-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSecretBox.php
128 lines (120 loc) · 3.04 KB
/
SecretBox.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php declare(strict_types=1);
/*
* This file is part of Aplus Framework Crypto Library.
*
* (c) Natan Felles <natanfelles@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Framework\Crypto;
use Exception;
use LengthException;
use SensitiveParameter;
use SodiumException;
/**
* Class SecretBox.
*
* @package crypto
*/
class SecretBox
{
protected string $key;
protected string $nonce;
/**
* SecretBox constructor.
*
* @param string $key
* @param string $nonce
*
* @see SecretBox::makeKey()
* @see SecretBox::makeNonce()
*
* @throws LengthException if key or nonce has not the required length
*/
public function __construct(
#[SensitiveParameter]
string $key,
#[SensitiveParameter]
string $nonce
) {
$this->validatedLengths($key, $nonce);
$this->key = $key;
$this->nonce = $nonce;
}
/**
* Validates key and nonce.
*
* @param string $key
* @param string $nonce
*
* @throws LengthException if key or nonce has not the required length
*/
protected function validatedLengths(
#[SensitiveParameter]
string $key,
#[SensitiveParameter]
string $nonce
) : void {
$length = \mb_strlen($key, '8bit');
if ($length !== \SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
throw new LengthException(
'SecretBox key has not the required length (32 bytes), '
. $length . ' given'
);
}
$length = \mb_strlen($nonce, '8bit');
if ($length !== \SODIUM_CRYPTO_SECRETBOX_NONCEBYTES) {
throw new LengthException(
'SecretBox nonce has not the required length (24 bytes), '
. $length . ' given'
);
}
}
/**
* Encrypts a secret box message.
*
* @param string $message
*
* @throws SodiumException
*
* @return string
*/
public function encrypt(#[SensitiveParameter] string $message) : string
{
return \sodium_crypto_secretbox($message, $this->nonce, $this->key);
}
/**
* Decrypts a secret box message ciphertext.
*
* @param string $ciphertext
*
* @throws SodiumException
*
* @return false|string
*/
public function decrypt(#[SensitiveParameter] string $ciphertext) : false | string
{
return \sodium_crypto_secretbox_open($ciphertext, $this->nonce, $this->key);
}
/**
* Makes a secret box key.
*
* @return string
*/
public static function makeKey() : string
{
return \sodium_crypto_secretbox_keygen();
}
/**
* Makes a secret box nonce with the correct length.
*
* @throws Exception if fail to get random bytes
*
* @return string
*/
public static function makeNonce() : string
{
return \random_bytes(\SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
}
}