You are here

Home » API reference » Automatic Updates 7 » Compat.php » ParagonIE_Sodium_Compat

public static function ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt in Automatic Updates 7

Same name and namespace in other branches
  1. 8 vendor/paragonie/sodium_compat/src/Compat.php \ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt()

Authenticated Encryption with Associated Data: Decryption

Algorithm: AES-256-GCM

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

@psalm-suppress MixedArgument @psalm-suppress MixedInferredReturnType @psalm-suppress MixedReturnStatement

Parameters

string $ciphertext Encrypted message (with Poly1305 MAC appended):

string $assocData Authenticated Associated Data (unencrypted):

string $nonce Number to be used only Once; must be 8 bytes:

string $key Encryption key:

Return value

string|bool The original plaintext message

Throws

SodiumException

TypeError

2 calls to ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt()
php72compat.php in vendor/paragonie/sodium_compat/lib/php72compat.php
sodium_compat.php in vendor/paragonie/sodium_compat/lib/sodium_compat.php

File

vendor/paragonie/sodium_compat/src/Compat.php, line 342

Class

ParagonIE_Sodium_Compat

Code

public static function crypto_aead_aes256gcm_decrypt($ciphertext = '', $assocData = '', $nonce = '', $key = '') {
  if (!self::crypto_aead_aes256gcm_is_available()) {
    throw new SodiumException('AES-256-GCM is not available');
  }
  ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
  ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
  ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
  ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);

  /* Input validation: */
  if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AES256GCM_NPUBBYTES) {
    throw new SodiumException('Nonce must be CRYPTO_AEAD_AES256GCM_NPUBBYTES long');
  }
  if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AES256GCM_KEYBYTES) {
    throw new SodiumException('Key must be CRYPTO_AEAD_AES256GCM_KEYBYTES long');
  }
  if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_AEAD_AES256GCM_ABYTES) {
    throw new SodiumException('Message must be at least CRYPTO_AEAD_AES256GCM_ABYTES long');
  }
  if (!is_callable('openssl_decrypt')) {
    throw new SodiumException('The OpenSSL extension is not installed, or openssl_decrypt() is not available');
  }

  /** @var string $ctext */
  $ctext = ParagonIE_Sodium_Core_Util::substr($ciphertext, 0, -self::CRYPTO_AEAD_AES256GCM_ABYTES);

  /** @var string $authTag */
  $authTag = ParagonIE_Sodium_Core_Util::substr($ciphertext, -self::CRYPTO_AEAD_AES256GCM_ABYTES, 16);
  return openssl_decrypt($ctext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $authTag, $assocData);
}