Skip to content

[Encryption] New component #39344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 14 commits into from
Closed

[Encryption] New component #39344

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1dd1b20
Adding new Encryption component
Nyholm Dec 1, 2020
2348d74
Apply suggestions from code review
Nyholm Jul 12, 2021
2aa4938
Fixed exceptions
Nyholm Jul 12, 2021
3fedf0b
Use PHP8 syntax
Nyholm Jul 12, 2021
7a63069
Minor fixes
Nyholm Jul 12, 2021
4000685
Apply suggestions from code review
Nyholm Jul 12, 2021
4792b64
minior
Nyholm Jul 12, 2021
3c608b3
From suggestion by Alexander
Nyholm Jul 12, 2021
bc85b34
updated comment
Nyholm Jul 12, 2021
3ac8156
Readme update
Nyholm Jul 12, 2021
e49230e
Remove signing
Nyholm Jul 12, 2021
045c278
Move nonce to the cyphertext headers
Nyholm Jul 12, 2021
117c77b
Rename cihpertext
Nyholm Jul 12, 2021
fe7806f
Update src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption…
Nyholm Jul 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
"symfony/doctrine-bridge": "self.version",
"symfony/dom-crawler": "self.version",
"symfony/dotenv": "self.version",
"symfony/encryption": "self.version",
"symfony/error-handler": "self.version",
"symfony/event-dispatcher": "self.version",
"symfony/expression-language": "self.version",
Expand Down
14 changes: 14 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Exception\LogicException;
use Symfony\Component\Encryption\EncryptionInterface;
use Symfony\Component\Form\Form;
use Symfony\Component\HttpClient\HttpClient;
use Symfony\Component\HttpFoundation\Cookie;
Expand Down Expand Up @@ -149,6 +150,7 @@ public function getConfigTreeBuilder()
$this->addNotifierSection($rootNode, $enableIfStandalone);
$this->addRateLimiterSection($rootNode, $enableIfStandalone);
$this->addUidSection($rootNode, $enableIfStandalone);
$this->addEncryptionSection($rootNode, $enableIfStandalone);

return $treeBuilder;
}
Expand Down Expand Up @@ -1975,4 +1977,16 @@ private function addUidSection(ArrayNodeDefinition $rootNode, callable $enableIf
->end()
;
}

private function addEncryptionSection(ArrayNodeDefinition $rootNode, callable $enableIfStandalone)
{
$rootNode
->children()
->arrayNode('encryption')
->info('Encryption configuration')
->{$enableIfStandalone('symfony/encryption', EncryptionInterface::class)}()
->end()
->end()
;
}
}
10 changes: 10 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,7 @@ public function load(array $configs, ContainerBuilder $container)
$this->registerAnnotationsConfiguration($config['annotations'], $container, $loader);
$this->registerPropertyAccessConfiguration($config['property_access'], $container, $loader);
$this->registerSecretsConfiguration($config['secrets'], $container, $loader);
$this->registerEncryptionConfiguration($config['encryption'], $container, $loader);

if ($this->isConfigEnabled($container, $config['serializer'])) {
if (!class_exists(\Symfony\Component\Serializer\Serializer::class)) {
Expand Down Expand Up @@ -636,6 +637,15 @@ private function registerHttpCacheConfiguration(array $config, ContainerBuilder
}
}

private function registerEncryptionConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
{
if (!$this->isConfigEnabled($container, $config)) {
return;
}

$loader->load('encryption.php');
}

private function registerEsiConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
{
if (!$this->isConfigEnabled($container, $config)) {
Expand Down
23 changes: 23 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\DependencyInjection\Loader\Configurator;

use Symfony\Component\Encryption\EncryptionInterface;
use Symfony\Component\Encryption\Sodium\SodiumEncryption;

return static function (ContainerConfigurator $container) {
$container->services()
->set('encryption.sodium', SodiumEncryption::class)
->alias(EncryptionInterface::class, 'encryption.sodium')
->alias('encryption', 'encryption.sodium')
;
};
4 changes: 4 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\Config\Definition\Processor;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\Encryption\EncryptionInterface;
use Symfony\Component\HttpClient\HttpClient;
use Symfony\Component\Lock\Store\SemaphoreStore;
use Symfony\Component\Mailer\Mailer;
Expand Down Expand Up @@ -576,6 +577,9 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
'name_based_uuid_version' => 5,
'time_based_uuid_version' => 6,
],
'encryption' => [
'enabled' => !class_exists(FullStack::class) && interface_exists(EncryptionInterface::class),
],
];
}
}
4 changes: 4 additions & 0 deletions src/Symfony/Component/Encryption/.gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
/.gitattributes export-ignore
/.gitignore export-ignore
/phpunit.xml.dist export-ignore
/Tests export-ignore
3 changes: 3 additions & 0 deletions src/Symfony/Component/Encryption/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
composer.lock
phpunit.xml
vendor/
7 changes: 7 additions & 0 deletions src/Symfony/Component/Encryption/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
CHANGELOG
=========

