Exemplo n.º 1
0
 /**
  * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
  * @param string $authenticatedCiphertext
  * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  * @return string plaintext
  * @throws \Exception If the HMAC does not match
  */
 public function decrypt($authenticatedCiphertext, $password = '')
 {
     if ($password === '') {
         $password = $this->config->getSystemValue('secret');
     }
     $this->cipher->setPassword($password);
     $parts = explode('|', $authenticatedCiphertext);
     if (sizeof($parts) !== 3) {
         throw new \Exception('Authenticated ciphertext could not be decoded.');
     }
     $ciphertext = hex2bin($parts[0]);
     $iv = $parts[1];
     $hmac = hex2bin($parts[2]);
     $this->cipher->setIV($iv);
     if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
         throw new \Exception('HMAC does not match.');
     }
     return $this->cipher->decrypt($ciphertext);
 }