Sub-packages for algorithms

Spomky · Spomky · commit 963ae965ad61 · 2018-05-29T13:24:50.000+02:00
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,4 @@
+# Contributing
+
+This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY. 
+Please do not submit any Pull Requests here. It will be automatically closed.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,3 @@
+Please do not submit any Pull Requests here. It will be automatically closed.
+
+You should submit it here: https://github.com/web-token/jwt-framework/pulls
diff --git a/A128GCM.php b/A128GCM.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Algorithm\ContentEncryption;
+
+final class A128GCM extends AESGCM
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getCEKSize(): int
+    {
+        return 128;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getMode(): string
+    {
+        return 'aes-128-gcm';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function name(): string
+    {
+        return 'A128GCM';
+    }
+}
diff --git a/A192GCM.php b/A192GCM.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Algorithm\ContentEncryption;
+
+final class A192GCM extends AESGCM
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getCEKSize(): int
+    {
+        return 192;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getMode(): string
+    {
+        return 'aes-192-gcm';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function name(): string
+    {
+        return 'A192GCM';
+    }
+}
diff --git a/A256GCM.php b/A256GCM.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Algorithm\ContentEncryption;
+
+final class A256GCM extends AESGCM
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getCEKSize(): int
+    {
+        return 256;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getMode(): string
+    {
+        return 'aes-256-gcm';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function name(): string
+    {
+        return 'A256GCM';
+    }
+}
diff --git a/AESGCM.php b/AESGCM.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Algorithm\ContentEncryption;
+
+use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
+
+abstract class AESGCM implements ContentEncryptionAlgorithm
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function allowedKeyTypes(): array
+    {
+        return []; //Irrelevant
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function encryptContent(string $data, string $cek, string $iv, ?string $aad, string $encoded_protected_header, ?string &$tag = null): string
+    {
+        $calculated_aad = $encoded_protected_header;
+        if (null !== $aad) {
+            $calculated_aad .= '.'.$aad;
+        }
+
+        $C = openssl_encrypt($data, $this->getMode(), $cek, OPENSSL_RAW_DATA, $iv, $tag, $calculated_aad);
+        if (false === $C) {
+            throw new \InvalidArgumentException('Unable to encrypt the data.');
+        }
+
+        return $C;
+    }
+
+    /**
+     *  {@inheritdoc}
+     */
+    public function decryptContent(string $data, string $cek, string $iv, ?string $aad, string $encoded_protected_header, string $tag): string
+    {
+        $calculated_aad = $encoded_protected_header;
+        if (null !== $aad) {
+            $calculated_aad .= '.'.$aad;
+        }
+
+        $P = openssl_decrypt($data, $this->getMode(), $cek, OPENSSL_RAW_DATA, $iv, $tag, $calculated_aad);
+        if (false === $P) {
+            throw new \InvalidArgumentException('Unable to decrypt or to verify the tag.');
+        }
+
+        return $P;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getIVSize(): int
+    {
+        return 96;
+    }
+
+    /**
+     * @return string
+     */
+    abstract protected function getMode(): string;
+}
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014-2018 Spomky-Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,15 @@
+AES GCM Based Content Encryption Algorithms For JWT-Framework
+=============================================================
+
+This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY.
+
+**Please do not submit any Pull Request here.**
+You should go to [the main repository](https://github.com/web-token/jwt-framework) instead.
+
+# Documentation
+
+The official documentation is available as https://web-token.spomky-labs.com/ 
+
+# Licence
+
+This software is release under [MIT licence](LICENSE).
diff --git a/Tests/AESGCMContentEncryptionTest.php b/Tests/AESGCMContentEncryptionTest.php
@@ -0,0 +1,109 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Algorithm\ContentEncryption\Tests;
+
+use Base64Url\Base64Url;
+use Jose\Component\Encryption\Algorithm\ContentEncryption\A128GCM;
+use Jose\Component\Encryption\Algorithm\ContentEncryption\A192GCM;
+use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * @group Unit
+ */
+class AESGCMContentEncryptionTest extends TestCase
+{
+    public function testA128GCMEncryptAndDecrypt()
+    {
+        $header = Base64Url::encode(json_encode(['alg' => 'ECDH-ES', 'enc' => 'A128GCM']));
+        $tag = null;
+
+        $algorithm = new A128GCM();
+
+        $cek = random_bytes(128 / 8);
+        $iv = random_bytes(96 / 8);
+        $plaintext = 'Live long and Prosper.';
+
+        $cyphertext = $algorithm->encryptContent($plaintext, $cek, $iv, null, $header, $tag);
