Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
3.0.2 ▾
|
<?php
namespace WPMailSMTP\Vendor\Aws\Crypto\Polyfill;
/**
* Class Gmac
*
* @package Aws\Crypto\Polyfill
*/
class Gmac
{
use NeedsTrait;
const BLOCK_SIZE = 16;
/** @var ByteArray $buf */
protected $buf;
/** @var int $bufLength */
protected $bufLength = 0;
/** @var ByteArray $h */
protected $h;
/** @var ByteArray $hf */
protected $hf;
/** @var Key $key */
protected $key;
/** @var ByteArray $x */
protected $x;
/**
* Gmac constructor.
*
* @param Key $aesKey
* @param string $nonce
* @param int $keySize
*/
public function __construct(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\Key $aesKey, $nonce, $keySize = 256)
{
$this->buf = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(16);
$this->h = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(\openssl_encrypt(\str_repeat("\0", 16), "aes-{$keySize}-ecb", $aesKey->get(), \OPENSSL_RAW_DATA | \OPENSSL_NO_PADDING));
$this->key = $aesKey;
$this->x = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(16);
$this->hf = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(\openssl_encrypt($nonce, "aes-{$keySize}-ecb", $aesKey->get(), \OPENSSL_RAW_DATA | \OPENSSL_NO_PADDING));
}
/**
* Update the object with some data.
*
* This method mutates this Gmac object.
*
* @param ByteArray $blocks
* @return self
*/
public function update(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray $blocks)
{
if ($blocks->count() + $this->bufLength < self::BLOCK_SIZE) {
// Write to internal buffer until we reach enough to write.
$this->buf->set($blocks, $this->bufLength);
$this->bufLength += $blocks->count();
return $this;
}
// Process internal buffer first.
if ($this->bufLength > 0) {
// 0 <= state.buf_len < BLOCK_SIZE is an invariant
$tmp = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(self::BLOCK_SIZE);
$tmp->set($this->buf->slice(0, $this->bufLength));
$remainingBlockLength = self::BLOCK_SIZE - $this->bufLength;
$tmp->set($blocks->slice(0, $remainingBlockLength), $this->bufLength);
$blocks = $blocks->slice($remainingBlockLength);
$this->bufLength = 0;
$this->x = $this->blockMultiply($this->x->exclusiveOr($tmp), $this->h);
}
// Process full blocks.
$numBlocks = $blocks->count() >> 4;
for ($i = 0; $i < $numBlocks; ++$i) {
$tmp = $blocks->slice($i << 4, self::BLOCK_SIZE);
$this->x = $this->blockMultiply($this->x->exclusiveOr($tmp), $this->h);
}
$last = $numBlocks << 4;
// Zero-fill buffer
for ($i = 0; $i < 16; ++$i) {
$this->buf[$i] = 0;
}
// Feed leftover into buffer.
if ($last < $blocks->count()) {
$tmp = $blocks->slice($last);
$this->buf->set($tmp);
$this->bufLength += $blocks->count() - $last;
}
return $this;
}
/**
* Finish processing the authentication tag.
*
* This method mutates this Gmac object (effectively resetting it).
*
* @param int $aadLength
* @param int $ciphertextLength
* @return ByteArray
*/
public function finish($aadLength, $ciphertextLength)
{
$lengthBlock = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(16);
$state = $this->flush();
// AES-GCM expects bit lengths, not byte lengths.
$lengthBlock->set(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::enc32be($aadLength >> 29), 0);
$lengthBlock->set(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::enc32be($aadLength << 3), 4);
$lengthBlock->set(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::enc32be($ciphertextLength >> 29), 8);
$lengthBlock->set(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::enc32be($ciphertextLength << 3), 12);
$state->update($lengthBlock);
$output = $state->x->exclusiveOr($state->hf);
// Zeroize the internal values as a best-effort.
$state->buf->zeroize();
$state->x->zeroize();
$state->h->zeroize();
$state->hf->zeroize();
return $output;
}
/**
* Get a specific bit from the provided array, at the given index.
*
* [01234567], 8+[01234567], 16+[01234567], ...
*
* @param ByteArray $x
* @param int $i
* @return int
*/
protected function bit(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray $x, $i)
{
$byte = $i >> 3;
return $x[$byte] >> (7 - $i & 7) & 1;
}
/**
* Galois Field Multiplication
*
* This function is the critical path that must be constant-time in order to
* avoid timing side-channels against AES-GCM.
*
* The contents of each are always calculated, regardless of the branching
* condition, to prevent another kind of timing leak.
*
* @param ByteArray $x
* @param ByteArray $y
* @return ByteArray
*/
protected function blockMultiply(\WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray $x, \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray $y)
{
static $fieldPolynomial = null;
if (!$fieldPolynomial) {
$fieldPolynomial = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray([0xe1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
}
self::needs($x->count() === 16, 'Argument 1 must be a ByteArray of exactly 16 bytes');
self::needs($y->count() === 16, 'Argument 2 must be a ByteArray of exactly 16 bytes');
$v = clone $y;
$z = new \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray(16);
for ($i = 0; $i < 128; ++$i) {
// if ($b) $z = $z->exclusiveOr($v);
$b = $this->bit($x, $i);
$z = \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::select($b, $z->exclusiveOr($v), $z);
// if ($b) $v = $v->exclusiveOr($fieldPolynomial);
$b = $v[15] & 1;
$v = $v->rshift();
$v = \WPMailSMTP\Vendor\Aws\Crypto\Polyfill\ByteArray::select($b, $v->exclusiveOr($fieldPolynomial), $v);
}
return $z;
}
/**
* Finish processing any leftover bytes in the internal buffer.
*
* @return self
*/
public function flush()
{
if ($this->bufLength !== 0) {
$this->x = $this->blockMultiply($this->x->exclusiveOr($this->buf), $this->h);
$this->bufLength = 0;
}
return $this;
}
}