protected function decrypt($data, $passwordBased, $secret, $info)
{
if (!extension_loaded('openssl')) {
throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension');
}
if (!isset($this->allowedCiphers[$this->cipher][0], $this->allowedCiphers[$this->cipher][1])) {
throw new InvalidConfigException($this->cipher . ' is not an allowed cipher');
}
list($blockSize, $keySize) = $this->allowedCiphers[$this->cipher];
$keySalt = StringHelper::byteSubstr($data, 0, $keySize);
if ($passwordBased) {
$key = $this->pbkdf2($this->kdfHash, $secret, $keySalt, $this->derivationIterations, $keySize);
} else {
$key = $this->hkdf($this->kdfHash, $secret, $keySalt, $info, $keySize);
}
$authKey = $this->hkdf($this->kdfHash, $key, null, $this->authKeyInfo, $keySize);
$data = $this->validateData(StringHelper::byteSubstr($data, $keySize, null), $authKey);
if ($data === false) {
return false;
}
$iv = StringHelper::byteSubstr($data, 0, $blockSize);
$encrypted = StringHelper::byteSubstr($data, $blockSize, null);
$decrypted = openssl_decrypt($encrypted, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
if ($decrypted === false) {
throw new \yii\base\Exception('OpenSSL failure on decryption: ' . openssl_error_string());
}
return $decrypted;
}