Mahesh Waghmare

Developer Resources, Tips, Tricks, Tutorials and Much more.

ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt

Reading time
12 Seconds to Read
Published
Join the Conversation
Leave a Comment on ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt

Advertisement

Show Other References
12 Seconds to Read

Summery Summery

Authenticated Encryption with Associated Data: Decryption

Syntax Syntax

ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt( string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '' )

Description Description

Algorithm: AES-256-GCM

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

Parameters Parameters

$ciphertext

(Optional) Encrypted message (with Poly1305 MAC appended)

Default value: ''

$assocData

(Optional) Authenticated Associated Data (unencrypted)

Default value: ''

$nonce

(Optional) Number to be used only Once; must be 8 bytes

Default value: ''

$key

(Optional) Encryption key

Default value: ''

Return Return

(string|bool) The original plaintext message

Source Source

File: wp-includes/sodium_compat/src/Compat.php 

    public static function crypto_aead_aes256gcm_decrypt(
        $ciphertext = '',
        $assocData = '',
        $nonce = '',
        $key = ''
    ) {
        if (!self::crypto_aead_aes256gcm_is_available()) {
            throw new SodiumException('AES-256-GCM is not available');
        }
        ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AES256GCM_NPUBBYTES) {
            throw new SodiumException('Nonce must be CRYPTO_AEAD_AES256GCM_NPUBBYTES long');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AES256GCM_KEYBYTES) {
            throw new SodiumException('Key must be CRYPTO_AEAD_AES256GCM_KEYBYTES long');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_AEAD_AES256GCM_ABYTES) {
            throw new SodiumException('Message must be at least CRYPTO_AEAD_AES256GCM_ABYTES long');
        }
        if (!is_callable('openssl_decrypt')) {
            throw new SodiumException('The OpenSSL extension is not installed, or openssl_decrypt() is not available');
        }

        /** @var string $ctext */
        $ctext = ParagonIE_Sodium_Core_Util::substr($ciphertext, 0, -self::CRYPTO_AEAD_AES256GCM_ABYTES);
        /** @var string $authTag */
        $authTag = ParagonIE_Sodium_Core_Util::substr($ciphertext, -self::CRYPTO_AEAD_AES256GCM_ABYTES, 16);
        return openssl_decrypt(
            $ctext,
            'aes-256-gcm',
            $key,
            OPENSSL_RAW_DATA,
            $nonce,
            $authTag,
            $assocData
        );
    }

Advertisement

Advertisement

Leave a Reply