X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FCrypto.php;h=d983202c0c1847f149fc49ffa1a983702d9a4711;hb=4e45987f74ccbe61a53c711317c2e45894435ece;hp=0ff911ba798115ceba2bd49ec5587fe121194fb5;hpb=90346f61bacf2c2e5867001d87f65e41ede9f651;p=friendica.git

diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php
index 0ff911ba79..d983202c0c 100644
--- a/src/Util/Crypto.php
+++ b/src/Util/Crypto.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -21,10 +21,12 @@
 
 namespace Friendica\Util;
 
+use Exception;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\DI;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 use phpseclib\Crypt\RSA;
 use phpseclib\Math\BigInteger;
 
@@ -74,9 +76,9 @@ class Crypto
 	{
 		$rsa = new RSA();
 		$rsa->loadKey([
-								  'e' => new BigInteger($e, 256),
-								  'n' => new BigInteger($m, 256)
-							  ]);
+			'e' => new BigInteger($e, 256),
+			'n' => new BigInteger($m, 256)
+		]);
 		return $rsa->getPublicKey();
 	}
 
@@ -89,10 +91,10 @@ class Crypto
 	 */
 	public static function rsaToPem(string $key)
 	{
-		$publicKey = new RSA();
-		$publicKey->setPublicKey($key);
+		$rsa = new RSA();
+		$rsa->setPublicKey($key);
 
-		return $publicKey->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
+		return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
 	}
 
 	/**
@@ -106,12 +108,12 @@ class Crypto
 	 */
 	public static function pemToMe(string $key, &$modulus, &$exponent)
 	{
-		$publicKey = new RSA();
-		$publicKey->loadKey($key);
-		$publicKey->setPublicKey();
+		$rsa = new RSA();
+		$rsa->loadKey($key);
+		$rsa->setPublicKey();
 
-		$modulus  = $publicKey->modulus->toBytes();
-		$exponent = $publicKey->exponent->toBytes();
+		$modulus  = $rsa->modulus->toBytes();
+		$exponent = $rsa->exponent->toBytes();
 	}
 
 	/**
@@ -134,7 +136,7 @@ class Crypto
 		$result = openssl_pkey_new($openssl_options);
 
 		if (empty($result)) {
-			Logger::log('new_keypair: failed');
+			Logger::notice('new_keypair: failed');
 			return false;
 		}
 
@@ -150,15 +152,59 @@ class Crypto
 		return $response;
 	}
 
+	/**
+	 * Create a new elliptic curve key pair
+	 *
+	 * @return array with the elements "prvkey", "pubkey", "vapid-public" and "vapid-private"
+	 */
+	public static function newECKeypair()
+	{
+		$openssl_options = [
+			'curve_name'       => 'prime256v1',
+			'private_key_type' => OPENSSL_KEYTYPE_EC
+		];
+
+		$conf = DI::config()->get('system', 'openssl_conf_file');
+		if ($conf) {
+			$openssl_options['config'] = $conf;
+		}
+		$result = openssl_pkey_new($openssl_options);
+
+		if (empty($result)) {
+			throw new Exception('Key creation failed');
+		}
+
+		$response = ['prvkey' => '', 'pubkey' => ''];
+
+		// Get private key
+		openssl_pkey_export($result, $response['prvkey']);
+
+		// Get public key
+		$pkey = openssl_pkey_get_details($result);
+		$response['pubkey'] = $pkey['key'];
+
+		// Create VAPID keys
+		// @see https://github.com/web-push-libs/web-push-php/blob/256a18b2a2411469c94943725fb6eccb9681bd75/src/Utils.php#L60-L62
+		$hexString = '04';
+		$hexString .= str_pad(bin2hex($pkey['ec']['x']), 64, '0', STR_PAD_LEFT);
+		$hexString .= str_pad(bin2hex($pkey['ec']['y']), 64, '0', STR_PAD_LEFT);
+		$response['vapid-public'] = Base64UrlSafe::encode(hex2bin($hexString));
+
+		// @see https://github.com/web-push-libs/web-push-php/blob/256a18b2a2411469c94943725fb6eccb9681bd75/src/VAPID.php
+		$response['vapid-private'] = Base64UrlSafe::encode(hex2bin(str_pad(bin2hex($pkey['ec']['d']), 64, '0', STR_PAD_LEFT)));
+
+		return $response;
+	}
+
 	/**
 	 * Encrypt a string with 'aes-256-cbc' cipher method.
-	 * 
+	 *
 	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
+	 *
 	 * @param string $data
 	 * @param string $key   The key used for encryption.
 	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
+	 *
 	 * @return string|boolean Encrypted string or false on failure.
 	 */
 	private static function encryptAES256CBC($data, $key, $iv)
@@ -168,13 +214,13 @@ class Crypto
 
 	/**
 	 * Decrypt a string with 'aes-256-cbc' cipher method.
-	 * 
+	 *
 	 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
-	 * 
+	 *
 	 * @param string $data
 	 * @param string $key   The key used for decryption.
 	 * @param string $iv    A non-NULL Initialization Vector.
-	 * 
+	 *
 	 * @return string|boolean Decrypted string or false on failure.
 	 */
 	private static function decryptAES256CBC($data, $key, $iv)
@@ -215,7 +261,7 @@ class Crypto
 	private static function encapsulateOther($data, $pubkey, $alg)
 	{
 		if (!$pubkey) {
-			Logger::log('no key. data: '.$data);
+			Logger::notice('no key. data: '.$data);
 		}
 		$fn = 'encrypt' . strtoupper($alg);
 		if (method_exists(__CLASS__, $fn)) {
@@ -257,7 +303,7 @@ class Crypto
 	private static function encapsulateAes($data, $pubkey)
 	{
 		if (!$pubkey) {
-			Logger::log('aes_encapsulate: no key. data: ' . $data);
+			Logger::notice('aes_encapsulate: no key. data: ' . $data);
 		}
 
 		$key = random_bytes(32);
@@ -268,7 +314,7 @@ class Crypto
 		// log the offending call so we can track it down
 		if (!openssl_public_encrypt($key, $k, $pubkey)) {
 			$x = debug_backtrace();
-			Logger::log('aes_encapsulate: RSA failed. ' . print_r($x[0], true));
+			Logger::notice('aes_encapsulate: RSA failed.', ['data' => $x[0]]);
 		}
 
 		$result['alg'] = 'aes256cbc';