Changeset 6107
- Timestamp:
- 11/10/2017 02:17:56 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/encryption.php
r2272 r6107 1 1 <?php 2 2 3 /** 3 4 * WordCamp Payments Encryption 4 5 * 5 6 * Usage: 6 * 7 * WCP_Encryption::encrypt() to encrypt a string 8 * WCP_Encryption::decrypt() to decrypt a string 9 * WCP_Encription::maybe_decrypt() to decrypt a string that may or may not be encrypted. 7 * WCP_Encryption::encrypt() to encrypt a string 8 * WCP_Encryption::decrypt() to decrypt a string 9 * WCP_Encription::maybe_decrypt() to decrypt a string that may or may not be encrypted. 10 10 */ 11 11 class WCP_Encryption { 12 public static $key = null;12 public static $key = null; 13 13 public static $hmac_key = null; 14 14 … … 18 18 public static function init() { 19 19 if ( is_null( self::$key ) ) { 20 self::$key = '';20 self::$key = ''; 21 21 self::$hmac_key = ''; 22 22 23 if ( defined( 'WORDCAMP_PAYMENTS_ENCRYPTION_KEY' ) && WORDCAMP_PAYMENTS_ENCRYPTION_KEY ) 23 if ( defined( 'WORDCAMP_PAYMENTS_ENCRYPTION_KEY' ) && WORDCAMP_PAYMENTS_ENCRYPTION_KEY ) { 24 24 self::$key = WORDCAMP_PAYMENTS_ENCRYPTION_KEY; 25 } 25 26 26 if ( defined( 'WORDCAMP_PAYMENTS_HMAC_KEY' ) && WORDCAMP_PAYMENTS_HMAC_KEY ) 27 if ( defined( 'WORDCAMP_PAYMENTS_HMAC_KEY' ) && WORDCAMP_PAYMENTS_HMAC_KEY ) { 27 28 self::$hmac_key = WORDCAMP_PAYMENTS_HMAC_KEY; 29 } 28 30 } 29 31 … … 35 37 * 36 38 * @param string $raw_data The string to encrypt. 39 * 37 40 * @return string|object Encrypted string (encrypted:data:key:iv:hmac) or WP_Error. 38 41 */ 39 42 public static function encrypt( $raw_data ) { 40 if ( ! is_string( $raw_data ) ) 43 if ( ! is_string( $raw_data ) ) { 41 44 return new WP_Error( 'encryption-error', 'Only strings can be encrypted.' ); 45 } 42 46 43 if ( ! self::init() ) 47 if ( ! self::init() ) { 44 48 return new WP_Error( 'encryption-error', 'Could not init encryption keys.' ); 49 } 45 50 46 51 $iv = openssl_random_pseudo_bytes( 16, $is_iv_strong ); 47 52 48 if ( ! $is_iv_strong ) 53 if ( ! $is_iv_strong ) { 49 54 return new WP_Error( 'encryption-error', 'Could not obtain a strong iv.' ); 55 } 50 56 51 $data = array();57 $data = array(); 52 58 $data['data'] = openssl_encrypt( $raw_data, 'aes-256-ctr', self::$key, true, $iv ); 53 59 $data['hmac'] = hash_hmac( 'sha256', $data['data'], self::$hmac_key, true ); 54 $data['iv'] = $iv;60 $data['iv'] = $iv; 55 61 56 if ( ! $data['data'] || ! $data['iv'] || ! $data['hmac'] ) 62 if ( ! $data['data'] || ! $data['iv'] || ! $data['hmac'] ) { 57 63 return new WP_Error( 'encryption-error', 'Could not encrypt the data.' ); 64 } 58 65 59 66 $data = array_map( 'base64_encode', $data ); 67 60 68 return sprintf( 'encrypted:%s:%s:%s', $data['data'], $data['iv'], $data['hmac'] ); 61 69 } … … 65 73 * 66 74 * @param string $data The data to decrypt. 75 * 67 76 * @return string|object The decrypted data or WP_Error. 68 77 */ 69 78 public static function decrypt( $data ) { 70 if ( ! is_string( $data ) ) 79 if ( ! is_string( $data ) ) { 71 80 return new WP_Error( 'encryption-error', 'Only strings can be decrypted.' ); 81 } 72 82 73 if ( ! self::init() ) 83 if ( ! self::init() ) { 74 84 return new WP_Error( 'encryption-error', 'Could not init encryption keys.' ); 85 } 75 86 76 87 $data = explode( ':', $data ); … … 79 90 80 91 // Verify hmac. 81 if ( ! hash_equals( hash_hmac( 'sha256', $data, self::$hmac_key, true ), $hmac ) ) 92 if ( ! hash_equals( hash_hmac( 'sha256', $data, self::$hmac_key, true ), $hmac ) ) { 82 93 return new WP_Error( 'encryption-error', 'HMAC mismatch.' ); 94 } 83 95 84 96 $data = openssl_decrypt( $data, 'aes-256-ctr', self::$key, true, $iv ); 97 85 98 return $data; 86 99 } … … 89 102 * Look for encrypted:... and run self::decrypt() if found. 90 103 * 91 * @param string $data Maybe some encrypted data.104 * @param string $data Maybe some encrypted data. 92 105 * @param object $error Null or WP_Error on error (by reference). 106 * 93 107 * @return mixed The decrypted data, an empty string on decryption error, or anything else that's passed and isn't a string. 94 108 */ 95 109 public static function maybe_decrypt( $data, &$error = null ) { 96 if ( ! is_string( $data ) ) 110 if ( ! is_string( $data ) ) { 97 111 return $data; 112 } 98 113 99 if ( strpos( $data, 'encrypted:' ) !== 0 ) 114 if ( strpos( $data, 'encrypted:' ) !== 0 ) { 100 115 return $data; 116 } 101 117 102 118 $decrypted = self::decrypt( $data ); 103 119 if ( is_wp_error( $decrypted ) ) { 104 120 $error = $decrypted; 121 105 122 return ''; 106 123 }
Note: See TracChangeset
for help on using the changeset viewer.