PHP Classes

File: src/CipherSweet.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   Cipher Sweet   src/CipherSweet.php   Download  
File: src/CipherSweet.php
Role: Class source
Content type: text/plain
Description: Class source
Class: Cipher Sweet
Encrypt data in away that can be searched
Author: By
Last change:
Date: 5 years ago
Size: 4,232 bytes
 

Contents

Class file image Download
<?php
namespace ParagonIE\CipherSweet;

use
ParagonIE\CipherSweet\Backend\FIPSCrypto;
use
ParagonIE\CipherSweet\Backend\Key\SymmetricKey;
use
ParagonIE\CipherSweet\Backend\ModernCrypto;
use
ParagonIE\CipherSweet\Contract\BackendInterface;
use
ParagonIE\CipherSweet\Contract\KeyProviderInterface;
use
ParagonIE\CipherSweet\Exception\CryptoOperationException;
use
ParagonIE_Sodium_Compat as SodiumCompat;

/**
 * Class CipherSweet
 * @package ParagonIE\CipherSweet
 */
final class CipherSweet
{
   
/*
     * These domain separation constants has a hamming distance of 4 from each
     * other, for each byte.
     */
   
const DS_BIDX = "\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E\x7E";
    const
DS_FENC = "\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4\xB4";

   
/**
     * @var BackendInterface $backend
     */
   
private $backend;

   
/**
     * @var KeyProviderInterface $keyProvider
     */
   
private $keyProvider;

   
/**
     * CipherSweet constructor.
     *
     * @param KeyProviderInterface $keyProvider
     * @param BackendInterface|null $backend
     */
   
public function __construct(
       
KeyProviderInterface $keyProvider,
       
BackendInterface $backend = null
   
) {
       
$this->keyProvider = $keyProvider;
        if (\
is_null($backend)) {
           
$backend = $this->keyProvider->getBackend();
        }
       
$this->backend = $backend;
    }

   
/**
     * @return BackendInterface
     */
   
public function getBackend()
    {
        return
$this->backend;
    }

   
/**
     * @param string $tableName
     * @param string $fieldName
     * @param string $indexName
     * @return string
     */
   
public function getIndexTypeColumn(
       
$tableName,
       
$fieldName,
       
$indexName
   
) {
        return
$this->backend->getIndexTypeColumn(
           
$tableName,
           
$fieldName,
           
$indexName
       
);
    }

   
/**
     * Get the root key for calculating blind index keys for a given
     * EncryptedField instance.
     *
     * Uses a 32 byte prefix for the HKDF "info" parameter, for domain
     * separation.
     *
     * @param string $tableName
     * @param string $fieldName
     *
     * @return SymmetricKey
     * @throws CryptoOperationException
     */
   
public function getBlindIndexRootKey($tableName, $fieldName)
    {
        return new
SymmetricKey(
           
$this->backend,
           
Util::HKDF(
               
$this->keyProvider->getSymmetricKey(),
               
$tableName,
               
self::DS_BIDX . $fieldName
           
)
        );
    }

   
/**
     * Get the per-field encryption key.
     *
     * Uses a 32 byte prefix for the HKDF "info" parameter, for domain
     * separation.
     *
     * @param string $tableName
     * @param string $fieldName
     *
     * @return SymmetricKey
     * @throws CryptoOperationException
     */
   
public function getFieldSymmetricKey($tableName, $fieldName)
    {
        return new
SymmetricKey(
           
$this->backend,
           
Util::HKDF(
               
$this->keyProvider->getSymmetricKey(),
               
$tableName,
               
self::DS_FENC . $fieldName
           
)
        );
    }

   
/**
     * Return the default backend for a given environment. Note that the
     * stability of the result of this static method should not be depended on.
     *
     * @return BackendInterface
     */
   
public static function getDefaultBackend()
    {
        if (
SodiumCompat::crypto_pwhash_is_available()) {
            if (
PHP_VERSION_ID >= 70000 && \extension_loaded('sodium')) {
                return new
ModernCrypto();
            }
            if (
PHP_VERSION_ID >= 70000 && \extension_loaded('libsodium')) {
               
// This is a little weird but OK
               
return new ModernCrypto();
            }
            if (
PHP_VERSION_ID < 70000 && \extension_loaded('libsodium')) {
                return new
ModernCrypto();
            }
        }
       
// FIPS mode will always work... but it only uses FIPS algorithms.
       
return new FIPSCrypto();
    }
}