X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fcrypto.php;h=dfc44c1792dfc4f056e7cc05cbe935a374a42f61;hb=0475fc1fce4965e660332cd538a43c1c82b7df6c;hp=999b48be4d6d6bc8988506fcc5f314f89ca93d2c;hpb=0d9d576aa642e02eb8673aa20bdf4b6a18ae6bc3;p=friendica.git

diff --git a/include/crypto.php b/include/crypto.php
index 999b48be4d..dfc44c1792 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -1,93 +1,54 @@
 <?php
 
-require_once('library/ASNValue.class.php');
-require_once('library/asn1.php');
-
-
-function rsa_sign($data,$key) {
-
-	$sig = '';
-	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-		openssl_sign($data,$sig,$key,'sha256');
-    }
-    else {
-		if(strlen($key) < 1024 || extension_loaded('gmp')) {
-			require_once('library/phpsec/Crypt/RSA.php');
-			$rsa = new CRYPT_RSA();
-			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
-			$rsa->setHash('sha256');
-			$rsa->loadKey($key);
-			$sig = $rsa->sign($data);
-		}
-		else {
-			logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
-			openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
-		}
-	}
+use Friendica\Core\Config;
+
+require_once 'library/ASNValue.class.php';
+require_once 'library/asn1.php';
+
+// supported algorithms are 'sha256', 'sha1'
+
+function rsa_sign($data, $key, $alg = 'sha256') {
+	openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
 	return $sig;
 }
 
-function rsa_verify($data,$sig,$key) {
-
-	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-		$verify = openssl_verify($data,$sig,$key,'sha256');
-    }
-    else {
-		if(strlen($key) <= 300 || extension_loaded('gmp')) {
-			require_once('library/phpsec/Crypt/RSA.php');
-			$rsa = new CRYPT_RSA();
-			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
-			$rsa->setHash('sha256');
-			$rsa->loadKey($key);
-			$verify = $rsa->verify($data,$sig);
-		}
-		else {
-			// fallback sha256 verify for PHP < 5.3 and large key lengths
-			$rawsig = '';
-        	openssl_public_decrypt($sig,$rawsig,$key);
-	        $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
-    	}
-	}
-	return $verify;
+function rsa_verify($data, $sig, $key, $alg = 'sha256') {
+	return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
 }
 
-
-function DerToPem($Der, $Private=false)
-{
-    //Encode:
-    $Der = base64_encode($Der);
-    //Split lines:
-    $lines = str_split($Der, 65);
-    $body = implode("\n", $lines);
-    //Get title:
-    $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
-    //Add wrapping:
-    $result = "-----BEGIN {$title}-----\n";
-    $result .= $body . "\n";
-    $result .= "-----END {$title}-----\n";
- 
-    return $result;
+function DerToPem($Der, $Private = false) {
+	//Encode:
+	$Der = base64_encode($Der);
+	//Split lines:
+	$lines = str_split($Der, 65);
+	$body = implode("\n", $lines);
+	//Get title:
+	$title = $Private ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
+	//Add wrapping:
+	$result = "-----BEGIN {$title}-----\n";
+	$result .= $body . "\n";
+	$result .= "-----END {$title}-----\n";
+
+	return $result;
 }
 
-function DerToRsa($Der)
-{
-    //Encode:
-    $Der = base64_encode($Der);
-    //Split lines:
-    $lines = str_split($Der, 64);
-    $body = implode("\n", $lines);
-    //Get title:
-    $title = 'RSA PUBLIC KEY';
-    //Add wrapping:
-    $result = "-----BEGIN {$title}-----\n";
-    $result .= $body . "\n";
-    $result .= "-----END {$title}-----\n";
- 
-    return $result;
+function DerToRsa($Der) {
+	//Encode:
+	$Der = base64_encode($Der);
+	//Split lines:
+	$lines = str_split($Der, 64);
+	$body = implode("\n", $lines);
+	//Get title:
+	$title = 'RSA PUBLIC KEY';
+	//Add wrapping:
+	$result = "-----BEGIN {$title}-----\n";
+	$result .= $body . "\n";
+	$result .= "-----END {$title}-----\n";
+
+	return $result;
 }
 
-
-function pkcs8_encode($Modulus,$PublicExponent) {
+function pkcs8_encode($Modulus, $PublicExponent) {
 	//Encode key sequence
 	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
 	$modulus->SetIntBuffer($Modulus);
@@ -110,8 +71,7 @@ function pkcs8_encode($Modulus,$PublicExponent) {
 	return $PublicDER;
 }
 
