Libsodium解密返回空响应

时间:2019-06-13 17:38:29

标签: php laravel cryptography libsodium

我无法让Libsodium解密我从Webhook收到的响应,但是openssl_decrypt可以。我没有收到错误,但结果一直是空白,这意味着我必须做错了什么。

我想通过OpenSSL使用Libsodium的原因是它更可靠。在高流量的情况下,openssl_decrypt变得非常不可靠。

这是我的代码:

public function webhook(Request $request) {

    $psp = new Psp();
    $transaction_state = new \stdClass();
    $transaction_state->state = 'Live';

    $key_from_configuration = 'B46FAC78301751BCB489AC6D878877CA9AD8A71278DA777DD91B1AAB82135817';
    $iv_from_http_header = $request->header('x-initialization-vector');
    $auth_tag_from_http_header = $request->header('x-authentication-tag');
    $http_body = file_get_contents('php://input');

    $key = hex2bin($key_from_configuration);
    $iv = hex2bin($iv_from_http_header);
    $auth_tag = hex2bin($auth_tag_from_http_header);
    $cipher_text = hex2bin($http_body.$auth_tag_from_http_header);

    // This works when $cipher_text = hex2bin($http_body)
    $result = openssl_decrypt($cipher_text, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $auth_tag);

    // This does not work. According to the webhook docs, $cipher_text has to equal hex2bin($http_body.$auth_tag_from_http_header);
    $result = sodium_crypto_aead_aes256gcm_decrypt($cipher_text, NULL, $iv, $key);

    Storage::put('json.txt', $result);
}

webhook的文档并不是很好,它们的示例是PHP v7.1之前的版本。这是他们的示例代码...

<?php
/* Php 7.1 or later */
    $key_from_configuration = "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f";
    $iv_from_http_header = "000000000000000000000000";
    $auth_tag_from_http_header = "CE573FB7A41AB78E743180DC83FF09BD";
    $http_body = "0A3471C72D9BE49A8520F79C66BBD9A12FF9";

    $key = hex2bin($key_from_configuration);
    $iv = hex2bin($iv_from_http_header);
    $auth_tag = hex2bin($auth_tag_from_http_header);
    $cipher_text = hex2bin($http_body);

    $result = openssl_decrypt($cipher_text, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $auth_tag);
    print($result);

/* Php prior to 7.1 */
    /* Please refer Using Libsodium in PHP Projects */
    $key_from_configuration = "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f";
    $iv_from_http_header = "000000000000000000000000";
    $auth_tag_from_http_header = "CE573FB7A41AB78E743180DC83FF09BD";
    $http_body = "0A3471C72D9BE49A8520F79C66BBD9A12FF9";

    $key = hex2bin($key_from_configuration);
    $iv = hex2bin($iv_from_http_header);
    $cipher_text = hex2bin($http_body . $auth_tag_from_http_header);

    $result = \Sodium\crypto_aead_aes256gcm_decrypt($cipher_text, NULL, $iv, $key);
    print($result);
?>

