/**
* @return string
*/
public function getEncKey()
{
if (!$this->enc_key) {
// Use the last 128 bits of this key as the AES-CBC key ENC_KEY
$this->enc_key = Str::substr($this->content_encryption_key, 16, null);
}
return $this->enc_key;
}
/**
* @param string $aad_base64
* @param string $iv
* @param string $cipher_text
* @param ContentEncryptionKey $cek
* @return string
*/
protected function createAuthenticationTag($aad_base64, $iv, $cipher_text, ContentEncryptionKey $cek)
{
// 64-Bit Big-Endian Representation of AAD Length
$aad_length = Str::len($aad_base64);
if (version_compare(PHP_VERSION, '5.6.3', '>=')) {
$al_value = pack('J1', $aad_length);
} else {
$int32bit_max = 2147483647;
$al_value = pack('N2', $aad_length / $int32bit_max * 8, $aad_length % $int32bit_max * 8);
}
// Concatenate the AAD, the Initialization Vector, the ciphertext, and the AL value.
$concatenated_value = implode('', array($aad_base64, $iv, $cipher_text, $al_value));
// Compute the HMAC of the concatenated value above
$hmac = hash_hmac($this->getHashAlgorithm(), $concatenated_value, $cek->getMacKey(), true);
// Use the first half (128 bits) of the HMAC output M as the Authentication Tag output T.
return Str::substr($hmac, 0, 16);
}
