X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FCrypto.php;h=20ab9bc5288c19a28c4b16ea760d43c984b6930e;hb=d4a5a8051ad34a7be72238967afb3e6b140afdc8;hp=1b84a92f64a3f9e6ae7bcaa0815fc7a271b77432;hpb=2ec3a97393959e42d450e074271d2d622d25701f;p=friendica.git diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php index 1b84a92f64..20ab9bc528 100644 --- a/src/Util/Crypto.php +++ b/src/Util/Crypto.php @@ -1,6 +1,6 @@ System::callstack()]); + Logger::warning('Empty key parameter'); } openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); return $sig; @@ -59,189 +57,21 @@ class Crypto public static function rsaVerify($data, $sig, $key, $alg = 'sha256') { if (empty($key)) { - Logger::warning('Empty key parameter', ['callstack' => System::callstack()]); + Logger::warning('Empty key parameter'); } return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } /** - * @param string $Der der formatted string - * @param bool $Private key type optional, default false - * @return string - */ - private static function DerToPem($Der, $Private = false) - { - //Encode: - $Der = base64_encode($Der); - //Split lines: - $lines = str_split($Der, 65); - $body = implode("\n", $lines); - //Get title: - $title = $Private ? 'RSA PRIVATE KEY' : 'PUBLIC KEY'; - //Add wrapping: - $result = "-----BEGIN {$title}-----\n"; - $result .= $body . "\n"; - $result .= "-----END {$title}-----\n"; - - return $result; - } - - /** - * @param string $Der der formatted string - * @return string - */ - private static function DerToRsa($Der) - { - //Encode: - $Der = base64_encode($Der); - //Split lines: - $lines = str_split($Der, 64); - $body = implode("\n", $lines); - //Get title: - $title = 'RSA PUBLIC KEY'; - //Add wrapping: - $result = "-----BEGIN {$title}-----\n"; - $result .= $body . "\n"; - $result .= "-----END {$title}-----\n"; - - return $result; - } - - /** - * @param string $Modulus modulo - * @param string $PublicExponent exponent - * @return string - */ - private static function pkcs8Encode($Modulus, $PublicExponent) - { - //Encode key sequence - $modulus = new ASNValue(ASNValue::TAG_INTEGER); - $modulus->SetIntBuffer($Modulus); - $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); - $publicExponent->SetIntBuffer($PublicExponent); - $keySequenceItems = [$modulus, $publicExponent]; - $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); - $keySequence->SetSequence($keySequenceItems); - //Encode bit string - $bitStringValue = $keySequence->Encode(); - $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte - $bitString = new ASNValue(ASNValue::TAG_BITSTRING); - $bitString->Value = $bitStringValue; - //Encode body - $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode(); - $body = new ASNValue(ASNValue::TAG_SEQUENCE); - $body->Value = $bodyValue; - //Get DER encoded public key: - $PublicDER = $body->Encode(); - return $PublicDER; - } - - /** - * @param string $Modulus modulo - * @param string $PublicExponent exponent - * @return string - */ - private static function pkcs1Encode($Modulus, $PublicExponent) - { - //Encode key sequence - $modulus = new ASNValue(ASNValue::TAG_INTEGER); - $modulus->SetIntBuffer($Modulus); - $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); - $publicExponent->SetIntBuffer($PublicExponent); - $keySequenceItems = [$modulus, $publicExponent]; - $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); - $keySequence->SetSequence($keySequenceItems); - //Encode bit string - $bitStringValue = $keySequence->Encode(); - return $bitStringValue; - } - - /** - * @param string $m modulo - * @param string $e exponent - * @return string - */ - public static function meToPem($m, $e) - { - $der = self::pkcs8Encode($m, $e); - $key = self::DerToPem($der, false); - return $key; - } - - /** - * @param string $key key - * @param string $m modulo reference - * @param object $e exponent reference - * @return void - * @throws \Exception - */ - private static function pubRsaToMe($key, &$m, &$e) - { - $lines = explode("\n", $key); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('', $lines)); - - $r = ASN_BASE::parseASNString($x); - - $m = Strings::base64UrlDecode($r[0]->asnData[0]->asnData); - $e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData); - } - - /** - * @param string $key key - * @return string - * @throws \Exception - */ - public static function rsaToPem($key) - { - self::pubRsaToMe($key, $m, $e); - return self::meToPem($m, $e); - } - - /** - * @param string $key key - * @return string - * @throws \Exception - */ - private static function pemToRsa($key) - { - self::pemToMe($key, $m, $e); - return self::meToRsa($m, $e); - } - - /** - * @param string $key key - * @param string $m modulo reference - * @param string $e exponent reference - * @return void - * @throws \Exception - */ - public static function pemToMe($key, &$m, &$e) - { - $lines = explode("\n", $key); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('', $lines)); - - $r = ASN_BASE::parseASNString($x); - - if (isset($r[0])) { - $m = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData); - $e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData); - } - } - - /** - * @param string $m modulo - * @param string $e exponent - * @return string + * Transform RSA public keys to standard PEM output + * + * @param string $key A RSA public key + * + * @return string The PEM output of this key */ - private static function meToRsa($m, $e) + public static function rsaToPem(string $key) { - $der = self::pkcs1Encode($m, $e); - $key = self::DerToRsa($der); - return $key; + return (string)PublicKeyLoader::load($key); } /** @@ -264,7 +94,7 @@ class Crypto $result = openssl_pkey_new($openssl_options); if (empty($result)) { - Logger::log('new_keypair: failed'); + Logger::notice('new_keypair: failed'); return false; } @@ -282,13 +112,13 @@ class Crypto /** * Encrypt a string with 'aes-256-cbc' cipher method. - * + * * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php - * + * * @param string $data * @param string $key The key used for encryption. * @param string $iv A non-NULL Initialization Vector. - * + * * @return string|boolean Encrypted string or false on failure. */ private static function encryptAES256CBC($data, $key, $iv) @@ -298,13 +128,13 @@ class Crypto /** * Decrypt a string with 'aes-256-cbc' cipher method. - * + * * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php - * + * * @param string $data * @param string $key The key used for decryption. * @param string $iv A non-NULL Initialization Vector. - * + * * @return string|boolean Decrypted string or false on failure. */ private static function decryptAES256CBC($data, $key, $iv) @@ -312,42 +142,6 @@ class Crypto return openssl_decrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0")); } - /** - * Encrypt a string with 'aes-256-ctr' cipher method. - * - * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php - * - * @param string $data - * @param string $key The key used for encryption. - * @param string $iv A non-NULL Initialization Vector. - * - * @return string|boolean Encrypted string or false on failure. - */ - private static function encryptAES256CTR($data, $key, $iv) - { - $key = substr($key, 0, 32); - $iv = substr($iv, 0, 16); - return openssl_encrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0")); - } - - /** - * Decrypt a string with 'aes-256-ctr' cipher method. - * - * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php - * - * @param string $data - * @param string $key The key used for decryption. - * @param string $iv A non-NULL Initialization Vector. - * - * @return string|boolean Decrypted string or false on failure. - */ - private static function decryptAES256CTR($data, $key, $iv) - { - $key = substr($key, 0, 32); - $iv = substr($iv, 0, 16); - return openssl_decrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0")); - } - /** * * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php @@ -381,7 +175,7 @@ class Crypto private static function encapsulateOther($data, $pubkey, $alg) { if (!$pubkey) { - Logger::log('no key. data: '.$data); + Logger::notice('no key. data: '.$data); } $fn = 'encrypt' . strtoupper($alg); if (method_exists(__CLASS__, $fn)) { @@ -393,7 +187,7 @@ class Crypto // log the offending call so we can track it down if (!openssl_public_encrypt($key, $k, $pubkey)) { $x = debug_backtrace(); - Logger::log('RSA failed. ' . print_r($x[0], true)); + Logger::notice('RSA failed', ['trace' => $x[0]]); } $result['alg'] = $alg; @@ -423,7 +217,7 @@ class Crypto private static function encapsulateAes($data, $pubkey) { if (!$pubkey) { - Logger::log('aes_encapsulate: no key. data: ' . $data); + Logger::notice('aes_encapsulate: no key. data: ' . $data); } $key = random_bytes(32); @@ -434,7 +228,7 @@ class Crypto // log the offending call so we can track it down if (!openssl_public_encrypt($key, $k, $pubkey)) { $x = debug_backtrace(); - Logger::log('aes_encapsulate: RSA failed. ' . print_r($x[0], true)); + Logger::notice('aes_encapsulate: RSA failed.', ['data' => $x[0]]); } $result['alg'] = 'aes256cbc'; @@ -461,11 +255,12 @@ class Crypto return; } - $alg = ((array_key_exists('alg', $data)) ? $data['alg'] : 'aes256cbc'); + $alg = $data['alg'] ?? 'aes256cbc'; if ($alg === 'aes256cbc') { - return self::encapsulateAes($data['data'], $prvkey); + return self::unencapsulateAes($data['data'], $prvkey); } - return self::encapsulateOther($data['data'], $prvkey, $alg); + + return self::unencapsulateOther($data, $prvkey, $alg); } /**