6.0
---

* Introduced the component as experimental
110 changes: 110 additions & 0 deletions src/Symfony/Component/Encryption/EncryptionInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption;

use Symfony\Component\Encryption\Exception\DecryptionException;
use Symfony\Component\Encryption\Exception\EncryptionException;
use Symfony\Component\Encryption\Exception\InvalidKeyException;

/**
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
interface EncryptionInterface
{
/**
* Generates a new key to be used for encryption.
*
* Don't lose your private key and make sure to keep it a secret.
*
* @param string|null $secret A secret to be used in symmetric encryption. A
* new secret is generated if none is provided.
*/
public function generateKey(string $secret = null): KeyInterface;

/**
* Gets an encrypted version of the message.
*
* Symmetric encryption uses the same key to encrypt and decrypt a message.
* The key should be kept safe and should not be exposed to the public. Symmetric
* encryption should be used when you are sending the encrypted message to
* yourself.
*
* Example: You store a value on disk or in a cookie and don't want anyone else
* to read it.
*
* Symmetric encryption is in theory weaker than asymmetric encryption.
*
* <code>
* $key = $encryption->generateKey();
* $ciphertext = $encryption->encrypt('input', $key);
* $message = $encryption->decrypt($ciphertext, $key);
* </code>
*
* @param string $message Plain text version of the message
* @param KeyInterface $key A key that holds a string secret
*
* @return string formatted as a Symfony Encryption Token
*
* @throws EncryptionException
* @throws InvalidKeyException
*/
public function encrypt(string $message, KeyInterface $key): string;

/**
* Gets an encrypted version of the message that only the recipient can read.
*
* Asymmetric encryption uses a "key pair" i.e. a public key and a private key.
* It is safe to share the public key, but the private key should always be
* kept a secret.
*
* When Alice and Bob want to communicate securely, they share their public keys with
* each other. Alice will encrypt a message with Bob's public key. When Bob
* receives the message, he will decrypt it with his private key.
*
*
* <code>
* // Bob:
* $bobKey = $encryption->generateKey();
* $bobPublicOnly = $bobKey->extractPublicKey();
* // Bob sends $bobPublicOnly to Alice
*
* // Alice:
* $ciphertext = $encryption->encryptFor('input', $bobPublicOnly);
* // Alice sends $ciphertext to Bob
*
* // Bob:
* $message = $encryption->decrypt($ciphertext, $bobKey);
* </code>
*
* @param string $message Plain text version of the message
* @param KeyInterface $recipientKey Key with a public key of the recipient
*
* @return string formatted as a Symfony Encryption Token
*
* @throws EncryptionException
* @throws InvalidKeyException
*/
public function encryptFor(string $message, KeyInterface $recipientKey): string;

/**
* Gets a plain text version of the encrypted message.
*
* @param string $message formatted in the Symfony Encryption Token format
* @param KeyInterface $key Key of the recipient, it should contain a private key
*
* @throws DecryptionException
* @throws InvalidKeyException
*/
public function decrypt(string $message, KeyInterface $key): string;
}
27 changes: 27 additions & 0 deletions src/Symfony/Component/Encryption/Exception/DecryptionException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* Thrown when a message cannot be decrypted.
*
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
class DecryptionException extends \RuntimeException implements ExceptionInterface
{
public function __construct(string $message = null, \Throwable $previous = null)
{
parent::__construct($message ?? 'Could not decrypt the ciphertext.', 0, $previous);
}
}
27 changes: 27 additions & 0 deletions src/Symfony/Component/Encryption/Exception/EncryptionException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* Thrown when a message cannot be encrypted.
*
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
class EncryptionException extends \RuntimeException implements ExceptionInterface
{
public function __construct(string $message = null, \Throwable $previous = null)
{
parent::__construct($message ?? 'Could not encrypt the message.', 0, $previous);
}
}
23 changes: 23 additions & 0 deletions src/Symfony/Component/Encryption/Exception/ExceptionInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* Base ExceptionInterface for the Encryption Component.
*
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
interface ExceptionInterface extends \Throwable
{
}
27 changes: 27 additions & 0 deletions src/Symfony/Component/Encryption/Exception/InvalidKeyException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* Thrown when there is an issue with the Key.
*
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
class InvalidKeyException extends \RuntimeException implements ExceptionInterface
{
public function __construct(string $message = null, \Throwable $previous = null)
{
parent::__construct($message ?? 'This key is not valid.', 0, $previous);
}
}
25 changes: 25 additions & 0 deletions src/Symfony/Component/Encryption/Exception/MalformedCipherException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
class MalformedCipherException extends DecryptionException
{
public function __construct(string $message = null, \Throwable $previous = null)
{
parent::__construct($message ?? 'The message you provided is not a valid ciphertext.', $previous);
}
}
25 changes: 25 additions & 0 deletions src/Symfony/Component/Encryption/Exception/UnsupportedAlgorithmException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Encryption\Exception;

/**
* @author Tobias Nyholm <tobias.nyholm@gmail.com>
*
* @experimental in 6.0
*/
class UnsupportedAlgorithmException extends DecryptionException
{
public function __construct(string $algorithm, \Throwable $previous = null)
{
parent::__construct(sprintf('The ciphertext is encrypted with "%s" algorithm. Decryption of that algorithm is not supported.', $algorithm), $previous);
}
}
Loading