X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fcrypto.php;h=ed0a35704e8a5c8f97ab7f26038828fd5b2fd53b;hb=431a4d40ebd266af892c62f05f3f5082c3a16b69;hp=999b48be4d6d6bc8988506fcc5f314f89ca93d2c;hpb=0d9d576aa642e02eb8673aa20bdf4b6a18ae6bc3;p=friendica.git diff --git a/include/crypto.php b/include/crypto.php index 999b48be4d..ed0a35704e 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -3,19 +3,20 @@ require_once('library/ASNValue.class.php'); require_once('library/asn1.php'); +// supported algorithms are 'sha256', 'sha1' -function rsa_sign($data,$key) { +function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - openssl_sign($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) < 1024 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $sig = $rsa->sign($data); } @@ -27,17 +28,17 @@ function rsa_sign($data,$key) { return $sig; } -function rsa_verify($data,$sig,$key) { +function rsa_verify($data,$sig,$key,$alg = 'sha256') { - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - $verify = openssl_verify($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) <= 300 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $verify = $rsa->verify($data,$sig); } @@ -224,3 +225,72 @@ function pkcs5_unpad($text) if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } + +function AES256CBC_encrypt($data,$key,$iv) { + return mcrypt_encrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + pkcs5_pad($data,16), + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0")); +} + +function AES256CBC_decrypt($data,$key,$iv) { + return pkcs5_unpad(mcrypt_decrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + $data, + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0"))); +} + +function aes_encapsulate($data,$pubkey) { + $key = random_string(32,RANDOM_STRING_TEXT); + $iv = random_string(16,RANDOM_STRING_TEXT); + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); + openssl_public_encrypt($key,$k,$pubkey); + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; +} + +function aes_unencapsulate($data,$prvkey) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i); +} + +function new_keypair($bits) { + + $openssl_options = array( + 'digest_alg' => 'sha1', + 'private_key_bits' => $bits, + 'encrypt_key' => false + ); + + $conf = get_config('system','openssl_conf_file'); + if($conf) + $openssl_options['config'] = $conf; + + $result = openssl_pkey_new($openssl_options); + + if(empty($result)) { + logger('new_keypair: failed'); + return false; + } + + // Get private key + + $response = array('prvkey' => '', 'pubkey' => ''); + + openssl_pkey_export($result, $response['prvkey']); + + // Get public key + $pkey = openssl_pkey_get_details($result); + $response['pubkey'] = $pkey["key"]; + + return $response; + +} +