From a6162d3134cd7fcde4f45064b75f90008a7f8177 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 4 Feb 2021 21:01:25 +0100 Subject: downgrade phpseclib to version 2 --- include/crypto.php | 97 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 75 insertions(+), 22 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 39bfd8d43..0d3a5842d 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,5 +1,8 @@ 0) ? true : false); @@ -110,7 +113,7 @@ function CAST5CFB_decrypt($data,$key,$iv) { function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { $fn = strtoupper($alg) . '_encrypt'; - + if($alg === 'aes256cbc') return aes_encapsulate($data,$pubkey); @@ -150,7 +153,7 @@ function other_encapsulate($data,$pubkey,$alg) { // assurance of security since it is meaningless if the source algorithms // have been compromised. Also none of this matters if RSA has been // compromised by state actors and evidence is mounting that this has - // already happened. + // already happened. $result = [ 'encrypted' => true ]; $key = openssl_random_pseudo_bytes(256); @@ -177,11 +180,11 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { - // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. + // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a - // particular implementation or choice of underlying implementations based on the key/iv length. + // particular implementation or choice of underlying implementations based on the key/iv length. // The actual methods are responsible for deriving the actual key/iv from the provided parameters; - // possibly by truncation or segmentation - though many other methods could be used. + // possibly by truncation or segmentation - though many other methods could be used. $r = [ 'aes256ctr.oaep', 'camellia256cfb.oaep', 'cast5cfb.oaep', 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); @@ -280,13 +283,13 @@ function new_keypair($bits) { $openssl_options = array( 'digest_alg' => 'sha1', 'private_key_bits' => $bits, - 'encrypt_key' => false + 'encrypt_key' => false ); $conf = get_config('system','openssl_conf_file'); if($conf) $openssl_options['config'] = $conf; - + $result = openssl_pkey_new($openssl_options); if(empty($result)) { @@ -321,7 +324,7 @@ function DerToPem($Der, $Private=false) $result = "-----BEGIN {$title}-----\n"; $result .= $body . "\n"; $result .= "-----END {$title}-----\n"; - + return $result; } @@ -338,7 +341,7 @@ function DerToRsa($Der) $result = "-----BEGIN {$title}-----\n"; $result .= $body . "\n"; $result .= "-----END {$title}-----\n"; - + return $result; } @@ -383,11 +386,24 @@ function pkcs1_encode($Modulus,$PublicExponent) { // http://stackoverflow.com/questions/27568570/how-to-convert-raw-modulus-exponent-to-rsa-public-key-pem-format -function metopem($m,$e) { - $der = pkcs8_encode($m,$e); +/** + * @param string $m modulo + * @param string $e exponent + * @return string + */ +function metopem($m, $e) { + + $key = PublicKeyLoader::load([ + 'e' => new BigInteger($e, 256), + 'n' => new BigInteger($m, 256) + ]); + hz_syslog('metopem: ' . $key->toString('PKCS8')); + return $key->toString('PKCS8'); + +/* $der = pkcs8_encode($m,$e); $key = DerToPem($der,false); - return $key; -} + return $key;*/ +} function pubrsatome($key,&$m,&$e) { @@ -406,16 +422,44 @@ function pubrsatome($key,&$m,&$e) { function rsatopem($key) { - pubrsatome($key,$m,$e); - return(metopem($m,$e)); + + $key = PublicKeyLoader::load($key); + hz_syslog('rsatopem: ' . $key->toString('PKCS8')); + + return $key->toString('PKCS8'); + + +/* pubrsatome($key,$m,$e); + return(metopem($m,$e));*/ } function pemtorsa($key) { - pemtome($key,$m,$e); - return(metorsa($m,$e)); + $key = PublicKeyLoader::load($key); + hz_syslog('pemtorsa: ' . $key->toString('PKCS1')); + + return $key->toString('PKCS1'); + +/* pemtome($key,$m,$e); + return(metorsa($m,$e));*/ + } function pemtome($key,&$m,&$e) { + + $key = PublicKeyLoader::load($key); + $m = new BigInteger($key->n, 256); + $e = new BigInteger($key->e, 256); + + +/* $rsa = new RSA(); + $rsa->loadKey($key); + $rsa->setPublicKey(); + + $modulus = $rsa->modulus->toBytes(); + $exponent = $rsa->exponent->toBytes(); + + + $lines = explode("\n",$key); unset($lines[0]); unset($lines[count($lines)]); @@ -424,14 +468,23 @@ function pemtome($key,&$m,&$e) { $r = ASN_BASE::parseASNString($x); $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData); - $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData); + $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);*/ } function metorsa($m,$e) { - $der = pkcs1_encode($m,$e); + + $key = PublicKeyLoader::load([ + 'e' => new BigInteger($e, 256), + 'n' => new BigInteger($m, 256) + ]); + hz_syslog('metorsa: ' . $key->toString('PKCS8')); + + return $key->toString('PKCS8'); + +/* $der = pkcs1_encode($m,$e); $key = DerToRsa($der); - return $key; -} + return $key;*/ +} -- cgit v1.2.3 From 41f84dabcc14415a47f24ed25a90495bbfcda52a Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 4 Feb 2021 21:21:22 +0100 Subject: use phpseclib for key transformations --- include/crypto.