File: CEncryptHelper.php

package info (click to toggle)
zabbix 1%3A7.0.10%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 272,688 kB
  • sloc: sql: 946,050; ansic: 389,440; php: 292,698; javascript: 83,388; sh: 5,680; makefile: 3,285; java: 1,420; cpp: 694; perl: 64; xml: 56
file content (108 lines) | stat: -rw-r--r-- 2,465 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
<?php declare(strict_types = 0);
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/


/**
 * Helper class for sign / encrypt data.
 */
class CEncryptHelper {

	/**
	 * Signature algorithm.
	 */
	public const SIGN_ALGO = 'sha256';

	/**
	 * Session secret key.
	 *
	 * @var string
	 */
	private static $key;

	/**
	 * Return session key.
	 *
	 * @return string|null
	 */
	private static function getKey(): ?string {
		if (!self::$key) {
			// This if contain copy in CEncryptedCookieSession class.
			if (CSettingsHelper::getPrivate(CSettingsHelper::SESSION_KEY) === '') {
				self::$key = self::generateKey();

				if (!self::updateKey(self::$key)) {
					return null;
				}

				return self::$key;
			}

			self::$key = CSettingsHelper::getPrivate(CSettingsHelper::SESSION_KEY);
		}

		return self::$key;
	}

	/**
	 * Timing attack safe string comparison.
	 *
	 * @param string $known_string
	 * @param string $user_string
	 *
	 * @return boolean
	 */
	public static function checkSign(string $known_string, string $user_string): bool {
		return hash_equals($known_string, $user_string);
	}

	/**
	 * Encrypt string with session key.
	 *
	 * @param string $data
	 *
	 * @return string
	 */
	public static function sign(string $data): string {
		$key = self::getKey() ?? '';

		return hash_hmac(self::SIGN_ALGO, $data, $key);
	}

	/**
	 * Generate random 16 bytes key.
	 *
	 * @return string
	 */
	public static function generateKey(): string {
		return bin2hex(openssl_random_pseudo_bytes(16));
	}

	/**
	 * Update secret session key.
	 *
	 * @param string $key
	 *
	 * @return boolean
	 */
	public static function updateKey(string $key): bool {
		$db_config = DB::select('config', ['output' => ['configid']])[0];

		return DBexecute(
			'UPDATE config'.
			' SET session_key='.zbx_dbstr($key).
			' WHERE '.dbConditionInt('configid', [$db_config['configid']])
		);
	}
}