Exemple #1
0
 /**
  * Stream decryption - Do not call directly
  * 
  * @param resource $input
  * @param resource $output
  * @param Key $encKey
  * @param string $nonce
  * @param resource $mac (hash context)
  * @param &array $config
  * @throws FileAlert\AccessDenied
  */
 private static final function streamDecrypt($input, $output, \ParagonIE\Halite\Contract\CryptoKeyInterface $encKey, $nonce, $mac, array $config, array &$chunk_macs)
 {
     // Reset the stream pointer to the beginning of the ciphertext
     $start = \ftell($input);
     if (\fseek($input, -1 * $config['MAC_SIZE'], SEEK_END) === false) {
         throw new CryptoAlert\CannotPerformOperation('Stream error');
     }
     $cipher_end = \ftell($input) - 1;
     if (\fseek($input, $start, SEEK_SET) === false) {
         throw new CryptoAlert\CannotPerformOperation('Stream error');
     }
     $break = false;
     while (!$break) {
         $pos = \ftell($input);
         if ($pos === false) {
             throw new CryptoAlert\CannotPerformOperation('Stream error');
         }
         // Read the data from the input buffer
         if ($pos + $config['BUFFER'] >= $cipher_end) {
             $break = true;
             $read = self::readBytes($input, $cipher_end - $pos + 1);
         } else {
             $read = self::readBytes($input, $config['BUFFER']);
         }
         // Let's reculcualte the MAC of this chunk, then verify it
         \hash_update($mac, $read);
         $calcMAC = \hash_copy($mac);
         if ($calcMAC === false) {
             throw new CryptoAlert\CannotPerformOperation('An unknown error has occurred');
         }
         $calc = \hash_final($calcMAC, true);
         if (empty($chunk_macs)) {
             throw new CryptoAlert\InvalidMessage('Invalid message authentication code');
         } elseif (!\hash_equals(\array_shift($chunk_macs), $calc)) {
             throw new CryptoAlert\InvalidMessage('Invalid message authentication code');
         }
         $decrypted = \Sodium\crypto_stream_xor($read, $nonce, $encKey->get());
         $written = \fwrite($output, $decrypted);
         if ($written === false) {
             throw new FileAlert\AccessDenied('Could not write to the file');
         }
         \Sodium\increment($nonce);
     }
 }
Exemple #2
0
 /**
  * Stream decryption - Do not call directly
  *
  * @param ReadOnlyFile $input
  * @param MutableFile $output
  * @param Key $encKey
  * @param string $nonce
  * @param resource $mac (hash context)
  * @param Config $config
  * @return bool
  * @throws CryptoException\AccessDenied
  * @throws CryptoException\CannotPerformOperation
  * @throws CryptoException\FileModified
  * @throws CryptoException\InvalidKey
  * @throws CryptoException\InvalidMessage
  */
 private static final function streamDecrypt(ReadOnlyFile $input, MutableFile $output, EncryptionKey $encKey, string $nonce, $mac, Config $config, array &$chunk_macs) : bool
 {
     $start = $input->getPos();
     $cipher_end = $input->getSize() - $config->MAC_SIZE;
     // Begin the streaming decryption
     $input->reset($start);
     while ($input->remainingBytes() > $config->MAC_SIZE) {
         /**
          * Would a full BUFFER read put it past the end of the
          * ciphertext? If so, only return a portion of the file.
