aboutsummaryrefslogtreecommitdiffstats
path: root/include/crypto.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/crypto.php')
-rw-r--r--include/crypto.php195
1 files changed, 31 insertions, 164 deletions
diff --git a/include/crypto.php b/include/crypto.php
index a646910a1..33cdc10c0 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -1,12 +1,11 @@
-<?php
-
-require_once('library/ASNValue.class.php');
-require_once('library/asn1.php');
+<?php /** @file */
function rsa_sign($data,$key,$alg = 'sha256') {
if(! $key)
return 'no key';
$sig = '';
+ if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+ $alg = OPENSSL_ALGO_SHA256;
openssl_sign($data,$sig,$key,$alg);
return $sig;
}
@@ -16,168 +15,12 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
if(! $key)
return false;
+ if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+ $alg = OPENSSL_ALGO_SHA256;
$verify = openssl_verify($data,$sig,$key,$alg);
return $verify;
}
-
-function DerToPem($Der, $Private=false)
-{
- //Encode:
- $Der = base64_encode($Der);
- //Split lines:
- $lines = str_split($Der, 65);
- $body = implode("\n", $lines);
- //Get title:
- $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
- //Add wrapping:
- $result = "-----BEGIN {$title}-----\n";
- $result .= $body . "\n";
- $result .= "-----END {$title}-----\n";
-
- return $result;
-}
-
-function DerToRsa($Der)
-{
- //Encode:
- $Der = base64_encode($Der);
- //Split lines:
- $lines = str_split($Der, 64);
- $body = implode("\n", $lines);
- //Get title:
- $title = 'RSA PUBLIC KEY';
- //Add wrapping:
- $result = "-----BEGIN {$title}-----\n";
- $result .= $body . "\n";
- $result .= "-----END {$title}-----\n";
-
- return $result;
-}
-
-
-function pkcs8_encode($Modulus,$PublicExponent) {
- //Encode key sequence
- $modulus = new ASNValue(ASNValue::TAG_INTEGER);
- $modulus->SetIntBuffer($Modulus);
- $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
- $publicExponent->SetIntBuffer($PublicExponent);
- $keySequenceItems = array($modulus, $publicExponent);
- $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
- $keySequence->SetSequence($keySequenceItems);
- //Encode bit string
- $bitStringValue = $keySequence->Encode();
- $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
- $bitString = new ASNValue(ASNValue::TAG_BITSTRING);
- $bitString->Value = $bitStringValue;
- //Encode body
- $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
- $body = new ASNValue(ASNValue::TAG_SEQUENCE);
- $body->Value = $bodyValue;
- //Get DER encoded public key:
- $PublicDER = $body->Encode();
- return $PublicDER;
-}
-
-
-function pkcs1_encode($Modulus,$PublicExponent) {
- //Encode key sequence
- $modulus = new ASNValue(ASNValue::TAG_INTEGER);
- $modulus->SetIntBuffer($Modulus);
- $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
- $publicExponent->SetIntBuffer($PublicExponent);
- $keySequenceItems = array($modulus, $publicExponent);
- $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
- $keySequence->SetSequence($keySequenceItems);
- //Encode bit string
- $bitStringValue = $keySequence->Encode();
- return $bitStringValue;
-}
-
-
-function metopem($m,$e) {
- $der = pkcs8_encode($m,$e);
- $key = DerToPem($der,false);
- return $key;
-}
-
-
-function pubrsatome($key,&$m,&$e) {
- require_once('library/asn1.php');
-
- $lines = explode("\n",$key);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = base64url_decode($r[0]->asnData[0]->asnData);
- $e = base64url_decode($r[0]->asnData[1]->asnData);
-}
-
-
-function rsatopem($key) {
- pubrsatome($key,$m,$e);
- return(metopem($m,$e));
-}
-
-function pemtorsa($key) {
- pemtome($key,$m,$e);
- return(metorsa($m,$e));
-}
-
-function pemtome($key,&$m,&$e) {
- $lines = explode("\n",$key);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
- $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
-}
-
-function metorsa($m,$e) {
- $der = pkcs1_encode($m,$e);
- $key = DerToRsa($der);
- return $key;
-}
-
-function salmon_key($pubkey) {
- pemtome($pubkey,$m,$e);
- return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
-}
-
-
-
-if(! function_exists('aes_decrypt')) {
-function aes_decrypt($val,$ky)
-{
- $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
- for($a=0;$a<strlen($ky);$a++)
- $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
- $mode = MCRYPT_MODE_ECB;
- $enc = MCRYPT_RIJNDAEL_128;
- $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
- return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
-}}
-
-
-if(! function_exists('aes_encrypt')) {
-function aes_encrypt($val,$ky)
-{
- $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
- for($a=0;$a<strlen($ky);$a++)
- $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
- $mode=MCRYPT_MODE_ECB;
- $enc=MCRYPT_RIJNDAEL_128;
- $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
- return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
-}}
-
-
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
@@ -210,17 +53,41 @@ function AES256CBC_decrypt($data,$key,$iv) {
str_pad($iv,16,"\0")));
}
+function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
+ if($alg === 'aes256cbc')
+ return aes_encapsulate($data,$pubkey);
+
+}
+
+
function aes_encapsulate($data,$pubkey) {
+ if(! $pubkey)
+ logger('aes_encapsulate: no key. data: ' . $data);
$key = random_string(32,RANDOM_STRING_TEXT);
$iv = random_string(16,RANDOM_STRING_TEXT);
$result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true);
- openssl_public_encrypt($key,$k,$pubkey);
- $result['key'] = base64url_encode($k,true);
+ // log the offending call so we can track it down
+ if(! openssl_public_encrypt($key,$k,$pubkey)) {
+ $x = debug_backtrace();
+ logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true));
+ }
+ $result['alg'] = 'aes256cbc';
+ $result['key'] = base64url_encode($k,true);
openssl_public_encrypt($iv,$i,$pubkey);
$result['iv'] = base64url_encode($i,true);
return $result;
}
+function crypto_unencapsulate($data,$prvkey) {
+ if(! $data)
+ return;
+ $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
+ if($alg === 'aes256cbc')
+ return aes_unencapsulate($data,$prvkey);
+
+}
+
+
function aes_unencapsulate($data,$prvkey) {
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);