1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types = 1); |
4
|
|
|
|
5
|
|
|
namespace Sop\PKCS5; |
6
|
|
|
|
7
|
|
|
use Sop\CryptoBridge\Crypto; |
8
|
|
|
use Sop\PKCS5\ASN1\AlgorithmIdentifier\PBEAlgorithmIdentifier; |
9
|
|
|
use Sop\PKCS5\ASN1\AlgorithmIdentifier\PBES1AlgorithmIdentifier; |
10
|
|
|
use Sop\PKCS5\ASN1\AlgorithmIdentifier\PBES2AlgorithmIdentifier; |
11
|
|
|
use Sop\PKCS5\PBEKD\PBEKDF; |
12
|
|
|
use Sop\PKCS5\PRF\PRF; |
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* Base class for password-based encryption schemes. |
16
|
|
|
* |
17
|
|
|
* @see https://tools.ietf.org/html/rfc2898#section-6 |
18
|
|
|
*/ |
19
|
|
|
abstract class PBEScheme |
20
|
|
|
{ |
21
|
|
|
/** |
22
|
|
|
* Encrypt data. |
23
|
|
|
* |
24
|
|
|
* @param string $data Plaintext |
25
|
|
|
* @param string $password Password |
26
|
|
|
* |
27
|
|
|
* @return string Ciphertext |
28
|
|
|
*/ |
29
|
|
|
abstract public function encrypt(string $data, string $password): string; |
30
|
|
|
|
31
|
|
|
/** |
32
|
|
|
* Encrypt data with pre-derived key. |
33
|
|
|
* |
34
|
|
|
* @param string $data Plaintext |
35
|
|
|
* @param string $key Derived key |
36
|
|
|
* |
37
|
|
|
* @return string Ciphertext |
38
|
|
|
*/ |
39
|
|
|
abstract public function encryptWithKey(string $data, string $key): string; |
40
|
|
|
|
41
|
|
|
/** |
42
|
|
|
* Decrypt data. |
43
|
|
|
* |
44
|
|
|
* @param string $data Ciphertext |
45
|
|
|
* @param string $password Password |
46
|
|
|
* |
47
|
|
|
* @return string Plaintext |
48
|
|
|
*/ |
49
|
|
|
abstract public function decrypt(string $data, string $password): string; |
50
|
|
|
|
51
|
|
|
/** |
52
|
|
|
* Decrypt data with pre-derived key. |
53
|
|
|
* |
54
|
|
|
* @param string $data Ciphertext |
55
|
|
|
* @param string $key Derived key |
56
|
|
|
* |
57
|
|
|
* @return string Plaintext |
58
|
|
|
*/ |
59
|
|
|
abstract public function decryptWithKey(string $data, string $key): string; |
60
|
|
|
|
61
|
|
|
/** |
62
|
|
|
* Get key-derivation function. |
63
|
|
|
* |
64
|
|
|
* @return PBEKDF |
65
|
|
|
*/ |
66
|
|
|
abstract public function kdf(): PBEKDF; |
67
|
|
|
|
68
|
|
|
/** |
69
|
|
|
* Get PBEScheme by algorithm identifier. |
70
|
|
|
* |
71
|
|
|
* @param PBEAlgorithmIdentifier $algo Algorithm identifier |
72
|
|
|
* @param null|Crypto $crypto Crypto engine, use default if not set |
73
|
|
|
* |
74
|
|
|
* @throws \UnexpectedValueException |
75
|
|
|
* |
76
|
|
|
* @return self |
77
|
|
|
*/ |
78
|
18 |
|
public static function fromAlgorithmIdentifier(PBEAlgorithmIdentifier $algo, |
79
|
|
|
?Crypto $crypto = null): PBEScheme |
80
|
|
|
{ |
81
|
18 |
|
if ($algo instanceof PBES1AlgorithmIdentifier) { |
82
|
14 |
|
return new PBES1($algo->hashFunc(), $algo->blockCipher(), |
83
|
14 |
|
$algo->salt(), $algo->iterationCount(), $crypto); |
84
|
|
|
} |
85
|
4 |
|
if ($algo instanceof PBES2AlgorithmIdentifier) { |
86
|
2 |
|
$prf = PRF::fromAlgorithmIdentifier( |
87
|
2 |
|
$algo->kdfAlgorithmIdentifier()->prfAlgorithmIdentifier()); |
88
|
2 |
|
return new PBES2($prf, $algo->esAlgorithmIdentifier(), $algo->salt(), |
89
|
2 |
|
$algo->iterationCount(), $crypto); |
90
|
|
|
} |
91
|
2 |
|
throw new \UnexpectedValueException( |
92
|
2 |
|
sprintf('No encryption scheme for %s algorithm.', $algo->name())); |
93
|
|
|
} |
94
|
|
|
} |
95
|
|
|
|