aboutsummaryrefslogtreecommitdiffstats
path: root/include/crypto.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/crypto.php')
-rw-r--r--include/crypto.php81
1 files changed, 30 insertions, 51 deletions
diff --git a/include/crypto.php b/include/crypto.php
index b990b18d9..ab33ba096 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -31,19 +31,6 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
return (($verify > 0) ? true : false);
}
-function pkcs5_pad ($text, $blocksize)
-{
- $pad = $blocksize - (strlen($text) % $blocksize);
- return $text . str_repeat(chr($pad), $pad);
-}
-
-function pkcs5_unpad($text)
-{
- $pad = ord($text{strlen($text)-1});
- if ($pad > strlen($text)) return false;
- if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
- return substr($text, 0, -1 * $pad);
-}
function AES256CBC_encrypt($data,$key,$iv) {
@@ -135,7 +122,18 @@ function other_encapsulate($data,$pubkey,$alg) {
if(! $pubkey)
logger('no key. data: ' . $data);
- $fn = strtoupper($alg) . '_encrypt';
+ $oaep = false;
+
+ if(strpos($alg,'.oaep')) {
+ $oaep = true;
+ $subalg = substr($alg,0,-5);
+ }
+ else {
+ $subalg = $alg;
+ }
+
+
+ $fn = strtoupper($subalg) . '_encrypt';
if(function_exists($fn)) {
// A bit hesitant to use openssl_random_pseudo_bytes() as we know
@@ -153,14 +151,14 @@ function other_encapsulate($data,$pubkey,$alg) {
$iv = openssl_random_pseudo_bytes(256);
$result['data'] = base64url_encode($fn($data,$key,$iv),true);
// log the offending call so we can track it down
- if(! openssl_public_encrypt($key,$k,$pubkey)) {
+ if(! openssl_public_encrypt($key,$k,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING))) {
$x = debug_backtrace();
logger('RSA failed. ' . print_r($x[0],true));
}
$result['alg'] = $alg;
$result['key'] = base64url_encode($k,true);
- openssl_public_encrypt($iv,$i,$pubkey);
+ openssl_public_encrypt($iv,$i,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
$result['iv'] = base64url_encode($i,true);
return $result;
}
@@ -179,7 +177,7 @@ function crypto_methods() {
// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
// possibly by truncation or segmentation - though many other methods could be used.
- $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
+ $r = [ 'aes256ctr.oaep', 'camellia256cfb.oaep', 'cast5cfb.oaep', 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
call_hooks('crypto_methods',$r);
return $r;
@@ -220,6 +218,7 @@ function aes_encapsulate($data,$pubkey) {
function crypto_unencapsulate($data,$prvkey) {
if(! $data)
return;
+
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
if($alg === 'aes256cbc')
return aes_unencapsulate($data,$prvkey);
@@ -229,10 +228,21 @@ function crypto_unencapsulate($data,$prvkey) {
}
function other_unencapsulate($data,$prvkey,$alg) {
- $fn = strtoupper($alg) . '_decrypt';
+
+ $oaep = false;
+
+ if(strpos($alg,'.oaep')) {
+ $oaep = true;
+ $subalg = substr($alg,0,-5);
+ }
+ else {
+ $subalg = $alg;
+ }
+
+ $fn = strtoupper($subalg) . '_decrypt';
if(function_exists($fn)) {
- openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
- openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);
+ openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
+ openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
return $fn(base64url_decode($data['data']),$k,$i);
}
else {
@@ -282,37 +292,6 @@ function new_keypair($bits) {
}
-function pkcs1to8($oldkey,$len) {
-
- if($len == 4096)
- $c = 'g';
- if($len == 2048)
- $c = 'Q';
-
- if(strstr($oldkey,'BEGIN PUBLIC'))
- return $oldkey;
-
- $oldkey = str_replace('-----BEGIN RSA PUBLIC KEY-----', '', $oldkey);
- $oldkey = trim(str_replace('-----END RSA PUBLIC KEY-----', '', $oldkey));
- $key = 'MIICIjANBgkqhkiG9w0BAQEFAAOCA' . $c . '8A' . str_replace("\n", '', $oldkey);
- $key = "-----BEGIN PUBLIC KEY-----\n" . wordwrap($key, 64, "\n", true) . "\n-----END PUBLIC KEY-----";
- return $key;
-}
-
-function pkcs8to1($oldkey,$len) {
-
- if(strstr($oldkey,'BEGIN RSA'))
- return $oldkey;
-
- $oldkey = str_replace('-----BEGIN PUBLIC KEY-----', '', $oldkey);
- $oldkey = trim(str_replace('-----END PUBLIC KEY-----', '', $oldkey));
- $key = str_replace("\n",'',$oldkey);
- $key = substr($key,32);
- $key = "-----BEGIN RSA PUBLIC KEY-----\n" . wordwrap($key, 64, "\n", true) . "\n-----END RSA PUBLIC KEY-----";
- return $key;
-}
-
-
function DerToPem($Der, $Private=false)
{
//Encode: