crypt/src/Cipher/Sodium.php at 2de3d5ae2037a84de837d65d70fe697f5f2d04db · joomla-framework/crypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?php

/**
 * Part of the Joomla Framework Crypt Package
 *
 * @copyright  Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE
 */

namespace Joomla\Crypt\Cipher;

use Joomla\Crypt\CipherInterface;
use Joomla\Crypt\Exception\DecryptionException;
use Joomla\Crypt\Exception\EncryptionException;
use Joomla\Crypt\Exception\InvalidKeyException;
use Joomla\Crypt\Exception\InvalidKeyTypeException;
use Joomla\Crypt\Exception\UnsupportedCipherException;
use Joomla\Crypt\Key;
use ParagonIE\Sodium\Compat;

/**
 * Cipher for sodium algorithm encryption, decryption and key generation.
 *
 * @since  1.4.0
 */
class Sodium implements CipherInterface
{
    /**
     * The message nonce to be used with encryption/decryption
     *
     * @var    string
     * @since  1.4.0
     */
    private $nonce;

    /**
     * Method to decrypt a data string.
     *
     * @param   string  $data  The encrypted string to decrypt.
     * @param   Key     $key   The key object to use for decryption.
     *
     * @return  string  The decrypted data string.
     *
     * @since   1.4.0
     * @throws  DecryptionException if the data cannot be decrypted
     * @throws  InvalidKeyTypeException if the key is not valid for the cipher
     */
    public function decrypt($data, Key $key)
    {
        // Validate key.
        if ($key->getType() !== 'sodium') {
            throw new InvalidKeyTypeException('sodium', $key->getType());
        }

        if (!$this->nonce) {
            throw new DecryptionException('Missing nonce to decrypt data');
        }

        try {
            $decrypted = sodium_crypto_box_open(
                $data,
                $this->nonce,
                sodium_crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
            );

            if ($decrypted === false) {
                throw new DecryptionException('Malformed message or invalid MAC');
            }
        } catch (\SodiumException $exception) {
            throw new DecryptionException('Malformed message or invalid MAC', $exception->getCode(), $exception);
        }

        return $decrypted;
    }

    /**
     * Method to encrypt a data string.
     *
     * @param   string  $data  The data string to encrypt.
     * @param   Key     $key   The key object to use for encryption.
     *
     * @return  string  The encrypted data string.
     *
     * @since   1.4.0
     * @throws  EncryptionException if the data cannot be encrypted
     * @throws  InvalidKeyTypeException if the key is not valid for the cipher
     */
    public function encrypt($data, Key $key)
    {
        // Validate key.
        if ($key->getType() !== 'sodium') {
            throw new InvalidKeyTypeException('sodium', $key->getType());
        }

        if (!$this->nonce) {
            throw new EncryptionException('Missing nonce to decrypt data');
        }

        try {
            return sodium_crypto_box(
                $data,
                $this->nonce,
                sodium_crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
            );
        } catch (\SodiumException $exception) {
            throw new EncryptionException('Could not encrypt file.', $exception->getCode(), $exception);
        }
    }

    /**
     * Method to generate a new encryption key object.
     *
     * @param   array  $options  Key generation options.
     *
     * @return  Key
     *
     * @since   1.4.0
     * @throws  InvalidKeyException if the key cannot be generated
     * @throws  UnsupportedCipherException if the cipher is not supported on the current environment
     */
    public function generateKey(array $options = [])
    {
        try {
            // Generate the encryption key.
            $pair = sodium_crypto_box_keypair();

            return new Key('sodium', sodium_crypto_box_secretkey($pair), sodium_crypto_box_publickey($pair));
        } catch (\SodiumException $exception) {
            throw new InvalidKeyException('Could not generate encryption key.', $exception->getCode(), $exception);
        }
    }

    /**
     * Check if the cipher is supported in this environment.
     *
     * @return  boolean
     *
     * @since   2.0.0
     */
    public static function isSupported(): bool
    {
        // Part of PHP since 7.2
        return true;
    }

    /**
     * Set the nonce to use for encrypting/decrypting messages
     *
     * @param   string  $nonce  The message nonce
     *
     * @return  void
     *
     * @since   1.4.0
     */
    public function setNonce($nonce)
    {
        $this->nonce = $nonce;
    }
}