X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fcrypto.php;h=4600e7291b7c3ec27622bbb4af64c02f5dfcb22c;hb=aa284a2ae60cca7f2f80013801999ad8a6596d84;hp=1ab9e7b25f79ac246346ac2de618388785fd072e;hpb=afb04142ce0ec4f291ed22be6e9f7781a7714628;p=friendica.git

diff --git a/include/crypto.php b/include/crypto.php
index 1ab9e7b25f..4600e7291b 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -1,93 +1,52 @@
 <?php
 
-require_once('library/ASNValue.class.php');
-require_once('library/asn1.php');
-
-
-function rsa_sign($data,$key) {
-
-	$sig = '';
-	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-		openssl_sign($data,$sig,$key,'sha256');
-    }
-    else {
-		if(strlen($key) < 1024 || extension_loaded('gmp')) {
-			require_once('library/phpsec/Crypt/RSA.php');
-			$rsa = new CRYPT_RSA();
-			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
-			$rsa->setHash('sha256');
-			$rsa->loadKey($key);
-			$sig = $rsa->sign($data);
-		}
-		else {
-			logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
-			openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
-		}
-	}
+require_once 'library/ASNValue.class.php';
+require_once 'library/asn1.php';
+
+// supported algorithms are 'sha256', 'sha1'
+
+function rsa_sign($data, $key, $alg = 'sha256') {
+	openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
 	return $sig;
 }
 
-function rsa_verify($data,$sig,$key) {
-
-	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-		$verify = openssl_verify($data,$sig,$key,'sha256');
-    }
-    else {
-		if(strlen($key) <= 300 || extension_loaded('gmp')) {
-			require_once('library/phpsec/Crypt/RSA.php');
-			$rsa = new CRYPT_RSA();
-			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
-			$rsa->setHash('sha256');
-			$rsa->loadKey($key);
-			$verify = $rsa->verify($data,$sig);
-		}
-		else {
-			// fallback sha256 verify for PHP < 5.3 and large key lengths
-			$rawsig = '';
-        	openssl_public_decrypt($sig,$rawsig,$key);
-	        $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
-    	}
-	}
-	return $verify;
+function rsa_verify($data, $sig, $key, $alg = 'sha256') {
+	return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
 }
 
-
-function DerToPem($Der, $Private=false)
-{
-    //Encode:
-    $Der = base64_encode($Der);
-    //Split lines:
-    $lines = str_split($Der, 65);
-    $body = implode("\n", $lines);
-    //Get title:
-    $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
-    //Add wrapping:
-    $result = "-----BEGIN {$title}-----\n";
-    $result .= $body . "\n";
-    $result .= "-----END {$title}-----\n";
- 
-    return $result;
+function DerToPem($Der, $Private = false) {
+	//Encode:
+	$Der = base64_encode($Der);
+	//Split lines:
+	$lines = str_split($Der, 65);
+	$body = implode("\n", $lines);
+	//Get title:
+	$title = $Private ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
+	//Add wrapping:
+	$result = "-----BEGIN {$title}-----\n";
+	$result .= $body . "\n";
+	$result .= "-----END {$title}-----\n";
+
+	return $result;
 }
 
-function DerToRsa($Der)
-{
-    //Encode:
-    $Der = base64_encode($Der);
-    //Split lines:
-    $lines = str_split($Der, 65);
-    $body = implode("\n", $lines);
-    //Get title:
-    $title = 'RSA PUBLIC KEY';
-    //Add wrapping:
-    $result = "-----BEGIN {$title}-----\n";
-    $result .= $body . "\n";
-    $result .= "-----END {$title}-----\n";
- 
-    return $result;
+function DerToRsa($Der) {
+	//Encode:
+	$Der = base64_encode($Der);
+	//Split lines:
+	$lines = str_split($Der, 64);
+	$body = implode("\n", $lines);
+	//Get title:
+	$title = 'RSA PUBLIC KEY';
+	//Add wrapping:
+	$result = "-----BEGIN {$title}-----\n";
+	$result .= $body . "\n";
+	$result .= "-----END {$title}-----\n";
+
+	return $result;
 }
 
