ubiquity/_encryption_8php_source.html

<?php

namespace Ubiquity\security\data;


use Ubiquity\exceptions\EncryptException;

use Ubiquity\exceptions\DecryptException;

use Ubiquity\exceptions\EncryptionKeyException;


class Encryption {


    const AES128 = 'AES-128-CBC';


    const AES192 = 'AES-192-CBC';


    const AES256 = 'AES-256-CBC';


    private static $acceptedCiphers = [

        32 => self::AES128,

        48 => self::AES192,

        64 => self::AES256

    ];


    protected $key;


    protected $cipher;


    public function __construct(?string $key = null, ?string $cipher = null) {

        $this->key = $key;

        $this->cipher = $cipher;

    }


    public function initializeKeyAndCipher() {

        if (isset($this->key) && ! isset($this->cipher)) {

            $this->cipher = self::getCipherFromKey($this->key);

        } elseif (! isset($this->key)) {

            $this->cipher ??= self::AES128;

            $this->key = self::generateKey($this->cipher);

        }

        if (! self::isValidKey($this->key, $this->cipher)) {

            throw new EncryptionKeyException("The encryption key size is not valid for {$this->cipher}.");

        }

    }


    public static function getCipherFromKey(string $key) {

        $size = \strlen($key);

        if (isset(self::$acceptedCiphers[$size])) {

            return self::$acceptedCiphers[$size];

        }

        throw new EncryptionKeyException("The encryption key has not a valid size ({$size})");

    }


    protected function hash($iv, $value): string {

        return \hash_hmac('sha256', $iv . $value, $this->key);

    }


    protected function getJsonPayload($payload) {

        $payload = \json_decode(\base64_decode($payload), true);

        if (! $this->isValidPayload($payload)) {

            throw new DecryptException('The payload is invalid.');

        }

        if (! $this->isValidMac($payload)) {

            throw new DecryptException('The MAC control is invalid.');

        }


        return $payload;

    }


    protected function isValidPayload($payload) {

        return \is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) && \strlen(\base64_decode($payload['iv'], true)) === \openssl_cipher_iv_length($this->cipher);

    }


    protected function isValidMac(array $payload) {

        $calculated = $this->calculateMac($payload, $bytes = random_bytes(16));

        return \hash_equals(\hash_hmac('sha256', $payload['mac'], $bytes, true), $calculated);

    }


    protected function calculateMac($payload, $bytes) {

        return \hash_hmac('sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true);

    }


    public function encrypt($value, $serialize = true): string {

        $iv = \random_bytes(\openssl_cipher_iv_length($this->cipher));

        $value = \openssl_encrypt($serialize ? \serialize($value) : $value, $this->cipher, $this->key, 0, $iv);

        if ($value === false) {

            throw new EncryptException('Could not encrypt the data with openssl.');

        }


        $mac = $this->hash($iv = base64_encode($iv), $value);

        $json = \json_encode(\compact('iv', 'value', 'mac'), JSON_UNESCAPED_SLASHES);

        if (\json_last_error() !== \JSON_ERROR_NONE) {

            throw new EncryptException('Could not json_encode the data.');

        }


        return \base64_encode($json);

    }


    public function encryptString(string $value): string {

        return $this->encrypt($value, false);

    }


    public function decrypt(string $payload, $unserialize = true) {

        $payload = $this->getJsonPayload($payload);

        $iv = base64_decode($payload['iv']);

        $decrypted = \openssl_decrypt($payload['value'], $this->cipher, $this->key, 0, $iv);


        if ($decrypted === false) {

            throw new DecryptException('Could not decrypt the data.');

        }


        return $unserialize ? unserialize($decrypted) : $decrypted;

    }


    public function decryptString($payload) {

        return $this->decrypt($payload, false);

    }


    public static function isValidKey(string $key, string $cipher): bool {

        $length = \strlen($key);

        return isset(self::$acceptedCiphers[$length]) && self::$acceptedCiphers[$length] === $cipher;

