leonklingele/libsodium-php_issue.php

## libsodium-php_issue.php
<?php

$crypto = new Crypt('cbe92e0557602e1bf9c05fffe8e54a809c1bdc5b3c3e2011b9153ce0ce672917', 'ok');

$enc = $crypto->encrypt('secretmessage');

// Here we prepend an 'a' -> Decryption should fail, i.e. return false
// It should NOT trigger an E_ERROR, as we can't handle that.
$dec = $crypto->decrypt('a' . $enc);

// This should always echo
echo 'Finished';

class Crypt {

	private $key = null;
	private $keyLength = Sodium::CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES;
	private $nonceLength = Sodium::CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES;
	private $associatedData = 'test12345';

	public function __construct($key, $associatedData) {
		$this->setKey($key);
		$this->setAD($associatedData);
	}

	public function __destruct() {
		Sodium::sodium_memzero($this->key);
	}

	public function encrypt($data, $raw = false) {
		$nonce = $this->generateRandomNonce();
		$ciphertextWithNonce = $nonce . Sodium::crypto_aead_chacha20poly1305_encrypt(
			$data,
			$this->getAD(),
			$nonce,
			$this->getKey()
		);
		if ($raw) {
			return $ciphertextWithNonce;
		}
		return base64_encode($ciphertextWithNonce);
	}

	public function decrypt($data, $raw = false) {
		if (!$raw) {
			$data = base64_decode($data, true);
			if ($data === false) {
				return false;
			}
		}
		$nonce = mb_substr($data, 0, $this->nonceLength, '8bit');
		$ciphertext = mb_substr($data, $this->nonceLength, null, '8bit');
		return Sodium::crypto_aead_chacha20poly1305_decrypt(
			$ciphertext,
			$this->getAD(),
			$nonce,
			$this->getKey()
		);
	}

	public function deriveKey($password, $length = 0) {
		if ($length === 0) {
			$length = $this->keyLength;
		}
		// Create a random salt
		$salt = Sodium::randombytes_buf(Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES);
		// Generate a stream of $length pseudo random bytes using the password and the salt
		return Sodium::crypto_pwhash_scryptsalsa208sha256(
			$length,
			$password,
			$salt,
			Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE,
			Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
		);
	}

	private function getKey() {
		return $this->key;
	}

	public function setKey($key) {
		$binKey = $this->hex2bin($key);
		if (ctype_xdigit($key) && strlen($binKey) === $this->keyLength) {
			$this->key = $binKey;
		} else {
			trigger_error('Invalid key. Key must be a ' . $this->keyLength . ' char binary string.', E_USER_ERROR);
		}
	}

	private function getAD() {
		return $this->associatedData;
	}

	private function setAD($associatedData) {
		$this->associatedData = $associatedData;
	}

	private function generateRandomNonce() {
		return Sodium::randombytes_buf($this->nonceLength);
	}

	public function bin2hex($bin) {
		return Sodium::sodium_bin2hex($bin);
	}

	public function hex2bin($hex) {
		return Sodium::sodium_hex2bin($hex);
	}

}
	<?php

	$crypto = new Crypt('cbe92e0557602e1bf9c05fffe8e54a809c1bdc5b3c3e2011b9153ce0ce672917', 'ok');

	$enc = $crypto->encrypt('secretmessage');

	// Here we prepend an 'a' -> Decryption should fail, i.e. return false
	// It should NOT trigger an E_ERROR, as we can't handle that.
	$dec = $crypto->decrypt('a' . $enc);

	// This should always echo
	echo 'Finished';

	class Crypt {

	private $key = null;
	private $keyLength = Sodium::CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES;
	private $nonceLength = Sodium::CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES;
	private $associatedData = 'test12345';

	public function __construct($key, $associatedData) {
	$this->setKey($key);
	$this->setAD($associatedData);
	}

	public function __destruct() {
	Sodium::sodium_memzero($this->key);
	}

	public function encrypt($data, $raw = false) {
	$nonce = $this->generateRandomNonce();
	$ciphertextWithNonce = $nonce . Sodium::crypto_aead_chacha20poly1305_encrypt(
	$data,
	$this->getAD(),
	$nonce,
	$this->getKey()
	);
	if ($raw) {
	return $ciphertextWithNonce;
	}
	return base64_encode($ciphertextWithNonce);
	}

	public function decrypt($data, $raw = false) {
	if (!$raw) {
	$data = base64_decode($data, true);
	if ($data === false) {
	return false;
	}
	}
	$nonce = mb_substr($data, 0, $this->nonceLength, '8bit');
	$ciphertext = mb_substr($data, $this->nonceLength, null, '8bit');
	return Sodium::crypto_aead_chacha20poly1305_decrypt(
	$ciphertext,
	$this->getAD(),
	$nonce,
	$this->getKey()
	);
	}

	public function deriveKey($password, $length = 0) {
	if ($length === 0) {
	$length = $this->keyLength;
	}
	// Create a random salt
	$salt = Sodium::randombytes_buf(Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES);
	// Generate a stream of $length pseudo random bytes using the password and the salt
	return Sodium::crypto_pwhash_scryptsalsa208sha256(
	$length,
	$password,
	$salt,
	Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE,
	Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
	);
	}

	private function getKey() {
	return $this->key;
	}

	public function setKey($key) {
	$binKey = $this->hex2bin($key);
	if (ctype_xdigit($key) && strlen($binKey) === $this->keyLength) {
	$this->key = $binKey;
	} else {
	trigger_error('Invalid key. Key must be a ' . $this->keyLength . ' char binary string.', E_USER_ERROR);
	}
	}

	private function getAD() {
	return $this->associatedData;
	}

	private function setAD($associatedData) {
	$this->associatedData = $associatedData;
	}

	private function generateRandomNonce() {
	return Sodium::randombytes_buf($this->nonceLength);
	}

	public function bin2hex($bin) {
	return Sodium::sodium_bin2hex($bin);
	}

	public function hex2bin($hex) {
	return Sodium::sodium_hex2bin($hex);
	}

	}