12.0.0 (#22)

.circleci/config.yml

@@ -30,6 +30,21 @@ jobs:
       - store_artifacts:
           path: infection.log
 
+  build-73:
+    docker:
+      - image: circleci/php:7.3
+    steps:
+      - checkout
+      - run: mkdir -p coverage
+      - run: composer require phpunit/phpunit infection/infection
+      - run: php vendor/phpunit/phpunit/phpunit --coverage-html coverage
+      - run: php vendor/infection/infection/bin/infection
+      - run: php examples/support.php
+      - store_artifacts:
+          path: coverage
+      - store_artifacts:
+          path: infection.log
+
   clover:
     docker:
       - image: circleci/php:7.1
@@ -45,9 +60,12 @@ workflows:
   build-test-all:
     jobs:
       - build
-      - clover:
-          requires:
-            - build-72
       - build-72:
           requires:
             - build
+      - build-73:
+          requires:
+            - build-72
+      - clover:
+          requires:
+            - build-73

README.md

@@ -26,10 +26,12 @@ For legacy PHP version support, look [here](https://github.com/mmeyer2k/dcrypt/b
 - [Show me some love](#show-me-some-love-heart_eyes) :heart_eyes::beer:
 
 # Install
+
 Add dcrypt to your composer.json file requirements.
 Don't worry, dcrypt does not have any dependencies of its own.
+
 ```bash
-composer require "mmeyer2k/dcrypt=^11.0"
+composer require "mmeyer2k/dcrypt=^12.0"
 ```
 
 # Features
@@ -40,11 +42,11 @@ The dcrypt library helps application developers avoid common mistakes in crypto
 Dcrypt strives to make correct usage simple, but it _is_ possible to use dcrypt incorrectly.
 Fully understanding the instructions is important.
 
-Dcrypt's functions __require__ the use of a high entropy 256 byte (minimum) key encoded with base64.
-To generate a new key quickly, execute this on the command line:
+Dcrypt's functions __require__ the use of a high entropy __2048 byte__ (minimum) key encoded with base64.
+To generate a new key, execute this on the command line:
 
 ```bash
-head -c 256 /dev/urandom | base64 -w 0 | xargs echo
+head -c 2048 /dev/urandom | base64 -w 0 | xargs echo
 ```
 
 Storing this key safely is up to you!
@@ -56,7 +58,7 @@ Dcrypt will handle the 32 bit AEAD authentication tag, SHA3-256 HMAC ([Keccak](h
 
 ```php
 <?php
-$key = "replace this with the output of: head -c 256 /dev/urandom | base64 -w 0 | xargs echo";
+$key = "replace this with the output of: head -c 2048 /dev/urandom | base64 -w 0 | xargs echo";
 
 $encrypted = \Dcrypt\Aes256Gcm::encrypt('a secret', $key);
 
@@ -168,23 +170,23 @@ Read the relevant information before using a stream cipher for anything importan
 
 ### One Time Pad
 
-A fast symmetric stream cipher is quickly accessible with the `Otp` class.
-`Otp` uses SHA3-512 to output a keystream that is ⊕'d with the input in 512 bit chunks.
+A fast symmetric stream cipher is quickly accessible with the `OneTimePad` class.
+`OneTimePad` uses SHA3-512 to output a keystream that is ⊕'d with the input in 512 bit chunks.
 
 ```php
 <?php
-$encrypted = \Dcrypt\Otp::crypt('a secret', $key);
+$encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key);
 
-$plaintext = \Dcrypt\Otp::crypt($encrypted, $key);
+$plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key);
 ```
 
 `Otp` can also be configured to use any other hashing algorithm to generate the pseudorandom keystream.
 
