/**
* @param string $signature
* @param string $securedInput
* @param string $key
*
* @return bool
*/
public function verify($signature, $securedInput, $key)
{
if (null != $key) {
throw new JoseJwtException('Plaintext algorithm expects key to be null');
}
return StringUtils::length($signature) === 0;
}
/**
* @param string $encryptedCek
* @param string $kek
* @param int $cekSizeBits
* @param array $header
*
* @return string
*/
public function unwrap($encryptedCek, $kek, $cekSizeBits, array $header)
{
$kekLen = StringUtils::length($kek);
if ($kekLen * 8 != $this->kekLengthBits) {
throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8));
}
return $this->aesUnwrap($kek, $encryptedCek);
}
/**
* @param $aad
* @param $iv
* @param $cipherText
* @param $hmacKey
*
* @return string
*/
private function computeAuthTag($aad, $iv, $cipherText, $hmacKey)
{
$aadLen = StringUtils::length($aad);
$max32bit = 2147483647;
$hmacInput = implode('', [$aad, $iv, $cipherText, pack('N2', $aadLen / $max32bit * 8, $aadLen % $max32bit * 8)]);
$authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey);
$authTagLen = StringUtils::length($authTag);
$authTag = StringUtils::substring($authTag, 0, $authTagLen / 2);
return $authTag;
}
