/**
* {@inheritdoc}
*/
public function decryptContent($data, $cek, $iv, $aad, $encoded_protected_header, $tag)
{
$calculated_aad = $encoded_protected_header;
if (null !== $aad) {
$calculated_aad .= '.' . $aad;
}
if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
return openssl_decrypt($data, $this->getMode($cek), $cek, OPENSSL_RAW_DATA, $iv, $tag, $calculated_aad);
} elseif (class_exists('\\Crypto\\Cipher')) {
$cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
$cipher->setTag($tag);
$cipher->setAAD($calculated_aad);
$plaintext = $cipher->decrypt($data, $cek, $iv);
return $plaintext;
}
return GCM::decrypt($cek, $iv, $data, $calculated_aad, $tag);
}
/**
* {@inheritdoc}
*/
public function unwrapKey(JWKInterface $key, $encrypted_cek, array $header)
{
$this->checkKey($key);
$this->checkAdditionalParameters($header);
$kek = Base64Url::decode($key->get('k'));
$tag = Base64Url::decode($header['tag']);
$iv = Base64Url::decode($header['iv']);
if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
return openssl_decrypt($encrypted_cek, $this->getMode($kek), $kek, OPENSSL_RAW_DATA, $iv, $tag, null);
} elseif (class_exists('\\Crypto\\Cipher')) {
$cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize());
$cipher->setTag($tag);
$cipher->setAAD(null);
$cek = $cipher->decrypt($encrypted_cek, $kek, $iv);
return $cek;
}
return AESGCM::decrypt($kek, $iv, $encrypted_cek, null, $tag);
}
public static function decrypt($encData, $password, $IV, $AAD)
{
/*
* https://tools.ietf.org/html/rfc5116#section-5.1
*
* An authentication tag with a length of 16 octets (128
* bits) is used. The AEAD_AES_128_GCM ciphertext is formed by
* appending the authentication tag provided as an output to the GCM
* encryption operation to the ciphertext that is output by that
* operation.
*
* ciphertext is exactly 16 octets longer than its
* corresponding plaintext.
*/
if (strlen($encData) < self::TAG_LEN) {
return false;
}
// Get the tag appended to cipher text
$tag = substr($encData, strlen($encData) - self::TAG_LEN, self::TAG_LEN);
// Resize the cipher text
$encData = substr($encData, 0, strlen($encData) - self::TAG_LEN);
if (self::useOpenSSL()) {
$method = self::getMethod($password);
$data = openssl_decrypt($encData, $method, $password, OPENSSL_RAW_DATA, $IV, $tag, $AAD);
} else {
if (self::useSO()) {
try {
$cipher = \Crypto\Cipher::aes(\Crypto\Cipher::MODE_GCM, self::bitLen($password));
$cipher->setTag($tag);
$cipher->setAAD($AAD);
$data = $cipher->decrypt($encData, $password, $IV);
} catch (\Exception $e) {
return false;
}
} else {
try {
$data = AESGCM::decrypt($password, $IV, $encData, $AAD, $tag);
} catch (\Exception $e) {
//echo $e->getMessage();
return false;
}
}
}
return $data;
}
