FilesExpand file tree

 main

/

EncryptionTrait.php

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

152 lines (134 loc) · 5 KB

 main

/

EncryptionTrait.php

Top

File metadata and controls

• Code
• Blame

152 lines (134 loc) · 5 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

<?php

/**

* Copyright 2016 Google Inc. All Rights Reserved.

*

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

*

* http://www.apache.org/licenses/LICENSE-2.0

*

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

*/

namespace Google\Cloud\Storage;

use phpseclib\Crypt\RSA as RSA2;

use phpseclib3\Crypt\RSA as RSA3;

/**

* Trait which provides helper methods for customer-supplied encryption.

*/

trait EncryptionTrait

{

/**

* @var array

*/

private $copySourceEncryptionHeaderNames = [

'algorithm' => 'x-goog-copy-source-encryption-algorithm',

'key' => 'x-goog-copy-source-encryption-key',

'keySHA256' => 'x-goog-copy-source-encryption-key-sha256'

];

/**

* @var array

*/

private $encryptionHeaderNames = [

'algorithm' => 'x-goog-encryption-algorithm',

'key' => 'x-goog-encryption-key',

'keySHA256' => 'x-goog-encryption-key-sha256'

];

/**

* Formats options for customer-supplied encryption headers.

*

* @param array $options

* @return array

* @access private

*/

public function formatEncryptionHeaders(array $options)

{

$encryptionHeaders = [];

$useCopySourceHeaders = $options['useCopySourceHeaders'] ?? false;

$key = $options['encryptionKey'] ?? null;

$keySHA256 = $options['encryptionKeySHA256'] ?? null;

$destinationKey = $options['destinationEncryptionKey'] ?? null;

$destinationKeySHA256 = $options['destinationEncryptionKeySHA256'] ?? null;

unset($options['useCopySourceHeaders']);

unset($options['encryptionKey']);

unset($options['encryptionKeySHA256']);

unset($options['destinationEncryptionKey']);

unset($options['destinationEncryptionKeySHA256']);

$encryptionHeaders = $this->buildHeaders($key, $keySHA256, $useCopySourceHeaders)

+ $this->buildHeaders($destinationKey, $destinationKeySHA256, false);

if (!empty($encryptionHeaders)) {

if (isset($options['restOptions']['headers'])) {

$options['restOptions']['headers'] += $encryptionHeaders;

} else {

$options['restOptions']['headers'] = $encryptionHeaders;

}

}

return $options;

}

/**

* Builds out customer-supplied encryption headers.

*

* @param string $key

* @param string $keySHA256

* @param bool $useCopySourceHeaders

* @return array

*/

private function buildHeaders($key, $keySHA256, $useCopySourceHeaders)

{

if ($key) {

$headerNames = $useCopySourceHeaders

? $this->copySourceEncryptionHeaderNames

: $this->encryptionHeaderNames;

if (!$keySHA256) {

$decodedKey = base64_decode($key);

$keySHA256 = base64_encode(hash('SHA256', $decodedKey, true));

}

return [

$headerNames['algorithm'] => 'AES256',

$headerNames['key'] => $key,

$headerNames['keySHA256'] => $keySHA256

];

}

return [];

}

/**

* Sign a string using a given private key.

*

* @deprecated Please use the {@see Google\Auth\SignBlobInterface::signBlob()}

* and implementations for signing strings.

* This method will be removed in a future release.

*

* @param string $privateKey The private key to use to sign the data.

* @param string $data The data to sign.

* @param bool $forceOpenssl If true, OpenSSL will be used regardless of

* whether phpseclib is available. **Defaults to** `false`.

* @return string The signature

*/

protected function signString($privateKey, $data, $forceOpenssl = false)

{

$signature = '';

if (class_exists(RSA3::class) && !$forceOpenssl) {

$rsa = RSA3::loadPrivateKey($privateKey);

$rsa = $rsa->withPadding(RSA3::SIGNATURE_PKCS1)

->withHash('sha256');

$signature = $rsa->sign($data);

} elseif (class_exists(RSA2::class) && !$forceOpenssl) {

$rsa = new RSA2();

$rsa->loadKey($privateKey);

$rsa->setSignatureMode(RSA2::SIGNATURE_PKCS1);

$rsa->setHash('sha256');

$signature = $rsa->sign($data);

} elseif (extension_loaded('openssl')) {

openssl_sign($data, $signature, $privateKey, 'sha256WithRSAEncryption');

} else {

// @codeCoverageIgnoreStart

throw new \RuntimeException('OpenSSL is not installed.');

}

// @codeCoverageIgnoreEnd

return $signature;

}

}