1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<?php
namespace Aws\Crypto;
use Aws\Crypto\Cipher\CipherMethod;
use GuzzleHttp\Psr7\Stream;
/**
* @internal
*/
abstract class AbstractCryptoClientV2
{
public static $supportedCiphers = ['gcm'];
public static $supportedKeyWraps = [
KmsMaterialsProviderV2::WRAP_ALGORITHM_NAME
];
public static $supportedSecurityProfiles = ['V2', 'V2_AND_LEGACY'];
public static $legacySecurityProfiles = ['V2_AND_LEGACY'];
/**
* Returns if the passed cipher name is supported for encryption by the SDK.
*
* @param string $cipherName The name of a cipher to verify is registered.
*
* @return bool If the cipher passed is in our supported list.
*/
public static function isSupportedCipher($cipherName)
{
return in_array($cipherName, self::$supportedCiphers, true);
}
/**
* Returns an identifier recognizable by `openssl_*` functions, such as
* `aes-256-gcm`
*
* @param string $cipherName Name of the cipher being used for encrypting
* or decrypting.
* @param int $keySize Size of the encryption key, in bits, that will be
* used.
*
* @return string
*/
abstract protected function getCipherOpenSslName($cipherName, $keySize);
/**
* Constructs a CipherMethod for the given name, initialized with the other
* data passed for use in encrypting or decrypting.
*
* @param string $cipherName Name of the cipher to generate for encrypting.
* @param string $iv Base Initialization Vector for the cipher.
* @param int $keySize Size of the encryption key, in bits, that will be
* used.
*
* @return CipherMethod
*
* @internal
*/
abstract protected function buildCipherMethod($cipherName, $iv, $keySize);
/**
* Performs a reverse lookup to get the openssl_* cipher name from the
* AESName passed in from the MetadataEnvelope.
*
* @param $aesName
*
* @return string
*
* @internal
*/
abstract protected function getCipherFromAesName($aesName);
/**
* Dependency to provide an interface for building an encryption stream for
* data given cipher details, metadata, and materials to do so.
*
* @param Stream $plaintext Plain-text data to be encrypted using the
* materials, algorithm, and data provided.
* @param array $options Options for use in encryption.
* @param MaterialsProviderV2 $provider A provider to supply and encrypt
* materials used in encryption.
* @param MetadataEnvelope $envelope A storage envelope for encryption
* metadata to be added to.
*
* @return AesStreamInterface
*
* @internal
*/
abstract public function encrypt(
Stream $plaintext,
array $options,
MaterialsProviderV2 $provider,
MetadataEnvelope $envelope
);
/**
* Dependency to provide an interface for building a decryption stream for
* cipher text given metadata and materials to do so.
*
* @param string $cipherText Plain-text data to be decrypted using the
* materials, algorithm, and data provided.
* @param MaterialsProviderInterface $provider A provider to supply and encrypt
* materials used in encryption.
* @param MetadataEnvelope $envelope A storage envelope for encryption
* metadata to be read from.
* @param array $options Options used for decryption.
*
* @return AesStreamInterface
*
* @internal
*/
abstract public function decrypt(
$cipherText,
MaterialsProviderInterfaceV2 $provider,
MetadataEnvelope $envelope,
array $options = []
);
}
|
