ParagonIE_Sodium_Crypto32::aead_chacha20poly1305_ietf_decrypt() public WP 1.0

AEAD Decryption with ChaCha20-Poly1305, IETF mode (96-bit nonce)

{} Это метод класса: ParagonIE_Sodium_Crypto32{}

Хуков нет.

Возвращает

Строку.

Использование

$result = ParagonIE_Sodium_Crypto32::aead_chacha20poly1305_ietf_decrypt(;

Код ParagonIE_Sodium_Crypto32::aead_chacha20poly1305_ietf_decrypt() ParagonIE Sodium Crypto32::aead chacha20poly1305 ietf decrypt ^{WP 5.8.1}

public static function aead_chacha20poly1305_ietf_decrypt(
    $message = '',
    $ad = '',
    $nonce = '',
    $key = ''
) {
    /** @var int $adlen - Length of associated data */
    $adlen = ParagonIE_Sodium_Core32_Util::strlen($ad);

    /** @var int $len - Length of message (ciphertext + MAC) */
    $len = ParagonIE_Sodium_Core32_Util::strlen($message);

    /** @var int  $clen - Length of ciphertext */
    $clen = $len - self::aead_chacha20poly1305_IETF_ABYTES;

    /** @var string The first block of the chacha20 keystream, used as a poly1305 key */
    $block0 = ParagonIE_Sodium_Core32_ChaCha20::ietfStream(
        32,
        $nonce,
        $key
    );

    /** @var string $mac - Message authentication code */
    $mac = ParagonIE_Sodium_Core32_Util::substr(
        $message,
        $len - self::aead_chacha20poly1305_IETF_ABYTES,
        self::aead_chacha20poly1305_IETF_ABYTES
    );

    /** @var string $ciphertext - The encrypted message (sans MAC) */
    $ciphertext = ParagonIE_Sodium_Core32_Util::substr(
        $message,
        0,
        $len - self::aead_chacha20poly1305_IETF_ABYTES
    );

    /* Recalculate the Poly1305 authentication tag (MAC): */
    $state = new ParagonIE_Sodium_Core32_Poly1305_State($block0);
    try {
        ParagonIE_Sodium_Compat::memzero($block0);
    } catch (SodiumException $ex) {
        $block0 = null;
    }
    $state->update($ad);
    $state->update(str_repeat("\x00", ((0x10 - $adlen) & 0xf)));
    $state->update($ciphertext);
    $state->update(str_repeat("\x00", (0x10 - $clen) & 0xf));
    $state->update(ParagonIE_Sodium_Core32_Util::store64_le($adlen));
    $state->update(ParagonIE_Sodium_Core32_Util::store64_le($clen));
    $computed_mac = $state->finish();

    /* Compare the given MAC with the recalculated MAC: */
    if (!ParagonIE_Sodium_Core32_Util::verify_16($computed_mac, $mac)) {
        throw new SodiumException('Invalid MAC');
    }

    // Here, we know that the MAC is valid, so we decrypt and return the plaintext
    return ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
        $ciphertext,
        $nonce,
        $key,
        ParagonIE_Sodium_Core32_Util::store64_le(1)
    );
}