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 0d3a5842d..f86d1153c 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,7 +1,7 @@ loadKey([ 'e' => new BigInteger($e, 256), 'n' => new BigInteger($m, 256) ]); - hz_syslog('metopem: ' . $key->toString('PKCS8')); - return $key->toString('PKCS8'); + return $rsa->getPublicKey(); /* $der = pkcs8_encode($m,$e); $key = DerToPem($der,false); @@ -423,10 +423,10 @@ function pubrsatome($key,&$m,&$e) { function rsatopem($key) { - $key = PublicKeyLoader::load($key); - hz_syslog('rsatopem: ' . $key->toString('PKCS8')); + $rsa = new RSA(); + $rsa->setPublicKey($key); - return $key->toString('PKCS8'); + return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8); /* pubrsatome($key,$m,$e); @@ -434,10 +434,10 @@ function rsatopem($key) { } function pemtorsa($key) { - $key = PublicKeyLoader::load($key); - hz_syslog('pemtorsa: ' . $key->toString('PKCS1')); + $rsa = new RSA(); + $rsa->setPublicKey($key); - return $key->toString('PKCS1'); + return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); /* pemtome($key,$m,$e); return(metorsa($m,$e));*/ @@ -446,9 +446,12 @@ function pemtorsa($key) { function pemtome($key,&$m,&$e) { - $key = PublicKeyLoader::load($key); - $m = new BigInteger($key->n, 256); - $e = new BigInteger($key->e, 256); + $rsa = new RSA(); + $rsa->loadKey($key); + $rsa->setPublicKey(); + + $e = $rsa->modulus->toBytes(); + $m = $rsa->exponent->toBytes(); /* $rsa = new RSA(); @@ -473,13 +476,12 @@ function pemtome($key,&$m,&$e) { function metorsa($m,$e) { - $key = PublicKeyLoader::load([ + $rsa = new RSA(); + $rsa->loadKey([ 'e' => new BigInteger($e, 256), 'n' => new BigInteger($m, 256) ]); - hz_syslog('metorsa: ' . $key->toString('PKCS8')); - - return $key->toString('PKCS8'); + return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); /* $der = pkcs1_encode($m,$e); $key = DerToRsa($der); -- cgit v1.2.3 From 6bb73e14b6521ea7c2d4f77d2954e4f8744bb736 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 4 Feb 2021 21:31:37 +0100 Subject: key conversion functions cleanup --- include/crypto.php | 146 +++++++---------------------------------------------- 1 file changed, 19 insertions(+), 127 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index f86d1153c..66bd113bc 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -3,9 +3,6 @@ use phpseclib\Crypt\RSA; use phpseclib\Math\BigInteger; -require_once('library/ASNValue.class.php'); -require_once('library/asn1.php'); - function rsa_sign($data,$key,$alg = 'sha256') { if(! $key) return 'no key'; @@ -311,81 +308,6 @@ function new_keypair($bits) { } -function DerToPem($Der, $Private=false) -{ - //Encode: - $Der = base64_encode($Der); - //Split lines: - $lines = str_split($Der, 65); - $body = implode("\n", $lines); - //Get title: - $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY'; - //Add wrapping: - $result = "-----BEGIN {$title}-----\n"; - $result .= $body . "\n"; - $result .= "-----END {$title}-----\n"; - - return $result; -} - -function DerToRsa($Der) -{ - //Encode: - $Der = base64_encode($Der); - //Split lines: - $lines = str_split($Der, 64); - $body = implode("\n", $lines); - //Get title: - $title = 'RSA PUBLIC KEY'; - //Add wrapping: - $result = "-----BEGIN {$title}-----\n"; - $result .= $body . "\n"; - $result .= "-----END {$title}-----\n"; - - return $result; -} - - -function pkcs8_encode($Modulus,$PublicExponent) { - //Encode key sequence - $modulus = new ASNValue(ASNValue::TAG_INTEGER); - $modulus->SetIntBuffer($Modulus); - $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); - $publicExponent->SetIntBuffer($PublicExponent); - $keySequenceItems = array($modulus, $publicExponent); - $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); - $keySequence->SetSequence($keySequenceItems); - //Encode bit string - $bitStringValue = $keySequence->Encode(); - $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte - $bitString = new ASNValue(ASNValue::TAG_BITSTRING); - $bitString->Value = $bitStringValue; - //Encode body - $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode(); - $body = new ASNValue(ASNValue::TAG_SEQUENCE); - $body->Value = $bodyValue; - //Get DER encoded public key: - $PublicDER = $body->Encode(); - return $PublicDER; -} - - -function