PageRenderTime 41ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/public/packages/ckeditor/plugins/ckfinder/core/connector/php/vendor/aws/aws-sdk-php/src/Crypto/EncryptionTrait.php

https://bitbucket.org/AndreFigueira93/siscon-laravel
PHP | 186 lines | 119 code | 18 blank | 49 comment | 7 complexity | fbc8cf77f1432340864f8362134fc114 MD5 | raw file
Possible License(s): LGPL-2.1, Apache-2.0, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. namespace Aws\Crypto;
    3. 

  3. 

  4. use GuzzleHttp\Psr7;
    5. 

  5. use GuzzleHttp\Psr7\AppendStream;
    6. 

  6. use GuzzleHttp\Psr7\Stream;
    7. 

  7. 

  8. trait EncryptionTrait
    9. 

  9. {
    10. 

  10.     private static $allowedOptions = [
    11. 

  11.         'Cipher' => true,
    12. 

  12.         'KeySize' => true,
    13. 

  13.         'Aad' => true,
    14. 

  14.     ];
    15. 

  15. 

  16.     /**
    17. 

  17.      * Dependency to generate a CipherMethod from a set of inputs for loading
    18. 

  18.      * in to an AesEncryptingStream.
    19. 

  19.      *
    20. 

  20.      * @param string $cipherName Name of the cipher to generate for encrypting.
    21. 

  21.      * @param string $iv Base Initialization Vector for the cipher.
    22. 

  22.      * @param int $keySize Size of the encryption key, in bits, that will be
    23. 

  23.      *                     used.
    24. 

  24.      *
    25. 

  25.      * @return Cipher\CipherMethod
    26. 

  26.      *
    27. 

  27.      * @internal
    28. 

  28.      */
    29. 

  29.     abstract protected function buildCipherMethod($cipherName, $iv, $keySize);
    30. 

  30. 

  31.     /**
    32. 

  32.      * Builds an AesStreamInterface and populates encryption metadata into the
    33. 

  33.      * supplied envelope.
    34. 

  34.      *
    35. 

  35.      * @param Stream $plaintext Plain-text data to be encrypted using the
    36. 

  36.      *                          materials, algorithm, and data provided.
    37. 

  37.      * @param array $cipherOptions Options for use in determining the cipher to
    38. 

  38.      *                             be used for encrypting data.
    39. 

  39.      * @param MaterialsProvider $provider A provider to supply and encrypt
    40. 

  40.      *                                    materials used in encryption.
    41. 

  41.      * @param MetadataEnvelope $envelope A storage envelope for encryption
    42. 

  42.      *                                   metadata to be added to.
    43. 

  43.      *
    44. 

  44.      * @return AesStreamInterface
    45. 

  45.      *
    46. 

  46.      * @throws \InvalidArgumentException Thrown when a value in $cipherOptions
    47. 

  47.      *                                   is not valid.
    48. 

  48.      *
    49. 

  49.      * @internal
    50. 

  50.      */
    51. 

  51.     protected function encrypt(
    52. 

  52.         Stream $plaintext,
    53. 

  53.         array $cipherOptions,
    54. 

  54.         MaterialsProvider $provider,
    55. 

  55.         MetadataEnvelope $envelope
    56. 

  56.     ) {
    57. 

  57.         $materialsDescription = $provider->getMaterialsDescription();
    58. 

  58. 

  59.         $cipherOptions = array_intersect_key(
    60. 

  60.             $cipherOptions,
    61. 

  61.             self::$allowedOptions
    62. 

  62.         );
    63. 

  63. 

  64.         if (empty($cipherOptions['Cipher'])) {
    65. 

  65.             throw new \InvalidArgumentException('An encryption cipher must be'
    66. 

  66.                 . ' specified in the "cipher_options".');
    67. 

  67.         }
    68. 

  68. 

  69.         if (!self::isSupportedCipher($cipherOptions['Cipher'])) {
    70. 

  70.             throw new \InvalidArgumentException('The cipher requested is not'
    71. 

  71.                 . ' supported by the SDK.');
    72. 

  72.         }
    73. 

  73. 

  74.         if (empty($cipherOptions['KeySize'])) {
    75. 

  75.             $cipherOptions['KeySize'] = 256;
    76. 

  76.         }
    77. 

  77.         if (!is_int($cipherOptions['KeySize'])) {
    78. 

  78.             throw new \InvalidArgumentException('The cipher "KeySize" must be'
    79. 

  79.                 . ' an integer.');
    80. 

  80.         }
    81. 

  81. 

  82.         if (!MaterialsProvider::isSupportedKeySize(
    83. 

  83.             $cipherOptions['KeySize']
    84. 

  84.         )) {
    85. 

  85.             throw new \InvalidArgumentException('The cipher "KeySize" requested'
    86. 

  86.                 . ' is not supported by AES (128, 192, or 256).');
    87. 

  87.         }
    88. 

  88. 

  89.         $cipherOptions['Iv'] = $provider->generateIv(
    90. 

  90.             $this->getCipherOpenSslName(
    91. 

  91.                 $cipherOptions['Cipher'],
    92. 

  92.                 $cipherOptions['KeySize']
    93. 

  93.             )
    94. 