-
-function pkcs1_encode($Modulus,$PublicExponent) {
+function pkcs1_encode($Modulus, $PublicExponent) {
 	//Encode key sequence
 	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
 	$modulus->SetIntBuffer($Modulus);
@@ -125,22 +85,20 @@ function pkcs1_encode($Modulus,$PublicExponent) {
 	return $bitStringValue;
 }
 
-
-function metopem($m,$e) {
-	$der = pkcs8_encode($m,$e);
-	$key = DerToPem($der,false);
+function metopem($m, $e) {
+	$der = pkcs8_encode($m, $e);
+	$key = DerToPem($der, false);
 	return $key;
-}	
-
+}
 
-function pubrsatome($key,&$m,&$e) {
-	require_once('library/asn1.php');
-	require_once('include/salmon.php');
+function pubrsatome($key, &$m, &$e)
+{
+	require_once 'library/asn1.php';
 
-	$lines = explode("\n",$key);
+	$lines = explode("\n", $key);
 	unset($lines[0]);
 	unset($lines[count($lines)]);
-	$x = base64_decode(implode('',$lines));
+	$x = base64_decode(implode('', $lines));
 
 	$r = ASN_BASE::parseASNString($x);
 
@@ -150,21 +108,21 @@ function pubrsatome($key,&$m,&$e) {
 
 
 function rsatopem($key) {
-	pubrsatome($key,$m,$e);
-	return(metopem($m,$e));
+	pubrsatome($key, $m, $e);
+	return metopem($m, $e);
 }
 
 function pemtorsa($key) {
-	pemtome($key,$m,$e);
-	return(metorsa($m,$e));
+	pemtome($key, $m, $e);
+	return metorsa($m, $e);
 }
 
-function pemtome($key,&$m,&$e) {
-	require_once('include/salmon.php');
-	$lines = explode("\n",$key);
+function pemtome($key, &$m, &$e)
+{
+	$lines = explode("\n", $key);
 	unset($lines[0]);
 	unset($lines[count($lines)]);
-	$x = base64_decode(implode('',$lines));
+	$x = base64_decode(implode('', $lines));
 
 	$r = ASN_BASE::parseASNString($x);
 
@@ -172,55 +130,43 @@ function pemtome($key,&$m,&$e) {
 	$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
 }
 
-function metorsa($m,$e) {
-	$der = pkcs1_encode($m,$e);
+function metorsa($m, $e) {
+	$der = pkcs1_encode($m, $e);
 	$key = DerToRsa($der);
 	return $key;
-}	
+}
 
 function salmon_key($pubkey) {
-	pemtome($pubkey,$m,$e);
-	return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
+	pemtome($pubkey, $m, $e);
+	return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true) ;
 }
 
+function new_keypair($bits) {
+	$openssl_options = array(
+		'digest_alg'       => 'sha1',
+		'private_key_bits' => $bits,
+		'encrypt_key'      => false
+	);
 
+	$conf = Config::get('system', 'openssl_conf_file');
+	if ($conf) {
+		$openssl_options['config'] = $conf;
+	}
+	$result = openssl_pkey_new($openssl_options);
 
-if(! function_exists('aes_decrypt')) {
-function aes_decrypt($val,$ky)
-{
-    $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-    for($a=0;$a<strlen($ky);$a++)
-      $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
-    $mode = MCRYPT_MODE_ECB;
-    $enc = MCRYPT_RIJNDAEL_128;
-    $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
-    return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
-}}
-
-
-if(! function_exists('aes_encrypt')) {
-function aes_encrypt($val,$ky)
-{
-    $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-    for($a=0;$a<strlen($ky);$a++)
-      $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
-    $mode=MCRYPT_MODE_ECB;
-    $enc=MCRYPT_RIJNDAEL_128;
-    $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
-    return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
-}} 
+	if (empty($result)) {
+		logger('new_keypair: failed');
+		return false;
+	}
 
+	// Get private key
+	$response = array('prvkey' => '', 'pubkey' => '');
 
-function pkcs5_pad ($text, $blocksize)
-{
-    $pad = $blocksize - (strlen($text) % $blocksize);
-    return $text . str_repeat(chr($pad), $pad);
-}
+	openssl_pkey_export($result, $response['prvkey']);
 
-function pkcs5_unpad($text)
-{
-    $pad = ord($text{strlen($text)-1});
-    if ($pad > strlen($text)) return false;
-    if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
-    return substr($text, 0, -1 * $pad);
-} 
+	// Get public key
+	$pkey = openssl_pkey_get_details($result);
+	$response['pubkey'] = $pkey["key"];
+
+	return $response;
+}