X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Fcrypto.php;h=ed0a35704e8a5c8f97ab7f26038828fd5b2fd53b;hb=b75ca0d5b8c63ee86e97b4a32831fe03fe2b8fa3;hp=a75a9aa744130206b0630065879644f75ee6227c;hpb=8fa6f492420f830b4c9c06f2f391853e82285825;p=friendica.git diff --git a/include/crypto.php b/include/crypto.php index a75a9aa744..ed0a35704e 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -9,7 +9,7 @@ function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { - openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); + openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) < 1024 || extension_loaded('gmp')) { @@ -31,7 +31,7 @@ function rsa_sign($data,$key,$alg = 'sha256') { function rsa_verify($data,$sig,$key,$alg = 'sha256') { if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { - $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); + $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) <= 300 || extension_loaded('gmp')) { @@ -225,3 +225,72 @@ function pkcs5_unpad($text) if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } + +function AES256CBC_encrypt($data,$key,$iv) { + return mcrypt_encrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + pkcs5_pad($data,16), + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0")); +} + +function AES256CBC_decrypt($data,$key,$iv) { + return pkcs5_unpad(mcrypt_decrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + $data, + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0"))); +} + +function aes_encapsulate($data,$pubkey) { + $key = random_string(32,RANDOM_STRING_TEXT); + $iv = random_string(16,RANDOM_STRING_TEXT); + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); + openssl_public_encrypt($key,$k,$pubkey); + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; +} + +function aes_unencapsulate($data,$prvkey) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i); +} + +function new_keypair($bits) { + + $openssl_options = array( + 'digest_alg' => 'sha1', + 'private_key_bits' => $bits, + 'encrypt_key' => false + ); + + $conf = get_config('system','openssl_conf_file'); + if($conf) + $openssl_options['config'] = $conf; + + $result = openssl_pkey_new($openssl_options); + + if(empty($result)) { + logger('new_keypair: failed'); + return false; + } + + // Get private key + + $response = array('prvkey' => '', 'pubkey' => ''); + + openssl_pkey_export($result, $response['prvkey']); + + // Get public key + $pkey = openssl_pkey_get_details($result); + $response['pubkey'] = $pkey["key"]; + + return $response; + +} +