -2,31 +2,22 @@
 
 declare(strict_types=1);
 
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2020 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
-
 namespace Jose\Component\Encryption\Algorithm\KeyEncryption\Util;
 
 use function chr;
 use function count;
 use InvalidArgumentException;
-use function is_array;
 use Jose\Component\Core\Util\BigInteger;
 use Jose\Component\Core\Util\Hash;
 use Jose\Component\Core\Util\RSAKey;
 use function ord;
 use RuntimeException;
+use const STR_PAD_LEFT;
 
 /**
  * @internal
  */
-class RSACrypt
+final class RSACrypt
 {
     /**
      * Optimal Asymmetric Encryption Padding (OAEP).
@@ -40,30 +31,20 @@ class RSACrypt
 
     public static function encrypt(RSAKey $key, string $data, int $mode, ?string $hash = null): string
     {
-        switch ($mode) {
-            case self::ENCRYPTION_OAEP:
-                return self::encryptWithRSAOAEP($key, $data, $hash);
-
-            case self::ENCRYPTION_PKCS1:
-                return self::encryptWithRSA15($key, $data);
-
-            default:
-                throw new InvalidArgumentException('Unsupported mode.');
-        }
+        return match ($mode) {
+            self::ENCRYPTION_OAEP => self::encryptWithRSAOAEP($key, $data, $hash),
+            self::ENCRYPTION_PKCS1 => self::encryptWithRSA15($key, $data),
+            default => throw new InvalidArgumentException('Unsupported mode.'),
+        };
     }
 
     public static function decrypt(RSAKey $key, string $plaintext, int $mode, ?string $hash = null): string
     {
-        switch ($mode) {
-            case self::ENCRYPTION_OAEP:
-                return self::decryptWithRSAOAEP($key, $plaintext, $hash);
-
-            case self::ENCRYPTION_PKCS1:
-                return self::decryptWithRSA15($key, $plaintext);
-
-            default:
-                throw new InvalidArgumentException('Unsupported mode.');
-        }
+        return match ($mode) {
+            self::ENCRYPTION_OAEP => self::decryptWithRSAOAEP($key, $plaintext, $hash),
+            self::ENCRYPTION_PKCS1 => self::decryptWithRSA15($key, $plaintext),
+            default => throw new InvalidArgumentException('Unsupported mode.'),
+        };
     }
 
     public static function encryptWithRSA15(RSAKey $key, string $data): string
@@ -81,7 +62,7 @@ public static function encryptWithRSA15(RSAKey $key, string $data): string
             $ps .= $temp;
         }
         $type = 2;
-        $data = chr(0).chr($type).$ps.chr(0).$data;
+        $data = chr(0) . chr($type) . $ps . chr(0) . $data;
 
         $data = BigInteger::createFromBinaryString($data);
         $c = self::getRSAEP($key, $data);
@@ -97,7 +78,7 @@ public static function decryptWithRSA15(RSAKey $key, string $c): string
         $c = BigInteger::createFromBinaryString($c);
         $m = self::getRSADP($key, $c);
         $em = self::convertIntegerToOctetString($m, $key->getModulusLength());
-        if (0 !== ord($em[0]) || ord($em[1]) > 2) {
+        if (ord($em[0]) !== 0 || ord($em[1]) > 2) {
             throw new InvalidArgumentException('Unable to decrypt');
         }
         $ps = mb_substr($em, 2, (int) mb_strpos($em, chr(0), 2, '8bit') - 2, '8bit');
@@ -117,15 +98,12 @@ public static function encryptWithRSAOAEP(RSAKey $key, string $plaintext, string
         /** @var Hash $hash */
         $hash = Hash::$hash_algorithm();
         $length = $key->getModulusLength() - 2 * $hash->getLength() - 2;
-        if (0 >= $length) {
+        if ($length <= 0) {
             throw new RuntimeException();
         }
-        $plaintext = mb_str_split($plaintext, $length, '8bit');
-        if (!is_array($plaintext)) {
-            throw new RuntimeException('Invalid payload');
-        }
+        $splitPlaintext = mb_str_split($plaintext, $length, '8bit');
         $ciphertext = '';
-        foreach ($plaintext as $m) {
+        foreach ($splitPlaintext as $m) {
             $ciphertext .= self::encryptRSAESOAEP($key, $m, $hash);
         }
 
