OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	10/04/2024 04:50:48 AM	rwxr-xr-x
📄 AbstractCryptoClient.php	4.11 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AbstractCryptoClientV2.php	4 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesDecryptingStream.php	3.65 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesEncryptingStream.php	3.83 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesGcmDecryptingStream.php	2.81 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesGcmEncryptingStream.php	3.02 KB	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesStreamInterface.php	686 bytes	08/14/2024 07:58:29 AM	rw-r--r--
📄 AesStreamInterfaceV2.php	759 bytes	08/14/2024 07:58:29 AM	rw-r--r--
📁 Cipher	-	08/14/2024 08:00:33 AM	rwxr-xr-x
📄 DecryptionTrait.php	6.13 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 DecryptionTraitV2.php	9.28 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 EncryptionTrait.php	7.1 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 EncryptionTraitV2.php	7.29 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 KmsMaterialsProvider.php	4.01 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 KmsMaterialsProviderV2.php	3.53 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MaterialsProvider.php	3.33 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MaterialsProviderInterface.php	1.87 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MaterialsProviderInterfaceV2.php	1.72 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MaterialsProviderV2.php	2.07 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MetadataEnvelope.php	1.7 KB	08/14/2024 07:58:30 AM	rw-r--r--
📄 MetadataStrategyInterface.php	1 KB	08/14/2024 07:58:30 AM	rw-r--r--
📁 Polyfill	-	08/14/2024 08:00:33 AM	rwxr-xr-x

Editing: EncryptionTrait.php

<?php
namespace Aws\Crypto;

use GuzzleHttp\Psr7;
use GuzzleHttp\Psr7\AppendStream;
use GuzzleHttp\Psr7\Stream;

trait EncryptionTrait
{
    private static $allowedOptions = [
        'Cipher' => true,
        'KeySize' => true,
        'Aad' => true,
    ];

/**
     * Dependency to generate a CipherMethod from a set of inputs for loading
     * in to an AesEncryptingStream.
     *
     * @param string $cipherName Name of the cipher to generate for encrypting.
     * @param string $iv Base Initialization Vector for the cipher.
     * @param int $keySize Size of the encryption key, in bits, that will be
     *                     used.
     *
     * @return Cipher\CipherMethod
     *
     * @internal
     */
    abstract protected function buildCipherMethod($cipherName, $iv, $keySize);

/**
     * Builds an AesStreamInterface and populates encryption metadata into the
     * supplied envelope.
     *
     * @param Stream $plaintext Plain-text data to be encrypted using the
     *                          materials, algorithm, and data provided.
     * @param array $cipherOptions Options for use in determining the cipher to
     *                             be used for encrypting data.
     * @param MaterialsProvider $provider A provider to supply and encrypt
     *                                    materials used in encryption.
     * @param MetadataEnvelope $envelope A storage envelope for encryption
     *                                   metadata to be added to.
     *
     * @return AesStreamInterface
     *
     * @throws \InvalidArgumentException Thrown when a value in $cipherOptions
     *                                   is not valid.
     *
     * @internal
     */
    public function encrypt(
        Stream $plaintext,
        array $cipherOptions,
        MaterialsProvider $provider,
        MetadataEnvelope $envelope
    ) {
        $materialsDescription = $provider->getMaterialsDescription();

$cipherOptions = array_intersect_key(
            $cipherOptions,
            self::$allowedOptions
        );

if (empty($cipherOptions['Cipher'])) {
            throw new \InvalidArgumentException('An encryption cipher must be'
                . ' specified in the "cipher_options".');
        }

if (!self::isSupportedCipher($cipherOptions['Cipher'])) {
            throw new \InvalidArgumentException('The cipher requested is not'
                . ' supported by the SDK.');
        }

if (empty($cipherOptions['KeySize'])) {
            $cipherOptions['KeySize'] = 256;
        }
        if (!is_int($cipherOptions['KeySize'])) {
            throw new \InvalidArgumentException('The cipher "KeySize" must be'
                . ' an integer.');
        }

if (!MaterialsProvider::isSupportedKeySize(
            $cipherOptions['KeySize']
        )) {
            throw new \InvalidArgumentException('The cipher "KeySize" requested'
                . ' is not supported by AES (128, 192, or 256).');
        }

