X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=src%2FUtil%2FCrypto.php;h=1781dfb77988a0389484bed24cea973effe19c05;hb=24c32cff0dcd38d5aa509208f5f17abb05a8b140;hp=1b84a92f64a3f9e6ae7bcaa0815fc7a271b77432;hpb=097620b62799c96d610d73410ec07a6b8cdf82f0;p=friendica.git

diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php
index 1b84a92f64..1781dfb779 100644
--- a/src/Util/Crypto.php
+++ b/src/Util/Crypto.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2023, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -21,12 +21,11 @@
 
 namespace Friendica\Util;
 
-use ASN_BASE;
-use ASNValue;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\DI;
+use phpseclib3\Crypt\PublicKeyLoader;
 
 /**
  * Crypto class
@@ -65,183 +64,15 @@ class Crypto
 	}
 
 	/**
-	 * @param string $Der     der formatted string
-	 * @param bool   $Private key type optional, default false
-	 * @return string
-	 */
-	private static function DerToPem($Der, $Private = false)
-	{
-		//Encode:
-		$Der = base64_encode($Der);
-		//Split lines:
-		$lines = str_split($Der, 65);
-		$body = implode("\n", $lines);
-		//Get title:
-		$title = $Private ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
-		//Add wrapping:
-		$result = "-----BEGIN {$title}-----\n";
-		$result .= $body . "\n";
-		$result .= "-----END {$title}-----\n";
-
-		return $result;
-	}
-
-	/**
-	 * @param string $Der der formatted string
-	 * @return string
-	 */
-	private static function DerToRsa($Der)
-	{
-		//Encode:
-		$Der = base64_encode($Der);
-		//Split lines:
-		$lines = str_split($Der, 64);
-		$body = implode("\n", $lines);
-		//Get title:
-		$title = 'RSA PUBLIC KEY';
-		//Add wrapping:
-		$result = "-----BEGIN {$title}-----\n";
-		$result .= $body . "\n";
-		$result .= "-----END {$title}-----\n";
-
-		return $result;
-	}
-
-	/**
-	 * @param string $Modulus        modulo
-	 * @param string $PublicExponent exponent
-	 * @return string
-	 */
-	private static function pkcs8Encode($Modulus, $PublicExponent)
-	{
-		//Encode key sequence
-		$modulus = new ASNValue(ASNValue::TAG_INTEGER);
-		$modulus->SetIntBuffer($Modulus);
-		$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
-		$publicExponent->SetIntBuffer($PublicExponent);
-		$keySequenceItems = [$modulus, $publicExponent];
-		$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
-		$keySequence->SetSequence($keySequenceItems);
-		//Encode bit string
-		$bitStringValue = $keySequence->Encode();
-		$bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
-		$bitString = new ASNValue(ASNValue::TAG_BITSTRING);
-		$bitString->Value = $bitStringValue;
-		//Encode body
-		$bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
-		$body = new ASNValue(ASNValue::TAG_SEQUENCE);
-		$body->Value = $bodyValue;
-		//Get DER encoded public key:
-		$PublicDER = $body->Encode();
-		return $PublicDER;
-	}
-
-	/**
-	 * @param string $Modulus        modulo
-	 * @param string $PublicExponent exponent
-	 * @return string
-	 */
-	private static function pkcs1Encode($Modulus, $PublicExponent)
-	{
-		//Encode key sequence
-		$modulus = new ASNValue(ASNValue::TAG_INTEGER);
-		$modulus->SetIntBuffer($Modulus);
-		$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
-		$publicExponent->SetIntBuffer($PublicExponent);
-		$keySequenceItems = [$modulus, $publicExponent];
-		$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
-		$keySequence->SetSequence($keySequenceItems);
-		//Encode bit string
-		$bitStringValue = $keySequence->Encode();
-		return $bitStringValue;
-	}
-
-	/**
-	 * @param string $m modulo
-	 * @param string $e exponent
-	 * @return string
-	 */
-	public static function meToPem($m, $e)
-	{
-		$der = self::pkcs8Encode($m, $e);
-		$key = self::DerToPem($der, false);
-		return $key;
-	}
-
-	/**
-	 * @param string $key key
-	 * @param string $m   modulo reference
-	 * @param object $e   exponent reference
-	 * @return void
-	 * @throws \Exception
-	 */
-	private static function pubRsaToMe($key, &$m, &$e)
-	{
-		$lines = explode("\n", $key);
-		unset($lines[0]);
-		unset($lines[count($lines)]);
-		$x = base64_decode(implode('', $lines));
-
-		$r = ASN_BASE::parseASNString($x);
-
-		$m = Strings::base64UrlDecode($r[0]->asnData[0]->asnData);
-		$e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData);
-	}
-
-	/**
-	 * @param string $key key
-	 * @return string
-	 * @throws \Exception
-	 */
-	public static function rsaToPem($key)
-	{
-		self::pubRsaToMe($key, $m, $e);
-		return self::meToPem($m, $e);
-	}
-
-	/**
-	 * @param string $key key
-	 * @return string
-	 * @throws \Exception
-	 */
-	private static function pemToRsa($key)
-	{
-		self::pemToMe($key, $m, $e);
-		return self::meToRsa($m, $e);
-	}
-
-	/**
-	 * @param string $key key
-	 * @param string $m   modulo reference
-	 * @param string $e   exponent reference
-	 * @return void
-	 * @throws \Exception
-	 */
-	public static function pemToMe($key, &$m, &$e)
-	{
-		$lines = explode("\n", $key);
-		unset($lines[0]);
-		unset($lines[count($lines)]);
-		$x = base64_decode(implode('', $lines));
-
-		$r = ASN_BASE::parseASNString($x);
-
-		if (isset($r[0])) {
-			$m = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
-			$e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
-		}
-	}
-
-	/**
-	 * @param string $m modulo
-	 * @param string $e exponent
-	 * @return string
+	 * Transform RSA public keys to standard PEM output
+	 *
+	 * @param string $key A RSA public key
+	 *
+	 * @return string The PEM output of this key
 	 */
-	private static function meToRsa($m, $e)
+	public static function rsaToPem(string $key)
 	{
-		$der = self::pkcs1Encode($m, $e);
-		$key = self::DerToRsa($der);
-		return $key;
+		return (string)PublicKeyLoader::load($key);
 	}
 
