diff --git a/lib/php72compat.php b/lib/php72compat.php index 07b138af..efdcd103 100644 --- a/lib/php72compat.php +++ b/lib/php72compat.php @@ -1,4 +1,5 @@ getMessage() === 'AES-256-GCM is not available')) { - throw $ex; - } - return false; - } + function sodium_crypto_aead_aes256gcm_decrypt( + string $ciphertext, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string|bool { + return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt( + $ciphertext, + $additional_data, + $nonce, + $key + ); } } if (!is_callable('sodium_crypto_aead_aes256gcm_encrypt')) { @@ -215,8 +230,14 @@ function sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $additional_data, $no * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_aes256gcm_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_aes256gcm_encrypt( + #[\SensitiveParameter] + string $message, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_encrypt($message, $additional_data, $nonce, $key); } } @@ -225,7 +246,7 @@ function sodium_crypto_aead_aes256gcm_encrypt($message, $additional_data, $nonce * @see ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_is_available() * @return bool */ - function sodium_crypto_aead_aes256gcm_is_available() + function sodium_crypto_aead_aes256gcm_is_available(): bool { return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_is_available(); } @@ -239,8 +260,13 @@ function sodium_crypto_aead_aes256gcm_is_available() * @param string $key * @return string|bool */ - function sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_decrypt( + string $ciphertext, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string|bool { try { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_decrypt( $ciphertext, @@ -248,9 +274,7 @@ function sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $additional_da $nonce, $key ); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { + } catch (Throwable) { return false; } } @@ -266,8 +290,14 @@ function sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $additional_da * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_chacha20poly1305_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_encrypt( + #[\SensitiveParameter] + string $message, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_encrypt( $message, $additional_data, @@ -282,7 +312,7 @@ function sodium_crypto_aead_chacha20poly1305_encrypt($message, $additional_data, * @return string * @throws Exception */ - function sodium_crypto_aead_chacha20poly1305_keygen() + function sodium_crypto_aead_chacha20poly1305_keygen(): string { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_keygen(); } @@ -295,21 +325,22 @@ function sodium_crypto_aead_chacha20poly1305_keygen() * @param string $nonce * @param string $key * @return string|bool + * + * @throws SodiumException */ - function sodium_crypto_aead_chacha20poly1305_ietf_decrypt($message, $additional_data, $nonce, $key) - { - try { - return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_decrypt( - $message, - $additional_data, - $nonce, - $key - ); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { - return false; - } + function sodium_crypto_aead_chacha20poly1305_ietf_decrypt( + string $message, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string|bool { + return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_decrypt( + $message, + $additional_data, + $nonce, + $key + ); } } if (!is_callable('sodium_crypto_aead_chacha20poly1305_ietf_encrypt')) { @@ -323,8 +354,14 @@ function sodium_crypto_aead_chacha20poly1305_ietf_decrypt($message, $additional_ * @throws SodiumException * @throws TypeError */ - function sodium_crypto_aead_chacha20poly1305_ietf_encrypt($message, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_chacha20poly1305_ietf_encrypt( + #[\SensitiveParameter] + string $message, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_encrypt( $message, $additional_data, @@ -339,7 +376,7 @@ function sodium_crypto_aead_chacha20poly1305_ietf_encrypt($message, $additional_ * @return string * @throws Exception */ - function sodium_crypto_aead_chacha20poly1305_ietf_keygen() + function sodium_crypto_aead_chacha20poly1305_ietf_keygen(): string { return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_keygen(); } @@ -352,9 +389,14 @@ function sodium_crypto_aead_chacha20poly1305_ietf_keygen() * @param string $nonce * @param string $key * @return string|bool + * @throws SodiumException */ - function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, $additional_data, $nonce, $key) - { + function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt( + string $ciphertext, + string $additional_data, + string $nonce, + string $key + ): string|bool { try { return ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_decrypt( $ciphertext, @@ -363,9 +405,7 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, $additio $key, true ); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { + } catch (Throwable) { return false; } } @@ -382,10 +422,12 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, $additio * @throws TypeError */ function sodium_crypto_aead_xchacha20poly1305_ietf_encrypt( - $message, - $additional_data, - $nonce, - $key + #[\SensitiveParameter] + string $message, + string $additional_data, + string $nonce, + #[\SensitiveParameter] + string $key ) { return ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_encrypt( $message, @@ -402,7 +444,7 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_encrypt( * @return string * @throws Exception */ - function sodium_crypto_aead_xchacha20poly1305_ietf_keygen() + function sodium_crypto_aead_xchacha20poly1305_ietf_keygen(): string { return ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_keygen(); } @@ -416,8 +458,11 @@ function sodium_crypto_aead_xchacha20poly1305_ietf_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_auth($message, $key) - { + function sodium_crypto_auth( + string $message, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_auth($message, $key); } } @@ -427,7 +472,7 @@ function sodium_crypto_auth($message, $key) * @return string * @throws Exception */ - function sodium_crypto_auth_keygen() + function sodium_crypto_auth_keygen(): string { return ParagonIE_Sodium_Compat::crypto_auth_keygen(); } @@ -442,8 +487,12 @@ function sodium_crypto_auth_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_auth_verify($mac, $message, $key) - { + function sodium_crypto_auth_verify( + string $mac, + string $message, + #[\SensitiveParameter] + string $key + ): bool { return ParagonIE_Sodium_Compat::crypto_auth_verify($mac, $message, $key); } } @@ -457,8 +506,13 @@ function sodium_crypto_auth_verify($mac, $message, $key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box($message, $nonce, $key_pair) - { + function sodium_crypto_box( + #[\SensitiveParameter] + string $message, + string $nonce, + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_box($message, $nonce, $key_pair); } } @@ -469,7 +523,7 @@ function sodium_crypto_box($message, $nonce, $key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_keypair() + function sodium_crypto_box_keypair(): string { return ParagonIE_Sodium_Compat::crypto_box_keypair(); } @@ -483,8 +537,11 @@ function sodium_crypto_box_keypair() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_keypair_from_secretkey_and_publickey($secret_key, $public_key) - { + function sodium_crypto_box_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + string $secret_key, + string $public_key + ): string { return ParagonIE_Sodium_Compat::crypto_box_keypair_from_secretkey_and_publickey($secret_key, $public_key); } } @@ -495,14 +552,18 @@ function sodium_crypto_box_keypair_from_secretkey_and_publickey($secret_key, $pu * @param string $nonce * @param string $key_pair * @return string|bool + * + * @throws SodiumException */ - function sodium_crypto_box_open($ciphertext, $nonce, $key_pair) - { + function sodium_crypto_box_open( + string $ciphertext, + string $nonce, + #[\SensitiveParameter] + string $key_pair + ): string|bool { try { return ParagonIE_Sodium_Compat::crypto_box_open($ciphertext, $nonce, $key_pair); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { + } catch (Throwable) { return false; } } @@ -515,8 +576,10 @@ function sodium_crypto_box_open($ciphertext, $nonce, $key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_publickey($key_pair) - { + function sodium_crypto_box_publickey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_box_publickey($key_pair); } } @@ -528,8 +591,10 @@ function sodium_crypto_box_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_publickey_from_secretkey($secret_key) - { + function sodium_crypto_box_publickey_from_secretkey( + #[\SensitiveParameter] + string $secret_key + ): string { return ParagonIE_Sodium_Compat::crypto_box_publickey_from_secretkey($secret_key); } } @@ -542,8 +607,11 @@ function sodium_crypto_box_publickey_from_secretkey($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_seal($message, $public_key) - { + function sodium_crypto_box_seal( + #[\SensitiveParameter] + string $message, + string $public_key + ): string { return ParagonIE_Sodium_Compat::crypto_box_seal($message, $public_key); } } @@ -555,14 +623,14 @@ function sodium_crypto_box_seal($message, $public_key) * @return string|bool * @throws SodiumException */ - function sodium_crypto_box_seal_open($message, $key_pair) - { + function sodium_crypto_box_seal_open( + string $message, + #[\SensitiveParameter] + string $key_pair + ): string|bool { try { return ParagonIE_Sodium_Compat::crypto_box_seal_open($message, $key_pair); - } catch (SodiumException $ex) { - if ($ex->getMessage() === 'Argument 2 must be CRYPTO_BOX_KEYPAIRBYTES long.') { - throw $ex; - } + } catch (Throwable) { return false; } } @@ -575,8 +643,10 @@ function sodium_crypto_box_seal_open($message, $key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_secretkey($key_pair) - { + function sodium_crypto_box_secretkey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_box_secretkey($key_pair); } } @@ -588,8 +658,10 @@ function sodium_crypto_box_secretkey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_box_seed_keypair($seed) - { + function sodium_crypto_box_seed_keypair( + #[\SensitiveParameter] + string $seed + ): string { return ParagonIE_Sodium_Compat::crypto_box_seed_keypair($seed); } } @@ -603,22 +675,28 @@ function sodium_crypto_box_seed_keypair($seed) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash($message, $key = null, $length = 32) - { + function sodium_crypto_generichash( + string $message, + #[\SensitiveParameter] + ?string $key = null, + int $length = 32 + ): string { return ParagonIE_Sodium_Compat::crypto_generichash($message, $key, $length); } } if (!is_callable('sodium_crypto_generichash_final')) { /** * @see ParagonIE_Sodium_Compat::crypto_generichash_final() - * @param string|null $state + * @param string $state * @param int $outputLength * @return string * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash_final(&$state, $outputLength = 32) - { + function sodium_crypto_generichash_final( + string &$state, + int $outputLength = 32 + ): string { return ParagonIE_Sodium_Compat::crypto_generichash_final($state, $outputLength); } } @@ -631,8 +709,11 @@ function sodium_crypto_generichash_final(&$state, $outputLength = 32) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash_init($key = null, $length = 32) - { + function sodium_crypto_generichash_init( + #[\SensitiveParameter] + ?string $key = null, + int $length = 32 + ): string { return ParagonIE_Sodium_Compat::crypto_generichash_init($key, $length); } } @@ -642,7 +723,7 @@ function sodium_crypto_generichash_init($key = null, $length = 32) * @return string * @throws Exception */ - function sodium_crypto_generichash_keygen() + function sodium_crypto_generichash_keygen(): string { return ParagonIE_Sodium_Compat::crypto_generichash_keygen(); } @@ -650,13 +731,13 @@ function sodium_crypto_generichash_keygen() if (!is_callable('sodium_crypto_generichash_update')) { /** * @see ParagonIE_Sodium_Compat::crypto_generichash_update() - * @param string|null $state + * @param string $state * @param string $message * @return void * @throws SodiumException * @throws TypeError */ - function sodium_crypto_generichash_update(&$state, $message = '') + function sodium_crypto_generichash_update(string &$state, string $message = ''): void { ParagonIE_Sodium_Compat::crypto_generichash_update($state, $message); } @@ -667,7 +748,7 @@ function sodium_crypto_generichash_update(&$state, $message = '') * @return string * @throws Exception */ - function sodium_crypto_kdf_keygen() + function sodium_crypto_kdf_keygen(): string { return ParagonIE_Sodium_Compat::crypto_kdf_keygen(); } @@ -682,8 +763,13 @@ function sodium_crypto_kdf_keygen() * @return string * @throws Exception */ - function sodium_crypto_kdf_derive_from_key($subkey_length, $subkey_id, $context, $key) - { + function sodium_crypto_kdf_derive_from_key( + int $subkey_length, + int $subkey_id, + string $context, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_kdf_derive_from_key( $subkey_length, $subkey_id, @@ -703,8 +789,13 @@ function sodium_crypto_kdf_derive_from_key($subkey_length, $subkey_id, $context, * @throws SodiumException * @throws TypeError */ - function sodium_crypto_kx($my_secret, $their_public, $client_public, $server_public) - { + function sodium_crypto_kx( + #[\SensitiveParameter] + string $my_secret, + string $their_public, + string $client_public, + string $server_public + ): string { return ParagonIE_Sodium_Compat::crypto_kx( $my_secret, $their_public, @@ -719,8 +810,10 @@ function sodium_crypto_kx($my_secret, $their_public, $client_public, $server_pub * @return string * @throws Exception */ - function sodium_crypto_kx_seed_keypair($seed) - { + function sodium_crypto_kx_seed_keypair( + #[\SensitiveParameter] + string $seed + ): string { return ParagonIE_Sodium_Compat::crypto_kx_seed_keypair($seed); } } @@ -729,7 +822,7 @@ function sodium_crypto_kx_seed_keypair($seed) * @return string * @throws Exception */ - function sodium_crypto_kx_keypair() + function sodium_crypto_kx_keypair(): string { return ParagonIE_Sodium_Compat::crypto_kx_keypair(); } @@ -741,8 +834,11 @@ function sodium_crypto_kx_keypair() * @return array{0: string, 1: string} * @throws SodiumException */ - function sodium_crypto_kx_client_session_keys($client_key_pair, $server_key) - { + function sodium_crypto_kx_client_session_keys( + #[\SensitiveParameter] + string $client_key_pair, + string $server_key + ): array { return ParagonIE_Sodium_Compat::crypto_kx_client_session_keys($client_key_pair, $server_key); } } @@ -753,8 +849,11 @@ function sodium_crypto_kx_client_session_keys($client_key_pair, $server_key) * @return array{0: string, 1: string} * @throws SodiumException */ - function sodium_crypto_kx_server_session_keys($server_key_pair, $client_key) - { + function sodium_crypto_kx_server_session_keys( + #[\SensitiveParameter] + string $server_key_pair, + string $client_key + ): array { return ParagonIE_Sodium_Compat::crypto_kx_server_session_keys($server_key_pair, $client_key); } } @@ -764,8 +863,10 @@ function sodium_crypto_kx_server_session_keys($server_key_pair, $client_key) * @return string * @throws Exception */ - function