GravityView  2.17
The best, easiest way to display Gravity Forms entries on your website.
Encryption.php
Go to the documentation of this file.
1 <?php
2 /**
3  * @license GPL-2.0-or-later
4  *
5  * Modified by gravityview on 13-January-2023 using Strauss.
6  * @see https://github.com/BrianHenryIE/strauss
7  */
8 
9 namespace GravityKit\GravityView\Foundation\Encryption;
10 
11 use Exception;
12 
13 /**
14  * This class provides basic data encryption functionality.
15  */
16 class Encryption {
17  const DEFAULT_NONCE = 'bc5d92ffc6c54ff8d865a1e6f3361f48d0a84a2b145be34e'; // 24-bit value stored as a hex string
18 
19  /**
20  * @since 1.0.0
21  *
22  * @var Encryption Class instance.
23  */
24  private static $_instance;
25 
26  /**
27  * @since 1.0.0
28  *
29  * @var string Secret key used to encrypt license key.
30  */
31  private $_secret_key;
32 
33  /**
34  * Class constructor.
35  *
36  * @since 1.0.0
37  *
38  * @param string $secret_key (optional) Secret key to be used for encryption. Default: wp_salt() value.
39  *
40  * @return void
41  */
42  private function __construct( $secret_key = '' ) {
43  if ( ! $secret_key ) {
44  $secret_key = wp_salt();
45  }
46 
47  if ( strlen( $secret_key ) < SODIUM_CRYPTO_SECRETBOX_KEYBYTES ) {
48  $secret_key = hash_hmac( 'sha256', $secret_key, self::DEFAULT_NONCE );
49  }
50 
51  if ( strlen( $secret_key ) > SODIUM_CRYPTO_SECRETBOX_KEYBYTES ) {
52  $secret_key = mb_substr( $secret_key, 0, SODIUM_CRYPTO_SECRETBOX_KEYBYTES, '8bit' );
53  }
54 
55  $this->_secret_key = $secret_key;
56  }
57 
58  /**
59  * Returns class instance.
60  *
61  * @since 1.0.0
62  *
63  * @param string $secret_key (optional) Secret key to be used for encryption. Default: wp_salt() value.
64  *
65  * @return Encryption
66  */
67  public static function get_instance( $secret_key = '' ) {
68  if ( is_null( self::$_instance ) ) {
69  self::$_instance = new self( $secret_key );
70  }
71 
72  return self::$_instance;
73  }
74 
75  /**
76  * Encrypts data.
77  *
78  * Note: This is for basic internal use and is not intended for highly-sensitive applications.
79  *
80  * @since 1.0.0
81  *
82  * @param string $data Data to encrypt.
83  * @param bool $use_random_nonce (optional) Whether to use random nonce. Default: true.
84  * @param string|null $custom_nonce (optional) Custom IV value to use. Default: null.
85  *
86  * @return false|mixed|string
87  */
88  public function encrypt( $data, $use_random_nonce = true, $custom_nonce = null ) {
89  try {
90  if ( ! $use_random_nonce ) {
91  $nonce = $custom_nonce ? $custom_nonce : sodium_hex2bin( self::DEFAULT_NONCE );
92  } else {
93  $nonce = $this->get_random_nonce();
94  }
95  } catch ( Exception $e ) {
96  return false;
97  }
98 
99  if ( strlen( $nonce ) < SODIUM_CRYPTO_SECRETBOX_NONCEBYTES ) {
100  $nonce = hash_hmac( 'sha256', $nonce, self::DEFAULT_NONCE );
101  }
102 
103  if ( strlen( $nonce ) > SODIUM_CRYPTO_SECRETBOX_KEYBYTES ) {
104  $nonce = mb_substr( $nonce, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit' );
105  }
106 
107  try {
108  $encrypted = sodium_crypto_secretbox( $data, $nonce, $this->_secret_key );
109  $encrypted = sodium_bin2base64( $nonce . $encrypted, SODIUM_BASE64_VARIANT_ORIGINAL );
110  if ( extension_loaded( 'sodium' ) || extension_loaded( 'libsodium' ) ) {
111  sodium_memzero( $nonce );
112  }
113  } catch ( Exception $e ) {
114  return false;
115  }
116 
117  return $encrypted;
118  }
119 
120  /**
121  * Decrypts data.
122  *
123  * Note: This is for internal use and is not intended for highly-sensitive applications.
124  *
125  * @since 1.0.0
126  *
127  * @param string $data Data to encrypt.
128  *
129  * @return string|null
130  */
131  public function decrypt( $data ) {
132  try {
133  $encrypted = sodium_base642bin( $data, SODIUM_BASE64_VARIANT_ORIGINAL );
134  } catch ( Exception $e ) {
135  return null;
136  }
137 
138  $nonce = mb_substr( $encrypted, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit' );
139  $encrypted = mb_substr( $encrypted, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit' );
140 
141  try {
142  $decrypted = sodium_crypto_secretbox_open( $encrypted, $nonce, $this->_secret_key );
143  } catch ( Exception $e ) {
144  return null;
145  }
146 
147  return $decrypted !== false ? $decrypted : null;
148  }
149 
150  /**
151  * Generates a quick one-way hash of data.
152  *
153  * Note: This is for internal use and is not intended for highly-sensitive applications.
154  *
155  * @since 1.0.0
156  *
157  * @param string $data The data to create a hash of.
158  *
159  * @return string The hash.
160  */
161  public function hash( $data ) {
162  return hash_hmac( 'sha256', $data, self::DEFAULT_NONCE );
163  }
164 
165  /**
166  * Returns a random 24-byte nonce.
167  *
168  * @since 1.0.0
169  *
170  * @throws Exception
171  *
172  * @return string
173  */
174  public function get_random_nonce() {
175  return random_bytes( SODIUM_CRYPTO_SECRETBOX_NONCEBYTES );
176  }
177 }
GravityKit\GravityView\Foundation\Encryption\Encryption\hash
hash( $data)
Generates a quick one-way hash of data.
Definition: Encryption.php:161
GravityKit\GravityView\Foundation\Encryption\Encryption\__construct
__construct( $secret_key='')
Class constructor.
Definition: Encryption.php:42
GravityKit\GravityView\Foundation\Encryption\Encryption
This class provides basic data encryption functionality.
Definition: Encryption.php:16
GravityKit\GravityView\Foundation\Encryption\Encryption\get_instance
static get_instance( $secret_key='')
Returns class instance.
Definition: Encryption.php:67
GravityKit\GravityView\Foundation\Encryption\Encryption\get_random_nonce
get_random_nonce()
Returns a random 24-byte nonce.
Definition: Encryption.php:174
GravityKit\GravityView\Foundation\Encryption\Encryption\encrypt
encrypt( $data, $use_random_nonce=true, $custom_nonce=null)
Encrypts data.
Definition: Encryption.php:88