Fix the presence of padding (#497)

Fix the presence of padding

Author: Spomky

composer.json

@@ -100,7 +100,7 @@
         "ext-openssl": "*",
         "ext-sodium": "*",
         "brick/math": "^0.9|^0.10|^0.11|^0.12",
-        "paragonie/constant_time_encoding": "^2.4",
+        "paragonie/constant_time_encoding": "^2.6",
         "psr/clock": "^1.0",
         "psr/event-dispatcher": "^1.0",
         "psr/http-client": "^1.0",

phpstan-baseline.neon

@@ -1746,7 +1746,7 @@ parameters:
 			path: src/Component/Encryption/Serializer/JSONFlattenedSerializer.php
 
 		-
-			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decode\\(\\) expects string, mixed given\\.$#"
+			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decodeNoPadding\\(\\) expects string, mixed given\\.$#"
 			count: 3
 			path: src/Component/Encryption/Serializer/JSONFlattenedSerializer.php
 
@@ -1776,7 +1776,7 @@ parameters:
 			path: src/Component/Encryption/Serializer/JSONGeneralSerializer.php
 
 		-
-			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decode\\(\\) expects string, mixed given\\.$#"
+			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decodeNoPadding\\(\\) expects string, mixed given\\.$#"
 			count: 3
 			path: src/Component/Encryption/Serializer/JSONGeneralSerializer.php
 
@@ -2091,7 +2091,7 @@ parameters:
 			path: src/Component/Signature/Serializer/CompactSerializer.php
 
 		-
-			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decode\\(\\) expects string, mixed given\\.$#"
+			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decodeNoPadding\\(\\) expects string, mixed given\\.$#"
 			count: 1
 			path: src/Component/Signature/Serializer/JSONFlattenedSerializer.php
 
@@ -2121,7 +2121,7 @@ parameters:
 			path: src/Component/Signature/Serializer/JSONGeneralSerializer.php
 
 		-
-			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decode\\(\\) expects string, mixed given\\.$#"
+			message: "#^Parameter \\#1 \\$encodedString of static method ParagonIE\\\\ConstantTime\\\\Base64\\:\\:decodeNoPadding\\(\\) expects string, mixed given\\.$#"
 			count: 1
 			path: src/Component/Signature/Serializer/JSONGeneralSerializer.php
 

src/Component/Core/Util/ECKey.php

@@ -203,7 +203,7 @@ private static function p256PrivateKey(JWK $jwk): string
         if (! is_string($d)) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
-        $d = unpack('H*', str_pad(Base64UrlSafe::decode($d), 32, "\0", STR_PAD_LEFT));
+        $d = unpack('H*', str_pad(Base64UrlSafe::decodeNoPadding($d), 32, "\0", STR_PAD_LEFT));
         if (! is_array($d) || ! isset($d[1])) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
@@ -229,7 +229,7 @@ private static function p256KPrivateKey(JWK $jwk): string
         if (! is_string($d)) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
-        $d = unpack('H*', str_pad(Base64UrlSafe::decode($d), 32, "\0", STR_PAD_LEFT));
+        $d = unpack('H*', str_pad(Base64UrlSafe::decodeNoPadding($d), 32, "\0", STR_PAD_LEFT));
         if (! is_array($d) || ! isset($d[1])) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
@@ -255,7 +255,7 @@ private static function p384PrivateKey(JWK $jwk): string
         if (! is_string($d)) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
-        $d = unpack('H*', str_pad(Base64UrlSafe::decode($d), 48, "\0", STR_PAD_LEFT));
+        $d = unpack('H*', str_pad(Base64UrlSafe::decodeNoPadding($d), 48, "\0", STR_PAD_LEFT));
         if (! is_array($d) || ! isset($d[1])) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
@@ -281,7 +281,7 @@ private static function p521PrivateKey(JWK $jwk): string
         if (! is_string($d)) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
-        $d = unpack('H*', str_pad(Base64UrlSafe::decode($d), 66, "\0", STR_PAD_LEFT));
+        $d = unpack('H*', str_pad(Base64UrlSafe::decodeNoPadding($d), 66, "\0", STR_PAD_LEFT));
         if (! is_array($d) || ! isset($d[1])) {
             throw new InvalidArgumentException('Unable to get the private key');
         }
@@ -317,8 +317,8 @@ private static function getKey(JWK $jwk): string
         if (! is_string($y)) {
             throw new InvalidArgumentException('Unable to get the public key');
         }
-        $binX = ltrim(Base64UrlSafe::decode($x), "\0");
-        $binY = ltrim(Base64UrlSafe::decode($y), "\0");
+        $binX = ltrim(Base64UrlSafe::decodeNoPadding($x), "\0");
+        $binY = ltrim(Base64UrlSafe::decodeNoPadding($y), "\0");
 