sodium_crypto_kx_secretkey($key_pair) - { + function sodium_crypto_kx_secretkey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_kx_secretkey($key_pair); } } @@ -775,8 +876,10 @@ function sodium_crypto_kx_secretkey($key_pair) * @return string * @throws Exception */ - function sodium_crypto_kx_publickey($key_pair) - { + function sodium_crypto_kx_publickey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_kx_publickey($key_pair); } } @@ -793,8 +896,15 @@ function sodium_crypto_kx_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $algo = null) - { + function sodium_crypto_pwhash( + int $length, + #[\SensitiveParameter] + string $passwd, + string $salt, + int $opslimit, + int $memlimit, + ?int $algo = null + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $algo); } } @@ -808,8 +918,12 @@ function sodium_crypto_pwhash($length, $passwd, $salt, $opslimit, $memlimit, $al * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_str($passwd, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_str( + #[\SensitiveParameter] + string $passwd, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_str($passwd, $opslimit, $memlimit); } } @@ -823,8 +937,12 @@ function sodium_crypto_pwhash_str($passwd, $opslimit, $memlimit) * * @throws SodiumException */ - function sodium_crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_str_needs_rehash( + #[\SensitiveParameter] + string $hash, + int $opslimit, + int $memlimit + ): bool { return ParagonIE_Sodium_Compat::crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit); } } @@ -837,8 +955,12 @@ function sodium_crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_str_verify($passwd, $hash) - { + function sodium_crypto_pwhash_str_verify( + #[\SensitiveParameter] + string $passwd, + #[\SensitiveParameter] + string $hash + ): bool { return ParagonIE_Sodium_Compat::crypto_pwhash_str_verify($passwd, $hash); } } @@ -854,8 +976,14 @@ function sodium_crypto_pwhash_str_verify($passwd, $hash) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256($length, $passwd, $salt, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_scryptsalsa208sha256( + int $length, + #[\SensitiveParameter] + string $passwd, + string $salt, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256( $length, $passwd, @@ -875,8 +1003,12 @@ function sodium_crypto_pwhash_scryptsalsa208sha256($length, $passwd, $salt, $ops * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) - { + function sodium_crypto_pwhash_scryptsalsa208sha256_str( + #[\SensitiveParameter] + string $passwd, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit); } } @@ -889,8 +1021,12 @@ function sodium_crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $meml * @throws SodiumException * @throws TypeError */ - function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) - { + function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify( + #[\SensitiveParameter] + string $passwd, + #[\SensitiveParameter] + string $hash + ): bool { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash); } } @@ -903,8 +1039,11 @@ function sodium_crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult($n, $p) - { + function sodium_crypto_scalarmult( + #[\SensitiveParameter] + string $n, + string $p + ): string { return ParagonIE_Sodium_Compat::crypto_scalarmult($n, $p); } } @@ -916,8 +1055,10 @@ function sodium_crypto_scalarmult($n, $p) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_scalarmult_base($n) - { + function sodium_crypto_scalarmult_base( + #[\SensitiveParameter] + string $n + ): string { return ParagonIE_Sodium_Compat::crypto_scalarmult_base($n); } } @@ -931,8 +1072,13 @@ function sodium_crypto_scalarmult_base($n) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_secretbox($message, $nonce, $key) - { + function sodium_crypto_secretbox( + #[\SensitiveParameter] + string $message, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_secretbox($message, $nonce, $key); } } @@ -942,7 +1088,7 @@ function sodium_crypto_secretbox($message, $nonce, $key) * @return string * @throws Exception */ - function sodium_crypto_secretbox_keygen() + function sodium_crypto_secretbox_keygen(): string { return ParagonIE_Sodium_Compat::crypto_secretbox_keygen(); } @@ -955,13 +1101,15 @@ function sodium_crypto_secretbox_keygen() * @param string $key * @return string|bool */ - function sodium_crypto_secretbox_open($ciphertext, $nonce, $key) - { + function sodium_crypto_secretbox_open( + string $ciphertext, + string $nonce, + #[\SensitiveParameter] + string $key + ): string|bool { try { return ParagonIE_Sodium_Compat::crypto_secretbox_open($ciphertext, $nonce, $key); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { + } catch (Throwable) { return false; } } @@ -972,8 +1120,10 @@ function sodium_crypto_secretbox_open($ciphertext, $nonce, $key) * @return array * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_init_push($key) - { + function sodium_crypto_secretstream_xchacha20poly1305_init_push( + #[\SensitiveParameter] + string $key + ): array { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_push($key); } } @@ -987,11 +1137,12 @@ function sodium_crypto_secretstream_xchacha20poly1305_init_push($key) * @throws SodiumException */ function sodium_crypto_secretstream_xchacha20poly1305_push( - &$state, - $message, - $additional_data = '', - $tag = 0 - ) { + string &$state, + #[\SensitiveParameter] + string $message, + string $additional_data = '', + int $tag = 0 + ): string { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_push( $state, $message, @@ -1007,8 +1158,11 @@ function sodium_crypto_secretstream_xchacha20poly1305_push( * @return string * @throws Exception */ - function sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key) - { + function sodium_crypto_secretstream_xchacha20poly1305_init_pull( + string $header, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_pull($header, $key); } } @@ -1020,8 +1174,12 @@ function sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key) * @return bool|array{0: string, 1: int} * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_pull(&$state, $ciphertext, $additional_data = '') - { + function sodium_crypto_secretstream_xchacha20poly1305_pull( + #[\SensitiveParameter] + string &$state, + string $ciphertext, + string $additional_data = '' + ): bool|array { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_pull( $state, $ciphertext, @@ -1035,8 +1193,10 @@ function sodium_crypto_secretstream_xchacha20poly1305_pull(&$state, $ciphertext, * @return void * @throws SodiumException */ - function sodium_crypto_secretstream_xchacha20poly1305_rekey(&$state) - { + function sodium_crypto_secretstream_xchacha20poly1305_rekey( + #[\SensitiveParameter] + string &$state + ): void { ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_rekey($state); } } @@ -1045,7 +1205,7 @@ function sodium_crypto_secretstream_xchacha20poly1305_rekey(&$state) * @return string * @throws Exception */ - function sodium_crypto_secretstream_xchacha20poly1305_keygen() + function sodium_crypto_secretstream_xchacha20poly1305_keygen(): string { return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_keygen(); } @@ -1059,8 +1219,11 @@ function sodium_crypto_secretstream_xchacha20poly1305_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_shorthash($message, $key = '') - { + function sodium_crypto_shorthash( + string $message, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_shorthash($message, $key); } } @@ -1070,7 +1233,7 @@ function sodium_crypto_shorthash($message, $key = '') * @return string * @throws Exception */ - function sodium_crypto_shorthash_keygen() + function sodium_crypto_shorthash_keygen(): string { return ParagonIE_Sodium_Compat::crypto_shorthash_keygen(); } @@ -1084,8 +1247,11 @@ function sodium_crypto_shorthash_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign($message, $secret_key) - { + function sodium_crypto_sign( + string $message, + #[\SensitiveParameter] + string $secret_key + ): string { return ParagonIE_Sodium_Compat::crypto_sign($message, $secret_key); } } @@ -1098,8 +1264,11 @@ function sodium_crypto_sign($message, $secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_detached($message, $secret_key) - { + function sodium_crypto_sign_detached( + string $message, + #[\SensitiveParameter] + string $secret_key + ): string { return ParagonIE_Sodium_Compat::crypto_sign_detached($message, $secret_key); } } @@ -1112,8 +1281,11 @@ function sodium_crypto_sign_detached($message, $secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_keypair_from_secretkey_and_publickey($secret_key, $public_key) - { + function sodium_crypto_sign_keypair_from_secretkey_and_publickey( + #[\SensitiveParameter] + string $secret_key, + string $public_key + ): string { return ParagonIE_Sodium_Compat::crypto_sign_keypair_from_secretkey_and_publickey($secret_key, $public_key); } } @@ -1124,7 +1296,7 @@ function sodium_crypto_sign_keypair_from_secretkey_and_publickey($secret_key, $p * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_keypair() + function sodium_crypto_sign_keypair(): string { return ParagonIE_Sodium_Compat::crypto_sign_keypair(); } @@ -1136,13 +1308,11 @@ function sodium_crypto_sign_keypair() * @param string $public_key * @return string|bool */ - function sodium_crypto_sign_open($signedMessage, $public_key) + function sodium_crypto_sign_open(string $signedMessage, string $public_key): string|bool { try { return ParagonIE_Sodium_Compat::crypto_sign_open($signedMessage, $public_key); - } catch (Error $ex) { - return false; - } catch (Exception $ex) { + } catch (Exception|Error $ex) { return false; } } @@ -1155,8 +1325,10 @@ function sodium_crypto_sign_open($signedMessage, $public_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_publickey($key_pair) - { + function sodium_crypto_sign_publickey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_sign_publickey($key_pair); } } @@ -1168,8 +1340,10 @@ function sodium_crypto_sign_publickey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_publickey_from_secretkey($secret_key) - { + function sodium_crypto_sign_publickey_from_secretkey( + #[\SensitiveParameter] + string $secret_key + ): string { return ParagonIE_Sodium_Compat::crypto_sign_publickey_from_secretkey($secret_key); } } @@ -1181,8 +1355,10 @@ function sodium_crypto_sign_publickey_from_secretkey($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_secretkey($key_pair) - { + function sodium_crypto_sign_secretkey( + #[\SensitiveParameter] + string $key_pair + ): string { return ParagonIE_Sodium_Compat::crypto_sign_secretkey($key_pair); } } @@ -1194,8 +1370,10 @@ function sodium_crypto_sign_secretkey($key_pair) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_seed_keypair($seed) - { + function sodium_crypto_sign_seed_keypair( + #[\SensitiveParameter] + string $seed + ): string { return ParagonIE_Sodium_Compat::crypto_sign_seed_keypair($seed); } } @@ -1209,8 +1387,11 @@ function sodium_crypto_sign_seed_keypair($seed) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_verify_detached($signature, $message, $public_key) - { + function sodium_crypto_sign_verify_detached( + string $signature, + string $message, + string $public_key + ): bool { return ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $message, $public_key); } } @@ -1222,7 +1403,7 @@ function sodium_crypto_sign_verify_detached($signature, $message, $public_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_ed25519_pk_to_curve25519($public_key) + function sodium_crypto_sign_ed25519_pk_to_curve25519(string $public_key): string { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_pk_to_curve25519($public_key); } @@ -1235,8 +1416,10 @@ function sodium_crypto_sign_ed25519_pk_to_curve25519($public_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_sign_ed25519_sk_to_curve25519($secret_key) - { + function sodium_crypto_sign_ed25519_sk_to_curve25519( + #[\SensitiveParameter] + string $secret_key + ): string { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_sk_to_curve25519($secret_key); } } @@ -1250,8 +1433,12 @@ function sodium_crypto_sign_ed25519_sk_to_curve25519($secret_key) * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream($length, $nonce, $key) - { + function sodium_crypto_stream( + int $length, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_stream($length, $nonce, $key); } } @@ -1261,7 +1448,7 @@ function sodium_crypto_stream($length, $nonce, $key) * @return string * @throws Exception */ - function sodium_crypto_stream_keygen() + function sodium_crypto_stream_keygen(): string { return ParagonIE_Sodium_Compat::crypto_stream_keygen(); } @@ -1276,8 +1463,13 @@ function sodium_crypto_stream_keygen() * @throws SodiumException * @throws TypeError */ - function sodium_crypto_stream_xor($message, $nonce, $key) - { + function sodium_crypto_stream_xor( + #[\SensitiveParameter] + string $message, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_stream_xor($message, $nonce, $key); } } @@ -1291,8 +1483,11 @@ function sodium_crypto_stream_xor($message, $nonce, $key) * @throws SodiumException * @throws TypeError */ - function sodium_hex2bin($string, $ignore = '') - { + function sodium_hex2bin( + #[\SensitiveParameter] + string $string, + string $ignore = '' + ): string { return ParagonIE_Sodium_Compat::hex2bin($string, $ignore); } } @@ -1304,8 +1499,10 @@ function sodium_hex2bin($string, $ignore = '') * @throws SodiumException * @throws TypeError */ - function sodium_increment(&$string) - { + function sodium_increment( + #[\SensitiveParameter] + string &$string + ): void { ParagonIE_Sodium_Compat::increment($string); } } @@ -1314,7 +1511,7 @@ function sodium_increment(&$string) * @see ParagonIE_Sodium_Compat::library_version_major() * @return int */ - function sodium_library_version_major() + function sodium_library_version_major(): int { return ParagonIE_Sodium_Compat::library_version_major(); } @@ -1324,7 +1521,7 @@ function sodium_library_version_major() * @see ParagonIE_Sodium_Compat::library_version_minor() * @return int */ - function sodium_library_version_minor() + function sodium_library_version_minor(): int { return ParagonIE_Sodium_Compat::library_version_minor(); } @@ -1334,7 +1531,7 @@ function sodium_library_version_minor() * @see ParagonIE_Sodium_Compat::version_string() * @return string */ - function sodium_version_string() + function sodium_version_string(): string { return ParagonIE_Sodium_Compat::version_string(); } @@ -1348,8 +1545,12 @@ function sodium_version_string() * @throws SodiumException * @throws TypeError */ - function sodium_memcmp($string1, $string2) - { + function sodium_memcmp( + #[\SensitiveParameter] + string $string1, + #[\SensitiveParameter] + string $string2 + ): int { return ParagonIE_Sodium_Compat::memcmp($string1, $string2); } } @@ -1363,8 +1564,10 @@ function sodium_memcmp($string1, $string2) * * @psalm-suppress ReferenceConstraintViolation */ - function sodium_memzero(&$string) - { + function sodium_memzero + (#[\SensitiveParameter] + string &$string + ): void { ParagonIE_Sodium_Compat::memzero($string); } } @@ -1377,8 +1580,11 @@ function sodium_memzero(&$string) * @throws SodiumException * @throws TypeError */ - function sodium_pad($unpadded, $block_size) - { + function sodium_pad( + #[\SensitiveParameter] + string $unpadded, + int $block_size + ): string { return ParagonIE_Sodium_Compat::pad($unpadded, $block_size, true); } } @@ -1391,8 +1597,11 @@ function sodium_pad($unpadded, $block_size) * @throws SodiumException * @throws TypeError */ - function sodium_unpad($padded, $block_size) - { + function sodium_unpad( + #[\SensitiveParameter] + string $padded, + int $block_size + ): string { return ParagonIE_Sodium_Compat::unpad($padded, $block_size, true); } } @@ -1403,7 +1612,7 @@ function sodium_unpad($padded, $block_size) * @return string * @throws Exception */ - function sodium_randombytes_buf($amount) + function sodium_randombytes_buf(int $amount): string { return ParagonIE_Sodium_Compat::randombytes_buf($amount); } @@ -1416,7 +1625,7 @@ function sodium_randombytes_buf($amount) * @return int * @throws Exception */ - function sodium_randombytes_uniform($upperLimit) + function sodium_randombytes_uniform(int $upperLimit): int { return ParagonIE_Sodium_Compat::randombytes_uniform($upperLimit); } @@ -1428,7 +1637,7 @@ function sodium_randombytes_uniform($upperLimit) * @return int * @throws Exception */ - function sodium_randombytes_random16() + function sodium_randombytes_random16(): int { return ParagonIE_Sodium_Compat::randombytes_random16(); } diff --git a/lib/sodium_compat.php b/lib/sodium_compat.php index 04f4bc7a..d4f70246 100644 --- a/lib/sodium_compat.php +++ b/lib/sodium_compat.php @@ -335,13 +335,13 @@ function crypto_generichash($message, $key = null, $outLen = 32) if (!is_callable('\\Sodium\\crypto_generichash_final')) { /** * @see ParagonIE_Sodium_Compat::crypto_generichash_final() - * @param string|null $ctx + * @param string $ctx * @param int $outputLength * @return string * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_final(&$ctx, $outputLength = 32) + function crypto_generichash_final(string &$ctx, int $outputLength = 32): string { return ParagonIE_Sodium_Compat::crypto_generichash_final($ctx, $outputLength); } @@ -355,7 +355,7 @@ function crypto_generichash_final(&$ctx, $outputLength = 32) * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_init($key = null, $outLen = 32) + function crypto_generichash_init(?string $key = null, int $outLen = 32): string { return ParagonIE_Sodium_Compat::crypto_generichash_init($key, $outLen); } @@ -363,13 +363,13 @@ function crypto_generichash_init($key = null, $outLen = 32) if (!is_callable('\\Sodium\\crypto_generichash_update')) { /** * @see ParagonIE_Sodium_Compat::crypto_generichash_update() - * @param string|null $ctx + * @param string $ctx * @param string $message * @return void * @throws \SodiumException * @throws \TypeError */ - function crypto_generichash_update(&$ctx, $message = '') + function crypto_generichash_update(string &$ctx, string $message = ''): void { ParagonIE_Sodium_Compat::crypto_generichash_update($ctx, $message); } @@ -385,8 +385,13 @@ function crypto_generichash_update(&$ctx, $message = '') * @throws \SodiumException * @throws \TypeError */ - function crypto_kx($my_secret, $their_public, $client_public, $server_public) - { + function crypto_kx( + #[\SensitiveParameter] + string $my_secret, + string $their_public, + string $client_public, + string $server_public + ): string { return ParagonIE_Sodium_Compat::crypto_kx( $my_secret, $their_public, @@ -408,8 +413,14 @@ function crypto_kx($my_secret, $their_public, $client_public, $server_public) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit) - { + function crypto_pwhash( + int $outlen, + #[\SensitiveParameter] + string $passwd, + string $salt, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit); } } @@ -423,8 +434,12 @@ function crypto_pwhash($outlen, $passwd, $salt, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_str($passwd, $opslimit, $memlimit) - { + function crypto_pwhash_str( + #[\SensitiveParameter] + string $passwd, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_str($passwd, $opslimit, $memlimit); } } @@ -437,8 +452,12 @@ function crypto_pwhash_str($passwd, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_str_verify($passwd, $hash) - { + function crypto_pwhash_str_verify( + #[\SensitiveParameter] + string $passwd, + #[\SensitiveParameter] + string $hash + ): bool { return ParagonIE_Sodium_Compat::crypto_pwhash_str_verify($passwd, $hash); } } @@ -454,8 +473,14 @@ function crypto_pwhash_str_verify($passwd, $hash) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit) - { + function crypto_pwhash_scryptsalsa208sha256( + int $outlen, + #[\SensitiveParameter] + string $passwd, + string $salt, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, $memlimit); } } @@ -469,8 +494,12 @@ function crypto_pwhash_scryptsalsa208sha256($outlen, $passwd, $salt, $opslimit, * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) - { + function crypto_pwhash_scryptsalsa208sha256_str( + #[\SensitiveParameter] + string $passwd, + int $opslimit, + int $memlimit + ): string { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit); } } @@ -483,8 +512,12 @@ function crypto_pwhash_scryptsalsa208sha256_str($passwd, $opslimit, $memlimit) * @throws \SodiumException * @throws \TypeError */ - function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) - { + function crypto_pwhash_scryptsalsa208sha256_str_verify( + #[\SensitiveParameter] + string $passwd, + #[\SensitiveParameter] + string $hash + ): bool { return ParagonIE_Sodium_Compat::crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash); } } @@ -497,7 +530,7 @@ function crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash) * @throws \SodiumException * @throws \TypeError */ - function crypto_scalarmult($n, $p) + function crypto_scalarmult(string $n, string $p): string { return ParagonIE_Sodium_Compat::crypto_scalarmult($n, $p); } @@ -510,8 +543,10 @@ function crypto_scalarmult($n, $p) * @throws \SodiumException * @throws \TypeError */ - function crypto_scalarmult_base($n) - { + function crypto_scalarmult_base( + #[\SensitiveParameter] + string $n + ): string { return ParagonIE_Sodium_Compat::crypto_scalarmult_base($n); } } @@ -525,8 +560,13 @@ function crypto_scalarmult_base($n) * @throws \SodiumException * @throws \TypeError */ - function crypto_secretbox($message, $nonce, $key) - { + function crypto_secretbox( + #[\SensitiveParameter] + string $message, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_secretbox($message, $nonce, $key); } } @@ -537,16 +577,16 @@ function crypto_secretbox($message, $nonce, $key) * @param string $nonce * @param string $key * @return string|bool + * + * @throws \SodiumException */ - function crypto_secretbox_open($message, $nonce, $key) - { - try { - return ParagonIE_Sodium_Compat::crypto_secretbox_open($message, $nonce, $key); - } catch (\TypeError $ex) { - return false; - } catch (\SodiumException $ex) { - return false; - } + function crypto_secretbox_open( + string $message, + string $nonce, + #[\SensitiveParameter] + string $key + ): string|bool { + return ParagonIE_Sodium_Compat::crypto_secretbox_open($message, $nonce, $key); } } if (!is_callable('\\Sodium\\crypto_shorthash')) { @@ -558,8 +598,11 @@ function crypto_secretbox_open($message, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_shorthash($message, $key = '') - { + function crypto_shorthash( + string $message, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_shorthash($message, $key); } } @@ -572,8 +615,11 @@ function crypto_shorthash($message, $key = '') * @throws \SodiumException * @throws \TypeError */ - function crypto_sign($message, $sk) - { + function crypto_sign( + string $message, + #[\SensitiveParameter] + string $sk + ): string { return ParagonIE_Sodium_Compat::crypto_sign($message, $sk); } } @@ -586,8 +632,11 @@ function crypto_sign($message, $sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_detached($message, $sk) - { + function crypto_sign_detached( + string $message, + #[\SensitiveParameter] + string $sk + ): string { return ParagonIE_Sodium_Compat::crypto_sign_detached($message, $sk); } } @@ -598,7 +647,7 @@ function crypto_sign_detached($message, $sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_keypair() + function crypto_sign_keypair(): string { return ParagonIE_Sodium_Compat::crypto_sign_keypair(); } @@ -609,16 +658,11 @@ function crypto_sign_keypair() * @param string $signedMessage * @param string $pk * @return string|bool + * @throws \SodiumException */ - function crypto_sign_open($signedMessage, $pk) + function crypto_sign_open(string $signedMessage, string $pk): string|bool { - try { - return ParagonIE_Sodium_Compat::crypto_sign_open($signedMessage, $pk); - } catch (\TypeError $ex) { - return false; - } catch (\SodiumException $ex) { - return false; - } + return ParagonIE_Sodium_Compat::crypto_sign_open($signedMessage, $pk); } } if (!is_callable('\\Sodium\\crypto_sign_publickey')) { @@ -629,8 +673,10 @@ function crypto_sign_open($signedMessage, $pk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_publickey($keypair) - { + function crypto_sign_publickey( + #[\SensitiveParameter] + string $keypair + ): string { return ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair); } } @@ -642,8 +688,10 @@ function crypto_sign_publickey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_publickey_from_secretkey($sk) - { + function crypto_sign_publickey_from_secretkey( + #[\SensitiveParameter] + string $sk + ): string { return ParagonIE_Sodium_Compat::crypto_sign_publickey_from_secretkey($sk); } } @@ -655,8 +703,10 @@ function crypto_sign_publickey_from_secretkey($sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_secretkey($keypair) - { + function crypto_sign_secretkey( + #[\SensitiveParameter] + string $keypair + ): string { return ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair); } } @@ -668,8 +718,10 @@ function crypto_sign_secretkey($keypair) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_seed_keypair($seed) - { + function crypto_sign_seed_keypair( + #[\SensitiveParameter] + string $seed + ): string { return ParagonIE_Sodium_Compat::crypto_sign_seed_keypair($seed); } } @@ -683,7 +735,7 @@ function crypto_sign_seed_keypair($seed) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_verify_detached($signature, $message, $pk) + function crypto_sign_verify_detached(string $signature, string $message, string $pk): bool { return ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $message, $pk); } @@ -696,7 +748,7 @@ function crypto_sign_verify_detached($signature, $message, $pk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_ed25519_pk_to_curve25519($pk) + function crypto_sign_ed25519_pk_to_curve25519(string $pk): string { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_pk_to_curve25519($pk); } @@ -709,8 +761,10 @@ function crypto_sign_ed25519_pk_to_curve25519($pk) * @throws \SodiumException * @throws \TypeError */ - function crypto_sign_ed25519_sk_to_curve25519($sk) - { + function crypto_sign_ed25519_sk_to_curve25519( + #[\SensitiveParameter] + string $sk + ): string { return ParagonIE_Sodium_Compat::crypto_sign_ed25519_sk_to_curve25519($sk); } } @@ -724,8 +778,12 @@ function crypto_sign_ed25519_sk_to_curve25519($sk) * @throws \SodiumException * @throws \TypeError */ - function crypto_stream($len, $nonce, $key) - { + function crypto_stream( + int $len, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_stream($len, $nonce, $key); } } @@ -739,8 +797,13 @@ function crypto_stream($len, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function crypto_stream_xor($message, $nonce, $key) - { + function crypto_stream_xor( + #[\SensitiveParameter] + string $message, + string $nonce, + #[\SensitiveParameter] + string $key + ): string { return ParagonIE_Sodium_Compat::crypto_stream_xor($message, $nonce, $key); } } @@ -752,8 +815,10 @@ function crypto_stream_xor($message, $nonce, $key) * @throws \SodiumException * @throws \TypeError */ - function hex2bin($string) - { + function hex2bin( + #[\SensitiveParameter] + string $string + ): string { return ParagonIE_Sodium_Compat::hex2bin($string); } } @@ -766,7 +831,7 @@ function hex2bin($string) * @throws \SodiumException * @throws \TypeError */ - function memcmp($a, $b) + function memcmp(string $a, string $b): int { return ParagonIE_Sodium_Compat::memcmp($a, $b); } @@ -783,7 +848,7 @@ function memcmp($a, $b) * @psalm-suppress MissingReturnType * @psalm-suppress ReferenceConstraintViolation */ - function memzero(&$str) + function memzero(string &$str): void { ParagonIE_Sodium_Compat::memzero($str); } @@ -795,7 +860,7 @@ function memzero(&$str) * @return string * @throws \TypeError */ - function randombytes_buf($amount) + function randombytes_buf(int $amount): string { return ParagonIE_Sodium_Compat::randombytes_buf($amount); } @@ -809,7 +874,7 @@ function randombytes_buf($amount) * @throws \SodiumException * @throws \Error */ - function randombytes_uniform($upperLimit) + function randombytes_uniform(int $upperLimit): int { return ParagonIE_Sodium_Compat::randombytes_uniform($upperLimit); } @@ -820,7 +885,7 @@ function randombytes_uniform($upperLimit) * @see ParagonIE_Sodium_Compat::randombytes_random16() * @return int */ - function randombytes_random16() + function randombytes_random16(): int { return ParagonIE_Sodium_Compat::randombytes_random16(); } diff --git a/psalm.xml b/psalm.xml index 601c868c..ae9dc10c 100644 --- a/psalm.xml +++ b/psalm.xml @@ -7,51 +7,10 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/Compat.php b/src/Compat.php index b3268587..352b4c9d 100644 --- a/src/Compat.php +++ b/src/Compat.php @@ -200,8 +200,6 @@ public static function base642bin( int $variant, string $ignore = '' ): string { - /** @var string $encoded */ - $encoded = (string) $encoded; if (ParagonIE_Sodium_Core_Util::strlen($encoded) === 0) { return ''; } @@ -243,8 +241,6 @@ public static function bin2base64( string $decoded, int $variant ): string { - /** @var string $decoded */ - $decoded = (string) $decoded; if (ParagonIE_Sodium_Core_Util::strlen($decoded) === 0) { return ''; } @@ -270,14 +266,13 @@ public static function bin2base64( * @return string A hexadecimal-encoded string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function bin2hex( #[\SensitiveParameter] string $string ): string { if (self::useNewSodiumAPI()) { - return (string) sodium_bin2hex($string); + return sodium_bin2hex($string); } if (self::use_fallback('bin2hex')) { return (string) call_user_func('\\Sodium\\bin2hex', $string); @@ -296,7 +291,6 @@ public static function bin2hex( * If > 0 if the right operand is less than the left * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function compare( #[\SensitiveParameter] @@ -305,7 +299,7 @@ public static function compare( string $right ): int { if (self::useNewSodiumAPI()) { - return (int) sodium_compare($left, $right); + return sodium_compare($left, $right); } if (self::use_fallback('compare')) { return (int) call_user_func('\\Sodium\\compare', $left, $right); @@ -327,9 +321,6 @@ public static function compare( * @return string The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_aegis128l_decrypt( string $ciphertext = '', @@ -377,7 +368,6 @@ public static function crypto_aead_aegis128l_decrypt( * @return string Ciphertext with 32-byte authentication tag appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_aegis128l_encrypt( #[\SensitiveParameter] @@ -426,9 +416,6 @@ public static function