Decrypts a ciphertext to a string with a password, using a slow key
derivation function to make password cracking more expensive.
/**
* @param $passwordHash
* @param $token
* @return array
*/
public static function tokenDecrypt($passwordHash, $token)
{
$decrypted = Crypto::decryptWithPassword($token, $passwordHash);
return explode("|", $decrypted);
}
}
// Validation: check if this is a brute force attempt
$past = strtotime("-5 min") * 1000;
$events->search('value.action:failed AND @path.timestamp:[' . $past . ' TO ' . $now . ']');
$fail_total = $events->getTotalCount();
if ($fail_total >= 3) {
$item->event('log')->post(['action' => 'disabled']);
$errors = true;
response(VALIDATION_TOO_MANY_ATTEMPTS, $errors);
}
// If all of the above validation checks pass, continue on
if (!$errors) {
$data_encrypted = hex2bin($item->secret);
// Decrypt data, reference: https://github.com/defuse/php-encryption/
try {
$data_decrypted = Crypto::decryptWithPassword($data_encrypted, $password);
} catch (Ex\WrongKeyOrModifiedCiphertextException $ex) {
$item->event('log')->post(['action' => 'failed']);
response(DECRYPTION_PASSWORD_WRONG, true);
} catch (Ex\EnvironmentIsBrokenException $ex) {
response(ENCRYPTION_UNSAFE, true);
}
// Delete message
if ($item->delete()) {
$item->event('log')->post(['action' => 'deleted']);
} else {
response($item->getStatus(), true);
}
$data = unserialize($data_decrypted);
// Send email to sender
if (!empty($data["email_sender"])) {
/**
* @expectedException \Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException
*/
public function testDecryptHexAsRaw()
{
$ciphertext = Crypto::encryptWithPassword('testdata', 'password', false);
Crypto::decryptWithPassword($ciphertext, 'password', true);
}
/**
* @inheritDoc
*/
public function decodeToken($value)
{
return Crypto::decryptWithPassword($value, $this->key, true);
}