         return "\04"
             . str_pad($binX, $length, "\0", STR_PAD_LEFT)

src/Component/Core/Util/RSAKey.php

@@ -229,12 +229,12 @@ private function populateBigIntegers(): void
 
     private function convertBase64StringToBigInteger(string $value): BigInteger
     {
-        return BigInteger::createFromBinaryString(Base64UrlSafe::decode($value));
+        return BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($value));
     }
 
     private function fromBase64ToInteger(string $value): string
     {
-        $unpacked = unpack('H*', Base64UrlSafe::decode($value));
+        $unpacked = unpack('H*', Base64UrlSafe::decodeNoPadding($value));
         if (! is_array($unpacked) || count($unpacked) === 0) {
             throw new InvalidArgumentException('Unable to get the private key');
         }

src/Component/Core/composer.json

@@ -42,7 +42,7 @@
         "ext-json": "*",
         "ext-mbstring": "*",
         "brick/math": "^0.9|^0.10|^0.11|^0.12",
-        "paragonie/constant_time_encoding": "^2.4",
+        "paragonie/constant_time_encoding": "^2.6",
         "spomky-labs/pki-framework": "^1.0"
     },
     "conflict": {

src/Component/Encryption/JWEBuilder.php

@@ -481,7 +481,7 @@ private function determineCEK(array &$additionalHeader): string
                     throw new RuntimeException('Invalid key.');
                 }
 
-                return Base64UrlSafe::decode($k);
+                return Base64UrlSafe::decodeNoPadding($k);
 
             default :
                 throw new InvalidArgumentException(sprintf(

src/Component/Encryption/Serializer/CompactSerializer.php

@@ -58,14 +58,16 @@ public function unserialize(string $input): JWE
 
         try {
             $encodedSharedProtectedHeader = $parts[0];
-            $sharedProtectedHeader = JsonConverter::decode(Base64UrlSafe::decode($encodedSharedProtectedHeader));
+            $sharedProtectedHeader = JsonConverter::decode(
+                Base64UrlSafe::decodeNoPadding($encodedSharedProtectedHeader)
+            );
             if (! is_array($sharedProtectedHeader)) {
                 throw new InvalidArgumentException('Unsupported input.');
             }
-            $encryptedKey = $parts[1] === '' ? null : Base64UrlSafe::decode($parts[1]);
-            $iv = Base64UrlSafe::decode($parts[2]);
-            $ciphertext = Base64UrlSafe::decode($parts[3]);
-            $tag = Base64UrlSafe::decode($parts[4]);
+            $encryptedKey = $parts[1] === '' ? null : Base64UrlSafe::decodeNoPadding($parts[1]);
+            $iv = Base64UrlSafe::decodeNoPadding($parts[2]);
+            $ciphertext = Base64UrlSafe::decodeNoPadding($parts[3]);
+            $tag = Base64UrlSafe::decodeNoPadding($parts[4]);
 
             return new JWE(
                 $ciphertext,

src/Component/Encryption/Serializer/JSONFlattenedSerializer.php

@@ -65,12 +65,14 @@ public function unserialize(string $input): JWE
         }
         $this->checkData($data);
 