crypto_aead_aegis128l_keygen(): string * @return string The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_aegis256_decrypt( string $ciphertext = '', @@ -476,7 +463,6 @@ public static function crypto_aead_aegis256_decrypt( * @return string Ciphertext with 32-byte authentication tag appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_aegis256_encrypt( #[\SensitiveParameter] @@ -515,9 +501,6 @@ public static function crypto_aead_aegis256_keygen(): string * Is AES-256-GCM even available to use? * * @return bool - * @psalm-suppress UndefinedFunction - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_aes256gcm_is_available(): bool { @@ -531,7 +514,7 @@ public static function crypto_aead_aes256gcm_is_available(): bool // OpenSSL isn't installed return false; } - return (bool) in_array('aes-256-gcm', openssl_get_cipher_methods()); + return in_array('aes-256-gcm', openssl_get_cipher_methods()); } /** @@ -551,9 +534,6 @@ public static function crypto_aead_aes256gcm_is_available(): bool * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_aes256gcm_decrypt( string $ciphertext = '', @@ -561,7 +541,7 @@ public static function crypto_aead_aes256gcm_decrypt( string $nonce = '', #[\SensitiveParameter] string $key = '' - ) { + ): string|bool { if (!self::crypto_aead_aes256gcm_is_available()) { throw new SodiumException('AES-256-GCM is not available'); } @@ -579,9 +559,7 @@ public static function crypto_aead_aes256gcm_decrypt( throw new SodiumException('The OpenSSL extension is not installed, or openssl_decrypt() is not available'); } - /** @var string $ctext */ $ctext = ParagonIE_Sodium_Core_Util::substr($ciphertext, 0, -self::CRYPTO_AEAD_AES256GCM_ABYTES); - /** @var string $authTag */ $authTag = ParagonIE_Sodium_Core_Util::substr($ciphertext, -self::CRYPTO_AEAD_AES256GCM_ABYTES, 16); return openssl_decrypt( $ctext, @@ -592,6 +570,7 @@ public static function crypto_aead_aes256gcm_decrypt( $authTag, $assocData ); + return $decrypted; } /** @@ -609,7 +588,6 @@ public static function crypto_aead_aes256gcm_decrypt( * authentication code appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_aes256gcm_encrypt( #[\SensitiveParameter] @@ -675,12 +653,9 @@ public static function crypto_aead_aes256gcm_keygen(): string * @param string $nonce Number to be used only Once; must be 8 bytes * @param string $key Encryption key * - * @return string The original plaintext message + * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_chacha20poly1305_decrypt( string $ciphertext = '', @@ -688,7 +663,7 @@ public static function crypto_aead_chacha20poly1305_decrypt( string $nonce = '', #[\SensitiveParameter] string $key = '' - ) { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES) { throw new SodiumException('Nonce must be CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES long'); @@ -701,10 +676,6 @@ public static function crypto_aead_chacha20poly1305_decrypt( } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_aead_chacha20poly1305_decrypt( $ciphertext, $assocData, @@ -747,7 +718,6 @@ public static function crypto_aead_chacha20poly1305_decrypt( * authentication code appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_chacha20poly1305_encrypt( #[\SensitiveParameter] @@ -766,7 +736,7 @@ public static function crypto_aead_chacha20poly1305_encrypt( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_aead_chacha20poly1305_encrypt( + return sodium_crypto_aead_chacha20poly1305_encrypt( $plaintext, $assocData, $nonce, @@ -804,12 +774,9 @@ public static function crypto_aead_chacha20poly1305_encrypt( * @param string $nonce Number to be used only Once; must be 12 bytes * @param string $key Encryption key * - * @return string The original plaintext message + * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_aead_chacha20poly1305_ietf_decrypt( string $ciphertext = '', @@ -817,7 +784,7 @@ public static function crypto_aead_chacha20poly1305_ietf_decrypt( string $nonce = '', #[\SensitiveParameter] string $key = '' - ) { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES) { throw new SodiumException('Nonce must be CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES long'); @@ -830,10 +797,6 @@ public static function crypto_aead_chacha20poly1305_ietf_decrypt( } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_aead_chacha20poly1305_ietf_decrypt( $ciphertext, $assocData, @@ -889,7 +852,6 @@ public static function crypto_aead_chacha20poly1305_keygen(): string * authentication code appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_chacha20poly1305_ietf_encrypt( #[\SensitiveParameter] @@ -908,7 +870,7 @@ public static function crypto_aead_chacha20poly1305_ietf_encrypt( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_aead_chacha20poly1305_ietf_encrypt( + return sodium_crypto_aead_chacha20poly1305_ietf_encrypt( $plaintext, $assocData, $nonce, @@ -960,10 +922,9 @@ public static function crypto_aead_chacha20poly1305_ietf_keygen(): string * @param string $key Encryption key * @param bool $dontFallback Don't fallback to ext/sodium * - * @return string The original plaintext message + * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( string $ciphertext = '', @@ -972,7 +933,7 @@ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( #[\SensitiveParameter] string $key = '', bool $dontFallback = false - ): string { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES) { throw new SodiumException('Nonce must be CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES long'); @@ -985,16 +946,12 @@ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( } if (self::useNewSodiumAPI() && !$dontFallback) { if (is_callable('sodium_crypto_aead_xchacha20poly1305_ietf_decrypt')) { - $result = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt( + return sodium_crypto_aead_xchacha20poly1305_ietf_decrypt( $ciphertext, $assocData, $nonce, $key ); - if (!is_string($result)) { - throw new SodiumException('Decryption failure'); - } - return $result; } } @@ -1025,7 +982,6 @@ public static function crypto_aead_xchacha20poly1305_ietf_decrypt( * authentication code appended * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_aead_xchacha20poly1305_ietf_encrypt( #[\SensitiveParameter] @@ -1090,7 +1046,6 @@ public static function crypto_aead_xchacha20poly1305_ietf_keygen(): string * @return string Message authentication code * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_auth( string $message, @@ -1103,7 +1058,7 @@ public static function crypto_auth( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_auth($message, $key); + return sodium_crypto_auth($message, $key); } if (self::use_fallback('crypto_auth')) { return (string) call_user_func('\\Sodium\\crypto_auth', $message, $key); @@ -1131,7 +1086,6 @@ public static function crypto_auth_keygen(): string * @return bool TRUE if authenticated, FALSE otherwise * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_auth_verify( string $mac, @@ -1149,7 +1103,7 @@ public static function crypto_auth_verify( } if (self::useNewSodiumAPI()) { - return (bool) sodium_crypto_auth_verify($mac, $message, $key); + return sodium_crypto_auth_verify($mac, $message, $key); } if (self::use_fallback('crypto_auth_verify')) { return (bool) call_user_func('\\Sodium\\crypto_auth_verify', $mac, $message, $key); @@ -1172,7 +1126,6 @@ public static function crypto_auth_verify( * @return string Ciphertext with 16-byte Poly1305 MAC * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box( #[\SensitiveParameter] @@ -1190,7 +1143,7 @@ public static function crypto_box( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box($plaintext, $nonce, $keypair); + return sodium_crypto_box($plaintext, $nonce, $keypair); } if (self::use_fallback('crypto_box')) { return (string) call_user_func('\\Sodium\\crypto_box', $plaintext, $nonce, $keypair); @@ -1213,7 +1166,6 @@ public static function crypto_box( * decrypt * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_seal( #[\SensitiveParameter] @@ -1226,7 +1178,7 @@ public static function crypto_box_seal( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_seal($plaintext, $publicKey); + return sodium_crypto_box_seal($plaintext, $publicKey); } if (self::use_fallback('crypto_box_seal')) { return (string) call_user_func('\\Sodium\\crypto_box_seal', $plaintext, $publicKey); @@ -1242,27 +1194,20 @@ public static function crypto_box_seal( * * @param string $ciphertext Sealed message to be opened * @param string $keypair Your crypto_box keypair - * @return string The original plaintext message + * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_box_seal_open( string $ciphertext, string $keypair - ): string { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_BOX_KEYPAIRBYTES) { throw new SodiumException('Argument 2 must be CRYPTO_BOX_KEYPAIRBYTES long.'); } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_box_seal_open($ciphertext, $keypair); } if (self::use_fallback('crypto_box_seal_open')) { @@ -1280,12 +1225,11 @@ public static function crypto_box_seal_open( * don't accidentally get them mixed up! * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_keypair(): string { if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_keypair(); + return sodium_crypto_box_keypair(); } if (self::use_fallback('crypto_box_keypair')) { return (string) call_user_func('\\Sodium\\crypto_box_keypair'); @@ -1302,7 +1246,6 @@ public static function crypto_box_keypair(): string * @return string Keypair * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_keypair_from_secretkey_and_publickey( #[\SensitiveParameter] @@ -1318,7 +1261,7 @@ public static function crypto_box_keypair_from_secretkey_and_publickey( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_keypair_from_secretkey_and_publickey($secretKey, $publicKey); + return sodium_crypto_box_keypair_from_secretkey_and_publickey($secretKey, $publicKey); } if (self::use_fallback('crypto_box_keypair_from_secretkey_and_publickey')) { return (string) call_user_func('\\Sodium\\crypto_box_keypair_from_secretkey_and_publickey', $secretKey, $publicKey); @@ -1332,19 +1275,16 @@ public static function crypto_box_keypair_from_secretkey_and_publickey( * @param string $ciphertext Encrypted message * @param string $nonce Number to only be used Once; must be 24 bytes * @param string $keypair Your secret key and the sender's public key - * @return string The original plaintext message + * @return string|bool The original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_box_open( string $ciphertext, string $nonce, #[\SensitiveParameter] string $keypair - ): string { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_BOX_MACBYTES) { throw new SodiumException('Argument 1 must be at least CRYPTO_BOX_MACBYTES long.'); @@ -1357,10 +1297,6 @@ public static function crypto_box_open( } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_box_open($ciphertext, $nonce, $keypair); } if (self::use_fallback('crypto_box_open')) { @@ -1376,7 +1312,6 @@ public static function crypto_box_open( * @return string Your crypto_box public key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_publickey( #[\SensitiveParameter] @@ -1388,7 +1323,7 @@ public static function crypto_box_publickey( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_publickey($keypair); + return sodium_crypto_box_publickey($keypair); } if (self::use_fallback('crypto_box_publickey')) { return (string) call_user_func('\\Sodium\\crypto_box_publickey', $keypair); @@ -1403,7 +1338,6 @@ public static function crypto_box_publickey( * @return string The corresponding X25519 public key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_publickey_from_secretkey( string $secretKey @@ -1414,7 +1348,7 @@ public static function crypto_box_publickey_from_secretkey( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_publickey_from_secretkey($secretKey); + return sodium_crypto_box_publickey_from_secretkey($secretKey); } if (self::use_fallback('crypto_box_publickey_from_secretkey')) { return (string) call_user_func('\\Sodium\\crypto_box_publickey_from_secretkey', $secretKey); @@ -1429,7 +1363,6 @@ public static function crypto_box_publickey_from_secretkey( * @return string Your crypto_box secret key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_box_secretkey( #[\SensitiveParameter] @@ -1441,7 +1374,7 @@ public static function crypto_box_secretkey( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_secretkey($keypair); + return sodium_crypto_box_secretkey($keypair); } if (self::use_fallback('crypto_box_secretkey')) { return (string) call_user_func('\\Sodium\\crypto_box_secretkey', $keypair); @@ -1456,15 +1389,13 @@ public static function crypto_box_secretkey( * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress UndefinedFunction */ public static function crypto_box_seed_keypair( #[\SensitiveParameter] string $seed ): string { if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_box_seed_keypair($seed); + return sodium_crypto_box_seed_keypair($seed); } if (self::use_fallback('crypto_box_seed_keypair')) { return (string) call_user_func('\\Sodium\\crypto_box_seed_keypair', $seed); @@ -1483,7 +1414,6 @@ public static function crypto_box_seed_keypair( * @return string Raw binary * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_generichash( string $message, @@ -1505,7 +1435,7 @@ public static function crypto_generichash( } if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_generichash($message, $key, $length); + return sodium_crypto_generichash($message, $key, $length); } if (self::use_fallback('crypto_generichash')) { return (string) call_user_func('\\Sodium\\crypto_generichash', $message, $key, $length); @@ -1521,9 +1451,7 @@ public static function crypto_generichash( * @return string Final BLAKE2b hash. * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument * @psalm-suppress ReferenceConstraintViolation - * @psalm-suppress ConflictingReferenceConstraint */ public static function crypto_generichash_final( string &$ctx, @@ -1562,7 +1490,6 @@ public static function crypto_generichash_final( * (To be 100% compatible with ext/libsodium) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_generichash_init( #[\SensitiveParameter] @@ -1603,7 +1530,6 @@ public static function crypto_generichash_init( * (To be 100% compatible with ext/libsodium) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_generichash_init_salt_personal( #[\SensitiveParameter] @@ -1612,7 +1538,6 @@ public static function crypto_generichash_init_salt_personal( string $salt = '', string $personal = '' ): string { - /* Type checks: */ if (is_null($key)) { $key = ''; } @@ -1638,8 +1563,6 @@ public static function crypto_generichash_init_salt_personal( * @return void * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress ReferenceConstraintViolation */ public static function crypto_generichash_update(string &$ctx, string $message): void { @@ -1744,7 +1667,6 @@ public static function crypto_kdf_keygen(): string * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_kx( #[\SensitiveParameter] @@ -1770,7 +1692,7 @@ public static function crypto_kx( if (self::useNewSodiumAPI() && !