Collections functions
Encryption functions
General functions
Render functions
Theme permission functions
Video functions
Resource functions

rsDecrypt()

Description

Decrypts data

@todo Add a third parameter to use with custom metadata (NOT ResourceSpace metadata) for generating MAC. this should
add extra security by making MAC harder to be forged

Parameters

ColumnTypeDefaultDescription
$data string Data to be decrypted
$key string

Return

false|string Returns FALSE if MAC check failed, plaintext otherwise

Location

include/encryption_functions.php lines 63 to 90

Definition

 
function rsDecrypt($data$key)
    {
    global 
$scramble_key;

    
$method  "AES-128-CTR";
    
$options OPENSSL_RAW_DATA;

    
// Get 2 derived subkeys, one for message authentication code (MAC) and the other one for encryption/ decryption.
    
$mac_key hash_hmac("sha256""mac_key"$scramble_keytrue);
    
$enc_key hash_hmac("sha256""enc_key"$scramble_keytrue);

    if (
count(explode("@@"$data))<3){return false;}
    list(
$nonce$cyphertext$mac) = explode("@@"$data);

    
// Check MAC
    
if($mac !== hash_hmac("sha256""{$cyphertext}{$nonce}{$scramble_key}"$mac_key))
        {
        
debug("rsCrypt: MAC did not match!");
        return 
false;
        }

    
// Synthetic Initialization Vector (SIV)
    
$siv substr(hash_hmac("sha256""{$nonce}{$scramble_key}{$key}"$mac_keytrue), 016);

    
$plaintext openssl_decrypt(hex2bin($cyphertext), $method$enc_key$options$siv);

    return 
$plaintext;
    }

This article was last updated 30th November 2020 10:35 Europe/London time based on the source file dated 7th August 2020 09:15 Europe/London time.