编辑:真实世界的回应

Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: D71C4DE2ACEF0EEB40AEAA25
Auth Tag: CE27C16EA5A3D772DBB10A42C5DF99C9
Ciper: DA113CEBD4C6959DAA26B3A4FF4F66B8D403FF6042900F725567FF426A77E7EB46927B574D334A1655C6F631F8096D9E3D889D859E372147017A052F1FC714AA9512E2EAAF1C5375AA0902982215FC6D2F29B112A877EF42D8D70353B0A24D651EE8CA2B224B9310A761EF767C810F1217CF31446C4DD6EA0864ED8F5E99BE6C573FE435333FBDB28A124C66EC44F5B44C0F4FD5D73444B85E1EB20B4F72B4A92D4723928F412231D4AD92381599268AF736D8849B4B3204408D4BD0BA4A386931D31B2A00983FA5BE8054126F34C9FFA1D898203BAB35EE586A5136469B9DBDA391594948F0E5CB066F9F9D69B1D4D6009A93227D172D43D9FCC936B1BD05F2D568B361CAF445FBA7FDFDF651AFD3AADA107C3D6D8A26284D003D29CAD4E111BE6ABBE3AF74AB1F19AAFF3CD7C8CE1F5270CCC9E849AC6D9C4030233EF33EAC8925F7E533395D4B8AF33EA2EB8E22FD138AACE48E9B8A4C7276A7474CA3BED7297E1BBCD2518229143198D9AF0BF987C0E53E4FC4E41149AEA8A1E59559B4ACEC481C67B4F962368A794C687EEBCE0A110CDF2C8FBE53AB3E9E4A8F04FACC783B9974236436828729EB95249B98CDB498CF2A81BBDEF712BD517A44654864B4E083BC8B9ECE153F87E107D55ED279C61313D6E8E8F1C5757E5CC330EEB8F165FACEFC616862FB7644BF0FE5A640DE9A5FD48408CD7EDB697BDD77DD09DE98EEEC7594D8B4B7BED07828B7F1AFB357E160B3844414BA8764BA06B8318ED82943FB3D270F9DAA415E3A35B1A2E1D2523177831BE2FE793416707C88E4A9CAC2FD787541B40CBB08BED5702A6229DAD4C81855AE014B1AFD42B84AFD13065DC2508B5B8C1345CDF787188F6ADA880ED6CBA5002B4241DE8E27BE368CF1D7D17AAE83926A5BD1EF4815A764FD39A8C7326FCA2D87A1C102CCB51F1504310AD7BEFC6DF1B5A7707196E504D6170E520198EBBB6F1026433F99A4A0AD593064E602E83C16F25D7484AE9EE00C4EBA51F23104DC2B071B88D71763B38CD5E0446E25D8D633408F28315C9B250CF5ACCAA83DE6EE793A0FFDB2DB13A66572A170A7DB70E5BA3B62A4241C5E162FBCD2DAC2072D853A45CDB67883CA61EB11552AB8E8CE0DAC7B30656B808631AED23FB6FE3C8DA738ADB4B18B5F450CD62182A86CAB520C22A53155B9644C6967F657F78A89A11E98475FD4E691B90FC49DE5CF499780491FE001EE22972FDEB14A18C5A28B97F67976E0B662CF80B0A7693272C175A1CEE65AB4C72A5F8BB125D79AE7C1E654A63AECB4AC559368DF5859FACC6982A28569FB1FD1799B6430FB7351D3CF2BB69A1C2BFE72FEB731699D0D48449B15E95A6EAD7E4AD99EF72820E942D806BF52F9FC18E3D523C1F0F0236611ABD3F46B74734E52B7CE9EBAF240C11454E21E10AFED954C5DB61EF9063935E237AB774934FE1C1E1BC6ACBC5BDE49C792B86635EAC9820680DD44B6F13C0A79CD3249825998C85142C5E3BC681FAE0B9648975446F9836A13E9BFC969D870B2166C62CB25A6802563C6228F284343967F61EEF958EC2CEA5BC7E7905D1A516376B6D66A6DD583F1ED0352DC3BAC491645969F67ED3FFDE9C59F858A334A545F46F710B07728C7658C2E5D8B853DF91DA9B4902C3754D14ABF38CEBFF6B0B495C8B84FE256D3237733CA0D4AD61F09CE2736EC3E710C64372C94030B520B843384B4CB255BF3B76803DB754530A5B63BD20F5B786BFDED980015F9EE7F13376DECDD4FB5DF57459A8E5CAE76AF2F1A21A0C596A8246A1934FCFF5BC087D0EB4A07E7F4E0BF8E79214453110B123DB94D84A76C40199C3CFFE0D9087A59C795ADAAE49315F9AEAF48E79D30313D74B9CDDADD572857491E56EB08B020A0F68186FF28008A7E42FE9815DEE15D785AB094E0CEC12548406616D8FF08C2DDF19712929348ABFB8C1B56A23C29FAB9C4AD7F608ADA5BBC13B97E34C36B3E0E15A5D0D1E932BC7AFB239AB608ED8E60C539EEE06399FC7956E3C2DFA760627F9E98E3AE83B4C399E589410A72F05B1D90C9F839B477AE91C29D3E3925341DD3AD201176C7B22D58387C3E2DD7C920D1C900E254AE351C19EA6EE7350E2B4B1E287A8A35C3D0644F7DA83B252ADA4884473728418D6942AD60209A0899DA0B9246F9D937CAD009F1C82C1D15C31B1BEFE49CBC4273CF7882EB56B6D886969399733E1078A5376509DBAB8714EC44FF1307A380FE39CD58011AA6076CCB3FFA732429DFE5B48DBADB3CAF70D3B9A376C01CC38C3408C448BAC232555666157EB7FD0F2210C6E2586D80814E0E2AA9DDAD42C0EC0E4362726ACCF747987D7EC876030C352D10BBF16D845006AABB27CE4BDDDA28BEF4CB1932AD1CB2C839B8B41C692C4ECB666073D6C1AF8F1E7889FCA3BD53DA33E055413EE00E74C2131377DC980B2B66CC38C15A4BC21A4FE1E7093C7DF11DF534EE3FE702211FA02941E2F4FE8D68DBFD616A3978574C67302E5E1B05377DBCA080DEFCE218CEFC3DA5CEEC703D040BE2FCE2DE6CEB6B73845C65B627A5FAD0CF519016B80E1B9B2A41CE976DF75CD554FF356599469EBA4C06FFE4AD5CA56226CE3475FC02EAC07B7BDD4384CB02B5FA28DB094041B0DBD708681841E97F70A910CFA3267E0AA3608E0CD33E65A6F4F2C31AD48D74C64C4E51E8A327882439894A49EC4FBE2175076255D0053B7E4C2DD938937CC3820F44306EC087D3A38DE7D994D7265B491058036206D3A7C2654E9DA569E54DAE951E339C6A8F8BA1F1F179A83025EF8C207182DD7344399463B99B3991504447E353D02AF3359769CA10D6D0AB1870FB9D9BD9EA9F73A4A0A60008BF5150F0A1EEB7A7A2AB888EE8709C767CEC7F0FD2FF8A140B92E26615EECDC58EFD9DFE4EEB49EC9494D75A01A629554EBD2EBF183C12679CD3CEE09BB02ED7D4DC2D623AB3C965D2F6034D266A311CBFB8C8D4A1526A039E592944C6227AC276ED78D2259AC5F2B07D7C6FC02D29540D01136F91693005ACFD5DBAD06FF7E88434D73B3D1FB59D16E4B0EC5020D07567CF962F8437BDF365E601EC76CFD405D3A6FD4E3EE0A5044AA294AFAEAA26449E4C5BDD5A3610BF6F94DFBD4C415D


Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: 8C7A8CA57FA6EC8B78EFB4AE
Auth Tag: E2A22DA77F0C508403816A802AE00CEF
Ciper: 179DB919FBD81E8B3436724479F81CE83B4E6CBE41BCF585FD56C89C9B292BD7B140AE2582B456ED3990FDF2C2D02D3E46028185AF0271C54E089807D6C95B05F6D824BF8BF4DAA4B9423BD5688F19DDC3D592F67908C7F9DE03112422318A1C8E83247ACF7FA6D36C96995D1FE6C95696857C5E1F1F4B13D508ADD58DC3C14C000C7E23AFC677D10901CD19A0DCCBC19C87F80660E1C986DE0A258578B5105B9952FB2A59015BE7D6DC84095529A21E67EEE8DA29E8C7920862C5F729616C2EF4F7949E9E6529E29C49D26054B3234DA7501C18E7818CF8AA5CA1335A02438F0090BE9D22B1C5576535E9B2DF58765EDD0FBA629A86B8B9E0D2074EA5A0D5F2275CCF9EDAABF77C2E1CE1B74FCAC4F70991CB32F4309DBD59157D199F65B6FA84410C305F4DBD21288BD23A3A0A925F24F387C4F7B1527D5D9CDEE2B52090614D779DD0C4ED64ADDB395BAA5468B35889A0881D217F430681EE749DE0ABF8FCFA203CACB636A8A193EA716D503F8E60AE510A47A91B9A246528A89B665F18321F29AA3B3F0CA1952890ED562351EB3B20F71169872C44DDE54B71B79526A392EDF5941F88B8878525F002E1CCCC18E002C4EE779942931BD0AE4192497532F48939F3F4531EF2DDBD0893C79D060010D3C4943F71515D0BCDDE9AA497ACF8453325EC831F2269E16830BEF96D2B791F7570AF0313D7C35B8B1D69F7E1A127E110101A32B1B5669F51A07957A0968C7DE3A7294EED68B0EB661AFBB2384173D404708414731C4AC08C47FF128FAAA0E89C33B8BE9082B97C7A205989915489FC186D6931CE5A48A3E666D23A4BB0C37A07456037BD2EB9924FA714D149933B828BF1F74A7A6EA22979FAF7CE6F03247ED931656EFCDB891A2C7D781759FA9176D34E1244B9133297D42E8E3E3BAA066B218D5431C9CEA593ABD79E821A75634D13E0EAA50A626695AD6BC8DCA94812D4A44B90584803D6822F7BAB3C806454F7A88D1ADCE4D31F28914EEADD0E05F82BCB5E75503EF79E05ED3B0550B5D57A632226E9312232C6D1BE4B42D9


Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: 34227A5F7EF770D06AFF5802
Auth Tag: 0378EEE7AD576220256882D6084A4EAA
Ciper: 3B28A15C7103AB068A191618863C267E65A07AB9882BE0EF20CF32C137509D30E8066E26C7C2CE2C3F4DE2FB86E3A5409A90D2E772790434A789274ACCA93960CB65BF93066FC7D53CF7C74E8DEFE43A9DFB918F3F7109BF17F01C7378D44F24B78B15B8905DB06525A00135037B5B52E4F899D10111F3A2EBCA49A17C5272F98F97971051DCE89EBAF8412A585FE38B53DF4DEA2A9944CDAD2834F079A49F4247507253FD6AD769AB53F5C2B809B71C303D02E4321FD7A28F918FB4C0CF7963C2437D14A3273DDAB98231B15634D9E143D623B850FB8B8803717B4FDC647063C939DF677F6E90308F3824448179326C2C5AA1A2406B13F048BF908502D613DC1F2043D1A9AF13571287C8F4B98B5CE31E54D8E7BB0D963E451A5C0B9C2226B95967FCCA5AD754788C9F75080D458785B77AA6647A12F49FD07D7C3EFA79C6145E61AD101F3427920288891E6BFD05289D98CE030D5CCCDC55016A231B60E118127AFA49B9DB1FFD413DEFCEE72CD1361580F969811EA5AA31E4F5C095C5D12038D1BADDF1A6605B05EE4BF4009929E44F24017DD64D59B75381458BAC548BBDFC2F2AEF7CAE79A8EE0524747B69DD8C257521ED43CE4F9EBCCF2ADF7F708B53764177B49FFD8D8311F47A015A77FF2B2913F781C86C2E5D5ACBE866E18F6E859A118980DACAF3880722F95B75584B0B5171B8BC42309FD58C09F459818E33E49064D9436A6BD4F2F0E13EBBB2465C407711E6C9F2B47FE958B867A5AE433D7BBB164EBD847675480A1275093A1339C921EF527519B41550FF34B7BBB1EBD2DC4A1EC1A5DD3067D0BFC27AB5B527DC7BD388A66C1EBF4CAE403976834174E4681B66DFF867FAB023EC88567A60D8235ED8A0F55EEFF48602E9826C762E47B4441B18C378B529FFF002AEE98497974EA916699FD511C3D0FBE1FB4A6FA2721F3B614F9DFF2592CEF21CB25CE8057326AE6ECE484367B5EDBEF91424FD599F731B316626C51728A045FC2C7F1D01