  94.         );
    95. 

  95. 

  96.         $cek = $provider->generateCek($cipherOptions['KeySize']);
    97. 

  97. 

  98.         list($encryptingStream, $aesName) = $this->getEncryptingStream(
    99. 

  99.             $plaintext,
    100. 

  100.             $cek,
    101. 

  101.             $cipherOptions
    102. 

  102.         );
    103. 

  103. 

  104.         // Populate envelope data
    105. 

  105.         $envelope[MetadataEnvelope::CONTENT_KEY_V2_HEADER] =
    106. 

  106.             $provider->encryptCek(
    107. 

  107.                 $cek,
    108. 

  108.                 $materialsDescription
    109. 

  109.             );
    110. 

  110.         unset($cek);
    111. 

  111. 

  112.         $envelope[MetadataEnvelope::IV_HEADER] =
    113. 

  113.             base64_encode($cipherOptions['Iv']);
    114. 

  114.         $envelope[MetadataEnvelope::KEY_WRAP_ALGORITHM_HEADER] =
    115. 

  115.             $provider->getWrapAlgorithmName();
    116. 

  116.         $envelope[MetadataEnvelope::CONTENT_CRYPTO_SCHEME_HEADER] = $aesName;
    117. 

  117.         $envelope[MetadataEnvelope::UNENCRYPTED_CONTENT_LENGTH_HEADER] =
    118. 

  118.             strlen($plaintext);
    119. 

  119.         $envelope[MetadataEnvelope::UNENCRYPTED_CONTENT_MD5_HEADER] =
    120. 

  120.             base64_encode(md5($plaintext));
    121. 

  121.         $envelope[MetadataEnvelope::MATERIALS_DESCRIPTION_HEADER] =
    122. 

  122.             json_encode($materialsDescription);
    123. 

  123.         if (!empty($cipherOptions['Tag'])) {
    124. 

  124.             $envelope[MetadataEnvelope::CRYPTO_TAG_LENGTH_HEADER] =
    125. 

  125.                 strlen($cipherOptions['Tag']) * 8;
    126. 

  126.         }
    127. 

  127. 

  128.         return $encryptingStream;
    129. 

  129.     }
    130. 

  130. 

  131.     /**
    132. 

  132.      * Generates a stream that wraps the plaintext with the proper cipher and
    133. 

  133.      * uses the content encryption key (CEK) to encrypt the data when read.
    134. 

  134.      *
    135. 

  135.      * @param Stream $plaintext Plain-text data to be encrypted using the
    136. 

  136.      *                          materials, algorithm, and data provided.
    137. 

  137.      * @param string $cek A content encryption key for use by the stream for
    138. 

  138.      *                    encrypting the plaintext data.
    139. 

  139.      * @param array $cipherOptions Options for use in determining the cipher to
    140. 

  140.      *                             be used for encrypting data.
    141. 

  141.      *
    142. 

  142.      * @return [AesStreamInterface, string]
    143. 

  143.      *
    144. 

  144.      * @internal
    145. 

  145.      */
    146. 

  146.     protected function getEncryptingStream(
    147. 

  147.         Stream $plaintext,
    148. 

  148.         $cek,
    149. 

  149.         &$cipherOptions
    150. 

  150.     ) {
    151. 

  151.         switch ($cipherOptions['Cipher']) {
    152. 

  152.             case 'gcm':
    153. 

  153.                 $cipherOptions['TagLength'] = 16;
    154. 

  154. 

  155.                 $cipherTextStream = new AesGcmEncryptingStream(
    156. 

  156.                     $plaintext,
    157. 

  157.                     $cek,
    158. 

  158.                     $cipherOptions['Iv'],
    159. 

  159.                     $cipherOptions['Aad'] = isset($cipherOptions['Aad'])
    160. 

  160.                         ? $cipherOptions['Aad']
    161. 

  161.                         : null,
    162. 

  162.                     $cipherOptions['TagLength'],
    163. 

  163.                     $cipherOptions['KeySize']
    164. 

  164.                 );
    165. 

  165. 

  166.                 $appendStream = new AppendStream([
    167. 

  167.                     $cipherTextStream->createStream()
    168. 

  168.                 ]);
    169. 

  169.                 $cipherOptions['Tag'] = $cipherTextStream->getTag();
    170. 

  170.                 $appendStream->addStream(Psr7\stream_for($cipherOptions['Tag']));
    171. 

  171.                 return [$appendStream, $cipherTextStream->getAesName()];
    172. 

  172.             default:
    173. 

  173.                 $cipherMethod = $this->buildCipherMethod(
    174. 

  174.                     $cipherOptions['Cipher'],
    175. 

  175.                     $cipherOptions['Iv'],
    176. 

  176.                     $cipherOptions['KeySize']
    177. 

  177.                 );
    178. 

  178.                 $cipherTextStream = new AesEncryptingStream(
    179. 

  179.                     $plaintext,
    180. 

  180.                     $cek,
    181. 

  181.                     $cipherMethod
    182. 

  182.                 );
    183. 

  183.                 return [$cipherTextStream, $cipherTextStream->getAesName()];
    184. 

  184.         }
    185. 

  185.     }
    186. 

  186. }
    187. 

  187.