+
+        self::assertNotNull($tag);
+        self::assertEquals($plaintext, $algorithm->decryptContent($cyphertext, $cek, $iv, null, $header, $tag));
+    }
+
+    public function testA192GCMEncryptAndDecrypt()
+    {
+        $header = Base64Url::encode(json_encode(['alg' => 'ECDH-ES', 'enc' => 'A192GCM']));
+        $tag = null;
+
+        $algorithm = new A192GCM();
+
+        $cek = random_bytes(192 / 8);
+        $iv = random_bytes(96 / 8);
+        $plaintext = 'Live long and Prosper.';
+
+        $cyphertext = $algorithm->encryptContent($plaintext, $cek, $iv, null, $header, $tag);
+
+        self::assertNotNull($tag);
+        self::assertEquals($plaintext, $algorithm->decryptContent($cyphertext, $cek, $iv, null, $header, $tag));
+    }
+
+    public function testA256GCMEncryptAndDecrypt()
+    {
+        $header = Base64Url::encode(json_encode(['alg' => 'ECDH-ES', 'enc' => 'A256GCM']));
+        $tag = null;
+
+        $algorithm = new A256GCM();
+
+        $cek = random_bytes(256 / 8);
+        $iv = random_bytes(96 / 8);
+        $plaintext = 'Live long and Prosper.';
+
+        $cyphertext = $algorithm->encryptContent($plaintext, $cek, $iv, null, $header, $tag);
+
+        self::assertNotNull($tag);
+        self::assertEquals($plaintext, $algorithm->decryptContent($cyphertext, $cek, $iv, null, $header, $tag));
+    }
+
+    /**
+     * @see https://tools.ietf.org/html/rfc7516#appendix-A.1
+     */
+    public function testA256GCMDecryptTestVector()
+    {
+        $algorithm = new A256GCM();
+
+        $header = Base64Url::encode(json_encode(['alg' => 'RSA-OAEP', 'enc' => 'A256GCM']));
+        $cek = $this->convertArrayToBinString([177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 234, 64, 252]);
+        $iv = $this->convertArrayToBinString([227, 197, 117, 252, 2, 219, 233, 68, 180, 225, 77, 219]);
+        $tag = $this->convertArrayToBinString([92, 80, 104, 49, 133, 25, 161, 215, 173, 101, 219, 211, 136, 91, 210, 145]);
+        $cyphertext = $this->convertArrayToBinString([229, 236, 166, 241, 53, 191, 115, 196, 174, 43, 73, 109, 39, 122, 233, 96, 140, 206, 120, 52, 51, 237, 48, 11, 190, 219, 186, 80, 111, 104, 50, 142, 47, 167, 59, 61, 181, 127, 196, 21, 40, 82, 242, 32, 123, 143, 168, 226, 73, 216, 176, 144, 138, 247, 106, 60, 16, 205, 160, 109, 64, 63, 192]);
+        $expected_plaintext = 'The true sign of intelligence is not knowledge but imagination.';
+
+        self::assertEquals('eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ', $header);
+        self::assertEquals($expected_plaintext, $algorithm->decryptContent($cyphertext, $cek, $iv, null, $header, $tag));
+    }
+
+    /**
+     * @param array $data
+     *
+     * @return string
+     */
+    private function convertArrayToBinString(array $data): string
+    {
+        foreach ($data as $key => $value) {
+            $data[$key] = str_pad(dechex($value), 2, '0', STR_PAD_LEFT);
+        }
+
+        return hex2bin(implode('', $data));
+    }
+}
diff --git a/composer.json b/composer.json
@@ -0,0 +1,36 @@
+{
+    "name": "web-token/jwt-encryption-algorithm-aesgcm",
+    "description": "AES GCM Based Content Encryption Algorithms the JWT Framework.",
+    "type": "library",
+    "license": "MIT",
+    "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
+    "homepage": "https://github.com/web-token",
+    "authors": [
+        {
+            "name": "Florent Morselli",
+            "homepage": "https://github.com/Spomky"
+        },{
+            "name": "All contributors",
+            "homepage": "https://github.com/web-token/jwt-core/contributors"
+        }
+    ],
+    "autoload": {
+        "psr-4": {
+            "Jose\\Component\\Encryption\\Algorithm\\ContentEncryption\\":  ""
+        }
+    },
+    "require": {
+        "web-token/jwt-encryption": "^1.2"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^6.0|^7.0"
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.2.x-dev"
+        }
+    },
+    "config": {
+        "sort-packages": true
+    }
+}
diff --git a/phpunit.xml.dist b/phpunit.xml.dist

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Please do not submit any Pull Requests here. It will be automatically closed.`
	`2`	`+`
	`3`	`+You should submit it here: https://github.com/web-token/jwt-framework/pulls`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,29 @@ @@
 +<?xml version="1.0" encoding="UTF-8"?>
 +<phpunit
 +        backupGlobals="false"
 +        backupStaticAttributes="false"
 +        convertErrorsToExceptions="true"
 +        convertNoticesToExceptions="true"
 +        convertWarningsToExceptions="true"
 +        processIsolation="false"
 +        stopOnFailure="false"
 +        syntaxCheck="true"
 +        bootstrap="vendor/autoload.php"
 +        colors="true">
 +    <testsuites>
 +        <testsuite name="Test Suite">
 +            <directory>./Tests/</directory>
 +        </testsuite>
 +    </testsuites>
++
 +    <filter>
 +        <whitelist>
 +            <directory suffix=".php">./</directory>
 +            <exclude>
 +                <directory>./vendor</directory>
 +                <directory>./Tests</directory>
 +                <directory suffix="Test.php">./src</directory>
 +            </exclude>
 +        </whitelist>
 +    </filter>
 +</phpunit>