class LockrAes128CtrSha256KeyWrapper in Lockr 7.3
Same name and namespace in other branches
- 7.2 vendor/lockr/lockr-client/src/KeyWrapper/LockrAes128CtrSha256KeyWrapper.php \Lockr\KeyWrapper\LockrAes128CtrSha256KeyWrapper
Hierarchy
- class \Lockr\KeyWrapper\LockrAes128CtrSha256KeyWrapper implements KeyWrapperInterface
Expanded class hierarchy of LockrAes128CtrSha256KeyWrapper
1 file declares its use of LockrAes128CtrSha256KeyWrapper
- LockrAes128CtrSha256KeyWrapperTest.php in vendor/
lockr/ lockr/ tests/ KeyWrapper/ LockrAes128CtrSha256KeyWrapperTest.php
File
- vendor/
lockr/ lockr/ src/ KeyWrapper/ LockrAes128CtrSha256KeyWrapper.php, line 4
Namespace
Lockr\KeyWrapperView source
class LockrAes128CtrSha256KeyWrapper implements KeyWrapperInterface {
const PREFIX = 'aes-128-ctr-sha256';
const METHOD = 'aes-128-ctr';
const HASH_BYTES = 44;
/**
* {@inheritdoc}
*/
public static function enabled() {
return function_exists('openssl_encrypt');
}
/**
* {@inheritdoc}
*/
public static function encrypt($plaintext, $key = null) {
if (is_null($key)) {
$key = openssl_random_pseudo_bytes(16);
}
$iv_len = openssl_cipher_iv_length(self::METHOD);
$iv = openssl_random_pseudo_bytes($iv_len);
$hmac_key = openssl_random_pseudo_bytes(32);
return self::doEncrypt($plaintext, $key, $iv, $hmac_key);
}
/**
* {@inheritdoc}
*/
public static function reencrypt($plaintext, $wrapping_key) {
$parts = self::decode($wrapping_key);
if (!$parts) {
return false;
}
list($key, $iv, $hmac_key) = $parts;
return self::doEncrypt($plaintext, $key, $iv, $hmac_key);
}
/**
* {@inheritdoc}
*/
public static function decrypt($ciphertext, $wrapping_key) {
$parts = self::decode($wrapping_key);
if (!$parts) {
return false;
}
list($key, $iv, $hmac_key) = $parts;
$hmac = base64_decode(substr($ciphertext, 0, self::HASH_BYTES));
$ciphertext = base64_decode(substr($ciphertext, self::HASH_BYTES));
if (!hash_equals($hmac, self::hmac($ciphertext, $hmac_key))) {
return false;
}
$plaintext = openssl_decrypt($ciphertext, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
if ($plaintext === false) {
return false;
}
return $plaintext;
}
private static function doEncrypt($plaintext, $key, $iv, $hmac_key) {
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
$hmac = self::hmac($ciphertext, $hmac_key);
return [
'ciphertext' => base64_encode($hmac) . base64_encode($ciphertext),
'encoded' => self::encode($key, $iv, $hmac_key),
];
}
private static function hmac($data, $key) {
return hash_hmac('sha256', $data, $key, true);
}
private static function encode($key, $iv, $hmac_key) {
$parts = [
self::PREFIX,
base64_encode($key),
base64_encode($iv),
base64_encode($hmac_key),
];
return implode('$', $parts);
}
private static function decode($wrapping_key) {
$parts = explode('$', $wrapping_key, 4);
if (!$parts || count($parts) !== 4) {
return false;
}
list($prefix, $key, $iv, $hmac_key) = $parts;
if ($prefix !== self::PREFIX) {
return false;
}
return [
base64_decode($key),
base64_decode($iv),
base64_decode($hmac_key),
];
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
LockrAes128CtrSha256KeyWrapper:: |
private static | function | ||
|
LockrAes128CtrSha256KeyWrapper:: |
public static | function |
Decrypt the given ciphertext. Overrides KeyWrapperInterface:: |
|
|
LockrAes128CtrSha256KeyWrapper:: |
private static | function | ||
|
LockrAes128CtrSha256KeyWrapper:: |
public static | function |
Overrides KeyWrapperInterface:: |
|
|
LockrAes128CtrSha256KeyWrapper:: |
private static | function | ||
|
LockrAes128CtrSha256KeyWrapper:: |
public static | function |
Encrypt the given plaintext. Overrides KeyWrapperInterface:: |
|
|
LockrAes128CtrSha256KeyWrapper:: |
constant | |||
|
LockrAes128CtrSha256KeyWrapper:: |
private static | function | ||
|
LockrAes128CtrSha256KeyWrapper:: |
constant | |||
|
LockrAes128CtrSha256KeyWrapper:: |
constant | |||
|
LockrAes128CtrSha256KeyWrapper:: |
public static | function |
Encrypt the given plaintext reusing state. Overrides KeyWrapperInterface:: |