/** * @return string */ public function getEncKey() { if (!$this->enc_key) { // Use the last 128 bits of this key as the AES-CBC key ENC_KEY $this->enc_key = Str::substr($this->content_encryption_key, 16, null); } return $this->enc_key; }
/** * @param string $aad_base64 * @param string $iv * @param string $cipher_text * @param ContentEncryptionKey $cek * @return string */ protected function createAuthenticationTag($aad_base64, $iv, $cipher_text, ContentEncryptionKey $cek) { // 64-Bit Big-Endian Representation of AAD Length $aad_length = Str::len($aad_base64); if (version_compare(PHP_VERSION, '5.6.3', '>=')) { $al_value = pack('J1', $aad_length); } else { $int32bit_max = 2147483647; $al_value = pack('N2', $aad_length / $int32bit_max * 8, $aad_length % $int32bit_max * 8); } // Concatenate the AAD, the Initialization Vector, the ciphertext, and the AL value. $concatenated_value = implode('', array($aad_base64, $iv, $cipher_text, $al_value)); // Compute the HMAC of the concatenated value above $hmac = hash_hmac($this->getHashAlgorithm(), $concatenated_value, $cek->getMacKey(), true); // Use the first half (128 bits) of the HMAC output M as the Authentication Tag output T. return Str::substr($hmac, 0, 16); }