$dontFallback) { if (is_callable('sodium_crypto_kx')) { - return (string) sodium_crypto_kx( + return sodium_crypto_kx( $my_secret, $their_public, $client_public, @@ -1779,7 +1701,7 @@ public static function crypto_kx( } } if (self::use_fallback('crypto_kx')) { - return (string) call_user_func( + return call_user_func( '\\Sodium\\crypto_kx', $my_secret, $their_public, @@ -1943,7 +1865,6 @@ public static function crypto_kx_publickey( * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_pwhash( int $outlen, @@ -1996,7 +1917,6 @@ public static function crypto_pwhash_is_available(): bool * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_pwhash_str( #[\SensitiveParameter] @@ -2032,14 +1952,12 @@ public static function crypto_pwhash_str_needs_rehash( int $memlimit ): bool { // Just grab the first 4 pieces. - $pieces = explode('$', (string) $hash); + $pieces = explode('$', $hash); $prefix = implode('$', array_slice($pieces, 0, 4)); // Rebuild the expected header. - /** @var int $ops */ - $ops = (int) $opslimit; - /** @var int $mem */ - $mem = (int) $memlimit >> 10; + $ops = $opslimit; + $mem = $memlimit >> 10; $encoded = self::CRYPTO_PWHASH_STRPREFIX . 'v=19$m=' . $mem . ',t=' . $ops . ',p=1'; // Do they match? If so, we don't need to rehash, so return false. @@ -2052,7 +1970,6 @@ public static function crypto_pwhash_str_needs_rehash( * @return bool * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_pwhash_str_verify( #[\SensitiveParameter] @@ -2061,7 +1978,7 @@ public static function crypto_pwhash_str_verify( string $hash ): bool { if (self::useNewSodiumAPI()) { - return (bool) sodium_crypto_pwhash_str_verify($passwd, $hash); + return sodium_crypto_pwhash_str_verify($passwd, $hash); } if (self::use_fallback('crypto_pwhash_str_verify')) { return (bool) call_user_func('\\Sodium\\crypto_pwhash_str_verify', $passwd, $hash); @@ -2092,22 +2009,22 @@ public static function crypto_pwhash_scryptsalsa208sha256( int $memlimit ): string { if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_pwhash_scryptsalsa208sha256( - (int) $outlen, - (string) $passwd, - (string) $salt, - (int) $opslimit, - (int) $memlimit + return sodium_crypto_pwhash_scryptsalsa208sha256( + $outlen, + $passwd, + $salt, + $opslimit, + $memlimit ); } if (self::use_fallback('crypto_pwhash_scryptsalsa208sha256')) { return (string) call_user_func( '\\Sodium\\crypto_pwhash_scryptsalsa208sha256', - (int) $outlen, - (string) $passwd, - (string) $salt, - (int) $opslimit, - (int) $memlimit + $outlen, + $passwd, + $salt, + $opslimit, + $memlimit ); } // This is the best we can do. @@ -2150,18 +2067,18 @@ public static function crypto_pwhash_scryptsalsa208sha256_str( int $memlimit ): string { if (self::useNewSodiumAPI()) { - return (string) sodium_crypto_pwhash_scryptsalsa208sha256_str( - (string) $passwd, - (int) $opslimit, - (int) $memlimit + return sodium_crypto_pwhash_scryptsalsa208sha256_str( + $passwd, + $opslimit, + $memlimit ); } if (self::use_fallback('crypto_pwhash_scryptsalsa208sha256_str')) { return (string) call_user_func( '\\Sodium\\crypto_pwhash_scryptsalsa208sha256_str', - (string) $passwd, - (int) $opslimit, - (int) $memlimit + $passwd, + $opslimit, + $memlimit ); } // This is the best we can do. @@ -2184,16 +2101,13 @@ public static function crypto_pwhash_scryptsalsa208sha256_str_verify( string $hash ): bool { if (self::useNewSodiumAPI()) { - return (bool) sodium_crypto_pwhash_scryptsalsa208sha256_str_verify( - (string) $passwd, - (string) $hash - ); + return sodium_crypto_pwhash_scryptsalsa208sha256_str_verify($passwd, $hash); } if (self::use_fallback('crypto_pwhash_scryptsalsa208sha256_str_verify')) { return (bool) call_user_func( '\\Sodium\\crypto_pwhash_scryptsalsa208sha256_str_verify', - (string) $passwd, - (string) $hash + $passwd, + $hash ); } // This is the best we can do. @@ -2213,7 +2127,6 @@ public static function crypto_pwhash_scryptsalsa208sha256_str_verify( * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_scalarmult( #[\SensitiveParameter] @@ -2252,8 +2165,6 @@ public static function crypto_scalarmult( * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress TooFewArguments - * @psalm-suppress MixedArgument */ public static function crypto_scalarmult_base( #[\SensitiveParameter] @@ -2287,7 +2198,6 @@ public static function crypto_scalarmult_base( * @return string Ciphertext with Poly1305 MAC * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_secretbox( #[\SensitiveParameter] @@ -2319,19 +2229,16 @@ public static function crypto_secretbox( * @param string $ciphertext Ciphertext with Poly1305 MAC * @param string $nonce A Number to be used Once; must be 24 bytes * @param string $key Symmetric encryption key - * @return string Original plaintext message + * @return string|bool Original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_secretbox_open( string $ciphertext, string $nonce, #[\SensitiveParameter] string $key - ): string { + ): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_SECRETBOX_NONCEBYTES) { throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_NONCEBYTES long.'); @@ -2341,10 +2248,6 @@ public static function crypto_secretbox_open( } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_secretbox_open($ciphertext, $nonce, $key); } if (self::use_fallback('crypto_secretbox_open')) { @@ -2360,7 +2263,7 @@ public static function crypto_secretbox_open( * @throws Exception * @throws Error */ - public static function crypto_secretbox_keygen() + public static function crypto_secretbox_keygen(): string { return random_bytes(self::CRYPTO_SECRETBOX_KEYBYTES); } @@ -2376,7 +2279,6 @@ public static function crypto_secretbox_keygen() * @return string Ciphertext with Poly1305 MAC * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_secretbox_xchacha20poly1305( #[\SensitiveParameter] @@ -2403,7 +2305,6 @@ public static function crypto_secretbox_xchacha20poly1305( * @return string Original plaintext message * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_secretbox_xchacha20poly1305_open( string $ciphertext, @@ -2490,7 +2391,7 @@ public static function crypto_secretstream_xchacha20poly1305_pull( string &$state, string $msg, string $aad = '' - ) { + ): bool|array { return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_pull( $state, $msg, @@ -2527,9 +2428,6 @@ public static function crypto_secretstream_xchacha20poly1305_rekey( * @return string Hash * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_shorthash( string $message, @@ -2573,21 +2471,16 @@ public static function crypto_shorthash_keygen(): string * @return string Signed message (signature is prefixed). * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ public static function crypto_sign( string $message, #[\SensitiveParameter] string $secretKey ): string { - /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($secretKey) !== self::CRYPTO_SIGN_SECRETKEYBYTES) { throw new SodiumException('Argument 2 must be CRYPTO_SIGN_SECRETKEYBYTES long.'); } - if (self::useNewSodiumAPI()) { return sodium_crypto_sign($message, $secretKey); } @@ -2602,15 +2495,12 @@ public static function crypto_sign( * * @param string $signedMessage A signed message * @param string $publicKey A public key - * @return string The original message (if the signature is + * @return string|bool The original message (if the signature is * valid for this public key) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedInferredReturnType - * @psalm-suppress MixedReturnStatement */ - public static function crypto_sign_open(string $signedMessage, string $publicKey): string + public static function crypto_sign_open(string $signedMessage, string $publicKey): string|bool { /* Input validation: */ if (ParagonIE_Sodium_Core_Util::strlen($signedMessage) < self::CRYPTO_SIGN_BYTES) { @@ -2621,10 +2511,6 @@ public static function crypto_sign_open(string $signedMessage, string $publicKey } if (self::useNewSodiumAPI()) { - /** - * @psalm-suppress InvalidReturnStatement - * @psalm-suppress FalsableReturnStatement - */ return sodium_crypto_sign_open($signedMessage, $publicKey); } if (self::use_fallback('crypto_sign_open')) { @@ -2682,7 +2568,6 @@ public static function crypto_sign_keypair_from_secretkey_and_publickey( * @return string Keypair * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_seed_keypair( #[\SensitiveParameter] @@ -2707,7 +2592,6 @@ public static function crypto_sign_seed_keypair( * @return string Public key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_publickey( #[\SensitiveParameter] @@ -2734,7 +2618,6 @@ public static function crypto_sign_publickey( * @return string The corresponding Ed25519 public key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_publickey_from_secretkey( #[\SensitiveParameter] @@ -2762,7 +2645,6 @@ public static function crypto_sign_publickey_from_secretkey( * @return string Secret key * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_secretkey( #[\SensitiveParameter] @@ -2792,7 +2674,6 @@ public static function crypto_sign_secretkey( * @return string Digital signature * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_detached( string $message, @@ -2823,7 +2704,6 @@ public static function crypto_sign_detached( * FALSE otherwise * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_verify_detached( string $signature, @@ -2859,7 +2739,6 @@ public static function crypto_sign_verify_detached( * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_ed25519_pk_to_curve25519(string $pk): string { @@ -2869,7 +2748,7 @@ public static function crypto_sign_ed25519_pk_to_curve25519(string $pk): string } if (self::useNewSodiumAPI()) { if (is_callable('crypto_sign_ed25519_pk_to_curve25519')) { - return (string) sodium_crypto_sign_ed25519_pk_to_curve25519($pk); + return sodium_crypto_sign_ed25519_pk_to_curve25519($pk); } } if (self::use_fallback('crypto_sign_ed25519_pk_to_curve25519')) { @@ -2885,7 +2764,6 @@ public static function crypto_sign_ed25519_pk_to_curve25519(string $pk): string * @return string * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_sign_ed25519_sk_to_curve25519( #[\SensitiveParameter] @@ -2926,7 +2804,6 @@ public static function crypto_sign_ed25519_sk_to_curve25519( * optional for security) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_stream( int $len, @@ -2969,7 +2846,6 @@ public static function crypto_stream( * Encrypt then MAC) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_stream_xor( #[\SensitiveParameter] @@ -3020,7 +2896,6 @@ public static function crypto_stream_keygen(): string * optional for security) * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_stream_xchacha20( int $len, @@ -3062,7 +2937,6 @@ public static function crypto_stream_xchacha20( * @param bool $dontFallback * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_stream_xchacha20_xor( #[\SensitiveParameter] @@ -3106,7 +2980,6 @@ public static function crypto_stream_xchacha20_xor( * @param bool $dontFallback * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function crypto_stream_xchacha20_xor_ic( #[\SensitiveParameter] @@ -3153,8 +3026,6 @@ public static function crypto_stream_xchacha20_keygen(): string * @return string Raw binary string * @throws SodiumException * @throws TypeError - * @psalm-suppress TooFewArguments - * @psalm-suppress MixedArgument */ public static function hex2bin( #[\SensitiveParameter] @@ -3163,7 +3034,7 @@ public static function hex2bin( ): string { if (self::useNewSodiumAPI()) { if (is_callable('sodium_hex2bin')) { - return (string) sodium_hex2bin($string, $ignore); + return sodium_hex2bin($string, $ignore); } } if (self::use_fallback('hex2bin')) { @@ -3180,7 +3051,6 @@ public static function hex2bin( * @return void * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function increment( #[\SensitiveParameter] @@ -3270,7 +3140,6 @@ public static function library_version_minor(): int * @return int * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument */ public static function memcmp( #[\SensitiveParameter] @@ -3303,6 +3172,9 @@ public static function memzero( #[\SensitiveParameter] ?string &$var ): void { + if (is_null($var)) { + return; + } if (self::useNewSodiumAPI()) { /** @psalm-suppress MixedArgument */ sodium_memzero($var); @@ -3311,9 +3183,7 @@ public static function memzero( if (self::use_fallback('memzero')) { $func = '\\Sodium\\memzero'; $func($var); - if ($var === null) { - return; - } + return; } // This is the best we can do. throw new SodiumException( @@ -3335,12 +3205,8 @@ public static function pad( int $blockSize, bool $dontFallback = false ): string { - - $unpadded = (string) $unpadded; - $blockSize = (int) $blockSize; - if (self::useNewSodiumAPI() && !$dontFallback) { - return (string) sodium_pad($unpadded, $blockSize); + return sodium_pad($unpadded, $blockSize); } if ($blockSize <= 0) { @@ -3365,15 +3231,13 @@ public static function pad( for ($j = 0; $j <= $xpadded_len; ++$j) { $i = (int) $i; $k = (int) $k; - $st = (int) $st; if ($j >= $unpadded_len) { $padded[$j] = "\0"; } else { $padded[$j] = $unpadded[$j]; } - /** @var int $k */ $k -= $st; - $st = (int) (~( + $st = (~( ( ( ($k >> 48) @@ -3423,7 +3287,7 @@ public static function unpad( bool $dontFallback = false ): string { if (self::useNewSodiumAPI() && !