/**
* @return string
*/
public function getEncKey()
{
if (!$this->enc_key) {
// Use the last 128 bits of this key as the AES-CBC key ENC_KEY
$this->enc_key = Str::substr($this->content_encryption_key, 16, null);
}
return $this->enc_key;
}
/**
*
* @link http://php.net/manual/en/function.hash-hmac.php
* @link http://php.net/manual/en/function.hash-equals.php
*
* @param string $message
* @param string $signature
* @param string $secret_key
* @return bool
* @throws InvalidSignatureException
*/
public function verify($message, $signature, $secret_key)
{
$hash = hash_hmac($this->getHashAlgorithm(), $message, $secret_key, true);
if (function_exists('hash_equals')) {
if (true === hash_equals($signature, $hash)) {
return true;
}
throw new InvalidSignatureException('Unable to verify signature');
}
if (Str::equals($signature, $hash)) {
return true;
}
throw new InvalidSignatureException('Unable to verify signature');
}
/**
* @param string $aad_base64
* @param string $iv
* @param string $cipher_text
* @param ContentEncryptionKey $cek
* @return string
*/
protected function createAuthenticationTag($aad_base64, $iv, $cipher_text, ContentEncryptionKey $cek)
{
// 64-Bit Big-Endian Representation of AAD Length
$aad_length = Str::len($aad_base64);
if (version_compare(PHP_VERSION, '5.6.3', '>=')) {
$al_value = pack('J1', $aad_length);
} else {
$int32bit_max = 2147483647;
$al_value = pack('N2', $aad_length / $int32bit_max * 8, $aad_length % $int32bit_max * 8);
}
// Concatenate the AAD, the Initialization Vector, the ciphertext, and the AL value.
$concatenated_value = implode('', array($aad_base64, $iv, $cipher_text, $al_value));
// Compute the HMAC of the concatenated value above
$hmac = hash_hmac($this->getHashAlgorithm(), $concatenated_value, $cek->getMacKey(), true);
// Use the first half (128 bits) of the HMAC output M as the Authentication Tag output T.
return Str::substr($hmac, 0, 16);
}
