/** * @param string $aad_base64 * @param ContentEncryptionKey $cek * @param string $iv * @param string $cipher_text * @param string $auth_tag * @return string * @throws \Cyh\Jose\Encryption\Exception\UnexpectedValueException */ public function decrypt($aad_base64, ContentEncryptionKey $cek, $iv, $cipher_text, $auth_tag) { $base_auth_tag = $this->createAuthenticationTag($aad_base64, $iv, $cipher_text, $cek); if (!Str::equals($base_auth_tag, $auth_tag)) { throw new UnexpectedValueException('Invalid authentication tag'); } $content = openssl_decrypt($cipher_text, $this->getMethod(), $cek->getEncKey(), OPENSSL_RAW_DATA, $iv); if (false === $content) { throw new UnexpectedValueException('Unable to decrypt cipher_text: ' . openssl_error_string()); } return $content; }
/** * * @link http://php.net/manual/en/function.hash-hmac.php * @link http://php.net/manual/en/function.hash-equals.php * * @param string $message * @param string $signature * @param string $secret_key * @return bool * @throws InvalidSignatureException */ public function verify($message, $signature, $secret_key) { $hash = hash_hmac($this->getHashAlgorithm(), $message, $secret_key, true); if (function_exists('hash_equals')) { if (true === hash_equals($signature, $hash)) { return true; } throw new InvalidSignatureException('Unable to verify signature'); } if (Str::equals($signature, $hash)) { return true; } throw new InvalidSignatureException('Unable to verify signature'); }