/**
* @param string $aad_base64
* @param ContentEncryptionKey $cek
* @param string $iv
* @param string $cipher_text
* @param string $auth_tag
* @return string
* @throws \Cyh\Jose\Encryption\Exception\UnexpectedValueException
*/
public function decrypt($aad_base64, ContentEncryptionKey $cek, $iv, $cipher_text, $auth_tag)
{
$base_auth_tag = $this->createAuthenticationTag($aad_base64, $iv, $cipher_text, $cek);
if (!Str::equals($base_auth_tag, $auth_tag)) {
throw new UnexpectedValueException('Invalid authentication tag');
}
$content = openssl_decrypt($cipher_text, $this->getMethod(), $cek->getEncKey(), OPENSSL_RAW_DATA, $iv);
if (false === $content) {
throw new UnexpectedValueException('Unable to decrypt cipher_text: ' . openssl_error_string());
}
return $content;
}
/**
*
* @link http://php.net/manual/en/function.hash-hmac.php
* @link http://php.net/manual/en/function.hash-equals.php
*
* @param string $message
* @param string $signature
* @param string $secret_key
* @return bool
* @throws InvalidSignatureException
*/
public function verify($message, $signature, $secret_key)
{
$hash = hash_hmac($this->getHashAlgorithm(), $message, $secret_key, true);
if (function_exists('hash_equals')) {
if (true === hash_equals($signature, $hash)) {
return true;
}
throw new InvalidSignatureException('Unable to verify signature');
}
if (Str::equals($signature, $hash)) {
return true;
}
throw new InvalidSignatureException('Unable to verify signature');
}