pkcs1_encode($Modulus,$PublicExponent) { - //Encode key sequence - $modulus = new ASNValue(ASNValue::TAG_INTEGER); - $modulus->SetIntBuffer($Modulus); - $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); - $publicExponent->SetIntBuffer($PublicExponent); - $keySequenceItems = array($modulus, $publicExponent); - $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); - $keySequence->SetSequence($keySequenceItems); - //Encode bit string - $bitStringValue = $keySequence->Encode(); - return $bitStringValue; -} - - -// http://stackoverflow.com/questions/27568570/how-to-convert-raw-modulus-exponent-to-rsa-public-key-pem-format /** * @param string $m modulo * @param string $e exponent @@ -400,27 +322,12 @@ function metopem($m, $e) { ]); return $rsa->getPublicKey(); -/* $der = pkcs8_encode($m,$e); - $key = DerToPem($der,false); - return $key;*/ } - -function pubrsatome($key,&$m,&$e) { - require_once('library/asn1.php'); - - $lines = explode("\n",$key); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('',$lines)); - - $r = ASN_BASE::parseASNString($x); - - $m = base64url_decode($r[0]->asnData[0]->asnData); - $e = base64url_decode($r[0]->asnData[1]->asnData); -} - - +/** + * @param string key + * @return string + */ function rsatopem($key) { $rsa = new RSA(); @@ -428,22 +335,26 @@ function rsatopem($key) { return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8); - -/* pubrsatome($key,$m,$e); - return(metopem($m,$e));*/ } +/** + * @param string key + * @return string + */ function pemtorsa($key) { + $rsa = new RSA(); $rsa->setPublicKey($key); return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); -/* pemtome($key,$m,$e); - return(metorsa($m,$e));*/ - } +/** + * @param string $key key + * @param string $m reference modulo + * @param string $e reference exponent + */ function pemtome($key,&$m,&$e) { $rsa = new RSA(); @@ -453,27 +364,13 @@ function pemtome($key,&$m,&$e) { $e = $rsa->modulus->toBytes(); $m = $rsa->exponent->toBytes(); - -/* $rsa = new RSA(); - $rsa->loadKey($key); - $rsa->setPublicKey(); - - $modulus = $rsa->modulus->toBytes(); - $exponent = $rsa->exponent->toBytes(); - - - - $lines = explode("\n",$key); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('',$lines)); - - $r = ASN_BASE::parseASNString($x); - - $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData); - $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);*/ } +/** + * @param string $m modulo + * @param string $e exponent + * @return string + */ function metorsa($m,$e) { $rsa = new RSA(); @@ -483,19 +380,14 @@ function metorsa($m,$e) { ]); return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); -/* $der = pkcs1_encode($m,$e); - $key = DerToRsa($der); - return $key;*/ } - function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; } - function convert_salmon_key($key) { if(strstr($key,',')) -- cgit v1.2.3 From 03e1f5f8a41c88e8feea19784d7521435e7e4b2e Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 4 Feb 2021 21:49:25 +0100 Subject: remove unused function --- include/crypto.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 66bd113bc..e2132337f 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -366,23 +366,6 @@ function pemtome($key,&$m,&$e) { } -/** - * @param string $m modulo - * @param string $e exponent - * @return string - */ -function metorsa($m,$e) { - - $rsa = new RSA(); - $rsa->loadKey([ - 'e' => new BigInteger($e, 256), - 'n' => new BigInteger($m, 256) - ]); - return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); - -} - - function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; -- cgit v1.2.3 From eb05e5a20515419cc8bd4df33cd40c50391785e4 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 8 Feb 2021 10:55:35 +0000 Subject: revert include/crypto to its previous state for reference - we are now using Lib/Keyutils for key conversion --- include/crypto.php | 158 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 114 insertions(+), 44 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index e2132337f..84d639f3f 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,7 +1,7 @@ loadKey([ - 'e' => new BigInteger($e, 256), - 'n' => new BigInteger($m, 256) - ]); - return $rsa->getPublicKey(); +function DerToRsa($Der) +{ + //Encode: + $Der = base64_encode($Der); + //Split lines: + $lines = str_split($Der, 64); + $body = implode("\n", $lines); + //Get title: + $title = 'RSA PUBLIC KEY'; + //Add wrapping: + $result = "-----BEGIN {$title}-----\n"; + $result .= $body . "\n"; + $result .