$dontFallback) { - return (string) sodium_unpad($padded, $blockSize); + return sodium_unpad($padded, $blockSize); } if ($blockSize <= 0) { throw new SodiumException('block size cannot be less than 1'); @@ -3503,9 +3367,6 @@ public static function randombytes_buf(int $numBytes): string if (self::use_fallback('randombytes_buf')) { return (string) call_user_func('\\Sodium\\randombytes_buf', $numBytes); } - if ($numBytes < 0) { - throw new SodiumException("Number of bytes must be a positive integer"); - } return random_bytes($numBytes); } @@ -3862,12 +3723,12 @@ public static function sub( public static function version_string(): string { if (self::useNewSodiumAPI()) { - return (string) sodium_version_string(); + return sodium_version_string(); } if (self::use_fallback('version_string')) { return (string) call_user_func('\\Sodium\\version_string'); } - return (string) self::VERSION_STRING; + return self::VERSION_STRING; } /** diff --git a/src/Core/AES/Block.php b/src/Core/AES/Block.php index 4ee368ba..ac5524bb 100644 --- a/src/Core/AES/Block.php +++ b/src/Core/AES/Block.php @@ -85,9 +85,6 @@ public static function fromArray($array, $save_indexes = null) #[ReturnTypeWillChange] public function offsetSet($offset, $value) { - if (!is_int($value)) { - throw new InvalidArgumentException('Expected an integer'); - } if (is_null($offset)) { $this->values[] = $value; } else { @@ -140,7 +137,7 @@ public function offsetGet($offset) if (!isset($this->values[$offset])) { $this->values[$offset] = 0; } - return (int) ($this->values[$offset]); + return $this->values[$offset]; } /** diff --git a/src/Core/BLAKE2b.php b/src/Core/BLAKE2b.php index b875fb26..f78d079e 100644 --- a/src/Core/BLAKE2b.php +++ b/src/Core/BLAKE2b.php @@ -46,7 +46,6 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util * @param int $high * @param int $low * @return SplFixedArray - * @psalm-suppress MixedAssignment */ public static function new64(int $high, int $low): SplFixedArray { @@ -80,9 +79,8 @@ protected static function to64(int $num): SplFixedArray * @param SplFixedArray $x * @param SplFixedArray $y * @return SplFixedArray - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedOperand + * + * @throws SodiumException */ protected static function add64(SplFixedArray $x, SplFixedArray $y): SplFixedArray { @@ -146,7 +144,8 @@ protected static function xor64(SplFixedArray $x, SplFixedArray $y): SplFixedArr * @param SplFixedArray $x * @param int $c * @return SplFixedArray - * @psalm-suppress MixedAssignment + * + * @throws SodiumException */ public static function rotr64(SplFixedArray $x, int $c): SplFixedArray { @@ -199,7 +198,6 @@ public static function rotr64(SplFixedArray $x, int $c): SplFixedArray * * @param SplFixedArray $x * @return int - * @psalm-suppress MixedOperand */ protected static function flatten64(SplFixedArray $x): int { @@ -212,8 +210,8 @@ protected static function flatten64(SplFixedArray $x): int * @param SplFixedArray $x * @param int $i * @return SplFixedArray - * @psalm-suppress MixedArgument - * @psalm-suppress MixedArrayOffset + * + * @throws SodiumException */ protected static function load64(SplFixedArray $x, int $i): SplFixedArray { @@ -235,7 +233,6 @@ protected static function load64(SplFixedArray $x, int $i): SplFixedArray * @param int $i * @param SplFixedArray $u * @return void - * @psalm-suppress MixedAssignment */ protected static function store64(SplFixedArray $x, int $i, SplFixedArray $u): void { @@ -246,13 +243,11 @@ protected static function store64(SplFixedArray $x, int $i, SplFixedArray $u): v ... becomes ... [0, 0, 0, 0, 1, 1, 1, 1] */ - /** @var int $uIdx */ $uIdx = ((7 - $j) & 4) >> 2; $x[$i] = ((int) ($u[$uIdx]) & 0xff); if (++$i > $maxLength) { return; } - /** @psalm-suppress MixedOperand */ $u[$uIdx] >>= 8; } } @@ -263,6 +258,8 @@ protected static function store64(SplFixedArray $x, int $i, SplFixedArray $u): v * @internal You should not use this directly from another application * * @return void + * + * @throws SodiumException */ public static function pseudoConstructor(): void { @@ -289,9 +286,8 @@ public static function pseudoConstructor(): void * @internal You should not use this directly from another application * * @return SplFixedArray - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment + * + * @throws SodiumException */ protected static function context(): SplFixedArray { @@ -327,11 +323,6 @@ protected static function context(): SplFixedArray * @return void * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment - * @psalm-suppress MixedArrayOffset */ protected static function compress(SplFixedArray $ctx, SplFixedArray $buf): void { @@ -388,8 +379,6 @@ protected static function compress(SplFixedArray $ctx, SplFixedArray $buf): void * @return SplFixedArray * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedArrayOffset */ public static function G( int $r, @@ -418,10 +407,8 @@ public static function G( * @param SplFixedArray $ctx * @param int $inc * @return void + * * @throws SodiumException - * @psalm-suppress MixedArgument - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment */ public static function increment_counter(SplFixedArray $ctx, int $inc): void { @@ -447,14 +434,9 @@ public static function increment_counter(SplFixedArray $ctx, int $inc): void * @param SplFixedArray $p * @param int $plen * @return void + * * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment - * @psalm-suppress MixedArrayOffset - * @psalm-suppress MixedOperand */ public static function update(SplFixedArray $ctx, SplFixedArray $p, int $plen): void { @@ -510,14 +492,9 @@ public static function update(SplFixedArray $ctx, SplFixedArray $p, int $plen): * @param SplFixedArray $ctx * @param SplFixedArray $out * @return SplFixedArray + * * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment - * @psalm-suppress MixedArrayOffset - * @psalm-suppress MixedOperand */ public static function finish(SplFixedArray $ctx, SplFixedArray $out): SplFixedArray { @@ -558,13 +535,9 @@ public static function finish(SplFixedArray $ctx, SplFixedArray $out): SplFixedA * @param SplFixedArray|null $salt * @param SplFixedArray|null $personal * @return SplFixedArray + * * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment - * @psalm-suppress MixedArrayOffset */ public static function init( ?SplFixedArray $key = null, @@ -648,7 +621,6 @@ public static function init( * * @param string $str * @return SplFixedArray - * @psalm-suppress MixedArgumentTypeCoercion */ public static function stringToSplFixedArray(string $str = ''): SplFixedArray { @@ -682,12 +654,6 @@ public static function SplFixedArrayToString(SplFixedArray $a): string * @param SplFixedArray $ctx * @return string * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayAssignment - * @psalm-suppress MixedArrayOffset - * @psalm-suppress MixedMethodCall */ public static function contextToString(SplFixedArray $ctx): string { @@ -742,7 +708,6 @@ public static function contextToString(SplFixedArray $ctx): string * @return SplFixedArray * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArrayAssignment */ public static function stringToContext(string $string): SplFixedArray { diff --git a/src/Core/Base64/Original.php b/src/Core/Base64/Original.php index e137bbda..be539d29 100644 --- a/src/Core/Base64/Original.php +++ b/src/Core/Base64/Original.php @@ -104,7 +104,6 @@ protected static function doEncode( * @return string * @throws RangeException * @throws TypeError - * @psalm-suppress RedundantCondition */ public static function decode( #[\SensitiveParameter] diff --git a/src/Core/Base64/UrlSafe.php b/src/Core/Base64/UrlSafe.php index e75032ce..5f462c17 100644 --- a/src/Core/Base64/UrlSafe.php +++ b/src/Core/Base64/UrlSafe.php @@ -104,7 +104,6 @@ protected static function doEncode( * @return string * @throws RangeException * @throws TypeError - * @psalm-suppress RedundantCondition */ public static function decode( #[\SensitiveParameter] diff --git a/src/Core/ChaCha20.php b/src/Core/ChaCha20.php index 7d52ec17..c7376031 100644 --- a/src/Core/ChaCha20.php +++ b/src/Core/ChaCha20.php @@ -63,7 +63,7 @@ protected static function quarterRound(int $a, int $b, int $c, int $d): array /** @var int $c */ $c = ($c + $d) & 0xffffffff; $b = self::rotate($b ^ $c, 7); - return array((int) $a, (int) $b, (int) $c, (int) $d); + return array($a, $b, $c, $d); } /** @@ -124,22 +124,22 @@ public static function encryptBytes( $message .= str_repeat("\x00", 64 - $bytes); } - $x0 = (int) $j0; - $x1 = (int) $j1; - $x2 = (int) $j2; - $x3 = (int) $j3; - $x4 = (int) $j4; - $x5 = (int) $j5; - $x6 = (int) $j6; - $x7 = (int) $j7; - $x8 = (int) $j8; - $x9 = (int) $j9; - $x10 = (int) $j10; - $x11 = (int) $j11; - $x12 = (int) $j12; - $x13 = (int) $j13; - $x14 = (int) $j14; - $x15 = (int) $j15; + $x0 = $j0; + $x1 = $j1; + $x2 = $j2; + $x3 = $j3; + $x4 = $j4; + $x5 = $j5; + $x6 = $j6; + $x7 = $j7; + $x8 = $j8; + $x9 = $j9; + $x10 = $j10; + $x11 = $j11; + $x12 = $j12; + $x13 = $j13; + $x14 = $j14; + $x15 = $j15; # for (i = 20; i > 0; i -= 2) { for ($i = 20; $i > 0; $i -= 2) { @@ -185,37 +185,21 @@ public static function encryptBytes( x14 = PLUS(x14, j14); x15 = PLUS(x15, j15); */ - /** @var int $x0 */ $x0 = ($x0 & 0xffffffff) + $j0; - /** @var int $x1 */ $x1 = ($x1 & 0xffffffff) + $j1; - /** @var int $x2 */ $x2 = ($x2 & 0xffffffff) + $j2; - /** @var int $x3 */ $x3 = ($x3 & 0xffffffff) + $j3; - /** @var int $x4 */ $x4 = ($x4 & 0xffffffff) + $j4; - /** @var int $x5 */ $x5 = ($x5 & 0xffffffff) + $j5; - /** @var int $x6 */ $x6 = ($x6 & 0xffffffff) + $j6; - /** @var int $x7 */ $x7 = ($x7 & 0xffffffff) + $j7; - /** @var int $x8 */ $x8 = ($x8 & 0xffffffff) + $j8; - /** @var int $x9 */ $x9 = ($x9 & 0xffffffff) + $j9; - /** @var int $x10 */ $x10 = ($x10 & 0xffffffff) + $j10; - /** @var int $x11 */ $x11 = ($x11 & 0xffffffff) + $j11; - /** @var int $x12 */ $x12 = ($x12 & 0xffffffff) + $j12; - /** @var int $x13 */ $x13 = ($x13 & 0xffffffff) + $j13; - /** @var int $x14 */ $x14 = ($x14 & 0xffffffff) + $j14; - /** @var int $x15 */ $x15 = ($x15 & 0xffffffff) + $j15; /* @@ -282,22 +266,22 @@ public static function encryptBytes( STORE32_LE(c + 56, x14); STORE32_LE(c + 60, x15); */ - $block = self::store32_le((int) ($x0 & 0xffffffff)) . - self::store32_le((int) ($x1 & 0xffffffff)) . - self::store32_le((int) ($x2 & 0xffffffff)) . - self::store32_le((int) ($x3 & 0xffffffff)) . - self::store32_le((int) ($x4 & 0xffffffff)) . - self::store32_le((int) ($x5 & 0xffffffff)) . - self::store32_le((int) ($x6 & 0xffffffff)) . - self::store32_le((int) ($x7 & 0xffffffff)) . - self::store32_le((int) ($x8 & 0xffffffff)) . - self::store32_le((int) ($x9 & 0xffffffff)) . - self::store32_le((int) ($x10 & 0xffffffff)) . - self::store32_le((int) ($x11 & 0xffffffff)) . - self::store32_le((int) ($x12 & 0xffffffff)) . - self::store32_le((int) ($x13 & 0xffffffff)) . - self::store32_le((int) ($x14 & 0xffffffff)) . - self::store32_le((int) ($x15 & 0xffffffff)); + $block = self::store32_le(($x0 & 0xffffffff)) . + self::store32_le(($x1 & 0xffffffff)) . + self::store32_le(($x2 & 0xffffffff)) . + self::store32_le(($x3 & 0xffffffff)) . + self::store32_le(($x4 & 0xffffffff)) . + self::store32_le(($x5 & 0xffffffff)) . + self::store32_le(($x6 & 0xffffffff)) . + self::store32_le(($x7 & 0xffffffff)) . + self::store32_le(($x8 & 0xffffffff)) . + self::store32_le(($x9 & 0xffffffff)) . + self::store32_le(($x10 & 0xffffffff)) . + self::store32_le(($x11 & 0xffffffff)) . + self::store32_le(($x12 & 0xffffffff)) . + self::store32_le(($x13 & 0xffffffff)) . + self::store32_le(($x14 & 0xffffffff)) . + self::store32_le(($x15 & 0xffffffff)); /* Partial block */ if ($bytes < 64) { diff --git a/src/Core/ChaCha20/Ctx.php b/src/Core/ChaCha20/Ctx.php index 7d2f2ddc..e495dd1c 100644 --- a/src/Core/ChaCha20/Ctx.php +++ b/src/Core/ChaCha20/Ctx.php @@ -71,17 +71,10 @@ public function __construct( * @param int $offset * @param int $value * @return void - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetSet($offset, $value) { - if (!is_int($offset)) { - throw new InvalidArgumentException('Expected an integer'); - } - if (!is_int($value)) { - throw new InvalidArgumentException('Expected an integer'); - } $this->container[$offset] = $value; } @@ -102,7 +95,6 @@ public function offsetExists($offset) * * @param int $offset * @return void - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetUnset($offset) @@ -115,7 +107,6 @@ public function offsetUnset($offset) * * @param int $offset * @return mixed|null - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetGet($offset) diff --git a/src/Core/Curve25519.php b/src/Core/Curve25519.php index 26e56448..2dcc0cf2 100644 --- a/src/Core/Curve25519.php +++ b/src/Core/Curve25519.php @@ -51,8 +51,6 @@ public static function fe_1(): ParagonIE_Sodium_Core_Curve25519_Fe * @param ParagonIE_Sodium_Core_Curve25519_Fe $f * @param ParagonIE_Sodium_Core_Curve25519_Fe $g * @return ParagonIE_Sodium_Core_Curve25519_Fe - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedOperand */ public static function fe_add( ParagonIE_Sodium_Core_Curve25519_Fe $f, @@ -75,7 +73,6 @@ public static function fe_add( * @param ParagonIE_Sodium_Core_Curve25519_Fe $g * @param int $b * @return ParagonIE_Sodium_Core_Curve25519_Fe - * @psalm-suppress MixedAssignment */ public static function fe_cmov( ParagonIE_Sodium_Core_Curve25519_Fe $f, @@ -169,16 +166,16 @@ public static function fe_frombytes( return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + $h0, + $h1, + $h2, + $h3, + $h4, + $h5, + $h6, + $h7, + $h8, + $h9 ) ); } @@ -193,16 +190,16 @@ public static function fe_frombytes( */ public static function fe_tobytes(ParagonIE_Sodium_Core_Curve25519_Fe $h): string { - $h0 = (int) $h[0]; - $h1 = (int) $h[1]; - $h2 = (int) $h[2]; - $h3 = (int) $h[3]; - $h4 = (int) $h[4]; - $h5 = (int) $h[5]; - $h6 = (int) $h[6]; - $h7 = (int) $h[7]; - $h8 = (int) $h[8]; - $h9 = (int) $h[9]; + $h0 = $h[0]; + $h1 = $h[1]; + $h2 = $h[2]; + $h3 = $h[3]; + $h4 = $h[4]; + $h5 = $h[5]; + $h6 = $h[6]; + $h7 = $h[7]; + $h8 = $h[8]; + $h9 = $h[9]; $q = (self::mul($h9, 19, 5) + (1 << 24)) >> 25; $q = ($h0 + $q) >> 26; @@ -248,44 +245,40 @@ public static function fe_tobytes(ParagonIE_Sodium_Core_Curve25519_Fe $h): strin $carry9 = $h9 >> 25; $h9 -= $carry9 << 25; - /** - * @var array - */ - $s = array( - (int) (($h0 >> 0) & 0xff), - (int) (($h0 >> 8) & 0xff), - (int) (($h0 >> 16) & 0xff), - (int) ((($h0 >> 24) | ($h1 << 2)) & 0xff), - (int) (($h1 >> 6) & 0xff), - (int) (($h1 >> 14) & 0xff), - (int) ((($h1 >> 22) | ($h2 << 3)) & 0xff), - (int) (($h2 >> 5) & 0xff), - (int) (($h2 >> 13) & 0xff), - (int) ((($h2 >> 21) | ($h3 << 5)) & 0xff), - (int) (($h3 >> 3) & 0xff), - (int) (($h3 >> 11) & 0xff), - (int) ((($h3 >> 19) | ($h4 << 6)) & 0xff), - (int) (($h4 >> 2) & 0xff), - (int) (($h4 >> 10) & 0xff), - (int) (($h4 >> 18) & 0xff), - (int) (($h5 >> 0) & 0xff), - (int) (($h5 >> 8) & 0xff), - (int) (($h5 >> 16) & 0xff), - (int) ((($h5 >> 24) | ($h6 << 1)) & 0xff), - (int) (($h6 >> 7) & 0xff), - (int) (($h6 >> 15) & 0xff), - (int) ((($h6 >> 23) | ($h7 << 3)) & 0xff), - (int) (($h7 >> 5) & 0xff), - (int) (($h7 >> 13) & 0xff), - (int) ((($h7 >> 21) | ($h8 << 4)) & 0xff), - (int) (($h8 >> 4) & 0xff), - (int) (($h8 >> 12) & 0xff), - (int) ((($h8 >> 20) | ($h9 << 6)) & 0xff), - (int) (($h9 >> 2) & 0xff), - (int) (($h9 >> 10) & 0xff), - (int) (($h9 >> 18) & 0xff) - ); - return self::intArrayToString($s); + return self::intArrayToString([ + (($h0 >> 0) & 0xff), + (($h0 >> 8) & 0xff), + (($h0 >> 16) & 0xff), + ((($h0 >> 24) | ($h1 << 2)) & 0xff), + (($h1 >> 6) & 0xff), + (($h1 >> 14) & 0xff), + ((($h1 >> 22) | ($h2 << 3)) & 0xff), + (($h2 >> 5) & 0xff), + (($h2 >> 13) & 0xff), + ((($h2 >> 21) | ($h3 << 5)) & 0xff), + (($h3 >> 3) & 0xff), + (($h3 >> 11) & 0xff), + ((($h3 >> 19) | ($h4 << 6)) & 0xff), + (($h4 >> 2) & 0xff), + (($h4 >> 10) & 0xff), + (($h4 >> 18) & 0xff), + (($h5 >> 0) & 0xff), + (($h5 >> 8) & 0xff), + (($h5 >> 16) & 0xff), + ((($h5 >> 24) | ($h6 << 1)) & 0xff), + (($h6 >> 7) & 0xff), + (($h6 >> 15) & 0xff), + ((($h6 >> 23) | ($h7 << 3)) & 0xff), + (($h7 >> 5) & 0xff), + (($h7 >> 13) & 0xff), + ((($h7 >> 21) | ($h8 << 4)) & 0xff), + (($h8 >> 4) & 0xff), + (($h8 >> 12) & 0xff), + ((($h8 >> 20) | ($h9 << 6)) & 0xff), + (($h9 >> 2) & 0xff), + (($h9 >> 10) & 0xff), + (($h9 >> 18) & 0xff) + ]); } /** @@ -539,16 +532,16 @@ public static function fe_mul( return self::fe_normalize( ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + $h0, + $h1, + $h2, + $h3, + $h4, + $h5, + $h6, + $h7, + $h8, + $h9 ) ) ); @@ -563,7 +556,6 @@ public static function fe_mul( * * @param ParagonIE_Sodium_Core_Curve25519_Fe $f * @return ParagonIE_Sodium_Core_Curve25519_Fe - * @psalm-suppress MixedAssignment */ public static function fe_neg(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_Sodium_Core_Curve25519_Fe { @@ -587,16 +579,16 @@ public static function fe_neg(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_Sodium_Core_Curve25519_Fe { $f = self::fe_normalize($f); - $f0 = (int) $f[0]; - $f1 = (int) $f[1]; - $f2 = (int) $f[2]; - $f3 = (int) $f[3]; - $f4 = (int) $f[4]; - $f5 = (int) $f[5]; - $f6 = (int) $f[6]; - $f7 = (int) $f[7]; - $f8 = (int) $f[8]; - $f9 = (int) $f[9]; + $f0 = $f[0]; + $f1 = $f[1]; + $f2 = $f[2]; + $f3 = $f[3]; + $f4 = $f[4]; + $f5 = $f[5]; + $f6 = $f[6]; + $f7 = $f[7]; + $f8 = $f[8]; + $f9 = $f[9]; $f0_2 = $f0 << 1; $f1_2 = $f1 << 1; @@ -723,16 +715,16 @@ public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_ return self::fe_normalize( ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + $h0, + $h1, + $h2, + $h3, + $h4, + $h5, + $h6, + $h7, + $h8, + $h9 ) ) ); @@ -752,16 +744,16 @@ public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_ public static function fe_sq2(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_Sodium_Core_Curve25519_Fe { $f = self::fe_normalize($f); - $f0 = (int) $f[0]; - $f1 = (int) $f[1]; - $f2 = (int) $f[2]; - $f3 = (int) $f[3]; - $f4 = (int) $f[4]; - $f5 = (int) $f[5]; - $f6 = (int) $f[6]; - $f7 = (int) $f[7]; - $f8 = (int) $f[8]; - $f9 = (int) $f[9]; + $f0 = $f[0]; + $f1 = $f[1]; + $f2 = $f[2]; + $f3 = $f[3]; + $f4 = $f[4]; + $f5 = $f[5]; + $f6 = $f[6]; + $f7 = $f[7]; + $f8 = $f[8]; + $f9 = $f[9]; $f0_2 = $f0 << 1; $f1_2 = $f1 << 1; @@ -1096,7 +1088,6 @@ public static function fe_pow22523(ParagonIE_Sodium_Core_Curve25519_Fe $z): Para * @param ParagonIE_Sodium_Core_Curve25519_Fe $f * @param ParagonIE_Sodium_Core_Curve25519_Fe $g * @return ParagonIE_Sodium_Core_Curve25519_Fe - * @psalm-suppress MixedOperand */ public static function fe_sub( ParagonIE_Sodium_Core_Curve25519_Fe $f, @@ -1653,9 +1644,6 @@ public static function ge_cmov8_cached( * @return ParagonIE_Sodium_Core_Curve25519_Ge_Precomp * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedArrayAccess - * @psalm-suppress MixedArrayOffset */ public static function ge_select(int $pos = 0, int $b = 0): ParagonIE_Sodium_Core_Curve25519_Ge_Precomp { @@ -1674,9 +1662,6 @@ public static function ge_select(int $pos = 0, int $b = 0): ParagonIE_Sodium_Cor } } /** @var array> $base */ - if (!is_int($pos)) { - throw new InvalidArgumentException('Position must be an integer'); - } if ($pos < 0 || $pos > 31) { throw new RangeException('Position is out of range [0, 31]'); } @@ -1761,8 +1746,6 @@ public static function ge_tobytes(ParagonIE_Sodium_Core_Curve25519_Ge_P2 $h): st * @return ParagonIE_Sodium_Core_Curve25519_Ge_P2 * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedArgument - * @psalm-suppress MixedArrayAccess */ public static function ge_double_scalarmult_vartime( string $a, @@ -1887,8 +1870,6 @@ public static function ge_double_scalarmult_vartime( * @return ParagonIE_Sodium_Core_Curve25519_Ge_P3 * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedOperand */ public static function ge_scalarmult( #[\SensitiveParameter] @@ -2028,8 +2009,6 @@ public static function ge_scalarmult( * @return ParagonIE_Sodium_Core_Curve25519_Ge_P3 * @throws SodiumException * @throws TypeError - * @psalm-suppress MixedAssignment - * @psalm-suppress MixedOperand */ public static function ge_scalarmult_base( #[\SensitiveParameter] @@ -2040,9 +2019,9 @@ public static function ge_scalarmult_base( $r = new ParagonIE_Sodium_Core_Curve25519_Ge_P1p1(); for ($i = 0; $i < 32; ++$i) { - $dbl = (int) $i << 1; - $e[$dbl] = (int) self::chrToInt($a[$i]) & 15; - $e[$dbl + 1] = (int) (self::chrToInt($a[$i]) >> 4) & 15; + $dbl = $i << 1; + $e[$dbl] = self::chrToInt($a[$i]) & 15; + $e[$dbl + 1] = (self::chrToInt($a[$i]) >> 4) & 15; } $carry = 0; @@ -2052,7 +2031,7 @@ public static function ge_scalarmult_base( $carry >>= 4; $e[$i] -= $carry << 4; } - $e[63] += (int) $carry; + $e[63] += $carry; $h = self::ge_p3_0(); diff --git a/src/Core/Curve25519/Fe.php b/src/Core/Curve25519/Fe.php index 7dd534e0..ec579b83 100644 --- a/src/Core/Curve25519/Fe.php +++ b/src/Core/Curve25519/Fe.php @@ -58,14 +58,10 @@ public static function fromArray(array $array, bool $save_indexes = false): self * @param int|null $offset * @param int $value * @return void - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetSet($offset, $value) { - if (!is_int($value)) { - throw new InvalidArgumentException('Expected an integer'); - } if (is_null($offset)) { $this->container[] = $value; } else { @@ -78,7 +74,6 @@ public function offsetSet($offset, $value) * * @param int $offset * @return bool - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetExists($offset) @@ -91,7 +86,6 @@ public function offsetExists($offset) * * @param int $offset * @return void - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetUnset($offset) @@ -104,7 +98,6 @@ public function offsetUnset($offset) * * @param int $offset * @return int - * @psalm-suppress MixedArrayOffset */ #[ReturnTypeWillChange] public function offsetGet($offset) @@ -112,7 +105,7 @@ public function offsetGet($offset) if (!isset($this->container[$offset])) { $this->container[$offset] = 0; } - return (int) ($this->container[$offset]); + return $this->container[$offset]; } /** diff --git a/src/Core/Ed25519.php b/src/Core/Ed25519.php index a1d5b3e6..f11df257 100644 --- a/src/Core/Ed25519.php +++ b/src/Core/Ed25519.php @@ -497,7 +497,7 @@ public static function small_order(string $R): bool for ($i = 0; $i < $countBlocklist; ++$i) { $c = 0; for ($j = 0; $j < 32; ++$j) { - $c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j]; + $c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j]; } if ($c === 0) { return true; diff --git a/src/Core/Poly1305/State.php b/src/Core/Poly1305/State.php index 68a3ebb7..9f562afa 100644 --- a/src/Core/Poly1305/State.php +++ b/src/Core/Poly1305/State.php @@ -57,11 +57,11 @@ public function __construct($key = '') } /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ $this->r = array( - (int) ((self::load_4(self::substr($key, 0, 4))) & 0x3ffffff), - (int) ((self::load_4(self::substr($key, 3, 4)) >> 2) & 0x3ffff03), - (int) ((self::load_4(self::substr($key, 6, 4)) >> 4) & 0x3ffc0ff), - (int) ((self::load_4(self::substr($key, 9, 4)) >> 6) & 0x3f03fff), - (int) ((self::load_4(self::substr($key, 12, 4)) >> 8) & 0x00fffff) + ((self::load_4(self::substr($key, 0, 4))) & 0x3ffffff), + ((self::load_4(self::substr($key, 3, 4)) >> 2) & 0x3ffff03), + ((self::load_4(self::substr($key, 6, 4)) >> 4) & 0x3ffc0ff), + ((self::load_4(self::substr($key, 9, 4)) >> 6) & 0x3f03fff), + ((self::load_4(self::substr($key, 12, 4)) >> 8) & 0x00fffff) ); /* h = 0 */ @@ -163,7 +163,7 @@ public function update($message = '') $mi = self::chrToInt($message[$i]); $this->buffer[$this->leftover + $i] = $mi; } - $this->leftover = (int) $this->leftover + $bytes; + $this->leftover = $this->leftover + $bytes; } return $this; } @@ -183,11 +183,11 @@ public function blocks($message, $bytes) } /** @var int $hibit */ $hibit = $this->final ? 0 : 1 << 24; /* 1 << 128 */ - $r0 = (int) $this->r[0]; - $r1 = (int) $this->r[1]; - $r2 = (int) $this->r[2]; - $r3 = (int) $this->r[3]; - $r4 = (int) $this->r[4]; + $r0 = $this->r[0]; + $r1 = $this->r[1]; + $r2 = $this->r[2]; + $r3 = $this->r[3]; + $r4 = $this->r[4]; $s1 = self::mul($r1, 5, 3); $s2 = self::mul($r2, 5, 3); @@ -278,7 +278,7 @@ public function blocks($message, $bytes) $c = $d4 >> 26; /** @var int $h4 */ $h4 = $d4 & 0x3ffffff; - $h0 += (int) self::mul($c, 5, 3); + $h0 += self::mul($c, 5, 3); /** @var int $c */ $c = $h0 >> 26; @@ -295,11 +295,11 @@ public function blocks($message, $bytes) } $this->h = array( - (int) ($h0 & 0xffffffff), - (int) ($h1 & 0xffffffff), - (int) ($h2 & 0xffffffff), - (int) ($h3 & 0xffffffff), - (int) ($h4 & 0xffffffff) + ($h0 & 0xffffffff), + ($h1 & 0xffffffff), + ($h2 & 0xffffffff), + ($h3 & 0xffffffff), + ($h4 & 0xffffffff) ); return $this; } @@ -330,11 +330,11 @@ public function finish() ); } - $h0 = (int) $this->h[0]; - $h1 = (int) $this->h[1]; - $h2 = (int) $this->h[2]; - $h3 = (int) $this->h[3]; - $h4 = (int) $this->h[4]; + $h0 = $this->h[0]; + $h1 = $this->h[1]; + $h2 = $this->h[2]; + $h3 = $this->h[3]; + $h4 = $this->h[4]; /** @var int $c */ $c = $h1 >> 26; @@ -428,14 +428,14 @@ public function finish() $h3 = (($h3 >> 18) | ($h4 << 8)) & 0xffffffff; /* mac = (h + pad) % (2^128) */ - $f = (int) ($h0 + $this->pad[0]); - $h0 = (int) $f; - $f = (int) ($h1 + $this->pad[1] + ($f >> 32)); - $h1 = (int) $f; - $f = (int) ($h2 + $this->pad[2] + ($f >> 32)); - $h2 = (int) $f; - $f = (int) ($h3 + $this->pad[3] + ($f >> 32)); - $h3 = (int) $f; + $f = ($h0 + $this->pad[0]); + $h0 = $f; + $f = ($h1 + $this->pad[1] + ($f >> 32)); + $h1 = $f; + $f = ($h2 + $this->pad[2] + ($f >> 32)); + $h2 = $f; + $f = ($h3 + $this->pad[3] + ($f >> 32)); + $h3 = $f; return self::store32_le($h0 & 0xffffffff) . self::store32_le($h1 & 0xffffffff) . diff --git a/src/Core/Ristretto255.php b/src/Core/Ristretto255.php index cde4587f..4d19e600 100644 --- a/src/Core/Ristretto255.php +++ b/src/Core/Ristretto255.php @@ -438,7 +438,6 @@ public static function ristretto255_sub( * @param string $msg * @return string * @throws SodiumException - * @psalm-suppress PossiblyInvalidArgument hash API */ protected static function h2c_string_to_hash_sha256( int $hLen, @@ -448,7 +447,10 @@ protected static function h2c_string_to_hash_sha256( string $msg ): string { $h = array_fill(0, $hLen, 0); - $ctx_len = !is_null($ctx) ? self::strlen($ctx) : 0; + if (is_null($ctx)) { + $ctx = ''; + } + $ctx_len = self::strlen($ctx); if ($hLen > 0xff) { throw new SodiumException('Hash must be less than 256 bytes'); } @@ -493,7 +495,6 @@ protected static function h2c_string_to_hash_sha256( * @param string $msg * @return string * @throws SodiumException - * @psalm-suppress PossiblyInvalidArgument hash API */ protected static function h2c_string_to_hash_sha512( int $hLen, @@ -503,7 +504,10 @@ protected static function h2c_string_to_hash_sha512( string $msg ): string { $h = array_fill(0, $hLen, 0); - $ctx_len = !is_null($ctx) ? self::strlen($ctx) : 0; + if (is_null($ctx)) { + $ctx = ''; + } + $ctx_len = self::strlen($ctx); if ($hLen > 0xff) { throw new SodiumException('Hash must be less than 256 bytes'); } diff --git a/src/Core/SecretStream/State.php b/src/Core/SecretStream/State.php index 093511a8..897971c8 100644 --- a/src/Core/SecretStream/State.php +++ b/src/Core/SecretStream/State.php @@ -60,9 +60,6 @@ public function getCounter(): string */ public function getNonce(): string { - if (!is_string($this->nonce)) { - $this->nonce = str_repeat("\0", 12); - } if (ParagonIE_Sodium_Core_Util::strlen($this->nonce) !== 12) { $this->nonce = str_pad($this->nonce, 12, "\0", STR_PAD_RIGHT); } diff --git a/src/Core/SipHash.php b/src/Core/SipHash.php index eb21ab6e..23758946 100644 --- a/src/Core/SipHash.php +++ b/src/Core/SipHash.php @@ -27,56 +27,56 @@ public static function sipRound(array $v) ); # v1=ROTL(v1,13); - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 13); + list($v[2], $v[3]) = self::rotl_64($v[2], $v[3], 13); # v1 ^= v0; - $v[2] = (int) $v[2] ^ (int) $v[0]; - $v[3] = (int) $v[3] ^ (int) $v[1]; + $v[2] = $v[2] ^ $v[0]; + $v[3] = $v[3] ^ $v[1]; # v0=ROTL(v0,32); - list($v[0], $v[1]) = self::rotl_64((int) $v[0], (int) $v[1], 32); + list($v[0], $v[1]) = self::rotl_64($v[0], $v[1], 32); # v2 += v3; list($v[4], $v[5]) = self::add( - array((int) $v[4], (int) $v[5]), - array((int) $v[6], (int) $v[7]) + array($v[4], $v[5]), + array($v[6], $v[7]) ); # v3=ROTL(v3,16); - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 16); + list($v[6], $v[7]) = self::rotl_64($v[6], $v[7], 16); # v3 ^= v2; - $v[6] = (int) $v[6] ^ (int) $v[4]; - $v[7] = (int) $v[7] ^ (int) $v[5]; + $v[6] = $v[6] ^ $v[4]; + $v[7] = $v[7] ^ $v[5]; # v0 += v3; list($v[0], $v[1]) = self::add( - array((int) $v[0], (int) $v[1]), - array((int) $v[6], (int) $v[7]) + array($v[0], $v[1]), + array($v[6], $v[7]) ); # v3=ROTL(v3,21); - list($v[6], $v[7]) = self::rotl_64((int) $v[6], (int) $v[7], 21); + list($v[6], $v[7]) = self::rotl_64($v[6], $v[7], 21); # v3 ^= v0; - $v[6] = (int) $v[6] ^ (int) $v[0]; - $v[7] = (int) $v[7] ^ (int) $v[1]; + $v[6] = $v[6] ^ $v[0]; + $v[7] = $v[7] ^ $v[1]; # v2 += v1; list($v[4], $v[5]) = self::add( - array((int) $v[4], (int) $v[5]), - array((int) $v[2], (int) $v[3]) + array($v[4], $v[5]), + array($v[2], $v[3]) ); # v1=ROTL(v1,17); - list($v[2], $v[3]) = self::rotl_64((int) $v[2], (int) $v[3], 17); + list($v[2], $v[3]) = self::rotl_64($v[2], $v[3], 17); # v1 ^= v2;; - $v[2] = (int) $v[2] ^ (int) $v[4]; - $v[3] = (int) $v[3] ^ (int) $v[5]; + $v[2] = $v[2] ^ $v[4]; + $v[3] = $v[3] ^ $v[5]; # v2=ROTL(v2,32) - list($v[4], $v[5]) = self::rotl_64((int) $v[4], (int) $v[5], 32); + list($v[4], $v[5]) = self::rotl_64($v[4], $v[5], 32); return $v; } diff --git a/src/Core/Util.php b/src/Core/Util.php index 52de0683..1f1521a0 100644 --- a/src/Core/Util.php +++ b/src/Core/Util.php @@ -242,7 +242,6 @@ public static function declareScalarType( if (!is_string($mixedVar)) { throw new TypeError('Argument ' . $argumentIndex . ' must be a string, ' . $realType . ' given.'); } - $mixedVar = (string) $mixedVar; break; case 'decimal': case 'double': @@ -402,11 +401,6 @@ public static function load_3( #[\SensitiveParameter] string $string ): int { - /* Type checks: */ - if (!is_string($string)) { - throw new TypeError('Argument 1 must be a string, ' . gettype($string) . ' given.'); - } - /* Input validation: */ if (self::strlen($string) < 3) { throw new RangeException( @@ -440,7 +434,7 @@ public static function load_4( } /** @var array $unpacked */ $unpacked = unpack('V', $string); - return (int) $unpacked[1]; + return $unpacked[1]; } /** @@ -450,6 +444,7 @@ public static function load_4( * * @param string $string * @return int + * * @throws RangeException * @throws SodiumException * @throws TypeError @@ -518,13 +513,10 @@ public static function mul( } static $defaultSize = null; - /** @var int $defaultSize */ if (!$defaultSize) { - /** @var int $defaultSize */ $defaultSize = (PHP_INT_SIZE << 3) - 1; } if ($size < 1) { - /** @var int $size */ $size = $defaultSize; } /** @var int $size */ @@ -536,10 +528,8 @@ public static function mul( * * -1 in binary looks like 0x1111 ... 1111 * 0 in binary looks like 0x0000 ... 0000 - * - * @var int */ - $mask = -(($b >> ((int) $defaultSize)) & 1); + $mask = -(($b >> ($defaultSize)) & 1); /** * Ensure $b is a positive integer, without creating @@ -556,7 +546,7 @@ public static function mul( * This loop always runs 64 times when PHP_INT_SIZE is 8. */ for ($i = $size; $i >= 0; --$i) { - $c += (int) ($a & -($b & 1)); + $c += ($a & -($b & 1)); $a <<= 1; $b >>= 1; } @@ -571,7 +561,7 @@ public static function mul( * * The end result is what we'd expect from integer multiplication. */ - return (int) (($c & ~$mask) | ($mask & -$c)); + return (($c & ~$mask) | ($mask & -$c)); } /** @@ -601,7 +591,11 @@ public static function numericTo64BitInteger(int|float $num): array $high = ~~((+(ceil(($num - (+((~~($num)))))/4294967296)))); } } - return array((int) $high, (int) $low); + /** + * @var int $high + * @var int $low + */ + return array($high, $low); } /** @@ -676,7 +670,7 @@ public static function strlen( #[\SensitiveParameter] string $str ): int { - return (int) ( + return ( self::isMbStringOverride() ? mb_strlen($str, '8bit') : strlen($str) @@ -726,11 +720,11 @@ public static function substr( if (PHP_VERSION_ID < 50400 && $length === null) { $length = self::strlen($str); } - $sub = (string) mb_substr($str, $start, $length, '8bit'); + $sub = mb_substr($str, $start, $length, '8bit'); } elseif ($length === null) { - $sub = (string) substr($str, $start); + $sub = substr($str, $start); } else { - $sub = (string) substr($str, $start, $length); + $sub = substr($str, $start, $length); } if ($sub !