          */
         if ($input->getPos() + $config->BUFFER > $cipher_end) {
             $read = $input->readBytes($cipher_end - $input->getPos());
         } else {
             $read = $input->readBytes($config->BUFFER);
         }
         if ($config->USE_BLAKE2B) {
             \Sodium\crypto_generichash_update($mac, $read);
             $calcMAC = '' . $mac;
             $calc = \Sodium\crypto_generichash_final($calcMAC, $config->MAC_SIZE);
         } else {
             \hash_update($mac, $read);
             $calcMAC = \hash_copy($mac);
             if ($calcMAC === false) {
                 throw new CryptoException\CannotPerformOperation('An unknown error has occurred');
             }
             $calc = \hash_final($calcMAC, true);
         }
         if (empty($chunk_macs)) {
             throw new CryptoException\InvalidMessage('Invalid message authentication code');
         } else {
             $chkmac = \array_shift($chunk_macs);
             if (!\hash_equals($chkmac, $calc)) {
                 throw new CryptoException\InvalidMessage('Invalid message authentication code');
             }
         }
         $decrypted = \Sodium\crypto_stream_xor($read, $nonce, $encKey->getRawKeyMaterial());
         $output->writeBytes($decrypted);
         \Sodium\increment($nonce);
     }
     \Sodium\memzero($nonce);
     return true;
 }
Exemple #3
0
 /**
  * Stream decryption - Do not call directly
  * 
  * @param ReadOnlyFile $input
  * @param MutableFile $output
  * @param Key $encKey
  * @param string $nonce
  * @param resource $mac (hash context)
  * @param Config $config
  * @throws FileAlert\AccessDenied
  */
 private static final function streamDecrypt(ReadOnlyFile $input, MutableFile $output, KeyInterface $encKey, $nonce, $mac, Config $config, array &$chunk_macs)
 {
     if (!$encKey instanceof EncryptionKey) {
         throw new \ParagonIE\Halite\Alerts\InvalidKey('Argument 3: Expected an instance of EncryptionKey');
     }
     $start = $input->getPos();
     $cipher_end = $input->getSize() - $config->MAC_SIZE;
     // Begin the streaming decryption
     $input->reset($start);
     while ($input->remainingBytes() > $config->MAC_SIZE) {
         if ($input->getPos() + $config->BUFFER > $cipher_end) {
             $read = $input->readBytes($cipher_end - $input->getPos());
         } else {
             $read = $input->readBytes($config->BUFFER);
         }
         \hash_update($mac, $read);
         $calcMAC = \hash_copy($mac);
         if ($calcMAC === false) {
             throw new CryptoException\CannotPerformOperation('An unknown error has occurred');
         }
         $calc = \hash_final($calcMAC, true);
         if (empty($chunk_macs)) {
             throw new CryptoException\InvalidMessage('Invalid message authentication code');
         } else {
             $chkmac = \array_shift($chunk_macs);
             if (!\hash_equals($chkmac, $calc)) {
                 throw new CryptoException\InvalidMessage('Invalid message authentication code');
             }
         }
         $decrypted = \Sodium\crypto_stream_xor($read, $nonce, $encKey->get());
         $output->writeBytes($decrypted);
         \Sodium\increment($nonce);
     }
     \Sodium\memzero($nonce);
     return true;
 }
Exemple #4
0
 /**
  * Increments a nonce to prevent replay attacks.
  *
  * @param string $string Random byte buffer with nonce.
  * @return void
  */
 public static function incrementNonce($string)
 {
     \Sodium\increment($string);
 }
Exemple #5
0
 /**
  * Stream decryption - Do not call directly
  *
  * @param ReadOnlyFile $input
  * @param MutableFile $output
  * @param EncryptionKey $encKey
  * @param string $nonce
  * @param string $mac (hash context for BLAKE2b)
  * @param Config $config
  * @param array &$chunk_macs
  * @return bool
  * @throws FileAccessDenied
  * @throws CannotPerformOperation
  * @throws FileModified
  * @throws InvalidKey
  * @throws InvalidMessage
  */
 private static final function streamDecrypt(ReadOnlyFile $input, MutableFile $output, EncryptionKey $encKey, string $nonce, string $mac, Config $config, array &$chunk_macs) : bool
 {
     $start = $input->getPos();
     $cipher_end = $input->getSize() - $config->MAC_SIZE;
     // Begin the streaming decryption
     $input->reset($start);
     while ($input->remainingBytes() > $config->MAC_SIZE) {
         /**
          * Would a full BUFFER read put it past the end of the
          * ciphertext? If so, only return a portion of the file.
          */
         if ($input->getPos() + $config->BUFFER > $cipher_end) {
             $read = $input->readBytes($cipher_end - $input->getPos());
         } else {
             $read = $input->readBytes($config->BUFFER);
         }
         // Version 2+ uses a keyed BLAKE2b hash instead of HMAC
         \Sodium\crypto_generichash_update($mac, $read);
         $calcMAC = Util::safeStrcpy($mac);
         $calc = \Sodium\crypto_generichash_final($calcMAC, $config->MAC_SIZE);
         if (empty($chunk_macs)) {
             // Someone attempted to add a chunk at the end.
             throw new InvalidMessage('Invalid message authentication code');
         } else {
             $chunkMAC = \array_shift($chunk_macs);
             if (!\hash_equals($chunkMAC, $calc)) {
                 // This chunk was altered after the original MAC was verified
                 throw new InvalidMessage('Invalid message authentication code');
             }
         }
         // This is where the decryption actually occurs:
         $decrypted = \Sodium\crypto_stream_xor($read, $nonce, $encKey->getRawKeyMaterial());
         $output->writeBytes($decrypted);
         \Sodium\increment($nonce);
     }
     \Sodium\memzero($nonce);
     return true;
 }