$cipherOptions['Iv'] = $provider->generateIv(
            $this->getCipherOpenSslName(
                $cipherOptions['Cipher'],
                $cipherOptions['KeySize']
            )
        );

$cek = $provider->generateCek($cipherOptions['KeySize']);

list($encryptingStream, $aesName) = $this->getEncryptingStream(
            $plaintext,
            $cek,
            $cipherOptions
        );

// Populate envelope data
        $envelope[MetadataEnvelope::CONTENT_KEY_V2_HEADER] =
            $provider->encryptCek(
                $cek,
                $materialsDescription
            );
        unset($cek);

$envelope[MetadataEnvelope::IV_HEADER] =
            base64_encode($cipherOptions['Iv']);
        $envelope[MetadataEnvelope::KEY_WRAP_ALGORITHM_HEADER] =
            $provider->getWrapAlgorithmName();
        $envelope[MetadataEnvelope::CONTENT_CRYPTO_SCHEME_HEADER] = $aesName;
        $envelope[MetadataEnvelope::UNENCRYPTED_CONTENT_LENGTH_HEADER] =
            strlen($plaintext);
        $envelope[MetadataEnvelope::MATERIALS_DESCRIPTION_HEADER] =
            json_encode($materialsDescription);
        if (!empty($cipherOptions['Tag'])) {
            $envelope[MetadataEnvelope::CRYPTO_TAG_LENGTH_HEADER] =
                strlen($cipherOptions['Tag']) * 8;
        }

return $encryptingStream;
    }

/**
     * Generates a stream that wraps the plaintext with the proper cipher and
     * uses the content encryption key (CEK) to encrypt the data when read.
     *
     * @param Stream $plaintext Plain-text data to be encrypted using the
     *                          materials, algorithm, and data provided.
     * @param string $cek A content encryption key for use by the stream for
     *                    encrypting the plaintext data.
     * @param array $cipherOptions Options for use in determining the cipher to
     *                             be used for encrypting data.
     *
     * @return array returns an array with two elements as follows: [string, AesStreamInterface]
     *
     * @internal
     */
    protected function getEncryptingStream(
        Stream $plaintext,
        $cek,
        &$cipherOptions
    ) {
        switch ($cipherOptions['Cipher']) {
            case 'gcm':
                $cipherOptions['TagLength'] = 16;

$cipherTextStream = new AesGcmEncryptingStream(
                    $plaintext,
                    $cek,
                    $cipherOptions['Iv'],
                    $cipherOptions['Aad'] = isset($cipherOptions['Aad'])
                        ? $cipherOptions['Aad']
                        : '',
                    $cipherOptions['TagLength'],
                    $cipherOptions['KeySize']
                );

if (!empty($cipherOptions['Aad'])) {
                    trigger_error("'Aad' has been supplied for content encryption"
                        . " with " . $cipherTextStream->getAesName() . ". The"
                        . " PHP SDK encryption client can decrypt an object"
                        . " encrypted in this way, but other AWS SDKs may not be"
                        . " able to.", E_USER_WARNING);
                }

$appendStream = new AppendStream([
                    $cipherTextStream->createStream()
                ]);
                $cipherOptions['Tag'] = $cipherTextStream->getTag();
                $appendStream->addStream(Psr7\Utils::streamFor($cipherOptions['Tag']));
                return [$appendStream, $cipherTextStream->getAesName()];
            default:
                $cipherMethod = $this->buildCipherMethod(
                    $cipherOptions['Cipher'],
                    $cipherOptions['Iv'],
                    $cipherOptions['KeySize']
                );
                $cipherTextStream = new AesEncryptingStream(
                    $plaintext,
                    $cek,
                    $cipherMethod
                );
                return [$cipherTextStream, $cipherTextStream->getAesName()];
        }
    }
}