Sync with defuse/php-encryption changes

autoload.php

@@ -35,3 +35,5 @@
         require $file;
     }
 });
+
+require_once __DIR__ . '/vendor/autoload.php';

composer.json

@@ -29,8 +29,8 @@
     },
     "require": {
         "defuse/php-encryption": "^2.0",
-        "paragonie/random_compat": "^1.2",
-        "paragonie/constant_time_encoding": "^0.3"
+        "paragonie/random_compat": "^1|^2",
+        "paragonie/constant_time_encoding": "^1|^2"
     },
     "require-dev": {
         "defuse/php-encryption": "^2.0"

src/PasswordLock.php

@@ -4,6 +4,7 @@
 use \Defuse\Crypto\Crypto;
 use \Defuse\Crypto\Key;
 use \ParagonIE\ConstantTime\Base64;
+use \ParagonIE\ConstantTime\Binary;
 
 class PasswordLock
 {
@@ -14,6 +15,7 @@ class PasswordLock
      * @param string $password
      * @param Key $aesKey
      * @return string
+     * @throws \Exception
      */
     public static function hashAndEncrypt($password, Key $aesKey)
     {
@@ -40,7 +42,9 @@ public static function hashAndEncrypt($password, Key $aesKey)
      * @param string $password
      * @param string $ciphertext
      * @param string $aesKey - must be exactly 16 bytes
-     * @return boolean
+     * @return bool
+     * @throws \Exception
+     * @throws \InvalidArgumentException
      */
     public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey)
     {
@@ -49,7 +53,7 @@ public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey)
                 'Password must be a string.'
             );
         }
-        if (self::safeStrlen($aesKey) !== 16) {
+        if (Binary::safeStrlen($aesKey) !== 16) {
             throw new \Exception("Encryption keys must be 16 bytes long");
         }
         $hash = Crypto::legacyDecrypt(
@@ -71,7 +75,9 @@ public static function decryptAndVerifyLegacy($password, $ciphertext, $aesKey)
      * @param string $password
      * @param string $ciphertext
      * @param Key $aesKey
-     * @return boolean
+     * @return bool
+     * @throws \Exception
+     * @throws \InvalidArgumentException
      */
     public static function decryptAndVerify($password, $ciphertext, Key $aesKey)
     {
@@ -85,9 +91,6 @@ public static function decryptAndVerify($password, $ciphertext, Key $aesKey)
                 'Ciphertext must be a string.'
             );
         }
-        if (self::safeStrlen($aesKey) !== 32) {
-            throw new \Exception("Encryption keys must be 32 bytes long");
-        }
         $hash = Crypto::decrypt(
             $ciphertext,
             $aesKey
@@ -119,9 +122,10 @@ public static function rotateKey($ciphertext, Key $oldKey, Key $newKey)
      * 
      * @param string $password
      * @param string $ciphertext
-     * @param sring $oldKey
+     * @param string $oldKey
      * @param Key $newKey
      * @return string
+     * @throws \Exception
      */
     public static function upgradeFromVersion1(
         $password,
@@ -135,24 +139,6 @@ public static function upgradeFromVersion1(
             );
         }
         $plaintext = Crypto::legacyDecrypt($ciphertext, $oldKey);
-        return self::hashAndEncrypt($password, $newKey);
-    }
-
-    /**
-     * Don't count characters, count the number of bytes
-     *
-     * @param string
-     * @return int
-     */
-    protected static function safeStrlen($str)
-    {
-        static $exists = null;
-        if ($exists === null) {
-            $exists = \function_exists('\\mb_strlen');
-        }
-        if ($exists) {
-            return \mb_strlen($str, '8bit');
-        }
-        return \strlen($str);
+        return self::hashAndEncrypt($plaintext, $newKey);
     }
 }

tests/PasswordLockTest.php

@@ -8,9 +8,8 @@ class PasswordLockTest extends PHPUnit_Framework_TestCase
 {
     public function testHash()
     {
-        $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(
-            \hex2bin('0102030405060708090a0b0c0d0e0f10')
-        );
+        $key = \Defuse\Crypto\Key::createNewRandomKey();
+
         $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key);
 
         $this->assertTrue(
@@ -23,13 +22,11 @@ public function testHash()
     }
 
     /**
-     * @expectedException \Defuse\Crypto\Exception\InvalidCiphertext
+     * @expectedException \Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException
      */
     public function testBitflip()
     {
-        $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(
-            \hex2bin('0102030405060708090a0b0c0d0e0f10')
-        );
+        $key = \Defuse\Crypto\Key::createNewRandomKey();
         $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key);
         $password[0] = (\ord($password[0]) === 0 ? 255 : 0);