kduma-autoid · kduma · Nov 23, 2025 · Nov 23, 2025 · Nov 23, 2025 · Nov 23, 2025
diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ coverage/
 *~
 *.bak
 .DS_Store
+/example-app/.vite
diff --git a/example-app/app/Http/Controllers/SDMController.php b/example-app/app/Http/Controllers/SDMController.php
@@ -48,7 +48,7 @@ public function tagPlainText(Request $request)
             );
 
             return view('info', [
-                'encryptionMode' => $result['encryption_mode']->value,
+                'encryptionMode' => $result['encryption_mode']->name,
                 'uid' => $result['uid'],
                 'readCtr' => $result['read_ctr'],
                 'fileData' => null,
@@ -79,7 +79,7 @@ public function apiTagPlainText(Request $request): JsonResponse
             );
 
             return $this->jsonResponse([
-                'encryption_mode' => $result['encryption_mode']->value,
+                'encryption_mode' => $result['encryption_mode']->name,
                 'uid' => bin2hex($result['uid']),
                 'read_ctr' => $result['read_ctr'],
             ]);
@@ -135,11 +135,6 @@ private function processEncryptedTag(Request $request, bool $isTamperTag)
                 return $this->errorResponse('LRP mode is required', 400);
             }
 
-            // Check if LRP mode is requested but not supported
-            if ($params['mode'] === 'LRP') {
-                return $this->errorResponse('LRP mode is not yet supported in the php-sdm library', 501);
-            }
-
             $sdm = $this->getSDM();
 
             $result = $sdm->decryptSunMessage(
@@ -153,7 +148,7 @@ private function processEncryptedTag(Request $request, bool $isTamperTag)
 
             $viewData = [
                 'piccDataTag' => $result['picc_data_tag'],
-                'encryptionMode' => $result['encryption_mode']->value,
+                'encryptionMode' => $result['encryption_mode']->name,
                 'uid' => $result['uid'],
                 'readCtr' => $result['read_ctr'],
                 'fileData' => $result['file_data'],
@@ -194,11 +189,6 @@ private function processEncryptedTagApi(Request $request, bool $isTamperTag): Js
                 return $this->jsonErrorResponse('LRP mode is required', 400);
             }
 
-            // Check if LRP mode is requested but not supported
-            if ($params['mode'] === 'LRP') {
-                return $this->jsonErrorResponse('LRP mode is not yet supported in the php-sdm library', 501);
-            }
-
             $sdm = $this->getSDM();
 
             $result = $sdm->decryptSunMessage(
@@ -212,7 +202,7 @@ private function processEncryptedTagApi(Request $request, bool $isTamperTag): Js
 
             $responseData = [
                 'picc_data_tag' => bin2hex($result['picc_data_tag']),
-                'encryption_mode' => $result['encryption_mode']->value,
+                'encryption_mode' => $result['encryption_mode']->name,
                 'uid' => bin2hex($result['uid']),
                 'read_ctr' => $result['read_ctr'],
             ];

diff --git a/example-app/config/sdm.php b/example-app/config/sdm.php
@@ -54,7 +54,8 @@
     |--------------------------------------------------------------------------
     |
     | When enabled, this will enforce LRP encryption mode and reject AES requests.
-    | Note: LRP mode is not yet implemented in the php-sdm library.
+    | LRP (Leakage Resilient Primitive) provides enhanced security against
+    | side-channel attacks compared to standard AES encryption.
     |
     */
 

diff --git a/phpstan.neon b/phpstan.neon
@@ -22,8 +22,3 @@ parameters:
             message: '#expects string\|null, string\|false given#'
             paths:
                 - tests/Unit/
-        # Unreachable statements after markTestSkipped() in LRP tests
-        # These tests are intentionally skipped but kept for documentation and future LRP support
-        -
-            message: '#Unreachable statement - code above always terminates#'
-            path: tests/Unit/SDMProtocolTest.php
diff --git a/src/Cipher/AESCipher.php b/src/Cipher/AESCipher.php
@@ -140,7 +140,9 @@ public function cmac(string $data, string $key): string
             $encrypted = openssl_encrypt($x, 'AES-128-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING);
 
             if (false === $encrypted) {
+                // @codeCoverageIgnoreStart
                 throw new \RuntimeException('Failed to encrypt data during CMAC calculation');
+                // @codeCoverageIgnoreEnd
             }
 
             $x = $encrypted;
@@ -150,7 +152,9 @@ public function cmac(string $data, string $key): string
         $mac = openssl_encrypt($x, 'AES-128-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING);
 
         if (false === $mac) {
+            // @codeCoverageIgnoreStart
             throw new \RuntimeException('Failed to generate CMAC');
+            // @codeCoverageIgnoreEnd
         }
 
         return $mac;
@@ -168,7 +172,9 @@ private function generateSubkeys(string $key, int $blockSize): array
         $l = openssl_encrypt($zero, 'AES-128-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING);
 
         if (false === $l) {
+            // @codeCoverageIgnoreStart
             throw new \RuntimeException('Failed to encrypt data for CMAC subkey generation');
+            // @codeCoverageIgnoreEnd
         }
 
         // K1 = L << 1
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,3 +11,4 @@ coverage/ @@
     *~
     *.bak
     .DS_Store
+    /example-app/.vite