 	/**
@@ -264,7 +95,7 @@ class Crypto
 		$result = openssl_pkey_new($openssl_options);
 
 		if (empty($result)) {
-			Logger::log('new_keypair: failed');
+			Logger::notice('new_keypair: failed');
 			return false;
 		}
 
@@ -282,13 +113,13 @@ class Crypto
 
 	/**
 	 * Encrypt a string with 'aes-256-cbc' cipher method.
-	 * 
+	 *
 	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
+	 *
 	 * @param string $data
 	 * @param string $key   The key used for encryption.
 	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
+	 *
 	 * @return string|boolean Encrypted string or false on failure.
 	 */
 	private static function encryptAES256CBC($data, $key, $iv)
@@ -298,13 +129,13 @@ class Crypto
 
 	/**
 	 * Decrypt a string with 'aes-256-cbc' cipher method.
-	 * 
+	 *
 	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
+	 *
 	 * @param string $data
 	 * @param string $key   The key used for decryption.
 	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
+	 *
 	 * @return string|boolean Decrypted string or false on failure.
 	 */
 	private static function decryptAES256CBC($data, $key, $iv)
@@ -312,42 +143,6 @@ class Crypto
 		return openssl_decrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
 	}
 
-	/**
-	 * Encrypt a string with 'aes-256-ctr' cipher method.
-	 * 
-	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
-	 * @param string $data
-	 * @param string $key   The key used for encryption.
-	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
-	 * @return string|boolean Encrypted string or false on failure.
-	 */
-	private static function encryptAES256CTR($data, $key, $iv)
-	{
-		$key = substr($key, 0, 32);
-		$iv = substr($iv, 0, 16);
-		return openssl_encrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
-	}
-
-	/**
-	 * Decrypt a string with 'aes-256-ctr' cipher method.
-	 * 
-	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
-	 * @param string $data
-	 * @param string $key   The key used for decryption.
-	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
-	 * @return string|boolean Decrypted string or false on failure.
-	 */
-	private static function decryptAES256CTR($data, $key, $iv)
-	{
-		$key = substr($key, 0, 32);
-		$iv = substr($iv, 0, 16);
-		return openssl_decrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
-	}
-
 	/**
 	 *
 	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
@@ -381,7 +176,7 @@ class Crypto
 	private static function encapsulateOther($data, $pubkey, $alg)
 	{
 		if (!$pubkey) {
-			Logger::log('no key. data: '.$data);
+			Logger::notice('no key. data: '.$data);
 		}
 		$fn = 'encrypt' . strtoupper($alg);
 		if (method_exists(__CLASS__, $fn)) {
@@ -393,7 +188,7 @@ class Crypto
 			// log the offending call so we can track it down
 			if (!openssl_public_encrypt($key, $k, $pubkey)) {
 				$x = debug_backtrace();
-				Logger::log('RSA failed. ' . print_r($x[0], true));
+				Logger::notice('RSA failed', ['trace' => $x[0]]);
 			}
 
 			$result['alg'] = $alg;
@@ -423,7 +218,7 @@ class Crypto
 	private static function encapsulateAes($data, $pubkey)
 	{
 		if (!$pubkey) {
-			Logger::log('aes_encapsulate: no key. data: ' . $data);
+			Logger::notice('aes_encapsulate: no key. data: ' . $data);
 		}
 
 		$key = random_bytes(32);
@@ -434,7 +229,7 @@ class Crypto
 		// log the offending call so we can track it down
 		if (!openssl_public_encrypt($key, $k, $pubkey)) {
 			$x = debug_backtrace();
-			Logger::log('aes_encapsulate: RSA failed. ' . print_r($x[0], true));
+			Logger::notice('aes_encapsulate: RSA failed.', ['data' => $x[0]]);
 		}
 
 		$result['alg'] = 'aes256cbc';
@@ -461,11 +256,12 @@ class Crypto
 			return;
 		}
 
-		$alg = ((array_key_exists('alg', $data)) ? $data['alg'] : 'aes256cbc');
+		$alg = $data['alg'] ?? 'aes256cbc';
 		if ($alg === 'aes256cbc') {
-			return self::encapsulateAes($data['data'], $prvkey);
+			return self::unencapsulateAes($data['data'], $prvkey);
 		}
-		return self::encapsulateOther($data['data'], $prvkey, $alg);
+
+		return self::unencapsulateOther($data, $prvkey, $alg);
 	}
 
 	/**