1 个答案:

答案 0 :(得分:0)

您的简化示例,同时使用OpenSSL和Libsodium,产生相同的输出:

$key   = hex2bin("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f");
$nonce = hex2bin("000000000000000000000000");
$tag   = hex2bin("CE573FB7A41AB78E743180DC83FF09BD");
$ciphertext = hex2bin("0A3471C72D9BE49A8520F79C66BBD9A12FF9");

$msg = openssl_decrypt($ciphertext, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $nonce, $tag);
assert($msg === '{"type":"PAYMENT"}');

$msg = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $tag, NULL, $nonce, $key);
assert($msg === '{"type":"PAYMENT"}');

更新:使用您的真实数据:

$key   = hex2bin("282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B");
$nonce = hex2bin("34227A5F7EF770D06AFF5802");
$tag   = hex2bin("0378EEE7AD576220256882D6084A4EAA");
$ciphertext = hex2bin("3B28A15C7103AB068A191618863C267E65A07AB9882BE0EF20CF32C137509D30E8066E26C7C2CE2C3F4DE2FB86E3A5409A90D2E772790434A789274ACCA93960CB65BF93066FC7D53CF7C74E8DEFE43A9DFB918F3F7109BF17F01C7378D44F24B78B15B8905DB06525A00135037B5B52E4F899D10111F3A2EBCA49A17C5272F98F97971051DCE89EBAF8412A585FE38B53DF4DEA2A9944CDAD2834F079A49F4247507253FD6AD769AB53F5C2B809B71C303D02E4321FD7A28F918FB4C0CF7963C2437D14A3273DDAB98231B15634D9E143D623B850FB8B8803717B4FDC647063C939DF677F6E90308F3824448179326C2C5AA1A2406B13F048BF908502D613DC1F2043D1A9AF13571287C8F4B98B5CE31E54D8E7BB0D963E451A5C0B9C2226B95967FCCA5AD754788C9F75080D458785B77AA6647A12F49FD07D7C3EFA79C6145E61AD101F3427920288891E6BFD05289D98CE030D5CCCDC55016A231B60E118127AFA49B9DB1FFD413DEFCEE72CD1361580F969811EA5AA31E4F5C095C5D12038D1BADDF1A6605B05EE4BF4009929E44F24017DD64D59B75381458BAC548BBDFC2F2AEF7CAE79A8EE0524747B69DD8C257521ED43CE4F9EBCCF2ADF7F708B53764177B49FFD8D8311F47A015A77FF2B2913F781C86C2E5D5ACBE866E18F6E859A118980DACAF3880722F95B75584B0B5171B8BC42309FD58C09F459818E33E49064D9436A6BD4F2F0E13EBBB2465C407711E6C9F2B47FE958B867A5AE433D7BBB164EBD847675480A1275093A1339C921EF527519B41550FF34B7BBB1EBD2DC4A1EC1A5DD3067D0BFC27AB5B527DC7BD388A66C1EBF4CAE403976834174E4681B66DFF867FAB023EC88567A60D8235ED8A0F55EEFF48602E9826C762E47B4441B18C378B529FFF002AEE98497974EA916699FD511C3D0FBE1FB4A6FA2721F3B614F9DFF2592CEF21CB25CE8057326AE6ECE484367B5EDBEF91424FD599F731B316626C51728A045FC2C7F1D01");

$msg = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $tag, NULL, $nonce, $key);
var_dump($msg);

作为旁注,解码敏感数据时,应使用sodium_hex2bin()而不是hex2bin(),如果使用的是PECL libsodium扩展名,则sodium_crypto_aead_aes256gcm_decrypt_detached()可以提供密文和标签作为不同的参数,而不必将它们串联起来。