diff options
Diffstat (limited to 'include/crypto.php')
| -rw-r--r-- | include/crypto.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/include/crypto.php b/include/crypto.php index a20606db5..0feb45c24 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -225,3 +225,71 @@ function pkcs5_unpad($text) if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } + +function AES256CBC_encrypt($data,$key,$iv) { + return mcrypt_encrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + pkcs5_pad($data,16), + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0")); +} + +function AES256CBC_decrypt($data,$key,$iv) { + return pkcs5_unpad(mcrypt_decrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + $data, + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0"))); +} + +function aes_encapsulate($data,$pubkey) { + $key = random_string(32,RANDOM_STRING_TEXT); + $iv = random_string(16,RANDOM_STRING_TEXT); + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); + openssl_public_encrypt($key,$k,$pubkey); + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; +} + +function aes_unencapsulate($data,$prvkey) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i); +} + + +// This has been superceded. + +function zot_encapsulate($data,$envelope,$pubkey) { +$res = aes_encapsulate($data,$pubkey); + +return <<< EOT +<?xml version='1.0' encoding='UTF-8'?> +<zot:msg xmlns:zot='http://purl.org/zot/1.0'> + <zot:key>{$res['key']}</zot:key> + <zot:iv>{$res['iv']}</zot:iv> + <zot:env>$s1</zot:env> + <zot:sig key_id="$keyid">$sig</zot:sig> + <zot:alg>AES-256-CBC</zot:alg> + <zot:data type='application/magic-envelope+xml'>{$res['data']}</zot:data> +</zot:msg> +EOT; + +} + +// so has this + +function zot_unencapsulate($data,$prvkey) { + $ret = array(); + $c = array(); + $x = parse_xml_string($data); + $c = array('key' => $x->key,'iv' => $x->iv,'data' => $x->data); + openssl_private_decrypt(base64url_decode($x->sender),$s,$prvkey); + $ret['sender'] = $s; + $ret['data'] = aes_unencapsulate($x,$prvkey); + return $ret; +}
\ No newline at end of file |