Exemple #1
1
 /**
  *  {@inheritdoc}
  */
 public function decryptContent($data, $cek, $iv, $aad, $encoded_protected_header, $tag)
 {
     $calculated_aad = $encoded_protected_header;
     if (null !== $aad) {
         $calculated_aad .= '.' . $aad;
     }
     if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
         return openssl_decrypt($data, $this->getMode($cek), $cek, OPENSSL_RAW_DATA, $iv, $tag, $calculated_aad);
     } elseif (class_exists('\\Crypto\\Cipher')) {
         $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
         $cipher->setTag($tag);
         $cipher->setAAD($calculated_aad);
         $plaintext = $cipher->decrypt($data, $cek, $iv);
         return $plaintext;
     }
     return GCM::decrypt($cek, $iv, $data, $calculated_aad, $tag);
 }
Exemple #2
0
 /**
  * @param \Jose\Object\JWKInterface $key
  * @param string                    $encryted_cek
  * @param array                     $header
  *
  * @return mixed
  */
 public function decryptKey(JWKInterface $key, $encryted_cek, array $header)
 {
     $this->checkKey($key);
     $this->checkAdditionalParameters($header);
     $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
     $cipher->setTag(Base64Url::decode($header['tag']));
     $cipher->setAAD(null);
     $cek = $cipher->decrypt($encryted_cek, Base64Url::decode($key->get('k')), Base64Url::decode($header['iv']));
     return $cek;
 }
Exemple #3
0
/**
 * Decrypt ciphertext using AES cipher with GCM mode and 256 bit key
 * @param string $ct Ciphertext
 * @param string $key Key
 * @param string $iv Initial vector
 * @param string $aad Additional application data
 * @param string $tag Authentication tag
 * @return string Plaintext
 * @throw Crypto\AlgorithmException if any of the method fails
 */
function gcm_decrypt($ct, $key, $iv, $aad, $tag)
{
    echo "------- DECRYPTION -------\n";
    echo "Ciphertext: " . bin2hex($ct) . PHP_EOL;
    $cipher = Cipher::aes(Cipher::MODE_GCM, 256);
    $cipher->setTag($tag);
    $cipher->setAAD($aad);
    $pt = $cipher->decrypt($ct, $key, $iv);
    echo "Plaintext: " . bin2hex($pt) . PHP_EOL;
}
Exemple #4
0
 /**
  *  {@inheritdoc}
  */
 public function decryptContent($data, $cek, $iv, $aad, $encoded_protected_header, $tag)
 {
     $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
     $calculated_aad = $encoded_protected_header;
     if (null !== $aad) {
         $calculated_aad .= '.' . $aad;
     }
     $cipher->setTag($tag);
     $cipher->setAAD($calculated_aad);
     $plaintext = $cipher->decrypt($data, $cek, $iv);
     return $plaintext;
 }
Exemple #5
0
 /**
  * {@inheritdoc}
  */
 public function unwrapKey(JWKInterface $key, $encrypted_cek, array $header)
 {
     $this->checkKey($key);
     $this->checkAdditionalParameters($header);
     $kek = Base64Url::decode($key->get('k'));
     $tag = Base64Url::decode($header['tag']);
     $iv = Base64Url::decode($header['iv']);
     if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
         return openssl_decrypt($encrypted_cek, $this->getMode($kek), $kek, OPENSSL_RAW_DATA, $iv, $tag, null);
     } elseif (class_exists('\\Crypto\\Cipher')) {
         $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
         $cipher->setTag($tag);
         $cipher->setAAD(null);
         $cek = $cipher->decrypt($encrypted_cek, $kek, $iv);
         return $cek;
     }
     return AESGCM::decrypt($kek, $iv, $encrypted_cek, null, $tag);
 }
Exemple #6
0
    $iv = str_repeat('i', $iv_len);
    // Test data
    $data1 = "Test";
    $data2 = "Data";
    $data = $data1 . $data2;
