eee
This commit is contained in:
@@ -5,12 +5,35 @@ namespace wchat\wx\V3;
|
||||
use Exception;
|
||||
use Kiri\Client;
|
||||
use wchat\common\Help;
|
||||
use function Sodium\crypto_aead_aes256gcm_decrypt;
|
||||
use function Sodium\crypto_aead_aes256gcm_is_available;
|
||||
|
||||
const KEY_LENGTH_BYTE = 32;
|
||||
|
||||
/**
|
||||
* Bytes Length of the AES block
|
||||
*/
|
||||
const BLOCK_SIZE = 16;
|
||||
|
||||
/**
|
||||
* Bytes length of the AES secret key.
|
||||
*/
|
||||
const KEY_LENGTH_BYTE = 32;
|
||||
|
||||
/**
|
||||
* Bytes Length of the authentication tag in AEAD cipher mode
|
||||
* @deprecated 1.0 - As of the OpenSSL described, the `auth_tag` length may be one of 16, 15, 14, 13, 12, 8 or 4.
|
||||
* Keep it only compatible for the samples on the official documentation.
|
||||
*/
|
||||
const AUTH_TAG_LENGTH_BYTE = 16;
|
||||
|
||||
/**
|
||||
* The `aes-256-gcm` algorithm string
|
||||
*/
|
||||
const ALGO_AES_256_GCM = 'aes-256-gcm';
|
||||
|
||||
/**
|
||||
* The `aes-256-ecb` algorithm string
|
||||
*/
|
||||
const ALGO_AES_256_ECB = 'aes-256-ecb';
|
||||
|
||||
trait WxV3PaymentTait
|
||||
{
|
||||
|
||||
@@ -110,29 +133,26 @@ trait WxV3PaymentTait
|
||||
return $responseArray;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param array $resource
|
||||
* @return bool|string
|
||||
* @param string $ciphertext
|
||||
* @param string $iv
|
||||
* @param string $aad
|
||||
* @return array
|
||||
*/
|
||||
public function decryptToString(array $resource): bool|string
|
||||
public function decrypt(string $ciphertext, string $iv = '', string $aad = ''): array
|
||||
{
|
||||
[$associatedData, $nonceStr, $cipher_algo, $ciphertext] = [$resource['associated_data'], $resource['nonce'], $resource['nonce'], $resource['ciphertext']];
|
||||
$ciphertext = \base64_decode($ciphertext);
|
||||
if (strlen($ciphertext) <= AUTH_TAG_LENGTH_BYTE) {
|
||||
return FALSE;
|
||||
$ciphertext = base64_decode($ciphertext);
|
||||
$authTag = substr($ciphertext, $tailLength = 0 - BLOCK_SIZE);
|
||||
$tagLength = strlen($authTag);
|
||||
|
||||
/* Manually checking the length of the tag, because the `openssl_decrypt` was mentioned there, it's the caller's responsibility. */
|
||||
if ($tagLength > BLOCK_SIZE || ($tagLength < 12 && $tagLength !== 8 && $tagLength !== 4)) {
|
||||
throw new \RuntimeException('The inputs `$ciphertext` incomplete, the bytes length must be one of 16, 15, 14, 13, 12, 8 or 4.');
|
||||
}
|
||||
if (function_exists('\sodium\crypto_aead_aes256gcm_is_available') && crypto_aead_aes256gcm_is_available()) {
|
||||
return crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, 'XGwwZbmMXy6sD5w0IrxfaBHLl7b7jCaR');
|
||||
$plaintext = openssl_decrypt(substr($ciphertext, 0, $tailLength), ALGO_AES_256_GCM, $this->getConfig()->getKey(), OPENSSL_RAW_DATA, $iv, $authTag, $aad);
|
||||
if (false === $plaintext) {
|
||||
throw new \UnexpectedValueException('Decrypting the input $ciphertext failed, please checking your $key and $iv whether or nor correct.');
|
||||
}
|
||||
if (function_exists('\Sodium\crypto_aead_aes256gcm_is_available') && crypto_aead_aes256gcm_is_available()) {
|
||||
return crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, 'XGwwZbmMXy6sD5w0IrxfaBHLl7b7jCaR');
|
||||
}
|
||||
if (PHP_VERSION_ID >= 70100 && in_array($cipher_algo, \openssl_get_cipher_methods())) {
|
||||
$ctext = substr($ciphertext, 0, -AUTH_TAG_LENGTH_BYTE);
|
||||
$authTag = substr($ciphertext, -AUTH_TAG_LENGTH_BYTE);
|
||||
return \openssl_decrypt($ctext, $cipher_algo, 'XGwwZbmMXy6sD5w0IrxfaBHLl7b7jCaR', \OPENSSL_RAW_DATA, $nonceStr, $authTag, $associatedData);
|
||||
}
|
||||
throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
|
||||
return json_decode($plaintext, true);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user