PHP Classes

File: src/Operations/PBKW.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   PASERK PHP   src/Operations/PBKW.php   Download  
File: src/Operations/PBKW.php
Role: Class source
Content type: text/plain
Description: Class source
Class: PASERK PHP
Extend PASETO to wrap and serialize keys
Author: By
Last change:
Date: 2 years ago
Size: 3,986 bytes
 

Contents

Class file image Download
<?php
declare(strict_types=1);
namespace
ParagonIE\Paserk\Operations;

use
ParagonIE\HiddenString\HiddenString;
use
ParagonIE\Paserk\Operations\PBKW\{
   
PBKWv3,
   
PBKWv4
};
use
ParagonIE\Paserk\PaserkException;
use
ParagonIE\Paseto\Keys\{
   
AsymmetricSecretKey,
   
SymmetricKey
};
use
ParagonIE\Paseto\ProtocolInterface;
use
TypeError;
use function
   
array_pop,
   
explode,
   
hash_equals,
   
implode;

/**
 * Class PBKW
 * @package ParagonIE\Paserk\Operations
 */
class PBKW
{
    const
DOMAIN_SEPARATION_ENCRYPT = "\xff";
    const
DOMAIN_SEPARATION_AUTH = "\xfe";

    protected
PBKWInterface $wrapper;

   
/**
     * PBKW constructor.
     * @param PBKWInterface $wrapper
     */
   
public function __construct(PBKWInterface $wrapper)
    {
       
$this->wrapper = $wrapper;
    }

   
/**
     * @param ProtocolInterface $version
     * @return self
     * @throws PaserkException
     */
   
public static function forVersion(ProtocolInterface $version): self
   
{
        switch (
$version::header()) {
            case
'v3':
                return new
PBKW(new PBKWv3());
            case
'v4':
                return new
PBKW(new PBKWv4());
        }
        throw new
PaserkException('Unknown version');
    }

   
/**
     * @param SymmetricKey $key
     * @param HiddenString $password
     * @param array $options
     * @return string
     */
   
public function localPwWrap(
       
SymmetricKey $key,
       
HiddenString $password,
        array
$options = []
    ):
string {
        return
$this->wrapper::localHeader() .
           
$this->wrapper->wrapWithPassword($key, $password, $options);
    }

   
/**
     * @param string $paserk
     * @param HiddenString $password
     * @return SymmetricKey
     * @throws PaserkException
     */
   
public function localPwUnwrap(
       
string $paserk,
       
HiddenString $password
   
): SymmetricKey {
       
$pieces = explode('.', $paserk);
        if (
count($pieces) !== 3) {
            throw new
PaserkException('Invalid wrapped key');
        }
       
$payload = array_pop($pieces);

       
$header = implode('.', $pieces) . '.';
       
// Step 1: Algorithm lucidity
       
$expect = $this->wrapper::localHeader();
        if (!
hash_equals($expect, $header)) {
            throw new
PaserkException('Invalid wrapped key');
        }

       
$unwrapped = $this->wrapper->unwrapWithPassword(
           
$header,
           
$payload,
           
$password
       
);
        if (!(
$unwrapped instanceof SymmetricKey)) {
            throw new
TypeError();
        }
        return
$unwrapped;
    }

   
/**
     * @param AsymmetricSecretKey $sk
     * @param HiddenString $password
     * @param array $options
     * @return string
     */
   
public function secretPwWrap(
       
AsymmetricSecretKey $sk,
       
HiddenString $password,
        array
$options
   
): string {
        return
$this->wrapper::secretHeader() .
           
$this->wrapper->wrapWithPassword($sk, $password, $options);
    }

   
/**
     * @param string $paserk
     * @param HiddenString $password
     * @return AsymmetricSecretKey
     * @throws PaserkException
     */
   
public function secretPwUnwrap(
       
string $paserk,
       
HiddenString $password
   
): AsymmetricSecretKey {
       
$pieces = explode('.', $paserk);
        if (
count($pieces) !== 3) {
            throw new
PaserkException('Invalid wrapped key');
        }
       
$payload = array_pop($pieces);

       
$header = implode('.', $pieces) . '.';
       
// Step 1: Algorithm lucidity
       
$expect = $this->wrapper::secretHeader();
        if (!
hash_equals($expect, $header)) {
            throw new
PaserkException('Invalid wrapped key');
        }

       
$unwrapped = $this->wrapper->unwrapWithPassword(
           
$header,
           
$payload,
           
$password
       
);
        if (!(
$unwrapped instanceof AsymmetricSecretKey)) {
            throw new
TypeError();
        }
        return
$unwrapped;
    }
}