-        $ciphertext = Base64UrlSafe::decode($data['ciphertext']);
-        $iv = Base64UrlSafe::decode($data['iv']);
-        $tag = Base64UrlSafe::decode($data['tag']);
-        $aad = array_key_exists('aad', $data) ? Base64UrlSafe::decode($data['aad']) : null;
+        $ciphertext = Base64UrlSafe::decodeNoPadding($data['ciphertext']);
+        $iv = Base64UrlSafe::decodeNoPadding($data['iv']);
+        $tag = Base64UrlSafe::decodeNoPadding($data['tag']);
+        $aad = array_key_exists('aad', $data) ? Base64UrlSafe::decodeNoPadding($data['aad']) : null;
         [$encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader] = $this->processHeaders($data);
-        $encryptedKey = array_key_exists('encrypted_key', $data) ? Base64UrlSafe::decode($data['encrypted_key']) : null;
+        $encryptedKey = array_key_exists('encrypted_key', $data) ? Base64UrlSafe::decodeNoPadding(
+            $data['encrypted_key']
+        ) : null;
         $header = array_key_exists('header', $data) ? $data['header'] : [];
 
         return new JWE(
@@ -96,7 +98,7 @@ private function processHeaders(array $data): array
     {
         $encodedSharedProtectedHeader = array_key_exists('protected', $data) ? $data['protected'] : null;
         $sharedProtectedHeader = $encodedSharedProtectedHeader ? JsonConverter::decode(
-            Base64UrlSafe::decode($encodedSharedProtectedHeader)
+            Base64UrlSafe::decodeNoPadding($encodedSharedProtectedHeader)
         ) : [];
         $sharedHeader = $data['unprotected'] ?? [];
 

src/Component/Encryption/Serializer/JSONGeneralSerializer.php

@@ -71,10 +71,10 @@ public function unserialize(string $input): JWE
         }
         $this->checkData($data);
 
-        $ciphertext = Base64UrlSafe::decode($data['ciphertext']);
-        $iv = Base64UrlSafe::decode($data['iv']);
-        $tag = Base64UrlSafe::decode($data['tag']);
-        $aad = array_key_exists('aad', $data) ? Base64UrlSafe::decode($data['aad']) : null;
+        $ciphertext = Base64UrlSafe::decodeNoPadding($data['ciphertext']);
+        $iv = Base64UrlSafe::decodeNoPadding($data['iv']);
+        $tag = Base64UrlSafe::decodeNoPadding($data['tag']);
+        $aad = array_key_exists('aad', $data) ? Base64UrlSafe::decodeNoPadding($data['aad']) : null;
         [$encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader] = $this->processHeaders($data);
         $recipients = [];
         foreach ($data['recipients'] as $recipient) {
@@ -103,7 +103,7 @@ private function checkData(?array $data): void
 
     private function processRecipient(array $recipient): array
     {
-        $encryptedKey = array_key_exists('encrypted_key', $recipient) ? Base64UrlSafe::decode(
+        $encryptedKey = array_key_exists('encrypted_key', $recipient) ? Base64UrlSafe::decodeNoPadding(
             $recipient['encrypted_key']
         ) : null;
         $header = array_key_exists('header', $recipient) ? $recipient['header'] : [];
@@ -115,7 +115,7 @@ private function processHeaders(array $data): array
     {
         $encodedSharedProtectedHeader = array_key_exists('protected', $data) ? $data['protected'] : null;
         $sharedProtectedHeader = $encodedSharedProtectedHeader ? JsonConverter::decode(
-            Base64UrlSafe::decode($encodedSharedProtectedHeader)
+            Base64UrlSafe::decodeNoPadding($encodedSharedProtectedHeader)
         ) : [];
         $sharedHeader = array_key_exists('unprotected', $data) ? $data['unprotected'] : [];
 

src/Component/KeyManagement/Analyzer/ESKeyAnalyzer.php

@@ -40,15 +40,15 @@ public function analyze(JWK $jwk, MessageBag $bag): void
 
             return;
         }
-        $x = Base64UrlSafe::decode($x);
+        $x = Base64UrlSafe::decodeNoPadding($x);
         $xLength = 8 * mb_strlen($x, '8bit');
         $y = $jwk->get('y');
         if (! is_string($y)) {
             $bag->add(Message::high('Invalid key. The components "y" shall be a string.'));
 
             return;
         }
-        $y = Base64UrlSafe::decode($y);
+        $y = Base64UrlSafe::decodeNoPadding($y);
         $yLength = 8 * mb_strlen($y, '8bit');
         if ($yLength !== $xLength || $yLength !== $this->getKeySize()) {
             $bag->add(