OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/19/2025 10:07:17 AM	rwxr-xr-x
📄 AbstractCryptoClient.php	4.11 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AbstractCryptoClientV2.php	4 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesDecryptingStream.php	3.65 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesEncryptingStream.php	3.83 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesGcmDecryptingStream.php	2.81 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesGcmEncryptingStream.php	3.02 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesStreamInterface.php	686 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📄 AesStreamInterfaceV2.php	759 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📁 Cipher	-	05/19/2025 10:07:16 AM	rwxr-xr-x
📄 DecryptionTrait.php	6.13 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 DecryptionTraitV2.php	9.28 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 EncryptionTrait.php	7.1 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 EncryptionTraitV2.php	7.29 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 KmsMaterialsProvider.php	4.01 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 KmsMaterialsProviderV2.php	3.53 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MaterialsProvider.php	3.33 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MaterialsProviderInterface.php	1.87 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MaterialsProviderInterfaceV2.php	1.72 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MaterialsProviderV2.php	2.07 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MetadataEnvelope.php	1.7 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 MetadataStrategyInterface.php	1 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 Polyfill	-	05/19/2025 10:07:16 AM	rwxr-xr-x

Editing: KmsMaterialsProviderV2.php

<?php
namespace Aws\Crypto;

use Aws\Exception\CryptoException;
use Aws\Kms\KmsClient;

/**
 * Uses KMS to supply materials for encrypting and decrypting data. This
 * V2 implementation should be used with the V2 encryption clients (i.e.
 * S3EncryptionClientV2).
 */
class KmsMaterialsProviderV2 extends MaterialsProviderV2 implements MaterialsProviderInterfaceV2
{
    const WRAP_ALGORITHM_NAME = 'kms+context';

private $kmsClient;
    private $kmsKeyId;

/**
     * @param KmsClient $kmsClient A KMS Client for use encrypting and
     *                             decrypting keys.
     * @param string $kmsKeyId The private KMS key id to be used for encrypting
     *                         and decrypting keys.
     */
    public function __construct(
        KmsClient $kmsClient,
        $kmsKeyId = null
    ) {
        $this->kmsClient = $kmsClient;
        $this->kmsKeyId = $kmsKeyId;
    }

/**
     * @inheritDoc
     */
    public function getWrapAlgorithmName()
    {
        return self::WRAP_ALGORITHM_NAME;
    }

/**
     * @inheritDoc
     */
    public function decryptCek($encryptedCek, $materialDescription, $options)
    {
        $params = [
            'CiphertextBlob' => $encryptedCek,
            'EncryptionContext' => $materialDescription
        ];
        if (empty($options['@KmsAllowDecryptWithAnyCmk'])) {
            if (empty($this->kmsKeyId)) {
                throw new CryptoException('KMS CMK ID was not specified and the'
                    . ' operation is not opted-in to attempting to use any valid'
                    . ' CMK it discovers. Please specify a CMK ID, or explicitly'
                    . ' enable attempts to use any valid KMS CMK with the'
                    . ' @KmsAllowDecryptWithAnyCmk option.');
            }
            $params['KeyId'] = $this->kmsKeyId;
        }

$result = $this->kmsClient->decrypt($params);
        return $result['Plaintext'];
    }

/**
     * @inheritDoc
     */
    public function generateCek($keySize, $context, $options)
    {
        if (empty($this->kmsKeyId)) {
            throw new CryptoException('A KMS key id is required for encryption'
                . ' with KMS keywrap. Use a KmsMaterialsProviderV2 that has been'
                . ' instantiated with a KMS key id.');
        }
        $options = array_change_key_case($options);
        if (!isset($options['@kmsencryptioncontext'])
            || !is_array($options['@kmsencryptioncontext'])
        ) {
            throw new CryptoException("'@KmsEncryptionContext' is a"
                . " required argument when using KmsMaterialsProviderV2, and"
                . " must be an associative array (or empty array).");
        }
        if (isset($options['@kmsencryptioncontext']['aws:x-amz-cek-alg'])) {
            throw new CryptoException("Conflict in reserved @KmsEncryptionContext"
                . " key aws:x-amz-cek-alg. This value is reserved for the S3"
                . " Encryption Client and cannot be set by the user.");
        }
        $context = array_merge($options['@kmsencryptioncontext'], $context);
        $result = $this->kmsClient->generateDataKey([
            'KeyId' => $this->kmsKeyId,
            'KeySpec' => "AES_{$keySize}",
            'EncryptionContext' => $context
        ]);
        return [
            'Plaintext' => $result['Plaintext'],
            'Ciphertext' => base64_encode($result['CiphertextBlob']),
            'UpdatedContext' => $context
        ];
    }
}