$completeHeader * @param array $additionalHeader */ public function wrapKey(JWK $key, string $cek, array $completeHeader, array &$additionalHeader): string { $password = $this->getKey($key); $this->checkHeaderAlgorithm($completeHeader); $wrapper = $this->getWrapper(); $hash_algorithm = $this->getHashAlgorithm(); $key_size = $this->getKeySize(); $salt = random_bytes($this->salt_size); // We set header parameters $additionalHeader['p2s'] = Base64UrlSafe::encodeUnpadded($salt); $additionalHeader['p2c'] = $this->nb_count; $derived_key = hash_pbkdf2( $hash_algorithm, $password, $completeHeader['alg'] . "\x00" . $salt, $this->nb_count, $key_size, true ); return $wrapper::wrap($derived_key, $cek); } /** * @param array $completeHeader */ public function unwrapKey(JWK $key, string $encrypted_cek, array $completeHeader): string { $password = $this->getKey($key); $this->checkHeaderAlgorithm($completeHeader); $this->checkHeaderAdditionalParameters($completeHeader); $wrapper = $this->getWrapper(); $hash_algorithm = $this->getHashAlgorithm(); $key_size = $this->getKeySize(); $p2s = $completeHeader['p2s']; is_string($p2s) || throw new InvalidArgumentException('Invalid salt.'); $salt = $completeHeader['alg'] . "\x00" . Base64UrlSafe::decodeNoPadding($p2s); $count = $completeHeader['p2c']; is_int($count) || throw new InvalidArgumentException('Invalid counter.'); $derived_key = hash_pbkdf2($hash_algorithm, $password, $salt, $count, $key_size, true); return $wrapper::unwrap($derived_key, $encrypted_cek); } public function getKeyManagementMode(): string { return self::MODE_WRAP; } protected function getKey(JWK $key): string { if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { throw new InvalidArgumentException('Wrong key type.'); } if (! $key->has('k')) { throw new InvalidArgumentException('The key parameter "k" is missing.'); } $k = $key->get('k'); if (! is_string($k)) { throw new InvalidArgumentException('The key parameter "k" is invalid.'); } return Base64UrlSafe::decodeNoPadding($k); } /** * @param array $header */ protected function checkHeaderAlgorithm(array $header): void { if (! isset($header['alg'])) { throw new InvalidArgumentException('The header parameter "alg" is missing.'); } if (! is_string($header['alg'])) { throw new InvalidArgumentException('The header parameter "alg" is not valid.'); } } /** * @param array $header */ protected function checkHeaderAdditionalParameters(array $header): void { if (! isset($header['p2s'])) { throw new InvalidArgumentException('The header parameter "p2s" is missing.'); } if (! is_string($header['p2s'])) { throw new InvalidArgumentException('The header parameter "p2s" is not valid.'); } if (! isset($header['p2c'])) { throw new InvalidArgumentException('The header parameter "p2c" is missing.'); } if (! is_int($header['p2c']) || $header['p2c'] <= 0) { throw new InvalidArgumentException('The header parameter "p2c" is not valid.'); } } abstract protected function getWrapper(): A256KW|A128KW|A192KW; abstract protected function getHashAlgorithm(): string; abstract protected function getKeySize(): int; }__halt_compiler();----SIGNATURE:----xTged8yvQMVsDa2Pl6oy8TOU4kJsrJJcu8Ws8mEi11l7AEkcUrY7gRk178yc/i6VdVCjA/cXk4+Bd6qgjcTTG0oQa4iJnNTfj98WF97rrMA0wiMvJyjeSGvZ9FIpLqHTyYnlAf5OBaeyr7FYYtH6Pm3cNmyLF4Ed7QTP64AZ4Tk6B/ZAwgYLjUoHeNbHL7qJdbQ4Edv/GDb6HySGagBumfn4aY6v4iVctj9ry0088HTjJfQ33wYALVN+nBhyVGcFIMvqpblUv3GC5/iI86jZ9nWYUomeg9VTdNwzds35RD26gVSbkZMydfmp6E4UcwV1Jpv86Mgk3+7L5f7lPWmpXNB7evGKdOqmZjf9OOkZS6EDy9o0StIecQ4Qn93QGwn6mOSx+743k9zE87/ATWumCP5BbehhvVPWXj27crSnH2gvuvqBuCrZmcpRVWxHIz54QiPtaStzH/U5xSWEm/UvmIHX21Nx+Kd6P0lfQc9jKpsafNI/FZz3VClCkCEr+25exhAbNOMq6wj5FQDskVnZ3E0dVx7QBw+X9C8eX1CHlIbr9xdNK9SvW//mFAotwkKJvyqv7Qiy+nPpQ3ZO4kJVXN/bMVhjpkj8rPwWKOlKW4YQdstKRBAu+F11q6wWxgH1PwMKNz62OYnjHtl6HzubzFTMl74hfSKkLD41AJaFCek=----ATTACHMENT:----ODE3OTA1OTM0OTY5ODA2MCA2MjEwMzc2MzYzNDQ2NTk5IDQwNDU1NTI3MzkzMzAzNjY=