php - intermittent openssl_decrypt error (IV of precisely 16 bytes)

View Original

one text

I am receiving the following error when on decrypting certain data.

openssl_decrypt(): IV passed is only 12 bytes long, cipher expects an IV of precisely 16 bytes

I am also seeing the warning: hash_equals(): Expected known_string to be a string, boolean given.. perhaps some corrupted data.

I recently decrypted from mcrypt and re-encrypted with openssl (this code). I see I should be passing OPENSSL_RAW_DATA

here is my class:

    class AES{

        function __construct() {
            $this->aes_256_cbc = 'aes-256-cbc';     
        }

        function __destruct() {}    
        
        function encrypt($data,$passphrase){
            $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->aes_256_cbc));
            $dataEncrRaw = openssl_encrypt($data, $this->aes_256_cbc, $passphrase, 0, $iv);
            $hmac = hash_hmac('sha256', $dataEncrRaw, $passphrase, $as_binary=true);        
            return base64_encode( $iv.$hmac.$dataEncrRaw );
        }

        function decrypt($dataEncr,$passphrase){
            $data = '';
            $dataEncr = base64_decode($dataEncr);
            $ivlen = openssl_cipher_iv_length($cipher=$this->aes_256_cbc);

            $iv=substr($dataEncr,0,$ivlen);
            $hmac = substr($dataEncr, $ivlen, $sha2len=32);             
            $dataEncrRaw=substr($dataEncr,$ivlen+$sha2len);
                                    
            $dataPlainText = openssl_decrypt($dataEncrRaw, $this->aes_256_cbc, $passphrase, 0, $iv);
            $calcmac = hash_hmac('sha256', $dataEncrRaw, $passphrase, $as_binary=true);
            if (hash_equals($hmac, $calcmac)){
                $data=$dataPlainText;
            }           
            return $data;
        }
    }

Thanks, Drew

Source
© 2021
E-mail: contact@webdevask.com
Back to top