@@ -137,17 +115,19 @@ public static function encryptWithRSAOAEP(RSAKey $key, string $plaintext, string
      */
     public static function decryptWithRSAOAEP(RSAKey $key, string $ciphertext, string $hash_algorithm): string
     {
-        if (0 >= $key->getModulusLength()) {
+        if ($key->getModulusLength() <= 0) {
             throw new RuntimeException('Invalid modulus length');
         }
         $hash = Hash::$hash_algorithm();
-        $ciphertext = mb_str_split($ciphertext, $key->getModulusLength(), '8bit');
-        if (!is_array($ciphertext)) {
-            throw new RuntimeException('Invalid ciphertext');
-        }
-        $ciphertext[count($ciphertext) - 1] = str_pad($ciphertext[count($ciphertext) - 1], $key->getModulusLength(), chr(0), STR_PAD_LEFT);
+        $splitCiphertext = mb_str_split($ciphertext, $key->getModulusLength(), '8bit');
+        $splitCiphertext[count($splitCiphertext) - 1] = str_pad(
+            $splitCiphertext[count($splitCiphertext) - 1],
+            $key->getModulusLength(),
+            chr(0),
+            STR_PAD_LEFT
+        );
         $plaintext = '';
-        foreach ($ciphertext as $c) {
+        foreach ($splitCiphertext as $c) {
             $temp = self::getRSAESOAEP($key, $c, $hash);
             $plaintext .= $temp;
         }
@@ -206,7 +186,7 @@ private static function getMGF1(string $mgfSeed, int $maskLen, Hash $mgfHash): s
         $count = ceil($maskLen / $mgfHash->getLength());
         for ($i = 0; $i < $count; ++$i) {
             $c = pack('N', $i);
-            $t .= $mgfHash->hash($mgfSeed.$c);
+            $t .= $mgfHash->hash($mgfSeed . $c);
         }
 
         return mb_substr($t, 0, $maskLen, '8bit');
@@ -220,13 +200,13 @@ private static function encryptRSAESOAEP(RSAKey $key, string $m, Hash $hash): st
         $mLen = mb_strlen($m, '8bit');
         $lHash = $hash->hash('');
         $ps = str_repeat(chr(0), $key->getModulusLength() - $mLen - 2 * $hash->getLength() - 2);
-        $db = $lHash.$ps.chr(1).$m;
+        $db = $lHash . $ps . chr(1) . $m;
         $seed = random_bytes($hash->getLength());
         $dbMask = self::getMGF1($seed, $key->getModulusLength() - $hash->getLength() - 1, $hash/*MGF*/);
         $maskedDB = $db ^ $dbMask;
         $seedMask = self::getMGF1($maskedDB, $hash->getLength(), $hash/*MGF*/);
         $maskedSeed = $seed ^ $seedMask;
-        $em = chr(0).$maskedSeed.$maskedDB;
+        $em = chr(0) . $maskedSeed . $maskedDB;
 
         $m = self::convertOctetStringToInteger($em);
         $c = self::getRSAEP($key, $m);
@@ -251,11 +231,11 @@ private static function getRSAESOAEP(RSAKey $key, string $c, Hash $hash): string
         $db = $maskedDB ^ $dbMask;
         $lHash2 = mb_substr($db, 0, $hash->getLength(), '8bit');
         $m = mb_substr($db, $hash->getLength(), null, '8bit');
-        if (!hash_equals($lHash, $lHash2)) {
+        if (! hash_equals($lHash, $lHash2)) {
             throw new RuntimeException();
         }
         $m = ltrim($m, chr(0));
-        if (1 !== ord($m[0])) {
+        if (ord($m[0]) !== 1) {
             throw new RuntimeException();
         }
 

composer.json

@@ -20,7 +20,7 @@
         }
     },
     "require": {
-        "brick/math": "^0.8.17|^0.9",
+        "brick/math": "^0.9",
         "ext-openssl": "*",
         "symfony/polyfill-mbstring": "^1.12",
         "web-token/jwt-encryption": "^2.1"