first commit

wp-content/plugins/stratum/includes/string-encryption.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace Stratum;
+
+final class String_Encryption {
+
+	private $cipher = 'aes-256-ctr';
+	private $salt;
+	private $passphrase;
+
+	public function __construct() {
+		$this->salt = $this->get_salt();
+		$this->passphrase = $this->get_passphrase();
+	}
+
+	public function encrypt( $string_to_encrypt ) {
+
+		if ( empty( $string_to_encrypt ) ) {
+			return $string_to_encrypt;
+		}
+
+		if ( ! $this->can_encrypt() ) {
+			return $string_to_encrypt;
+		}
+
+		$ivlen = openssl_cipher_iv_length( $this->cipher );
+		$iv = openssl_random_pseudo_bytes( $ivlen );
+
+		$encrypted_string = openssl_encrypt(
+			$string_to_encrypt . $this->salt,
+			$this->cipher,
+			$this->passphrase,
+			0,
+			$iv
+		);
+
+		return base64_encode( $iv . $encrypted_string );
+	}
+
+	public function decrypt( $string_to_decrypt ) {
+
+		if ( ! $this->can_encrypt() ) {
+			return $string_to_decrypt;
+		}
+
+		$encrypted_string = base64_decode( $string_to_decrypt, true );
+
+		$ivlen = openssl_cipher_iv_length( $this->cipher );
+		$iv = substr( $encrypted_string, 0, $ivlen );
+
+		$encrypted_string = substr( $encrypted_string, $ivlen );
+
+		$decrypted_string = openssl_decrypt(
+			$encrypted_string,
+			$this->cipher,
+			$this->passphrase,
+			0,
+			$iv
+		);
+
+		if ( ! $decrypted_string || substr( $decrypted_string, -strlen( $this->salt ) ) !== $this->salt ) {
+			return $string_to_decrypt;
+		}
+
+		return substr( $decrypted_string, 0, -strlen( $this->salt ) );
+	}
+
+	private function can_encrypt() {
+
+		if ( ! function_exists( 'openssl_encrypt' ) ) {
+			return false;
+		}
+
+		if ( ! in_array( $this->cipher, openssl_get_cipher_methods() ) ) {
+			return false;
+		}
+
+		return true;
+	}
+
+	private function get_passphrase() {
+
+		if ( function_exists( 'wp_salt' ) && wp_salt() ) {
+			return wp_salt();
+		}
+
+		return 'stratum_non_secret_passphrase';
+	}
+
+	private function get_salt() {
+		return 'stratum_non_secret_salt';
+	}
+}