Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use gcm for encryption #365

Merged
merged 4 commits into from
Mar 28, 2024
Merged

Use gcm for encryption #365

merged 4 commits into from
Mar 28, 2024

Conversation

supercid
Copy link
Member

Description

Related Issue

Motivation and Context

How Has This Been Tested?

Documentation:

Checklist:

  • My code follows the code style of this project.
  • I have updated the documentation accordingly.
  • All new and existing tests passed.
  • I have assigned the correct milestone or created one if non-existent.
  • I have correctly labeled this pull request.
  • I have linked the corresponding issue in this description.
  • I have updated the corresponding Jira ticket.
  • I have requested a review from at least 2 reviewers
  • I have checked the base branch of this pull request
  • I have checked my code for any possible security vulnerabilities

@supercid supercid marked this pull request as draft March 25, 2024 13:36
leandroutn
leandroutn reviewed Mar 27, 2024
View reviewed changes
src/Helper/ExportHelper.php
$data = $iv . $cipherText;

return $data;
return $iv . $cipherText . $cipher->getTag();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💪🏼

@supercid supercid marked this pull request as ready for review March 27, 2024 20:33
leandroutn
leandroutn reviewed Mar 28, 2024
View reviewed changes
src/Helper/ExportHelper.php
{
//Check if phpseclib v3 is used
//needed for comaptibility with Magento 2.4 versions
if (class_exists("phpseclib3\Crypt\AES")) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, this selection between phpseclib3 and phpseclib is not needed anymore? aka: assured to be there?

leandroutn
leandroutn reviewed Mar 28, 2024
View reviewed changes
src/Helper/ExportHelper.php
}

$cipher = new AES('gcm');
$cipher->setKeyLength(256);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to be extra clear, let's also add $cipher->setTagLength(128);

leandroutn
leandroutn reviewed Mar 28, 2024
View reviewed changes
src/Helper/ExportHelper.php
$cipher->setKey($secret);
$cipher->setIV($iv);
$iv = Random::string(12);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: from the functionality perspective, looks good. I'd use constants for nonce and tag lengths

leandroutn
leandroutn approved these changes Mar 28, 2024
View reviewed changes
Copy link

@leandroutn leandroutn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@supercid supercid merged commit e4fc145 into develop Mar 28, 2024
7 checks passed
@supercid supercid deleted the fix/gcm branch March 28, 2024 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leandroutn leandroutn leandroutn approved these changes

@iganulevics iganulevics iganulevics approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@supercid @leandroutn @iganulevics