Libsodium only for Web API (PHP 7.2+)

Hello,

I had noticed the implementation of libsodium on the topic www.projeqtor.org/fr/forum-fr/2-submit-i...yption?start=6#31201
I checked the zip file, but I found that there were many files that are changed instead of just replacing the AesCtr::decrypt method to another decrypt method.

--- api/index.php    2023-04-27 15:00:41.086294046 +0200
+++ api/index.php    2023-08-20 00:49:33.561385887 +0200
@@ -46,8 +46,6 @@
 $batchMode=true;
 $apiMode=true;
 require_once "../tool/projeqtor.php";
-require_once "../external/phpAES/aes.class.php";
-require_once "../external/phpAES/aesctr.class.php";
 require_once '../tool/jsonFunctions.php';
 
 $batchMode=false;
@@ -284,10 +282,10 @@
   // NB : access rights will be controlled on insert/update/delete (!)
     if (isset($_REQUEST) ) {
         $dataEncoded=$_REQUEST;
-        $data=AesCtr::decrypt($dataEncoded, $user->apiKey, Parameter::getGlobalParameter('aesKeyLength'));
+        $data=safeDecrypt($dataEncoded, $user->apiKey);
     } else {
         $dataEncoded = file_get_contents("php://input");
-        $data=AesCtr::decrypt($dataEncoded, $user->apiKey, Parameter::getGlobalParameter('aesKeyLength'));
+        $data=safeDecrypt($dataEncoded, $user->apiKey);
     }
     if (! $data) {
         returnError($invalidQuery, "'data' missing for method ".$_SERVER);
@@ -398,4 +396,37 @@
     return $needed_parts ? false : $data;
 }
 
-?>
\ No newline at end of file
+// stackoverflow.com/questions/34477643/how...s-with-libsodium-php
+/**
+* Decrypt a message
+*
+* @param string $encrypted - message encrypted with safeEncrypt()
+* @param string $key - encryption key
+* @return string
+*/
+function safeDecrypt($encrypted, $key)
+{
+    $decoded = base64_decode($encrypted);
+    if ($decoded === false) {
+        throw new Exception('Scream bloody murder, the encoding failed');
+    }
+    if (mb_strlen($decoded, '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
+        throw new Exception('Scream bloody murder, the message was truncated');
+    }
+    $nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
+    $ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
+
+    $plain = sodium_crypto_secretbox_open(
+        $ciphertext,
+        $nonce,
+        $key
+    );
+    if ($plain === false) {
+        throw new Exception('the message was tampered with in transit');
+    }
+    sodium_memzero($ciphertext);
+    sodium_memzero($key);
+    return $plain;
+}
+
+?>

Good weekend

Regards