== '') { return $sub; @@ -769,6 +763,7 @@ public static function verify_16( * @param string $a * @param string $b * @return bool + * * @throws SodiumException * @throws TypeError */ @@ -800,7 +795,7 @@ public static function xorStrings( #[\SensitiveParameter] string $b ): string { - return (string) ($a ^ $b); + return $a ^ $b; } /** diff --git a/src/Core/X25519.php b/src/Core/X25519.php index f1e41538..45b494ba 100644 --- a/src/Core/X25519.php +++ b/src/Core/X25519.php @@ -18,33 +18,32 @@ abstract class ParagonIE_Sodium_Core_X25519 extends ParagonIE_Sodium_Core_Curve2 * @param ParagonIE_Sodium_Core_Curve25519_Fe $g * @param int $b * @return void - * @psalm-suppress MixedAssignment */ public static function fe_cswap( ParagonIE_Sodium_Core_Curve25519_Fe $f, ParagonIE_Sodium_Core_Curve25519_Fe $g, int $b = 0 ): void { - $f0 = (int) $f[0]; - $f1 = (int) $f[1]; - $f2 = (int) $f[2]; - $f3 = (int) $f[3]; - $f4 = (int) $f[4]; - $f5 = (int) $f[5]; - $f6 = (int) $f[6]; - $f7 = (int) $f[7]; - $f8 = (int) $f[8]; - $f9 = (int) $f[9]; - $g0 = (int) $g[0]; - $g1 = (int) $g[1]; - $g2 = (int) $g[2]; - $g3 = (int) $g[3]; - $g4 = (int) $g[4]; - $g5 = (int) $g[5]; - $g6 = (int) $g[6]; - $g7 = (int) $g[7]; - $g8 = (int) $g[8]; - $g9 = (int) $g[9]; + $f0 = $f[0]; + $f1 = $f[1]; + $f2 = $f[2]; + $f3 = $f[3]; + $f4 = $f[4]; + $f5 = $f[5]; + $f6 = $f[6]; + $f7 = $f[7]; + $f8 = $f[8]; + $f9 = $f[9]; + $g0 = $g[0]; + $g1 = $g[1]; + $g2 = $g[2]; + $g3 = $g[3]; + $g4 = $g[4]; + $g5 = $g[5]; + $g6 = $g[6]; + $g7 = $g[7]; + $g8 = $g[8]; + $g9 = $g[9]; $b = -$b; $x0 = ($f0 ^ $g0) & $b; $x1 = ($f1 ^ $g1) & $b; @@ -87,56 +86,55 @@ public static function fe_cswap( public static function fe_mul121666(ParagonIE_Sodium_Core_Curve25519_Fe $f): ParagonIE_Sodium_Core_Curve25519_Fe { $h = array( - self::mul((int) $f[0], 121666, 17), - self::mul((int) $f[1], 121666, 17), - self::mul((int) $f[2], 121666, 17), - self::mul((int) $f[3], 121666, 17), - self::mul((int) $f[4], 121666, 17), - self::mul((int) $f[5], 121666, 17), - self::mul((int) $f[6], 121666, 17), - self::mul((int) $f[7], 121666, 17), - self::mul((int) $f[8], 121666, 17), - self::mul((int) $f[9], 121666, 17) + self::mul($f[0], 121666, 17), + self::mul($f[1], 121666, 17), + self::mul($f[2], 121666, 17), + self::mul($f[3], 121666, 17), + self::mul($f[4], 121666, 17), + self::mul($f[5], 121666, 17), + self::mul($f[6], 121666, 17), + self::mul($f[7], 121666, 17), + self::mul($f[8], 121666, 17), + self::mul($f[9], 121666, 17) ); - /** @var int $carry9 */ $carry9 = ($h[9] + (1 << 24)) >> 25; $h[0] += self::mul($carry9, 19, 5); $h[9] -= $carry9 << 25; - /** @var int $carry1 */ + $carry1 = ($h[1] + (1 << 24)) >> 25; $h[2] += $carry1; $h[1] -= $carry1 << 25; - /** @var int $carry3 */ + $carry3 = ($h[3] + (1 << 24)) >> 25; $h[4] += $carry3; $h[3] -= $carry3 << 25; - /** @var int $carry5 */ + $carry5 = ($h[5] + (1 << 24)) >> 25; $h[6] += $carry5; $h[5] -= $carry5 << 25; - /** @var int $carry7 */ + $carry7 = ($h[7] + (1 << 24)) >> 25; $h[8] += $carry7; $h[7] -= $carry7 << 25; - /** @var int $carry0 */ + $carry0 = ($h[0] + (1 << 25)) >> 26; $h[1] += $carry0; $h[0] -= $carry0 << 26; - /** @var int $carry2 */ + $carry2 = ($h[2] + (1 << 25)) >> 26; $h[3] += $carry2; $h[2] -= $carry2 << 26; - /** @var int $carry4 */ + $carry4 = ($h[4] + (1 << 25)) >> 26; $h[5] += $carry4; $h[4] -= $carry4 << 26; - /** @var int $carry6 */ + $carry6 = ($h[6] + (1 << 25)) >> 26; $h[7] += $carry6; $h[6] -= $carry6 << 26; - /** @var int $carry8 */ + $carry8 = ($h[8] + (1 << 25)) >> 26; $h[9] += $carry8; $h[8] -= $carry8 << 26; @@ -320,13 +318,6 @@ public static function crypto_scalarmult_curve25519_ref10_base( ); $A = self::ge_scalarmult_base($e); - if ( - !($A->Y instanceof ParagonIE_Sodium_Core_Curve25519_Fe) - || - !($A->Z instanceof ParagonIE_Sodium_Core_Curve25519_Fe) - ) { - throw new TypeError('Null points encountered'); - } $pk = self::edwards_to_montgomery($A->Y, $A->Z); return self::fe_tobytes($pk); } diff --git a/src/Crypto.php b/src/Crypto.php index efc8bc66..446a9012 100644 --- a/src/Crypto.php +++ b/src/Crypto.php @@ -780,18 +780,9 @@ public static function generichash( */ public static function generichash_final(string $ctx, int $outlen = 32): string { - if (!is_string($ctx)) { - throw new TypeError('Context must be a string'); - } $out = new SplFixedArray($outlen); - - /** @var SplFixedArray $context */ $context = ParagonIE_Sodium_Core_BLAKE2b::stringToContext($ctx); - - /** @var SplFixedArray $out */ $out = ParagonIE_Sodium_Core_BLAKE2b::finish($context, $out); - - /** @var array */ $outArray = $out->toArray(); return ParagonIE_Sodium_Core_Util::intArrayToString($outArray); } @@ -871,10 +862,7 @@ public static function generichash_init_salt_personal( } else { $p = null; } - - /** @var SplFixedArray $ctx */ $ctx = ParagonIE_Sodium_Core_BLAKE2b::init($k, $outputLength, $s, $p); - return ParagonIE_Sodium_Core_BLAKE2b::contextToString($ctx); } @@ -893,15 +881,9 @@ public static function generichash_update(string $ctx, string $message): string { // This ensures that ParagonIE_Sodium_Core_BLAKE2b::$iv is initialized ParagonIE_Sodium_Core_BLAKE2b::pseudoConstructor(); - - /** @var SplFixedArray $context */ $context = ParagonIE_Sodium_Core_BLAKE2b::stringToContext($ctx); - - /** @var SplFixedArray $in */ $in = ParagonIE_Sodium_Core_BLAKE2b::stringToSplFixedArray($message); - ParagonIE_Sodium_Core_BLAKE2b::update($context, $in, $in->count()); - return ParagonIE_Sodium_Core_BLAKE2b::contextToString($context); } @@ -1015,18 +997,12 @@ public static function secretbox( #[\SensitiveParameter] string $key ): string { - /** @var string $subkey */ $subkey = ParagonIE_Sodium_Core_HSalsa20::hsalsa20($nonce, $key); - - /** @var string $block0 */ $block0 = str_repeat("\x00", 32); - /** @var int $mlen - Length of the plaintext message */ + /* Length of the plaintext message */ $mlen = ParagonIE_Sodium_Core_Util::strlen($plaintext); - $mlen0 = $mlen; - if ($mlen0 > 64 - self::secretbox_xsalsa20poly1305_ZEROBYTES) { - $mlen0 = 64 - self::secretbox_xsalsa20poly1305_ZEROBYTES; - } + $mlen0 = min($mlen, 64 - self::secretbox_xsalsa20poly1305_ZEROBYTES); $block0 .= ParagonIE_Sodium_Core_Util::substr($plaintext, 0, $mlen0); /** @var string $block0 */ @@ -1094,26 +1070,21 @@ public static function secretbox_open( #[\SensitiveParameter] string $key ): string { - /** @var string $mac */ $mac = ParagonIE_Sodium_Core_Util::substr( $ciphertext, 0, self::secretbox_xsalsa20poly1305_MACBYTES ); - /** @var string $c */ $c = ParagonIE_Sodium_Core_Util::substr( $ciphertext, self::secretbox_xsalsa20poly1305_MACBYTES ); - /** @var int $clen */ $clen = ParagonIE_Sodium_Core_Util::strlen($c); - /** @var string $subkey */ $subkey = ParagonIE_Sodium_Core_HSalsa20::hsalsa20($nonce, $key); - /** @var string $block0 */ $block0 = ParagonIE_Sodium_Core_Salsa20::salsa20( 64, ParagonIE_Sodium_Core_Util::substr($nonce, 16, 8), @@ -1133,7 +1104,7 @@ public static function secretbox_open( throw new SodiumException('Invalid MAC'); } - /** @var string $m - Decrypted message */ + /* Decrypted message */ $m = ParagonIE_Sodium_Core_Util::xorStrings( ParagonIE_Sodium_Core_Util::substr($block0, self::secretbox_xsalsa20poly1305_ZEROBYTES), ParagonIE_Sodium_Core_Util::substr($c, 0, self::secretbox_xsalsa20poly1305_ZEROBYTES) @@ -1147,7 +1118,7 @@ public static function secretbox_open( ), ParagonIE_Sodium_Core_Util::substr($nonce, 16, 8), 1, - (string) $subkey + $subkey ); } return $m; @@ -1172,17 +1143,14 @@ public static function secretbox_xchacha20poly1305( #[\SensitiveParameter] string $key ): string { - /** @var string $subkey */ $subkey = ParagonIE_Sodium_Core_HChaCha20::hChaCha20( ParagonIE_Sodium_Core_Util::substr($nonce, 0, 16), $key ); $nonceLast = ParagonIE_Sodium_Core_Util::substr($nonce, 16, 8); - - /** @var string $block0 */ $block0 = str_repeat("\x00", 32); - /** @var int $mlen - Length of the plaintext message */ + /*Length of the plaintext message */ $mlen = ParagonIE_Sodium_Core_Util::strlen($plaintext); $mlen0 = $mlen; if ($mlen0 > 64 - self::secretbox_xchacha20poly1305_ZEROBYTES) { @@ -1295,7 +1263,7 @@ public static function secretbox_xchacha20poly1305_open( throw new SodiumException('Invalid MAC'); } - /** @var string $m - Decrypted message */ + /* Decrypted message */ $m = ParagonIE_Sodium_Core_Util::xorStrings( ParagonIE_Sodium_Core_Util::substr($block0, self::secretbox_xchacha20poly1305_ZEROBYTES), ParagonIE_Sodium_Core_Util::substr($c, 0, self::secretbox_xchacha20poly1305_ZEROBYTES) @@ -1309,7 +1277,7 @@ public static function secretbox_xchacha20poly1305_open( self::secretbox_xchacha20poly1305_ZEROBYTES ), ParagonIE_Sodium_Core_Util::substr($nonce, 16, 8), - (string) $subkey, + $subkey, ParagonIE_Sodium_Core_Util::store64_le(1) ); } @@ -1524,7 +1492,7 @@ public static function secretstream_xchacha20poly1305_pull( string &$state, string $cipher, string $aad = '' - ) { + ): bool|array { $st = ParagonIE_Sodium_Core_SecretStream_State::fromString($state); $cipherlen = ParagonIE_Sodium_Core_Util::strlen($cipher); diff --git a/src/File.php b/src/File.php index 761346a6..c690ee64 100644 --- a/src/File.php +++ b/src/File.php @@ -39,19 +39,16 @@ public static function box( throw new TypeError('Argument 4 must be CRYPTO_BOX_KEYPAIRBYTES bytes'); } - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -96,19 +93,16 @@ public static function box_open( throw new TypeError('Argument 4 must be CRYPTO_BOX_KEYPAIRBYTES bytes'); } - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -152,19 +146,16 @@ public static function box_seal( throw new TypeError('Argument 3 must be CRYPTO_BOX_PUBLICKEYBYTES bytes'); } - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -183,7 +174,6 @@ public static function box_seal( 24 ); - /** @var int $firstWrite */ $firstWrite = fwrite( $ofp, $ephemeralPK, @@ -244,19 +234,16 @@ public static function box_seal_open( $publicKey = ParagonIE_Sodium_Compat::crypto_box_publickey($ecdhKeypair); - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -307,7 +294,6 @@ public static function box_seal_open( * @return string BLAKE2b hash * @throws SodiumException * @throws TypeError - * @psalm-suppress FailedTypeResolution */ public static function generichash( string $filePath, @@ -335,22 +321,18 @@ public static function generichash( throw new SodiumException('Argument 3 must be at least CRYPTO_GENERICHASH_BYTES_MAX'); } - /** @var int $size */ $size = filesize($filePath); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $fp */ $fp = fopen($filePath, 'rb'); if (!is_resource($fp)) { throw new SodiumException('Could not open input file for reading'); } $ctx = ParagonIE_Sodium_Compat::crypto_generichash_init($key, $outputLength); while ($size > 0) { - $blockSize = $size > 64 - ? 64 - : $size; + $blockSize = min($size, 64); $read = fread($fp, $blockSize); if (!is_string($read)) { throw new SodiumException('Could not read input file'); @@ -392,19 +374,16 @@ public static function secretbox( throw new TypeError('Argument 4 must be CRYPTO_SECRETBOX_KEYBYTES bytes'); } - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -449,19 +428,16 @@ public static function secretbox_open( throw new TypeError('Argument 4 must be CRYPTO_SECRETBOXBOX_KEYBYTES bytes'); } - /** @var int $size */ $size = filesize($inputFile); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $ifp */ $ifp = fopen($inputFile, 'rb'); if (!is_resource($ifp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $ofp */ $ofp = fopen($outputFile, 'wb'); if (!is_resource($ofp)) { fclose($ifp); @@ -502,13 +478,11 @@ public static function sign( throw new TypeError('Argument 2 must be CRYPTO_SIGN_SECRETKEYBYTES bytes'); } - /** @var int $size */ $size = filesize($filePath); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $fp */ $fp = fopen($filePath, 'rb'); if (!is_resource($fp)) { throw new SodiumException('Could not open input file for reading'); @@ -614,25 +588,22 @@ public static function verify(string $sig, string $filePath, string $publicKey): throw new SodiumException('All zero public key'); } - /** @var int $size */ $size = filesize($filePath); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var resource $fp */ $fp = fopen($filePath, 'rb'); if (!is_resource($fp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */ + /* The original value of ParagonIE_Sodium_Compat::$fastMult */ $orig = ParagonIE_Sodium_Compat::$fastMult; // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification. ParagonIE_Sodium_Compat::$fastMult = true; - /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */ $A = ParagonIE_Sodium_Core_Ed25519::ge_frombytes_negate_vartime($publicKey); $hs = hash_init('sha512'); @@ -640,13 +611,8 @@ public static function verify(string $sig, string $filePath, string $publicKey): hash_update($hs, self::substr($publicKey, 0, 32)); $hs = self::updateHashWithFile($hs, $fp, $size); - /** @var string $hDigest */ $hDigest = hash_final($hs, true); - - /** @var string $h */ $h = ParagonIE_Sodium_Core_Ed25519::sc_reduce($hDigest) . self::substr($hDigest, 32); - - /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P2 $R */ $R = ParagonIE_Sodium_Core_Ed25519::ge_double_scalarmult_vartime( $h, $A, @@ -799,9 +765,7 @@ protected static function secretbox_encrypt( fseek($ifp, $first32, SEEK_SET); while ($mlen > 0) { - $blockSize = $mlen > self::BUFFER_SIZE - ? self::BUFFER_SIZE - : $mlen; + $blockSize = min($mlen, self::BUFFER_SIZE); $plaintext = fread($ifp, $blockSize); if (!is_string($plaintext)) { throw new SodiumException('Could not read input file'); @@ -900,9 +864,7 @@ protected static function secretbox_decrypt( /* Decrypts ciphertext, writes to output file. */ while ($mlen > 0) { - $blockSize = $mlen > self::BUFFER_SIZE - ? self::BUFFER_SIZE - : $mlen; + $blockSize = min($mlen, self::BUFFER_SIZE); $ciphertext = fread($ifp, $blockSize); if (!is_string($ciphertext)) { throw new SodiumException('Could not read input file'); @@ -937,9 +899,7 @@ protected static function onetimeauth_verify( ): bool { $pos = self::ftell($ifp); while ($mlen > 0) { - $blockSize = $mlen > self::BUFFER_SIZE - ? self::BUFFER_SIZE - : $mlen; + $blockSize = min($mlen, self::BUFFER_SIZE); $ciphertext = fread($ifp, $blockSize); if (!is_string($ciphertext)) { throw new SodiumException('Could not read input file'); @@ -963,14 +923,13 @@ protected static function onetimeauth_verify( * @return HashContext Resource on PHP < 7.2, HashContext object on PHP >= 7.2 * @throws SodiumException * @throws TypeError - * @psalm-suppress PossiblyInvalidArgument - * PHP 7.2 changes from a resource to an object, - * which causes Psalm to complain about an error. - * @psalm-suppress TypeCoercion - * Ditto. */ public static function updateHashWithFile(HashContext $hash, $fp, int $size = 0): HashContext { + /** + * @psalm-suppress DocblockTypeContradiction + * We can't statically type resources. + */ if (!is_resource($fp)) { throw new TypeError('Argument 2 must be a resource, ' . gettype($fp) . ' given.'); } @@ -989,8 +948,6 @@ public static function updateHashWithFile(HashContext $hash, $fp, int $size = 0) if (!is_string($message)) { throw new SodiumException('Unexpected error reading from file.'); } - /** @var string $message */ - /** @psalm-suppress InvalidArgument */ hash_update($hash, $message); } // Reset file pointer's position @@ -1009,6 +966,6 @@ private static function ftell($resource): int if (!is_int($return)) { throw new SodiumException('ftell() returned false'); } - return (int) $return; + return $return; } }