PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.0.1
WP 2FA – Two-factor authentication for WordPress v2.0.1
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Authenticator / class-open-ssl.php
wp-2fa / includes / classes / Authenticator Last commit date
Authentication.php 4 years ago BackupCodes.php 4 years ago Login.php 4 years ago class-open-ssl.php 4 years ago index.php 5 years ago
class-open-ssl.php
128 lines
1 <?php
2 /**
3 * Open SSL encrypt / decrypt class.
4 *
5 * @package wp2fa
6 * @copyright 2021 WP White Security
7 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
8 * @link https://wordpress.org/plugins/wp-2fa/
9 */
10
11 namespace WP2FA\Authenticator;
12
13 use WP2FA\WP2FA;
14 use WP2FA\Utils\Debugging;
15
16 /**
17 * Open_SSL - Class for encryption and decryption of the string using open_ssl method
18 *
19 * @since 2.0.0
20 */
21 class Open_SSL {
22
23 const CIPHER_METHOD = 'aes-256-ctr';
24 const BLOCK_BYTE_SIZE = 16;
25 const DIGEST_ALGORITHM = 'SHA256';
26
27 /**
28 * Internal cache var for the PHP ssl functions availability
29 *
30 * @var mixed|boolean
31 *
32 * @since 2.0.0
33 */
34 private static $ssl_enabled = null;
35
36 /**
37 * Encrypts given text
38 *
39 * @param string $text - Text to be encrypted.
40 *
41 * @return string
42 *
43 * @since 2.0.0
44 */
45 public static function encrypt( string $text ): string {
46 Debugging::log( 'Encrypting a text: '. $text );
47 if ( self::is_ssl_available() ) {
48 $iv = self::secure_random( self::BLOCK_BYTE_SIZE );
49 $key = \openssl_digest( \base64_decode( WP2FA::get_secret_key() ), self::DIGEST_ALGORITHM, true );
50 $text = \openssl_encrypt(
51 $text,
52 self::CIPHER_METHOD,
53 $key,
54 OPENSSL_RAW_DATA,
55 $iv
56 );
57
58 $text = \base64_encode( $iv . $text );
59 }
60 Debugging::log( 'Encrypted text: '. $text );
61
62 return $text;
63 }
64
65 /**
66 * Decrypts crypt text
67 *
68 * @param string $text - Encrypted text to be decrypted.
69 *
70 * @return string
71 *
72 * @since 2.0.0
73 */
74 public static function decrypt( string $text ): string {
75 Debugging::log( 'Decrypting a text: '. $text );
76
77 if ( self::is_ssl_available() ) {
78 $decoded_base = \base64_decode( $text );
79
80 $key = \openssl_digest( \base64_decode( WP2FA::get_secret_key() ), self::DIGEST_ALGORITHM, true );
81
82 $ivlen = \openssl_cipher_iv_length( self::CIPHER_METHOD );
83
84 $iv = \substr( $decoded_base, 0, $ivlen );
85 $ciphertext_raw = \substr( $decoded_base, $ivlen );
86 $text = \openssl_decrypt( $ciphertext_raw, self::CIPHER_METHOD, $key, OPENSSL_RAW_DATA, $iv );
87 }
88 Debugging::log( 'Decrypted text: '. $text );
89
90 return $text;
91 }
92
93 /**
94 * Generates random bytes by given size
95 *
96 * @param integer $octets - Number of octets for use for random generator.
97 *
98 * @return string
99 *
100 * @since 2.0.0
101 */
102 public static function secure_random( int $octets = 0 ): string {
103 if ( 0 === $octets ) {
104 $octets = self::BLOCK_BYTE_SIZE;
105 }
106
107 return \random_bytes( $octets );
108 }
109
110 /**
111 * Checks the open ssl methods existence
112 *
113 * @return boolean
114 *
115 * @since 2.0.0
116 */
117 public static function is_ssl_available(): bool {
118 if ( null === self::$ssl_enabled ) {
119 self::$ssl_enabled = false;
120 if ( \function_exists( 'openssl_encrypt' ) ) {
121 self::$ssl_enabled = true;
122 }
123 }
124
125 return self::$ssl_enabled;
126 }
127 }
128