PHP 8.4.0 RC4 available for testing

sodium_crypto_aead_aes256gcm_decrypt

(PHP 7 >= 7.2.0, PHP 8)

sodium_crypto_aead_aes256gcm_decryptПроверяет и расшифровывает сообщение алгоритмом AES-256-GCM

Описание

sodium_crypto_aead_aes256gcm_decrypt(
    string $ciphertext,
    string $additional_data,
    string $nonce,
    #[\SensitiveParameter] string $key
): string|false

Функция проверяет и расшифровывает сообщение алгоритмом AES-256-GCM. Функция доступна, только если функция sodium_crypto_aead_aes256gcm_is_available() возвращает true.

Список параметров

ciphertext

Параметр должен быть в формате, который предоставила функция sodium_crypto_aead_aes256gcm_encrypt() (зашифрованный текст и тег, объединённые).

additional_data

Дополнительные проверенные данные. Это используется при проверке тега аутентификации, добавленного к зашифрованному тексту, но он не шифруется и не сохраняется в зашифрованном тексте.

nonce

Номер, который необходимо использовать только один раз для каждого сообщения. Длина 12 байт.

key

Ключ шифрования (256 бит).

Возвращаемые значения

В случае успешного выполнения функция возвращает текст или false, если возникла ошибка.

Добавить

Примечания пользователей 1 note

up
0
zjp115566 at gmail dot com
7 months ago
Title: Resolving Sodium Compatibility Issues when Migrating from Intel to ARM Architecture

Introduction:
During the process of migrating a PHP application from an Intel-based server to an ARM-based server, a compatibility issue arose with the Sodium extension. The specific error encountered was "Call to undefined function sodium_crypto_aead_aes256gcm_decrypt()".
This document outlines the discovery of the issue and presents a solution using the OpenSSL extension as an alternative.

Problem Discovery:
Upon investigating the issue, it was found that the sodium_crypto_aead_aes256gcm_is_available() function returned false on the ARM-based server, indicating that AES-256-GCM encryption and decryption were not supported in the current environment.
This compatibility problem was attributed to the ARM architecture of the M1 chip, as the Sodium extension may not have been optimized or compiled for this specific architecture.

Solution:
To overcome the compatibility issue and ensure the functionality of encryption and decryption operations, the OpenSSL extension was employed as an alternative.
The original Sodium-based code was modified to utilize OpenSSL functions for AES-256-GCM encryption and decryption.

The following code snippet demonstrates the updated aes256gcm_decrypt() function using OpenSSL:

function aes256gcm_decrypt($secretData, string $keygen, string $nonce)
{
$secretData = preg_replace('/[\r\n\s]/', '', $secretData);
$keygen = preg_replace('/[\r\n\s]/', '', $keygen);
$nonce = preg_replace('/[\r\n\s]/', '', $nonce);

$key = hex2bin($keygen);
$tag = substr($secretData, -32);
$ciphertext = substr($secretData, 0, -32);

try {
$plaintext = openssl_decrypt(
hex2bin($ciphertext),
'aes-256-gcm',
$key,
OPENSSL_RAW_DATA,
hex2bin($nonce),
hex2bin($tag)
);

if ($plaintext === false) {
throw new Exception('Decryption failed.');
}

return $plaintext;
} catch (Exception $e) {
return $e->getMessage();
}
}

Key points of the solution:

The input data ($secretData, $keygen, and $nonce) is cleaned by removing newline characters and whitespace using preg_replace().
The $keygen is converted from a hexadecimal string to binary format using hex2bin().
The authentication tag ($tag) and ciphertext ($ciphertext) are extracted from $secretData.
The openssl_decrypt() function is used for decryption, with the necessary parameters such as the ciphertext, encryption algorithm, key, nonce, and tag.
Error handling is implemented using a try-catch block to catch and return any exceptions that may occur during the decryption process.
Conclusion:
By utilizing the OpenSSL extension and modifying the code accordingly, the compatibility issue encountered when migrating from an Intel-based server to an ARM-based server was successfully resolved.
The provided solution ensures that AES-256-GCM encryption and decryption operations can be performed seamlessly on the ARM architecture.
To Top