    // Simple encryption
    $sim_ct = $cipher->encrypt($data, $key, $iv);
    // init/update/finish encryption
    $cipher->encryptInit($key, $iv);
    $iuf_ct = $cipher->encryptUpdate($data1);
    $iuf_ct .= $cipher->encryptUpdate($data2);
    $iuf_ct .= $cipher->encryptFinish();
    // Raw data output (used base64 format for printing)
    echo "Ciphertext (sim): " . base64_encode($sim_ct) . PHP_EOL;
    echo "Ciphertext (iuf): " . base64_encode($iuf_ct) . PHP_EOL;
    // $iuf_out == $sim_out
    $ct = $sim_ct;
    // Another way how to create a new cipher object (using the same algorithm and mode)
    $cipher = Cipher::aes(Cipher::MODE_CBC, 256);
    // Simple decryption
    $sim_text = $cipher->decrypt($ct, $key, $iv);
    // init/update/finish decryption
    $cipher->decryptInit($key, $iv);
    $iuf_text = $cipher->decryptUpdate($ct);
    $iuf_text .= $cipher->decryptFinish();
    // Raw data output ($iuf_out == $sim_out)
    echo "Text (sim): " . $sim_text . PHP_EOL;
    echo "Text (iuf): " . $iuf_text . PHP_EOL;
} catch (AlgorithmException $e) {
    echo $e->getMessage() . PHP_EOL;
}
Exemple #7
0
 public static function decrypt($encData, $password, $IV, $AAD)
 {
     /*
      * https://tools.ietf.org/html/rfc5116#section-5.1
      * 
      * An authentication tag with a length of 16 octets (128
      * bits) is used.  The AEAD_AES_128_GCM ciphertext is formed by
      * appending the authentication tag provided as an output to the GCM
      * encryption operation to the ciphertext that is output by that
      * operation. 
      *
      * ciphertext is exactly 16 octets longer than its
      * corresponding plaintext.
      */
     if (strlen($encData) < self::TAG_LEN) {
         return false;
     }
     // Get the tag appended to cipher text
     $tag = substr($encData, strlen($encData) - self::TAG_LEN, self::TAG_LEN);
     // Resize the cipher text
     $encData = substr($encData, 0, strlen($encData) - self::TAG_LEN);
     if (self::useOpenSSL()) {
         $method = self::getMethod($password);
         $data = openssl_decrypt($encData, $method, $password, OPENSSL_RAW_DATA, $IV, $tag, $AAD);
     } else {
         if (self::useSO()) {
             try {
                 $cipher = \Crypto\Cipher::aes(\Crypto\Cipher::MODE_GCM, self::bitLen($password));
                 $cipher->setTag($tag);
                 $cipher->setAAD($AAD);
                 $data = $cipher->decrypt($encData, $password, $IV);
             } catch (\Exception $e) {
                 return false;
             }
         } else {
             try {
                 $data = AESGCM::decrypt($password, $IV, $encData, $AAD, $tag);
             } catch (\Exception $e) {
                 //echo $e->getMessage();
                 return false;
             }
         }
     }
     return $data;
 }
Exemple #8
0
 /**
  * @param string      $K          Key encryption key
  * @param string      $key_length Key length
  * @param string      $IV         Initialization vector
  * @param string|null $C          Data to encrypt (null for authentication)
  * @param string|null $A          Additional Authentication Data
  * @param string      $T          Tag
  * @param int         $tag_length Tag length
  *
  * @return string
  */
 private static function decryptWithCryptoExtension($K, $key_length, $IV, $C, $A, $T, $tag_length = 128)
 {
     $cipher = \Crypto\Cipher::aes(\Crypto\Cipher::MODE_GCM, $key_length);
     $cipher->setTag($T);
     $cipher->setAAD($A);
     $cipher->setTagLength($tag_length / 8);
     return $cipher->decrypt($C, $K, $IV);
 }