initial commit

2022-09-19 14:12:03 +02:00 · 2022-09-19 14:12:03 +02:00 · c3221e5cbe
parent 123d054c8d
commit c3221e5cbe
1 changed files with 61 additions and 0 deletions
--- a/src/Controller/EncryptionController.php
+++ b/src/Controller/EncryptionController.php
@ -0,0 +1,61 @@
+<?php
+
+namespace App\Controller;
+use Exception;
+use SodiumException;
+
+/**
+ *
+ */
+class EncryptionController
+{
+    /**
+     * Encrypt a message
+     *
+     * @param string $message - message to encrypt
+     * @param string $key - encryption key
+     * @return string
+     * @throws SodiumException
+     * @throws Exception
+     */
+    function safeEncrypt(string $message, string $key): string
+    {
+        $nonce = random_bytes(length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+
+        $cipher = base64_encode(string: $nonce . sodium_crypto_secretbox(message: $message, nonce: $nonce, key: $key));
+        sodium_memzero(string: $message);
+        sodium_memzero(string: $key);
+        return $cipher;
+    }
+
+    /**
+     * Decrypt a message
+     *
+     * @param string $encrypted - message encrypted with safeEncrypt()
+     * @param string $key - encryption key
+     * @return string
+     * @throws SodiumException
+     * @throws Exception
+     */
+    function safeDecrypt(string $encrypted, string $key): string
+    {
+        $decoded = base64_decode(string: $encrypted);
+        if ($decoded === false) {
+            throw new Exception(message: 'Decoding broken. Wrong key?');
+        }
+        if (mb_strlen(string: $decoded, encoding: '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
+            throw new Exception(message: 'Decoding broken. Incomplete message.');
+        }
+        $nonce = mb_substr(string: $decoded, start: 0, length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, encoding: '8bit');
+        $ciphertext = mb_substr(string: $decoded, start: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, length: null, encoding: '8bit');
+
+        $plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $key);
+        if ($plain === false) {
+            throw new Exception(message: 'The message was tampered with in transit');
+        }
+        sodium_memzero(string: $ciphertext);
+        sodium_memzero(string: $key);
+        return $plain;
+    }
+
+}