/** * {@inheritdoc} */ public function decryptContent($data, $cek, $iv, $aad, $encoded_protected_header, $tag) { $calculated_aad = $encoded_protected_header; if (null !== $aad) { $calculated_aad .= '.' . $aad; } if (version_compare(PHP_VERSION, '7.1.0') >= 0) { return openssl_decrypt($data, $this->getMode($cek), $cek, OPENSSL_RAW_DATA, $iv, $tag, $calculated_aad); } elseif (class_exists('\\Crypto\\Cipher')) { $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize()); $cipher->setTag($tag); $cipher->setAAD($calculated_aad); $plaintext = $cipher->decrypt($data, $cek, $iv); return $plaintext; } return GCM::decrypt($cek, $iv, $data, $calculated_aad, $tag); }
/** * {@inheritdoc} */ public function unwrapKey(JWKInterface $key, $encrypted_cek, array $header) { $this->checkKey($key); $this->checkAdditionalParameters($header); $kek = Base64Url::decode($key->get('k')); $tag = Base64Url::decode($header['tag']); $iv = Base64Url::decode($header['iv']); if (version_compare(PHP_VERSION, '7.1.0') >= 0) { return openssl_decrypt($encrypted_cek, $this->getMode($kek), $kek, OPENSSL_RAW_DATA, $iv, $tag, null); } elseif (class_exists('\\Crypto\\Cipher')) { $cipher = Cipher::aes(Cipher::MODE_GCM, $this->getKeySize()); $cipher->setTag($tag); $cipher->setAAD(null); $cek = $cipher->decrypt($encrypted_cek, $kek, $iv); return $cek; } return AESGCM::decrypt($kek, $iv, $encrypted_cek, null, $tag); }
public static function decrypt($encData, $password, $IV, $AAD) { /* * https://tools.ietf.org/html/rfc5116#section-5.1 * * An authentication tag with a length of 16 octets (128 * bits) is used. The AEAD_AES_128_GCM ciphertext is formed by * appending the authentication tag provided as an output to the GCM * encryption operation to the ciphertext that is output by that * operation. * * ciphertext is exactly 16 octets longer than its * corresponding plaintext. */ if (strlen($encData) < self::TAG_LEN) { return false; } // Get the tag appended to cipher text $tag = substr($encData, strlen($encData) - self::TAG_LEN, self::TAG_LEN); // Resize the cipher text $encData = substr($encData, 0, strlen($encData) - self::TAG_LEN); if (self::useOpenSSL()) { $method = self::getMethod($password); $data = openssl_decrypt($encData, $method, $password, OPENSSL_RAW_DATA, $IV, $tag, $AAD); } else { if (self::useSO()) { try { $cipher = \Crypto\Cipher::aes(\Crypto\Cipher::MODE_GCM, self::bitLen($password)); $cipher->setTag($tag); $cipher->setAAD($AAD); $data = $cipher->decrypt($encData, $password, $IV); } catch (\Exception $e) { return false; } } else { try { $data = AESGCM::decrypt($password, $IV, $encData, $AAD, $tag); } catch (\Exception $e) { //echo $e->getMessage(); return false; } } } return $data; }