-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathCrypto.php
More file actions
67 lines (52 loc) · 1.79 KB
/
Crypto.php
File metadata and controls
67 lines (52 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
declare(strict_types=1);
namespace PhpMyAdmin\Crypto;
use Throwable;
use function is_string;
use function mb_strlen;
use function mb_substr;
use function random_bytes;
use function sodium_crypto_secretbox;
use function sodium_crypto_secretbox_open;
use const SODIUM_CRYPTO_SECRETBOX_KEYBYTES;
use const SODIUM_CRYPTO_SECRETBOX_NONCEBYTES;
final class Crypto
{
private function getEncryptionKey(): string
{
global $config;
$key = $config->get('URLQueryEncryptionSecretKey');
if (is_string($key) && mb_strlen($key, '8bit') === SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
return $key;
}
$key = $_SESSION['URLQueryEncryptionSecretKey'] ?? null;
if (is_string($key) && mb_strlen($key, '8bit') === SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
return $key;
}
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
$_SESSION['URLQueryEncryptionSecretKey'] = $key;
return $key;
}
public function encrypt(string $plaintext): string
{
$key = $this->getEncryptionKey();
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$ciphertext = sodium_crypto_secretbox($plaintext, $nonce, $key);
return $nonce . $ciphertext;
}
public function decrypt(string $encrypted): ?string
{
$key = $this->getEncryptionKey();
$nonce = mb_substr($encrypted, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
$ciphertext = mb_substr($encrypted, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
try {
$decrypted = sodium_crypto_secretbox_open($ciphertext, $nonce, $key);
} catch (Throwable $e) {
return null;
}
if (! is_string($decrypted)) {
return null;
}
return $decrypted;
}
}