PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.3.0
WP 2FA – Two-factor authentication for WordPress v2.3.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Authenticator / class-open-ssl.php
wp-2fa / includes / classes / Authenticator Last commit date
class-authentication.php 3 years ago class-backup-codes.php 4 years ago class-backupcodes.php 4 years ago class-login.php 3 years ago class-open-ssl.php 3 years ago index.php 5 years ago
class-open-ssl.php
162 lines
1 <?php
2 /**
3 * Open SSL encrypt / decrypt class.
4 *
5 * @package wp2fa
6 * @copyright 2021 WP White Security
7 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
8 * @link https://wordpress.org/plugins/wp-2fa/
9 */
10
11 namespace WP2FA\Authenticator;
12
13 use WP2FA\WP2FA;
14 use WP2FA\Utils\Debugging;
15
16 /**
17 * Open_SSL - Class for encryption and decryption of the string using open_ssl method
18 *
19 * @since 2.0.0
20 */
21 if ( ! class_exists( '\WP2FA\Authenticator\Open_SSL' ) ) {
22
23 /**
24 * Responsible for SSL operations
25 */
26 class Open_SSL {
27
28 const CIPHER_METHOD = 'aes-256-ctr';
29 const BLOCK_BYTE_SIZE = 16;
30 const DIGEST_ALGORITHM = 'SHA256';
31
32 /**
33 * Internal cache var for the PHP ssl functions availability
34 *
35 * @var mixed|boolean
36 *
37 * @since 2.0.0
38 */
39 private static $ssl_enabled = null;
40
41 /**
42 * Encrypts given text
43 *
44 * @param string $text - Text to be encrypted.
45 *
46 * @return string
47 *
48 * @since 2.0.0
49 */
50 public static function encrypt( string $text ): string {
51 Debugging::log( 'Encrypting a text: ' . $text );
52 if ( self::is_ssl_available() ) {
53 $iv = self::secure_random( self::BLOCK_BYTE_SIZE );
54 $key = \openssl_digest( \base64_decode( \wp_salt() ), self::DIGEST_ALGORITHM, true ); //phpcs:ignore
55 $text = \openssl_encrypt(
56 $text,
57 self::CIPHER_METHOD,
58 $key,
59 OPENSSL_RAW_DATA,
60 $iv
61 );
62
63 $text = \base64_encode( $iv . $text ); //phpcs:ignore
64 }
65 Debugging::log( 'Encrypted text: ' . $text );
66
67 return $text;
68 }
69
70 /**
71 * Decrypts crypt text
72 *
73 * @param string $text - Encrypted text to be decrypted.
74 *
75 * @return string
76 *
77 * @since 2.0.0
78 */
79 public static function decrypt( string $text ): string {
80 Debugging::log( 'Decrypting a text: ' . $text );
81
82 if ( self::is_ssl_available() ) {
83 $decoded_base = \base64_decode( $text ); //phpcs:ignore
84
85 $key = \openssl_digest( \base64_decode( \wp_salt() ), self::DIGEST_ALGORITHM, true ); //phpcs:ignore
86
87 $ivlen = \openssl_cipher_iv_length( self::CIPHER_METHOD );
88
89 $iv = \substr( $decoded_base, 0, $ivlen );
90 $ciphertext_raw = \substr( $decoded_base, $ivlen );
91 $text = \openssl_decrypt( $ciphertext_raw, self::CIPHER_METHOD, $key, OPENSSL_RAW_DATA, $iv );
92 }
93 Debugging::log( 'Decrypted text: ' . $text );
94
95 return $text;
96 }
97
98 /**
99 * Decrypts crypt text
100 *
101 * @param string $text - Encrypted text to be decrypted.
102 *
103 * @return string
104 *
105 * @since 2.0.0
106 */
107 public static function decrypt_legacy( string $text ): string {
108 Debugging::log( 'Decrypting a text: ' . $text );
109
110 if ( self::is_ssl_available() ) {
111 $decoded_base = \base64_decode( $text ); //phpcs:ignore
112
113 $key = \openssl_digest( \base64_decode( WP2FA::get_secret_key() ), self::DIGEST_ALGORITHM, true ); //phpcs:ignore
114
115 $ivlen = \openssl_cipher_iv_length( self::CIPHER_METHOD );
116
117 $iv = \substr( $decoded_base, 0, $ivlen );
118 $ciphertext_raw = \substr( $decoded_base, $ivlen );
119 $text = \openssl_decrypt( $ciphertext_raw, self::CIPHER_METHOD, $key, OPENSSL_RAW_DATA, $iv );
120 }
121 Debugging::log( 'Decrypted text: ' . $text );
122
123 return $text;
124 }
125
126 /**
127 * Generates random bytes by given size
128 *
129 * @param integer $octets - Number of octets for use for random generator.
130 *
131 * @return string
132 *
133 * @since 2.0.0
134 */
135 public static function secure_random( int $octets = 0 ): string {
136 if ( 0 === $octets ) {
137 $octets = self::BLOCK_BYTE_SIZE;
138 }
139
140 return \random_bytes( $octets );
141 }
142
143 /**
144 * Checks the open ssl methods existence
145 *
146 * @return boolean
147 *
148 * @since 2.0.0
149 */
150 public static function is_ssl_available(): bool {
151 if ( null === self::$ssl_enabled ) {
152 self::$ssl_enabled = false;
153 if ( \function_exists( 'openssl_encrypt' ) ) {
154 self::$ssl_enabled = true;
155 }
156 }
157
158 return self::$ssl_enabled;
159 }
160 }
161 }
162