-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #159 from Automattic/vip/deprecated-mcrypto
- Loading branch information
Showing
13 changed files
with
548 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<?php | ||
|
||
/** | ||
* Class Syndication_Encryption | ||
*/ | ||
class Syndication_Encryption { | ||
|
||
/** | ||
* Stores the current Syndication_Encryptor, used for the encryption/decryption operations. | ||
* | ||
* @var Syndication_Encryptor | ||
*/ | ||
private $encryptor; | ||
|
||
/** | ||
* Syndication_Encryption constructor. | ||
* | ||
* @param Syndication_Encryptor $encryptor Encryptor to be used. | ||
*/ | ||
public function __construct( Syndication_Encryptor $encryptor ) { | ||
$this->encryptor = $encryptor; | ||
} | ||
|
||
/** | ||
* Given $data, encrypt it using a Syndication_Encryptor and return the encrypted string. | ||
* | ||
* @param string|array|object $data the data to be encrypted. | ||
* | ||
* @return false|string | ||
*/ | ||
public function encrypt( $data ) { | ||
return $this->encryptor->encrypt( $data ); | ||
} | ||
|
||
/** | ||
* Decrypts an encrypted $data using a Syndication_Encryptor, and returns the decrypted object. | ||
* | ||
* @param string $data The encrypted data. | ||
* @param bool $associative If true, returns as an associative array. Otherwise returns as a class. | ||
* | ||
* @return false|array|object | ||
*/ | ||
public function decrypt( $data, $associative = true ) { | ||
return $this->encryptor->decrypt( $data, $associative ); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<?php | ||
|
||
/** | ||
* Class Syndication_Encryptor_MCrypt | ||
*/ | ||
class Syndication_Encryptor_MCrypt implements Syndication_Encryptor { | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function encrypt( $data ) { | ||
$data = serialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize | ||
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_encryptDeprecatedRemoved,PHPCompatibility.Extensions.RemovedExtensions.mcryptDeprecatedRemoved,PHPCompatibility.Constants.RemovedConstants.mcrypt_rijndael_256DeprecatedRemoved,PHPCompatibility.Constants.RemovedConstants.mcrypt_mode_cbcDeprecatedRemoved | ||
return base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( PUSH_SYNDICATE_KEY ), $data, MCRYPT_MODE_CBC, md5( md5( PUSH_SYNDICATE_KEY ) ) ) ); | ||
} | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function decrypt( $data, $associative = true ) { | ||
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_decryptDeprecatedRemoved,PHPCompatibility.Extensions.RemovedExtensions.mcryptDeprecatedRemoved,PHPCompatibility.Constants.RemovedConstants.mcrypt_rijndael_256DeprecatedRemoved,PHPCompatibility.Constants.RemovedConstants.mcrypt_mode_cbcDeprecatedRemoved | ||
$data = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( PUSH_SYNDICATE_KEY ), base64_decode( $data ), MCRYPT_MODE_CBC, md5( md5( PUSH_SYNDICATE_KEY ) ) ), "\0" ); | ||
if ( ! $data ) { | ||
return false; | ||
} | ||
// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize,WordPress.PHP.NoSilencedErrors.Discouraged | ||
return @unserialize( $data ); | ||
} | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function get_cipher() { | ||
return MCRYPT_RIJNDAEL_256; // phpcs:ignore PHPCompatibility.Constants.RemovedConstants.mcrypt_rijndael_256DeprecatedRemoved | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
<?php | ||
|
||
/** | ||
* Class Syndication_Encryptor_OpenSSL | ||
*/ | ||
class Syndication_Encryptor_OpenSSL implements Syndication_Encryptor { | ||
|
||
/** | ||
* The cipher to be used for encryption. | ||
* | ||
* @var string | ||
*/ | ||
private $cipher = 'aes-256-cbc'; | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function encrypt( $data ) { | ||
$data = wp_json_encode( $data ); | ||
$cipher = $this->get_cipher(); | ||
|
||
if ( ! $cipher ) { | ||
return $data; | ||
} | ||
|
||
$encrypted_data = openssl_encrypt( $data, $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] ); | ||
return base64_encode( $encrypted_data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode | ||
} | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function decrypt( $data, $associative = true ) { | ||
$cipher = $this->get_cipher(); | ||
|
||
if ( ! $cipher ) { | ||
return $data; | ||
} | ||
|
||
$data = openssl_decrypt( base64_decode( $data ), $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode | ||
|
||
if ( ! $data ) { | ||
return false; | ||
} | ||
|
||
return json_decode( $data, $associative ); | ||
} | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
public function get_cipher() { | ||
if ( in_array( $this->cipher, openssl_get_cipher_methods(), true ) ) { | ||
return array( | ||
'cipher' => $this->cipher, | ||
'iv' => substr( md5( md5( PUSH_SYNDICATE_KEY ) ), 0, 16 ), | ||
'key' => md5( PUSH_SYNDICATE_KEY ), | ||
); | ||
} | ||
|
||
return false; // @TODO: return another default cipher? return exception? | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?php | ||
|
||
/** | ||
* Interface Syndication_Encryptor | ||
*/ | ||
interface Syndication_Encryptor { | ||
|
||
/** | ||
* Encrypts data. | ||
* | ||
* @param string|array $data Data to be encrypted. | ||
* | ||
* @return string | ||
*/ | ||
public function encrypt( $data ); | ||
|
||
/** | ||
* Decrypts data | ||
* | ||
* @param string $data Data to be decrypted. | ||
* @param bool $associative If true, returns as an associative array. Otherwise returns as a class. | ||
* | ||
* @return mixed | ||
*/ | ||
public function decrypt( $data, $associative = true ); | ||
|
||
/** | ||
* Returns the cipher being used. It can be a string, or a array with the cipher, key and iv. | ||
* | ||
* @return string|array | ||
*/ | ||
public function get_cipher(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,26 @@ | ||
<?php | ||
|
||
/** | ||
* Encrypts data. | ||
* | ||
* @param string $data The data to encrypt. | ||
* | ||
* @return false|string | ||
*/ | ||
function push_syndicate_encrypt( $data ) { | ||
|
||
$data = serialize( $data ); | ||
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), $data, MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY)))); | ||
|
||
global $push_syndication_encryption; // @todo: move from global to WP_Push_Syndication_Server attribute | ||
return $push_syndication_encryption->encrypt( $data ); | ||
} | ||
|
||
function push_syndicate_decrypt( $data ) { | ||
|
||
$data = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), base64_decode($data), MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))), "\0"); | ||
if ( !$data ) | ||
return false; | ||
|
||
return @unserialize( $data ); | ||
|
||
} | ||
/** | ||
* Decrypts data. | ||
* | ||
* @param string $data The encrypted data to decrypt. | ||
* @param bool $associative If true, returns as an associative array. Otherwise returns as a class. | ||
* | ||
* @return array|false|object | ||
*/ | ||
function push_syndicate_decrypt( $data, $associative = true ) { | ||
global $push_syndication_encryption; // @todo: move from global to WP_Push_Syndication_Server attribute | ||
return $push_syndication_encryption->decrypt( $data, $associative ); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.