Fix bad curve

web-auth · Jul 26, 2023 · 2fcf4f4 · 2fcf4f4
1 parent 269f22d
commit 2fcf4f4
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 6 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -22,7 +22,7 @@ parameters:
 
         -
             message: "#^Parameter \\#2 \\$secret_key of function sodium_crypto_sign_detached expects non\\-empty\\-string, string given\\.$#"
-            count: 1
+            count: 2
             path: src/Algorithm/Signature/EdDSA/EdDSA.php
 
         -

diff --git a/src/Algorithm/Signature/EdDSA/EdDSA.php b/src/Algorithm/Signature/EdDSA/EdDSA.php
@@ -31,14 +31,15 @@ public function sign(string $data, Key $key): string
 
         return match ($key->curve()) {
             OkpKey::CURVE_ED25519 => sodium_crypto_sign_detached($data, $secret),
+            OkpKey::CURVE_NAME_ED25519 => sodium_crypto_sign_detached($data, $secret),
             default => throw new InvalidArgumentException('Unsupported curve'),
         };
     }
 
     public function verify(string $data, Key $key, string $signature): bool
     {
         $key = $this->handleKey($key);
-        if ($key->curve() !== OkpKey::CURVE_ED25519) {
+        if ($key->curve() !== OkpKey::CURVE_ED25519 && $key->curve() !== OkpKey::CURVE_NAME_ED25519) {
             throw new InvalidArgumentException('Unsupported curve');
         }
         try {

diff --git a/src/Key/Ec2Key.php b/src/Key/Ec2Key.php
@@ -81,6 +81,11 @@ class Ec2Key extends Key
      */
     public function __construct(array $data)
     {
+        foreach ([self::DATA_CURVE, self::TYPE] as $key) {
+            if (is_numeric($data[$key])) {
+                $data[$key] = (int) $data[$key];
+            }
+        }
         parent::__construct($data);
         if ($data[self::TYPE] !== self::TYPE_EC2 && $data[self::TYPE] !== self::TYPE_NAME_EC2) {
             throw new InvalidArgumentException('Invalid EC2 key. The key type does not correspond to an EC2 key');

diff --git a/src/Key/OkpKey.php b/src/Key/OkpKey.php
@@ -7,7 +7,6 @@
 use InvalidArgumentException;
 use function array_key_exists;
 use function in_array;
-use function is_int;
 
 /**
  * @final
@@ -23,6 +22,14 @@ class OkpKey extends Key
 
     final public const CURVE_ED448 = 7;
 
+    final public const CURVE_NAME_X25519 = 'X25519';
+
+    final public const CURVE_NAME_X448 = 'X448';
+
+    final public const CURVE_NAME_ED25519 = 'Ed25519';
+
+    final public const CURVE_NAME_ED448 = 'Ed448';
+
     final public const DATA_CURVE = -1;
 
     final public const DATA_X = -2;
@@ -36,22 +43,32 @@ class OkpKey extends Key
         self::CURVE_ED448,
     ];
 
-    private const SUPPORTED_CURVES_NAME = ['X25519', 'X448,', 'Ed25519', 'Ed448'];
+    private const SUPPORTED_CURVES_NAME = [
+        self::CURVE_NAME_X25519,
+        self::CURVE_NAME_X448,
+        self::CURVE_NAME_ED25519,
+        self::CURVE_NAME_ED448,
+    ];
 
     /**
      * @param array<int|string, mixed> $data
      */
     public function __construct(array $data)
     {
+        foreach ([self::DATA_CURVE, self::TYPE] as $key) {
+            if (is_numeric($data[$key])) {
+                $data[$key] = (int) $data[$key];
+            }
+        }
         parent::__construct($data);
         if ($data[self::TYPE] !== self::TYPE_OKP && $data[self::TYPE] !== self::TYPE_NAME_OKP) {
             throw new InvalidArgumentException('Invalid OKP key. The key type does not correspond to an OKP key');
         }
         if (! isset($data[self::DATA_CURVE], $data[self::DATA_X])) {
             throw new InvalidArgumentException('Invalid EC2 key. The curve or the "x" coordinate is missing');
         }
-        if (is_int($data[self::DATA_CURVE])) {
-            if (! in_array($data[self::DATA_CURVE], self::SUPPORTED_CURVES_INT, true)) {
+        if (is_numeric($data[self::DATA_CURVE])) {
+            if (! in_array((int) $data[self::DATA_CURVE], self::SUPPORTED_CURVES_INT, true)) {
                 throw new InvalidArgumentException('The curve is not supported');
             }
         } elseif (! in_array($data[self::DATA_CURVE], self::SUPPORTED_CURVES_NAME, true)) {

diff --git a/src/Key/RsaKey.php b/src/Key/RsaKey.php
@@ -47,6 +47,11 @@ class RsaKey extends Key
      */
     public function __construct(array $data)
     {
+        foreach ([self::TYPE] as $key) {
+            if (is_numeric($data[$key])) {
+                $data[$key] = (int) $data[$key];
+            }
+        }
         parent::__construct($data);
         if ($data[self::TYPE] !== self::TYPE_RSA && $data[self::TYPE] !== self::TYPE_NAME_RSA) {
             throw new InvalidArgumentException('Invalid RSA key. The key type does not correspond to a RSA key');