You are here

public static function ParagonIE_Sodium_Crypto32::secretbox_open in Automatic Updates 7

Same name and namespace in other branches
  1. 8 vendor/paragonie/sodium_compat/src/Crypto32.php \ParagonIE_Sodium_Crypto32::secretbox_open()

Decrypt a ciphertext generated via secretbox().

@internal Do not use this directly. Use ParagonIE_Sodium_Compat.

Parameters

string $ciphertext:

string $nonce:

string $key:

Return value

string

Throws

SodiumException

TypeError

2 calls to ParagonIE_Sodium_Crypto32::secretbox_open()
ParagonIE_Sodium_Compat::crypto_secretbox_open in vendor/paragonie/sodium_compat/src/Compat.php
Decrypts a message previously encrypted with crypto_secretbox().
ParagonIE_Sodium_Crypto32::box_open in vendor/paragonie/sodium_compat/src/Crypto32.php
Decrypt a message encrypted with box().

File

vendor/paragonie/sodium_compat/src/Crypto32.php, line 1019

Class

ParagonIE_Sodium_Crypto32
Class ParagonIE_Sodium_Crypto

Code

public static function secretbox_open($ciphertext, $nonce, $key) {

  /** @var string $mac */
  $mac = ParagonIE_Sodium_Core32_Util::substr($ciphertext, 0, self::secretbox_xsalsa20poly1305_MACBYTES);

  /** @var string $c */
  $c = ParagonIE_Sodium_Core32_Util::substr($ciphertext, self::secretbox_xsalsa20poly1305_MACBYTES);

  /** @var int $clen */
  $clen = ParagonIE_Sodium_Core32_Util::strlen($c);

  /** @var string $subkey */
  $subkey = ParagonIE_Sodium_Core32_HSalsa20::hsalsa20($nonce, $key);

  /** @var string $block0 */
  $block0 = ParagonIE_Sodium_Core32_Salsa20::salsa20(64, ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8), $subkey);
  $verified = ParagonIE_Sodium_Core32_Poly1305::onetimeauth_verify($mac, $c, ParagonIE_Sodium_Core32_Util::substr($block0, 0, 32));
  if (!$verified) {
    try {
      ParagonIE_Sodium_Compat::memzero($subkey);
    } catch (SodiumException $ex) {
      $subkey = null;
    }
    throw new SodiumException('Invalid MAC');
  }

  /** @var string $m - Decrypted message */
  $m = ParagonIE_Sodium_Core32_Util::xorStrings(ParagonIE_Sodium_Core32_Util::substr($block0, self::secretbox_xsalsa20poly1305_ZEROBYTES), ParagonIE_Sodium_Core32_Util::substr($c, 0, self::secretbox_xsalsa20poly1305_ZEROBYTES));
  if ($clen > self::secretbox_xsalsa20poly1305_ZEROBYTES) {

    // We had more than 1 block, so let's continue to decrypt the rest.
    $m .= ParagonIE_Sodium_Core32_Salsa20::salsa20_xor_ic(ParagonIE_Sodium_Core32_Util::substr($c, self::secretbox_xsalsa20poly1305_ZEROBYTES), ParagonIE_Sodium_Core32_Util::substr($nonce, 16, 8), 1, (string) $subkey);
  }
  return $m;
}