    }


    public static function generateKey(string $cipher): string {

        $sizeMethods = \array_flip(self::$acceptedCiphers);

        return \bin2hex(\random_bytes($sizeMethods[$cipher] / 2));

    }


    public function getKey() {

        return $this->key;

    }


    public function getCipher() {

        return $this->cipher;

    }


    public static function getMethods(?bool $aliases = null): array {

        return \openssl_get_cipher_methods($aliases);

    }


}


Ubiquity\exceptions\DecryptException
Decryption Exceptions.
Definition DecryptException.php:10

Ubiquity\exceptions\EncryptException
Encryption Exceptions.
Definition EncryptException.php:10

Ubiquity\exceptions\EncryptionKeyException
Decryption Exceptions.
Definition EncryptionKeyException.php:10

Ubiquity\security\data\Encryption
Ubiquity\security\data$Encryption This class is part of Ubiquity Inspired from illuminate/encryption ...
Definition Encryption.php:18

Ubiquity\security\data\Encryption\isValidKey
static isValidKey(string $key, string $cipher)
Check if the given key and cipher combination is valid.
Definition Encryption.php:213

Ubiquity\security\data\Encryption\generateKey
static generateKey(string $cipher)
Generate a new key for the given cipher.
Definition Encryption.php:224

Ubiquity\security\data\Encryption\getCipherFromKey
static getCipherFromKey(string $key)
Definition Encryption.php:72

Ubiquity\security\data\Encryption\AES256
const AES256
Definition Encryption.php:24

Ubiquity\security\data\Encryption\hash
hash($iv, $value)
Create a MAC for the given value.
Definition Encryption.php:87

Ubiquity\security\data\Encryption\isValidMac
isValidMac(array $payload)
Check if the MAC for the given payload is valid.
Definition Encryption.php:125

Ubiquity\security\data\Encryption\AES192
const AES192
Definition Encryption.php:22

Ubiquity\security\data\Encryption\AES128
const AES128
Definition Encryption.php:20

Ubiquity\security\data\Encryption\initializeKeyAndCipher
initializeKeyAndCipher()
Definition Encryption.php:60

Ubiquity\security\data\Encryption\__construct
__construct(?string $key=null, ?string $cipher=null)
Create a new encrypter instance.
Definition Encryption.php:55

Ubiquity\security\data\Encryption\getJsonPayload
getJsonPayload($payload)
Get the JSON array from the given payload.
Definition Encryption.php:97

Ubiquity\security\data\Encryption\encryptString
encryptString(string $value)
Encrypt a string without serialization.
Definition Encryption.php:171

Ubiquity\security\data\Encryption\$key
$key
Definition Encryption.php:37

Ubiquity\security\data\Encryption\getCipher
getCipher()
Definition Encryption.php:241

Ubiquity\security\data\Encryption\calculateMac
calculateMac($payload, $bytes)
Calculate the hash of the given payload.
Definition Encryption.php:137

Ubiquity\security\data\Encryption\$cipher
$cipher
Definition Encryption.php:44

Ubiquity\security\data\Encryption\encrypt
encrypt($value, $serialize=true)
Encrypt the given value.
Definition Encryption.php:149

Ubiquity\security\data\Encryption\isValidPayload
isValidPayload($payload)
Check that the encryption payload is valid.
Definition Encryption.php:115

Ubiquity\security\data\Encryption\getKey
getKey()
Definition Encryption.php:233

Ubiquity\security\data\Encryption\decrypt
decrypt(string $payload, $unserialize=true)
Decrypt the given value.
Definition Encryption.php:183

Ubiquity\security\data\Encryption\decryptString
decryptString($payload)
Decrypt the given string without unserialization.
Definition Encryption.php:202

Ubiquity\security\data\Encryption\getMethods
static getMethods(?bool $aliases=null)
Definition Encryption.php:245

Ubiquity\security\data\Encryption\$acceptedCiphers
static $acceptedCiphers
Definition Encryption.php:26

Ubiquity\security\data
Definition Encryption.php:2