More sanity checks.

src/Alerts/InvalidSignature.php

@@ -0,0 +1,7 @@
+<?php
+namespace ParagonIE\Halite\Alerts;
+
+class InvalidSignature extends HaliteAlert
+{
+
+}

src/Asymmetric/Crypto.php

@@ -2,6 +2,7 @@
 namespace ParagonIE\Halite\Asymmetric;
 
 use \ParagonIE\Halite\Alerts as CryptoException;
+use \ParagonIE\Halite\Util as CryptoUtil;
 use \ParagonIE\Halite\Contract;
 use \ParagonIE\Halite\Symmetric\Crypto as SymmetricCrypto;
 use \ParagonIE\Halite\Symmetric\EncryptionKey;
@@ -275,6 +276,11 @@ public static function verify(
         if (!$raw) {
             $signature = \Sodium\hex2bin($signature);
         }
+        if (CryptoUtil::safeStrlen($signature) !== \Sodium\CRYPTO_SIGN_BYTES) {
+            throw new CryptoException\InvalidSignature(
+                'Signature is not the correct length; is it encoded?'
+            );
+        }
 
         return \Sodium\crypto_sign_verify_detached(
             $signature,

src/Asymmetric/EncryptionPublicKey.php

@@ -1,6 +1,9 @@
 <?php
 namespace ParagonIE\Halite\Asymmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class EncryptionPublicKey extends PublicKey
 {
     /**
@@ -9,6 +12,11 @@ final class EncryptionPublicKey extends PublicKey
      */
     public function __construct($keyMaterial = '', ...$args) 
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_BOX_PUBLICKEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Encryption public key must be CRYPTO_BOX_PUBLICKEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, false);
     }
 }

src/Asymmetric/EncryptionSecretKey.php

@@ -1,6 +1,9 @@
 <?php
 namespace ParagonIE\Halite\Asymmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class EncryptionSecretKey extends SecretKey
 {
     /**
@@ -9,6 +12,11 @@ final class EncryptionSecretKey extends SecretKey
      */
     public function __construct($keyMaterial = '', ...$args) 
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_BOX_SECRETKEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Encryption secret key must be CRYPTO_BOX_SECRETKEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, false);
     }
 

src/Asymmetric/SignaturePublicKey.php

@@ -1,6 +1,9 @@
 <?php
 namespace ParagonIE\Halite\Asymmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class SignaturePublicKey extends PublicKey
 {
     /**
@@ -9,6 +12,11 @@ final class SignaturePublicKey extends PublicKey
      */
     public function __construct($keyMaterial = '', ...$args) 
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_SIGN_PUBLICKEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Signature public key must be CRYPTO_SIGN_PUBLICKEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, true);
     }
 }

src/Asymmetric/SignatureSecretKey.php

@@ -1,6 +1,9 @@
 <?php
 namespace ParagonIE\Halite\Asymmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class SignatureSecretKey extends SecretKey
 {
     /**
@@ -9,6 +12,11 @@ final class SignatureSecretKey extends SecretKey
      */
     public function __construct($keyMaterial = '', ...$args) 
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_SIGN_SECRETKEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Signature secret key must be CRYPTO_SIGN_SECRETKEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, true);
     }
 

src/Symmetric/AuthenticationKey.php

@@ -1,13 +1,21 @@
 <?php
 namespace ParagonIE\Halite\Symmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class AuthenticationKey extends SecretKey
 {
     /**
      * @param string $keyMaterial - The actual key data
      */
     public function __construct($keyMaterial = '', ...$args)
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_AUTH_KEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Authentication key must be CRYPTO_AUTH_KEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, true);
     }
 }

src/Symmetric/Crypto.php

@@ -280,6 +280,11 @@ protected static function verifyMAC(
         $message,
         $aKey
     ) {
+        if (CryptoUtil::safeStrlen($mac) !== \Sodium\CRYPTO_AUTH_BYTES) {
+            throw new CryptoException\InvalidSignature(
+                'Message Authentication Code is not the correct length; is it encoded?'
+            );
+        }
         return \Sodium\crypto_auth_verify(
             $mac, 
             $message,

src/Symmetric/EncryptionKey.php

@@ -1,13 +1,21 @@
 <?php
 namespace ParagonIE\Halite\Symmetric;
 
+use \ParagonIE\Halite\Util as CryptoUtil;
+use \ParagonIE\Halite\Alerts as CryptoException;
+
 final class EncryptionKey extends SecretKey
 {
     /**
      * @param string $keyMaterial - The actual key data
      */
     public function __construct($keyMaterial = '', ...$args)
     {
+        if (CryptoUtil::safeStrlen($keyMaterial) !== \Sodium\CRYPTO_STREAM_KEYBYTES) {
+            throw new CryptoException\InvalidKey(
+                'Encryption key must be CRYPTO_STREAM_KEYBYTES bytes long'
+            );
+        }
         parent::__construct($keyMaterial, false);
     }
 }