symfony
diff --git a/‎src/Symfony/Component/Encryption/EncryptionInterface.php
Copy file name to clipboard
+89Lines changed: 89 additions & 0 deletions b/‎src/Symfony/Component/Encryption/EncryptionInterface.php
Copy file name to clipboard
+89Lines changed: 89 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/Exception/InvalidKeyException.php
Copy file name to clipboard
+27Lines changed: 27 additions & 0 deletions b/‎src/Symfony/Component/Encryption/Exception/InvalidKeyException.php
Copy file name to clipboard
+27Lines changed: 27 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/KeyInterface.php
Copy file name to clipboard
+45Lines changed: 45 additions & 0 deletions b/‎src/Symfony/Component/Encryption/KeyInterface.php
Copy file name to clipboard
+45Lines changed: 45 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/Sodium/SodiumEncryption.php
Copy file name to clipboard
+126Lines changed: 126 additions & 0 deletions b/‎src/Symfony/Component/Encryption/Sodium/SodiumEncryption.php
Copy file name to clipboard
+126Lines changed: 126 additions & 0 deletions
@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption;
+
+use Symfony\Component\Encryption\Exception\DecryptionException;
+use Symfony\Component\Encryption\Exception\EncryptionException;
+
+/**
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ */
+interface EncryptionInterface
+{
+    /**
+     * Generates new a Key to be used with encryption.
+     *
+     * Don't lose your private key and make sure to keep it a secret.
+     *
+     * @throws EncryptionException
+     */
+    public function generateKey(): KeyInterface;
+
+    /**
+     * Get an encrypted version of the message.
+     *
+     * Symmetric encryption uses the same key to encrypt and decrypt a message.
+     * The key should be kept safe and should not be exposed to the public. Symmetric
+     * encryption should be used when you are not sending the encrypted message to
+     * anyone else.
+     *
+     * Example: You store a value on disk or in a cookie and don't want anyone else
+     * to read it.
+     *
+     * Symmetric encryption is in theory weaker than asymmetric encryption.
+     *
+     * @param string $message plain text version of the message
+     *
+     * @return string the output
+     *
+     * @throws EncryptionException
+     */
+    public function encrypt(string $message, KeyInterface $myKey): string;
+
+    /**
+     * Get an encrypted version of the message that only the recipient can read.
+     *
+     * Asymmetric encryption uses a "key pair" ie a public key and a private key.
+     * It is safe to share your public key, but the private key should always be
+     * kept a secret.
+     *
+     * When Alice and Bob wants to communicate they share their public keys with
+     * each other. Alice will encrypt a message with bobs public key. When Bob
+     * receive the message, he will decrypt it with his private key.
+     */
+    public function encryptFor(string $message, KeyInterface $recipientKey): string;
+
+    /**
+     * Get an encrypted version of the message that only the recipient can read.
+     * The recipient can also verify who sent the message
+     *
+     * Asymmetric encryption uses a "key pair" ie a public key and a private key.
+     * It is safe to share your public key, but the private key should always be
+     * kept a secret.
+     *
+     * When Alice and Bob wants to communicate they share their public keys with
+     * each other. Alice will encrypt a message with keypair [ alice_private, bob_public ].
+     * When Bob receive the message, he will decrypt it with keypair [ bob_private, alice_public ].
+     */
+    public function encryptForAndSign(string $message, KeyInterface $keypair): string;
+
+    /**
+     * Get a plain text version of the encrypted message.
+     *
+     * @param string $message encrypted version of the message
+     *
+     * @throws DecryptionException
+     */
+    public function decrypt(string $message, KeyInterface $key): string;
+}
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Thrown when a message cannot be encrypted.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ */
+class InvalidKeyException extends \RuntimeException implements ExceptionInterface
+{
+    public function __construct($message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'This key is not valid.', 0, $previous);
+    }
+}
@@ -0,0 +1,45 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption;
+
+use Symfony\Component\Encryption\Exception\DecryptionException;
+use Symfony\Component\Encryption\Exception\EncryptionException;
+
+/**
+ * A Key for a specific user and specific Encryption implementation. Keys cannot
+ * be shared between Encryption implementations.
+ *
+ * A Key is always serializable.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ */
+interface KeyInterface
+{
+    /**
+     * Returns a string to be stored in a safe place
+     */
+    public function toString(): string;
+
+    /**
+     * Creates a Key from stored data
+     */
+    public function fromString(string $string): self;
+
+    /**
+     * Get the public key from this Key. Not all Keys have a public key.
+     *
+     * The public key can be shared.