 ```php
 <?php
-$encrypted = \Dcrypt\Otp::crypt('a secret', $key, 'whirlpool');
+$encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key, 'whirlpool');
 
-$plaintext = \Dcrypt\Otp::crypt($encrypted, $key, 'whirlpool');
+$plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key, 'whirlpool');
 ```
 
 # Show me some love :heart_eyes::beer:

composer.json

@@ -20,7 +20,6 @@
     "autoload-dev": {
         "classmap": [
             "examples/",
-            "tests/helpers/",
             "tests/"
         ]
     },

docs/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changes in Dcrypt
 
+## 12.0.0
+- Adds PHP 7.3 testing support to circle ci
+- Clearer base64 class overload example
+- Signature change on the Openssl::newKey method
+- Rename `Otp` to `OneTimePad`
+- Refactor key object constructor
+
 ## 11.0.0
 - Move to default of SHA3-256 instead of SHA-256 for block ciphers
 - Move to default of SHA3-512 instead of SHA-512 for OTP
@@ -48,4 +55,21 @@
 - Improvements to testing
 
 ## 9.0.0
-- Removes some remains of mcrypt code
+- Removes some remains of mcrypt code
+
+## 8.3.1
+- Documentation updates
+- Change to keying system
+- Rename Aes wrapper class
+
+## 8.3.0
+- Rebuilt openssl encryption internal functions to be more easily extendable
+- Simplified api
+- Improved docs
+- More sensible class names
+- Removed gitignore
+- Removed last composer dependency
+- Smarter key generation step
+
+## 8.2.1
+- Minor scoping fixes

docs/CRYPTO.md

@@ -31,8 +31,9 @@ This document serves as a high level design document for the block cipher functi
 ## Testing key validity
 Before any encryption/decryption calls, a key derivation object must be created.
 This object tests the key supplied to it to make sure that it:
-1. Can be decoded as a base64 string.
-1. The size after decoding meets or exceeds 256 bytes.
+1. Can be decoded as a base64 string
+1. The size after decoding meets or exceeds 2048 bytes
+1. Contains a minimum amount of entropy as determined by counting the unique characters in the key
 
 Providing a high quality key is __essential__ to the security level it provides.
 

docs/UPGRADE.md

@@ -1,10 +1,14 @@
-# Upgrade from 10.x to 11.x
+# Upgrade from 11.x to 12.x
+- Upgrade to minimum 2048 byte keys
+- Rename `Otp` to `OneTimePad`
+
+## Upgrade from 10.x to 11.x
 - You are now _required_ to provide a key to all encrypt/decrypt functions
 - All `cost` parameters have been remove, password-based key derivation is no longer offered
 - `Rc4` and `Spritz` are removed and will be placed in a separate library
 - SHA3 replaces SHA2 wherever default
 
-# Upgrade from 9.x to 10.x
+## Upgrade from 9.x to 10.x
 This is a major refactor of the core of dcrypt to focus on the most important features.
 - Minimum PHP version is now 7.1 
 - `Hash` is removed in favor of PHP's `password_hash` and `password_verify` functions.
@@ -14,7 +18,7 @@ This is a major refactor of the core of dcrypt to focus on the most important fe
 - `Rc4` and `Spritz` are marked deprecated since they are just for fun
 - **All data encrypted with Aes\*\*\* functions from prior versions will not be decryptable**
 
-# Upgrade from 8.x to 9.x
+## Upgrade from 8.x to 9.x
 Version 9 is a MAJOR update to dcrypt and breaks almost all backward compatibility.
 It removes all legacy crutches and moves to use more a more modern design.
 
@@ -24,6 +28,6 @@ It removes all legacy crutches and moves to use more a more modern design.
 - Hashes generated by `Hash::make` are now 60 bytes instead of 64
 - `load.php` is now removed. Use composer to load dcrypt instead.
 
-# Upgrade from 7.x to 8.x
+## Upgrade from 7.x to 8.x
 The encryption function wrapper class `Aes` has been renamed to `AesCbc`.
 Rename all references in your code to the new class.

