fixed a handling bug
This commit is contained in:
parent
cd5361c65b
commit
3bc232ef0b
@ -39,17 +39,21 @@ class EncryptionController
|
||||
*/
|
||||
function safeDecrypt(string $encrypted, string $key): string
|
||||
{
|
||||
$binKey = sodium_hex2bin(string: $key);
|
||||
|
||||
$decoded = base64_decode(string: $encrypted);
|
||||
if ($decoded === false) {
|
||||
throw new Exception(message: 'Decoding broken. Wrong key?');
|
||||
throw new Exception(message: 'Decoding broken. Wrong payload.');
|
||||
}
|
||||
|
||||
if (mb_strlen(string: $decoded, encoding: '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
|
||||
throw new Exception(message: 'Decoding broken. Incomplete message.');
|
||||
}
|
||||
|
||||
$nonce = mb_substr(string: $decoded, start: 0, length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, encoding: '8bit');
|
||||
$ciphertext = mb_substr(string: $decoded, start: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, length: null, encoding: '8bit');
|
||||
|
||||
$plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $key);
|
||||
$plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $binKey);
|
||||
if ($plain === false) {
|
||||
throw new Exception(message: 'The message was tampered with in transit');
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user