class LockrAes128CtrSha256KeyWrapper in Lockr 7.2
Same name and namespace in other branches
- 7.3 vendor/lockr/lockr/src/KeyWrapper/LockrAes128CtrSha256KeyWrapper.php \Lockr\KeyWrapper\LockrAes128CtrSha256KeyWrapper
Hierarchy
- class \Lockr\KeyWrapper\LockrAes128CtrSha256KeyWrapper implements KeyWrapperInterface
Expanded class hierarchy of LockrAes128CtrSha256KeyWrapper
File
- vendor/
lockr/ lockr-client/ src/ KeyWrapper/ LockrAes128CtrSha256KeyWrapper.php, line 6
Namespace
Lockr\KeyWrapperView source
class LockrAes128CtrSha256KeyWrapper implements KeyWrapperInterface {
const PREFIX = 'aes-128-ctr-sha256';
const METHOD = 'aes-128-ctr';
const HASH_BYTES = 44;
/**
* {@inheritdoc}
*/
public static function enabled() {
return function_exists('openssl_encrypt');
}
/**
* {@inheritdoc}
*/
public static function encrypt($plaintext) {
$key = openssl_random_pseudo_bytes(32);
$iv_len = openssl_cipher_iv_length(self::METHOD);
$iv = openssl_random_pseudo_bytes($iv_len);
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
$hmac_key = openssl_random_pseudo_bytes(32);
$hmac = self::hmac($ciphertext, $hmac_key);
return array(
'ciphertext' => base64_encode($hmac) . base64_encode($ciphertext),
'encoded' => self::encode($key, $iv, $hmac_key),
);
}
/**
* {@inheritdoc}
*/
public static function decrypt($ciphertext, $encoded) {
$parts = self::decode($encoded);
if (!$parts) {
return false;
}
list($key, $iv, $hmac_key) = $parts;
$hmac = base64_decode(substr($ciphertext, 0, self::HASH_BYTES));
$ciphertext = base64_decode(substr($ciphertext, self::HASH_BYTES));
if (!self::hashEquals($hmac, self::hmac($ciphertext, $hmac_key))) {
return false;
}
$plaintext = openssl_decrypt($ciphertext, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
if ($plaintext === false) {
return false;
}
return $plaintext;
}
/**
* {@inheritdoc}
*/
public static function reencrypt($plaintext, $encoded) {
$parts = self::decode($encoded);
if (!$parts) {
return false;
}
list($key, $iv, $hmac_key) = $parts;
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
$hmac = self::hmac($ciphertext, $hmac_key);
return array(
'ciphertext' => base64_encode($hmac) . base64_encode($ciphertext),
'encoded' => $encoded,
);
}
protected static function hmac($data, $key) {
return hash_hmac('sha256', $data, $key, true);
}
protected static function hashEquals($left, $right) {
if (function_exists('hash_equals')) {
return hash_equals($left, $right);
}
$ret = 0;
if (strlen($left) !== strlen($right)) {
$right = $left;
$ret = 1;
}
$res = $left ^ $right;
for ($i = strlen($res) - 1; $i >= 0; --$i) {
$ret |= ord($res[$i]);
}
return !$ret;
}
protected static function encode($key, $iv, $hmac_key) {
$parts = array(
self::PREFIX,
base64_encode($key),
base64_encode($iv),
base64_encode($hmac_key),
);
return implode('$', $parts);
}
protected static function decode($encoded) {
$parts = explode('$', $encoded, 4);
if (!$parts || count($parts) != 4) {
return false;
}
list($prefix, $key, $iv, $hmac_key) = $parts;
if ($prefix !== self::PREFIX) {
return false;
}
return array(
base64_decode($key),
base64_decode($iv),
base64_decode($hmac_key),
);
}
}