<?php
namespace Yurun\PaySDK\Lib\Encrypt;
class AES256GCM
{
const KEY_LENGTH_BYTE = 32;
const AUTH_TAG_LENGTH_BYTE = 16;
public static function decryptToString($aesKey, $associatedData, $nonceStr, $ciphertext)
{
if (self::KEY_LENGTH_BYTE != \strlen($aesKey))
{
throw new \InvalidArgumentException('无效的ApiV3Key,长度应为32个字节');
}
$ciphertext = base64_decode($ciphertext);
if (\strlen($ciphertext) <= self::AUTH_TAG_LENGTH_BYTE)
{
return false;
}
if (\function_exists('\sodium_crypto_aead_aes256gcm_is_available') &&
sodium_crypto_aead_aes256gcm_is_available())
{
return sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $aesKey);
}
if (\function_exists('\Sodium\crypto_aead_aes256gcm_is_available') &&
\Sodium\crypto_aead_aes256gcm_is_available())
{
return \Sodium\crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $aesKey);
}
if (\PHP_VERSION_ID >= 70100 && \in_array('aes-256-gcm', openssl_get_cipher_methods()))
{
$ctext = substr($ciphertext, 0, -self::AUTH_TAG_LENGTH_BYTE);
$authTag = substr($ciphertext, -self::AUTH_TAG_LENGTH_BYTE);
return openssl_decrypt($ctext, 'aes-256-gcm', $aesKey, \OPENSSL_RAW_DATA, $nonceStr,
$authTag, $associatedData);
}
throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
}
}