= "-----END {$title}-----\n"; + return $result; } -/** - * @param string key - * @return string - */ -function rsatopem($key) { - $rsa = new RSA(); - $rsa->setPublicKey($key); +function pkcs8_encode($Modulus,$PublicExponent) { + //Encode key sequence + $modulus = new ASNValue(ASNValue::TAG_INTEGER); + $modulus->SetIntBuffer($Modulus); + $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); + $publicExponent->SetIntBuffer($PublicExponent); + $keySequenceItems = array($modulus, $publicExponent); + $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); + $keySequence->SetSequence($keySequenceItems); + //Encode bit string + $bitStringValue = $keySequence->Encode(); + $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte + $bitString = new ASNValue(ASNValue::TAG_BITSTRING); + $bitString->Value = $bitStringValue; + //Encode body + $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode(); + $body = new ASNValue(ASNValue::TAG_SEQUENCE); + $body->Value = $bodyValue; + //Get DER encoded public key: + $PublicDER = $body->Encode(); + return $PublicDER; +} - return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8); +function pkcs1_encode($Modulus,$PublicExponent) { + //Encode key sequence + $modulus = new ASNValue(ASNValue::TAG_INTEGER); + $modulus->SetIntBuffer($Modulus); + $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); + $publicExponent->SetIntBuffer($PublicExponent); + $keySequenceItems = array($modulus, $publicExponent); + $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); + $keySequence->SetSequence($keySequenceItems); + //Encode bit string + $bitStringValue = $keySequence->Encode(); + return $bitStringValue; } -/** - * @param string key - * @return string - */ -function pemtorsa($key) { - $rsa = new RSA(); - $rsa->setPublicKey($key); +// http://stackoverflow.com/questions/27568570/how-to-convert-raw-modulus-exponent-to-rsa-public-key-pem-format +function metopem($m,$e) { + $der = pkcs8_encode($m,$e); + $key = DerToPem($der,false); + return $key; +} + + +function pubrsatome($key,&$m,&$e) { + require_once('library/asn1.php'); + + $lines = explode("\n",$key); + unset($lines[0]); + unset($lines[count($lines)]); + $x = base64_decode(implode('',$lines)); - return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); + $r = ASN_BASE::parseASNString($x); + $m = base64url_decode($r[0]->asnData[0]->asnData); + $e = base64url_decode($r[0]->asnData[1]->asnData); +} + + +function rsatopem($key) { + pubrsatome($key,$m,$e); + return(metopem($m,$e)); +} + +function pemtorsa($key) { + pemtome($key,$m,$e); + return(metorsa($m,$e)); } -/** - * @param string $key key - * @param string $m reference modulo - * @param string $e reference exponent - */ function pemtome($key,&$m,&$e) { + $lines = explode("\n",$key); + unset($lines[0]); + unset($lines[count($lines)]); + $x = base64_decode(implode('',$lines)); - $rsa = new RSA(); - $rsa->loadKey($key); - $rsa->setPublicKey(); + $r = ASN_BASE::parseASNString($x); - $e = $rsa->modulus->toBytes(); - $m = $rsa->exponent->toBytes(); + $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData); + $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData); +} +function metorsa($m,$e) { + $der = pkcs1_encode($m,$e); + $key = DerToRsa($der); + return $key; } + + function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; } + function convert_salmon_key($key) { if(strstr($key,',')) -- cgit v1.2.3 From b4693870ba647455e6bd0a3919a544130cee118b Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 9 Feb 2021 13:50:03 +0000 Subject: port Lib/Crypto from zap --- include/crypto.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 84d639f3f..d91d3749c 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,5 +1,7 @@ Date: Wed, 10 Feb 2021 19:27:00 +0000 Subject: revert z_(un)obscure() until (un)obscurify() will be implemented and a update will take care of the data in db --- include/crypto.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index d91d3749c..b09356fc7 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -462,12 +462,12 @@ function convert_salmon_key($key) { function z_obscure($s) { - return json_encode(Crypto::encapsulate($s,get_config('system','pubkey'))); + return json_encode(crypto_encapsulate($s,get_config('system','pubkey'))); } function z_unobscure($s) { if(strpos($s,"{\"") !== 0) return $s; - return Crypto::unencapsulate(json_decode($s,true),get_config('system','prvkey')); + return crypto_unencapsulate(json_decode($s,true),get_config('system','prvkey')); } -- cgit v1.2.3 From 464a0634d63707412afb7df9b2fe0d2e23258753 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 10 Feb 2021 20:40:28 +0000 Subject: use (un)obscurify --- include/crypto.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index b09356fc7..40e68a4e7 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,7 +1,5 @@