-
-function pkcs8_encode($Modulus,$PublicExponent) {
+function pkcs8_encode($Modulus, $PublicExponent) {
 	//Encode key sequence
 	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
 	$modulus->SetIntBuffer($Modulus);
@@ -110,8 +69,7 @@ function pkcs8_encode($Modulus,$PublicExponent) {
 	return $PublicDER;
 }
 
-
-function pkcs1_encode($Modulus,$PublicExponent) {
+function pkcs1_encode($Modulus, $PublicExponent) {
 	//Encode key sequence
 	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
 	$modulus->SetIntBuffer($Modulus);
@@ -125,22 +83,20 @@ function pkcs1_encode($Modulus,$PublicExponent) {
 	return $bitStringValue;
 }
 
-
-function metopem($m,$e) {
-	$der = pkcs8_encode($m,$e);
-	$key = DerToPem($der,false);
+function metopem($m, $e) {
+	$der = pkcs8_encode($m, $e);
+	$key = DerToPem($der, false);
 	return $key;
-}	
-
+}
 
 function pubrsatome($key,&$m,&$e) {
 	require_once('library/asn1.php');
 	require_once('include/salmon.php');
 
-	$lines = explode("\n",$key);
+	$lines = explode("\n", $key);
 	unset($lines[0]);
 	unset($lines[count($lines)]);
-	$x = base64_decode(implode('',$lines));
+	$x = base64_decode(implode('', $lines));
 
 	$r = ASN_BASE::parseASNString($x);
 
@@ -150,21 +106,21 @@ function pubrsatome($key,&$m,&$e) {
 
 
 function rsatopem($key) {
-	pubrsatome($key,$m,$e);
-	return(metopem($m,$e));
+	pubrsatome($key, $m, $e);
+	return metopem($m, $e);
 }
 
 function pemtorsa($key) {
-	pemtome($key,$m,$e);
-	return(metorsa($m,$e));
+	pemtome($key, $m, $e);
+	return metorsa($m, $e);
 }
 
-function pemtome($key,&$m,&$e) {
+function pemtome($key, &$m, &$e) {
 	require_once('include/salmon.php');
-	$lines = explode("\n",$key);
+	$lines = explode("\n", $key);
 	unset($lines[0]);
 	unset($lines[count($lines)]);
-	$x = base64_decode(implode('',$lines));
+	$x = base64_decode(implode('', $lines));
 
 	$r = ASN_BASE::parseASNString($x);
 
@@ -172,13 +128,43 @@ function pemtome($key,&$m,&$e) {
 	$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
 }
 
-function metorsa($m,$e) {
-	$der = pkcs1_encode($m,$e);
+function metorsa($m, $e) {
+	$der = pkcs1_encode($m, $e);
 	$key = DerToRsa($der);
 	return $key;
-}	
+}
 
 function salmon_key($pubkey) {
-	pemtome($pubkey,$m,$e);
-	return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
+	pemtome($pubkey, $m, $e);
+	return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true) ;
+}
+
+function new_keypair($bits) {
+	$openssl_options = array(
+		'digest_alg'       => 'sha1',
+		'private_key_bits' => $bits,
+		'encrypt_key'      => false
+	);
+
+	$conf = get_config('system', 'openssl_conf_file');
+	if ($conf) {
+		$openssl_options['config'] = $conf;
+	}
+	$result = openssl_pkey_new($openssl_options);
+
+	if (empty($result)) {
+		logger('new_keypair: failed');
+		return false;
+	}
+
+	// Get private key
+	$response = array('prvkey' => '', 'pubkey' => '');
+
+	openssl_pkey_export($result, $response['prvkey']);
+
+	// Get public key
+	$pkey = openssl_pkey_get_details($result);
+	$response['pubkey'] = $pkey["key"];
+
+	return $response;
 }