examples/Aes256Base64.php

@@ -2,40 +2,15 @@
 
 namespace Dcrypt\Examples;
 
-class Aes256Base64 extends \Dcrypt\OpensslBridge
+class Aes256Base64 extends \Dcrypt\Aes256Gcm
 {
-    const CIPHER = 'aes-256-gcm';
-
-    const ALGO = 'sha256';
-
-    /**
-     * Cost value of zero because we are using a key.
-     *
-     * @var int
-     */
-    const COST = 0;
-
-    /**
-     * An example key generated with linux command:  head -c 256 /dev/urandom | base64 --wrap 64
-     *
-     * DO NOT ACTUALLY USE THIS KEY
-     *
-     * @var string
-     */
-    const KEY = '
-        QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
-        QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
-        QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
-        QUFBQQ==
-    ';
-
-    public static function decrypt(string $data): string
+    public static function decrypt(string $data, string $key): string
     {
-        return parent::decrypt(\base64_decode($data), self::KEY);
+        return parent::decrypt(\base64_decode($data), $key);
     }
 
-    public static function encrypt(string $data): string
+    public static function encrypt(string $data, string $key): string
     {
-        return \base64_encode(parent::encrypt($data, self::KEY));
+        return \base64_encode(parent::encrypt($data, $key));
     }
-}
+}

examples/TinyFish.php

@@ -24,11 +24,4 @@ class TinyFish extends \Dcrypt\OpensslBridge
      * @var string
      */
     const ALGO = 'crc32';
-
-    /**
-     * Cost value for hash_pbkdf2
-     *
-     * @var int
-     */
-    const COST = 1000;
 }

examples/support.php

@@ -5,12 +5,12 @@
 /**
  * support.php
  *
- * Displays supported
+ * Displays supported ciphers and algos
  */
 
 require __DIR__ . '/../vendor/autoload.php';
 
-$key = \Dcrypt\OpensslKey::newKey();
+$key = \Dcrypt\OpensslKey::create();
 
 echo "\nCIPHERS ----------------------------------------------------------------------------------------------\n";
 
@@ -29,7 +29,7 @@
         echo " [pass] ";
     } catch (\Exception|\Error $e) {
         $m = $e->getMessage();
-        echo " [fail] [$m]";
+        echo " [fail] [!!!]";
     } finally {
         echo "\n";
     }
@@ -52,7 +52,7 @@
         echo " [pass] ";
     } catch (\Exception|\Error $e) {
         $m = $e->getMessage();
-        echo " [fail] [$m]";
+        echo " [fail] [!!!]";
     } finally {
         echo "\n";
     }

examples/vectors.php

@@ -8,7 +8,7 @@
 
 require __DIR__ . '/../vendor/autoload.php';
 
-$key = \Dcrypt\OpensslKey::newKey();
+$key = \Dcrypt\OpensslKey::create();
 
 file_put_contents(__DIR__ . '/../tests/vectors/.testkey', $key);
 
@@ -48,7 +48,7 @@
 foreach (range(1, 10) as $r) {
     $mult = $r * $r * 10;
 
-    $out['otp'][$mult] = \base64_encode(\Dcrypt\Otp::crypt(str_repeat('A', $mult), $key));
+    $out['otp'][$mult] = \base64_encode(\Dcrypt\OneTimePad::crypt(str_repeat('A', $mult), $key));
 }
 
 file_put_contents(__DIR__ . '/../tests/.vectors.json', \json_encode($out, JSON_PRETTY_PRINT));

src/Otp.php → src/OneTimePad.php

@@ -1,7 +1,7 @@
 <?php declare(strict_types=1);
 
 /**
- * Otp.php
+ * OneTimePad.php
  * 
  * PHP version 7
  * 
@@ -24,7 +24,7 @@
  * @link     https://github.com/mmeyer2k/dcrypt
  * @link     http://en.wikipedia.org/wiki/Stream_cipher
  */
-class Otp
+class OneTimePad
 {
     /**
      * Encrypt or decrypt a binary input string.
@@ -40,7 +40,7 @@ public static function crypt(string $input, string $key, string $algo = 'sha3-51
 
         $length = Str::strlen($input);
 
-        $key = new OpensslKey($algo, $key, '', (string)$length);
+        $key = new OpensslKey($algo, $key, '');
 
         foreach ($chunks as $i => &$chunk) {
             $info = $length . $i;