+     */
+    public function getPublicKey(): ?string;
+}
@@ -0,0 +1,126 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Sodium;
+
+use Symfony\Component\Encryption\AsymmetricEncryptionInterface;
+use Symfony\Component\Encryption\EncryptionInterface;
+use Symfony\Component\Encryption\Exception\DecryptionException;
+use Symfony\Component\Encryption\Exception\EncryptionException;
+use Symfony\Component\Encryption\Exception\InvalidArgumentException;
+use Symfony\Component\Encryption\Exception\InvalidKeyException;
+use Symfony\Component\Encryption\Exception\SignatureVerificationRequiredException;
+use Symfony\Component\Encryption\Exception\UnsupportedAlgorithmException;
+use Symfony\Component\Encryption\Ciphertext;
+use Symfony\Component\Encryption\KeyInterface;
+use Symfony\Component\Encryption\SymmetricEncryptionInterface;
+
+/**
+ * Using the Sodium extension to safely encrypt your data.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ */
+final class SodiumEncryption implements EncryptionInterface
+{
+    public function generateKey(): KeyInterface
+    {
+        return SodiumKey::create(sodium_crypto_secretbox_keygen(), sodium_crypto_box_keypair());
+    }
+
+    public function encrypt(string $message, KeyInterface $myKey): string
+    {
+        if (!$myKey instanceof SodiumKey) {
+            throw new InvalidKeyException();
+        }
+
+        $nonce = random_bytes(\SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+        try {
+            $ciphertext = sodium_crypto_secretbox($message, $nonce, $myKey->getSecret());
+        } catch (\SodiumException $exception) {
+            throw new EncryptionException('Failed to encrypt message.', $exception);
+        }
+
+        return Ciphertext::create('sodium_secretbox', $ciphertext, $nonce)->getString();
+    }
+
+    public function encryptFor(string $message, KeyInterface $recipientKey): string
+    {
+        if (!$recipientKey instanceof SodiumKey) {
+            throw new InvalidKeyException();
+        }
+
+        try {
+            if (null === $publicKey = $recipientKey->getPublicKey()) {
+                throw new InvalidKeyException('This key does not have a public key. Who should we encrypt this message for?');
+            }
+
+            $ciphertext = sodium_crypto_box_seal($message, $publicKey);
+        } catch (\SodiumException $exception) {
+            throw new EncryptionException('Failed to encrypt message.', $exception);
+        }
+
+        return Ciphertext::create('sodium_crypto_box_seal', $ciphertext, random_bytes(\SODIUM_CRYPTO_BOX_NONCEBYTES))->getString();
+    }
+
+    public function encryptForAndSign(string $message, KeyInterface $keypair): string
+    {
+        if (!$keypair instanceof SodiumKey) {
+            throw new InvalidKeyException();
+        }
+
+        try {
+            if (null === $publicKey = $keypair->getPublicKey()) {
+                throw new InvalidKeyException('This key does not have a public key. Who should we encrypt this message for?');
+            }
+
+            $nonce = random_bytes(\SODIUM_CRYPTO_BOX_NONCEBYTES);
+            $ciphertext = sodium_crypto_box($message, $nonce, $keypair->getKeypair());
+        } catch (\SodiumException $exception) {
+            throw new EncryptionException('Failed to encrypt message.', $exception);
+        }
+
+        return Ciphertext::create('sodium_crypto_box', $ciphertext, $nonce)->getString();
+    }
+
+    public function decrypt(string $message, KeyInterface $key): string
+    {
+        if (!$key instanceof SodiumKey) {
+            throw new InvalidKeyException();
+        }
+
+        $ciphertext = Ciphertext::parse($message);
+        $algorithm = $ciphertext->getAlgorithm();
+        $payload = $ciphertext->getPayload();
+        $nonce = $ciphertext->getNonce();
+
+        try {
+            if ('sodium_crypto_box_seal' === $algorithm) {
+                $output = sodium_crypto_box_seal_open($payload, $key->getKeypair());
+            } elseif ('sodium_crypto_box' === $algorithm) {
+                $output = sodium_crypto_box_open($payload, $nonce, $key->getKeypair());
+            } elseif ('sodium_secretbox' === $algorithm) {
+                $output = sodium_crypto_secretbox_open($payload, $nonce, $key->getSecret());
+            } else {
+                throw new UnsupportedAlgorithmException($algorithm);
+            }
+        } catch (\SodiumException $exception) {
+            throw new DecryptionException(sprintf('Failed to decrypt message with algorithm "%s".', $algorithm), $exception);
+        }
+
+        if (false === $output) {
+            throw new DecryptionException();
+        }
+
+        return $output;
+    }
+}